Top Stories by Impact
Authenticated RCE via Argument Injection in Gogs (NOT FIXED)
Today · 12:00 UTC
OverviewRapid7 Labs discovered a critical argument injection (CWE-88) vulnerability in Gogs, a popular open-source self-hosted Git service. Rapid7 Labs scores this vulnerability as…
Read full article →Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability
25 May 2026 · 14:00 UTC
Written by: Takahiro Sugiyama, Peter Revelant, Mathew Potaczek Introduction In late 2025, Mandiant responded to a security incident involving a compromised web server running Knowl…
Read full article →ABB Ability Camera Connect
26 May 2026 · 12:00 UTC
View CSAF Summary ABB is aware of public reports of vulnerabilities in a 3rd party component VLC media player Version 2.2.4 which was delivered together with the installation packa…
Read full article →Eppendorf BioFlo 320
26 May 2026 · 12:00 UTC
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to gain full access to functionality and data with the bioreactor. The following versions of…
Read full article →2 PhaaS 2 Furious: The Evolution of Chinese-language Phishing Services
25 May 2026 · 14:00 UTC
While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is rapidly growing within the Chinese-language under…
Read full article →AI Threat Landscape Digest March-April 2026
26 May 2026 · 10:09 UTC
Executive Summary During the March–April 2026 reporting period, AI use in offensive operations advanced from development and planning to real-time operational deployment. Multiple…
Read full article →CISA Adds Three Known Exploited Vulnerabilities to Catalog
Yesterday · 12:00 UTC
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-8398 Daemon Tools Lite Embedded Ma…
Read full article →2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface
Today · 10:00 UTC
The 2026 World Cup presents major cyber risks from ransomware groups, state-aligned actors, and other groups targeting critical infrastructure. Learn more here. The post 2026 World…
Read full article →Cybersecurity
CISA Alerts
ABB Ability Camera Connect
Critical26 May 2026 · 12:00 UTC
View CSAF Summary ABB is aware of public reports of vulnerabilities in a 3rd party component VLC media player Version 2.2.4 which was delivered together with the installation package of Camera Connect Version 1.5.0.14 an…
Read full article →Eppendorf BioFlo 320
Critical26 May 2026 · 12:00 UTC
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to gain full access to functionality and data with the bioreactor. The following versions of Eppendorf BioFlo 320 are affected: BioF…
Read full article →CISA Adds Three Known Exploited Vulnerabilities to Catalog
CriticalYesterday · 12:00 UTC
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-8398 Daemon Tools Lite Embedded Malicious Code Vulnerability CVE-2026-4532…
Read full article →Cloudflare Blog
Project Glasswing: what Mythos showed us
High18 May 2026
Cloudflare shares findings from testing Mythos and other security-focused LLMs against live code across critical infrastructure, including model strengths, weaknesses, and what is needed before this work can scale.
Read full article →The Hacker News
JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware
HighToday · 07:54 UTC
A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS…
Read full article →New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"
MediumToday · 11:30 UTC
State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from…
Read full article →Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
Yesterday · 16:10 UTC
Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That's according to new findings from W…
Read full article →Dark Reading
Ransomware Actors Show Up In Person to Steal Law Firm Data
MediumYesterday · 20:38 UTC
The FBI warned that the extortion gang Silent Ransom Group is targeting law firms and socially engineering its way into servers and databases.
Read full article →Nordic CISOs Handle Rising Cyber Threats Remarkably Well
Today · 07:01 UTC
Artificial intelligence notwithstanding, the vast majority of CISOs in northern Europe say they're facing no more serious cyberattacks than they did two years ago.
Read full article →Latin American Cybercriminals Hoover Up Government Data
Yesterday · 16:19 UTC
A purported leak exposing 5.8 million records of Uruguayan citizens is the latest incident where cybercriminals targeted government agencies to monetize citizen data.
Read full article →BleepingComputer
GPU mining malware spreads via SEO poisoning, AI chatbots
MediumYesterday · 21:31 UTC
Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO poisoning operation that also manipulated AI chatbot recommendations. [...]
Read full article →Carnival Cruise confirms data breach affecting nearly 6 million people
MediumToday · 10:49 UTC
Carnival Corporation, the world's largest cruise line operator, has confirmed a data breach affecting nearly 6 million people claimed by the ShinyHunters extortion gang in April 2026. [...]
Read full article →Sextortionist sentenced to 33 years for targeting 145 children
Today · 09:25 UTC
A Canadian man was sentenced to 33 years in prison after pleading guilty to targeting more than 145 children across the United States, some as young as 6 years old, in an eight-year-long sextortion scheme. [...]
Read full article →SANS Internet Storm Center
Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs, (Wed, May 27th)
MediumYesterday · 21:14 UTC
Most Akira write-ups focus on the ransom note or the encryption routine. By the time those show up the interesting forensic work is over. The questions that matter to defenders sit earlier. How did they get in. When did…
Read full article →ISC Stormcast For Thursday, May 28th, 2026 https://isc.sans.edu/podcastdetail/9948, (Thu, May 28th)
Today · 02:00 UTC
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Read full article →ISC Stormcast For Wednesday, May 27th, 2026 https://isc.sans.edu/podcastdetail/9946, (Wed, May 27th)
Yesterday · 02:00 UTC
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Read full article →Infosecurity Magazine
New Threat Actor Jinx-0164 Targets Crypto Developers on macOS
MediumToday · 11:30 UTC
New actor Jinx-0164 hit crypto developers with fake recruiter lures and macOS malware
Read full article →Infosecurity Europe: Cybersecurity Staff Prefer CISOs With Real Attack Response Experience, Study Reveals
MediumToday · 10:01 UTC
ISC2 survey of cybersecurity professionals suggests that staff want their information security leaders to have experienced reacting to a significant cyber incident
Read full article →Microsoft Condemns "Uncoordinated" Zero Day Disclosures
Today · 12:00 UTC
Microsoft warned the disclosure of several unpatched vulnerabilities without notice has put “customers at unnecessary risk”
Read full article →Krebs on Security
Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
Medium25 May 2026 · 13:21 UTC
Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campa…
Read full article →Cybercrime Magazine
CISOs Turnover Persists As AI Makes Cybersecurity More Crucial Than Ever
MediumYesterday · 12:29 UTC
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 27, 2026 –Read the full story Immense stress has infected the brains of CISOs (chief information security officers) with malware…
Read full article →Deepfakes And Vishing Scams: Why Every Family Needs A Code Word.
26 May 2026 · 11:51 UTC
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 26, 2026 –Watch the YouTube video According to the Wall Street Journal, criminals increasingly use generative AI to mimic real p…
Read full article →CyberScoop
FBI warns US-based law firms to be on the lookout for cybercrime group that steals data in person
Yesterday · 20:35 UTC
Silent Ransom Group isn’t prolific, but it's demonstrated a knack for attacking the legal services sector with an extraordinary dual use of social engineering and in-person visits to victims’ workstations. The post FBI w…
Read full article →OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms
Yesterday · 21:12 UTC
The announcement builds on work from major tech firms in 2024 to combat AI-infused election chicanery. The post OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms appeared first on Cybe…
Read full article →UK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspace
Yesterday · 19:07 UTC
Anne Keast-Butler, head of the GCHQ, said her agency was developing an artificial intelligence-powered cyber shield as other nations were deploying AI in warfare. The post UK spy chief labels AI ‘unstoppable force’ with…
Read full article →Schneier on Security
FBI’s 2025 Internet Crime Report
Yesterday · 14:02 UTC
The 2025 Internet Crime Report was published a few weeks ago, but I only just saw it. Lots of interesting statistics. Press release. News articles.
Read full article →Identifying People Using Wi-Fi Routers
26 May 2026 · 15:02 UTC
Not identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals. This is accomplished through what is known as WiFi sensing, or the use of WiFi signals to infer information about a…
Read full article →Ars Technica
Forecasters predict below-average hurricane season, advise against complacency
Today · 10:00 UTC
Forecasters say expected El Niño should temper hurricanes in Atlantic, urge preparedness.
Read full article →California defeats Tesla's attempt to throw out racial discrimination lawsuit
Yesterday · 21:08 UTC
California civil rights agency hails win over Tesla, anticipates trial in July.
Read full article →Websites have a new way to spy on visitors: analyzing their SSD activity
Yesterday · 20:56 UTC
Telltale SSD activity can be measured in the browser using simple JavaScript.
Read full article →AI & Technology
The Verge
Temu fined more than $230 million by EU over illegal product sales
MediumToday · 11:47 UTC
Temu has been fined €200 million (about $232 million) by the European Commission after it found that consumers are "very likely to encounter illegal items" on the popular Chinese e-commerce platform. According to the com…
Read full article →Gemini for Google Home can now use your cameras to trigger automations
MediumToday · 11:07 UTC
Google Home is rolling out a new Gemini-powered automation feature that can trigger smart home routines based on what your security cameras can see. This is one of several updates announced yesterday for Gemini for Home,…
Read full article →Kia’s flagship EV has a battery problem
Today · 12:00 UTC
I first realized there was an issue with Kia's flagship EV9 when I tried to unlock my car last year. The hulking three-row SUV was sitting on my driveway completely dead. The key didn't work, the app connection to the ca…
Read full article →ITNews Australia
Gov urges agencies to fix security basics before buying into frontier AI
MediumToday · 06:39 UTC
Lock down fundamentals ahead of expected "vulnerability storm".
Read full article →Scalable AI solutions: secure delivery
Today · 01:00 UTC
iTnews 2026 Benchmark Awards proudly sponsored by NRI. Hear from Cameron Curtis, General Manager, IT Advisory at NRI on scalable AI solutions and secure delivery.
Read full article →Transurban to run more of its customer service out of Amazon Connect
Yesterday · 20:38 UTC
As transformation progresses.
Read full article →Ars Technica AI
Nvidia bets $150B on Taiwan as Trump's plan to make US an AI hub backfires
Yesterday · 19:59 UTC
Nvidia will invest $150 billion a year to make Taiwan an AI “epicenter.”
Read full article →YouTube to begin automatically labeling AI videos
Yesterday · 17:36 UTC
AI videos that are animated, unrealistic, or only have a little AI may still hide their origins, though.
Read full article →US law enforcement warns of "anti-tech extremism" as AI hatred grows
Yesterday · 10:30 UTC
The feds are raising the alarm about a new category of threat.
Read full article →The Guardian Technology
Are robots nearing their ChatGPT moment? – podcast
Today · 04:00 UTC
Last month at Beijing’s half marathon, a robot named Lightning beat the human world record by nearly seven minutes. It’s the latest in a string of AI-powered milestones that have got people wondering whether robots are a…
Read full article →‘This isn’t freedom’: anger, anxiety and tears as Iran’s internet flickers back
Today · 04:00 UTC
After 88 days of near-total blackout, first reactions to the return of partial connectivity were not celebratoryAfter 88 days of near-total internet blackout in Iran, long-delayed messages, images and poems flooded phone…
Read full article →Studio Display XDR review: Apple’s pro display shines very brightly
Today · 06:00 UTC
Crisp 27in 5K Mac monitor is packed with features and some of the best HDR performance you can get for work or playApple’s new 27in Studio Display XDR is its best monitor yet, with an exceptionally bright and gorgeous 5K…
Read full article →MIT Technology Review AI
The AI Hype Index: AI gets booed in graduation season
Today · 09:51 UTC
It is one thing to say AI will change the world. It is another to expect the class of 2026 to applaud it. In fact, when former Google CEO Eric Schmidt told University of Arizona graduates that their task is to help shape…
Read full article →Rethinking organizational design in the age of agentic AI
26 May 2026 · 14:54 UTC
Amid rapidly growing adoption of enterprise-level AI agents, there’s a disconnect emerging between ambition and execution. Although 85% of organizations say they want to be agentic within the next three years, 76% say th…
Read full article →A reality check on the AI jobs hysteria
26 May 2026 · 09:00 UTC
Haven’t you heard? White-collar jobs are going away, decimated by AI. Waves of layoffs in the tech sector (most recently at Coinbase and Meta and Cisco) are said to presage what will soon come for all of us knowledge wor…
Read full article →Wired AI
New Moms Are Returning to Coding Jobs Radically Reshaped by AI
Today · 11:00 UTC
New mothers working in software development are staring down an AI-pilled workplace they barely recognize.
Read full article →Amazon Thinks the Future of Data Centers Depends on a Technical Problem It Just Solved
Today · 10:30 UTC
The tech giant says a breakthrough in data-center networking has dramatically accelerated the flow of information through its massive cloud infrastructure.
Read full article →Illinois Lawmakers Just Passed America’s Strongest AI Safety Bill
Today · 00:10 UTC
The bill requires companies like OpenAI, Anthropic, and Google to have third parties confirm they’re following safety standards. Illinois governor JB Pritzker says he’ll sign it.
Read full article →TechCrunch AI
Vertu wants CEOs to run companies from an AI foldable starting at $6,880
Today · 07:00 UTC
Built on top of the open-source Hermes project, Vertu's new foldable combines AI-agent workflows, enterprise integrations, and ultra-premium luxury finishes.
Read full article →Why Google’s AI can’t spell Google (or anything else)
Today · 00:17 UTC
Google is embarrassing itself, again.
Read full article →In more good news for Amazon, Snowflake signs $6B deal with AWS for AI CPU chips
Yesterday · 20:10 UTC
Snowflake has signed a new, enormous five-year deal with Amazon to secure chips for AI usage. Nvidia is once again being put on notice.
Read full article →AI News
NBA plans AI system for automatic out-of-bounds calls
Today · 10:00 UTC
NBA Commissioner Adam Silver said the league plans to introduce an automated system for certain officiating decisions, including out-of-bounds calls. The system would use AI and cameras placed around the court to determi…
Read full article →Google folds Display Ads into AI-first Demand Gen platform
Yesterday · 13:12 UTC
Google is folding Display Ads into its AI-powered Demand Gen platform, marking the end of a long-standing digital advertising model. The Google Display Network (GDN) has been a staple of the open internet for almost twen…
Read full article →Exploring the Benefits of AI Bots for Forex Trading in Forex Markets
Yesterday · 12:38 UTC
The foreign exchange market is really moving away from pure intuition and toward a space shaped by speed, data and precision. By using automated systems in your routine, you can approach volatility with a level of discip…
Read full article →Import AI
Import AI 458: Reckoning with the future; and a singularity story
26 May 2026 · 12:32 UTC
What AI-driven miracles will happen this year?
Read full article →NVIDIA AI Blog
AI Factories: The New Infrastructure of Intelligence
Yesterday · 16:00 UTC
AI factories are token factories, converting power into intelligence in real time. And as agentic AI scales and autonomous, always-on special agents are deployed in the enterprise, performance per watt and cost per token…
Read full article →NVIDIA Vera CPU Is ‘Packing a Heavy-Hitting Punch’ Against Competition
26 May 2026 · 21:15 UTC
The shift to agentic AI creates a new CPU requirement for the AI factory: fast cores, massive memory bandwidth and the ability to sustain high performance when all cores are active. Initial benchmark results published by…
Read full article →ABC Technology (AU)
ABC appoints Reuters exec Simon Robinson as news director
Today · 07:15 UTC
Senior Reuters executive Simon Robinson takes over from former director Justin Stevens who announced his resignation yesterday after four years in the job.
Read full article →Waste company fined $1.1m over 2014 double-fatal Adelaide truck crash
Today · 05:53 UTC
Almost 12 years after a Cleanaway truck killed two people and injured two others, the company has been sentenced in South Australia's Supreme Court.
Read full article →Greens signal willingness to help Labor push capital gains changes through in weeks
Today · 03:28 UTC
Treasurer Jim Chalmers introduced the bill to parliament today, which the government hopes to pass before the winter recess.
Read full article →Vendor Security
Rapid7 Blog
Authenticated RCE via Argument Injection in Gogs (NOT FIXED)
CriticalToday · 12:00 UTC
OverviewRapid7 Labs discovered a critical argument injection (CWE-88) vulnerability in Gogs, a popular open-source self-hosted Git service. Rapid7 Labs scores this vulnerability as CVSSv4 9.4 (Critical). The vulnerabilit…
Read full article →How Security Leaders Cut Through Complexity to Drive Better Outcomes
High26 May 2026 · 12:51 UTC
Security leaders are operating in an environment that is only getting more complex. Expanding attack surfaces, rapid AI adoption, growing toolsets, and increasing pressure to respond faster have made it harder to maintai…
Read full article →Mandiant Threat Intel
Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability
Critical25 May 2026 · 14:00 UTC
Written by: Takahiro Sugiyama, Peter Revelant, Mathew Potaczek Introduction In late 2025, Mandiant responded to a security incident involving a compromised web server running KnowledgeDeliver. KnowledgeDeliver is a Learn…
Read full article →2 PhaaS 2 Furious: The Evolution of Chinese-language Phishing Services
Critical25 May 2026 · 14:00 UTC
While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is rapidly growing within the Chinese-language underground. Google Threat Intelligence Group…
Read full article →Check Point Research
AI Threat Landscape Digest March-April 2026
Critical26 May 2026 · 10:09 UTC
Executive Summary During the March–April 2026 reporting period, AI use in offensive operations advanced from development and planning to real-time operational deployment. Multiple independent cases, involving individual…
Read full article →25th May – Threat Intelligence Report
High25 May 2026 · 15:08 UTC
For the latest discoveries in cyber research for the week of 25th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES 7-Eleven, the global convenience store chain, confirmed a breach after an…
Read full article →Palo Alto Unit 42
2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface
CriticalToday · 10:00 UTC
The 2026 World Cup presents major cyber risks from ransomware groups, state-aligned actors, and other groups targeting critical infrastructure. Learn more here. The post 2026 World Cup: Discussing The World’s Biggest Gam…
Read full article →Out of the Crypt: The Evolving Cyber Extortion Economy
Yesterday · 22:00 UTC
Unit 42 explores trends in data theft and extortion, outlining key strategies for organizations as frontier AI models advance. The post Out of the Crypt: The Evolving Cyber Extortion Economy appeared first on Unit 42.
Read full article →AWS Security
Well-architected best practices for software supply chain security
Critical26 May 2026 · 17:03 UTC
There have been multiple notable supply chain attacks using the npm Registry since September: Shai-Hulud, Chalk/Debug, one abusing tea.xyz tokens, and recently axios. Thanks to community efforts involving the Amazon Insp…
Read full article →Welcoming the AWS Customer Incident Response Team
Medium26 May 2026 · 19:04 UTC
May 26, 2026: This post was originally published in July 2022. It has been updated to reflect current engagement options, new threat intelligence resources such as the Threat Technique Catalog for AWS (TTC), additional o…
Read full article →Proofpoint Threat Insight
Proofpoint Introduces Active Exploits Protection to Help Organizations Prioritize Vulnerability Patching for Real-World Attacks in the AI Era
CriticalYesterday · 08:07 UTC
Read full article →Cisco Talos
DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap
HighToday · 10:00 UTC
This white paper presents a concrete case study demonstrating the creation of a heap overflow vulnerability through the exploitation of the DICOM file format.
Read full article →MediaArea heap-based buffer overflow vulnerabilities
Yesterday · 14:00 UTC
Talos researchers find 4 heap-based buffer overflow vulnerabilities in MediaArea's MediaInfoLib.
Read full article →Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake
Yesterday · 10:00 UTC
EvidenceForge generates high-quality, realistic, and consistent datasets across multiple log formats, enabling teams to effectively train personnel and validate detection models without the need for complex manual simula…
Read full article →Kaspersky Securelist
Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years
Today · 06:55 UTC
Our experts continue to track attacks targeting consumers of pirated content, both books and movies. 2026 saw the discovery of new target sites with tens of millions of visitors, while the miner gained a RAT module.
Read full article →Microsoft Security
From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities
26 May 2026 · 21:35 UTC
Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with malicious sites also surfaced through AI chatbots. The post From poisoned search results to GPU mining…
Read full article →OpenAI News
Warp’s big bet on building open source with GPT-5.5
Yesterday · 00:00 UTC
Warp uses GPT-5.5 and OpenAI models to coordinate coding agents across local, cloud, and open-source development workflows.
Read full article →Cisco and OpenAI redefine enterprise engineering with Codex
Yesterday · 11:00 UTC
Cisco and OpenAI are redefining enterprise engineering with Codex, helping Cisco scale AI-native development, accelerate AI Defense work, and automate defect remediation.
Read full article →Building self-improving tax agents with Codex
Yesterday · 07:00 UTC
See how OpenAI, Thrive, and Crete built a self-improving tax agent with Codex, automating filings, improving accuracy, and accelerating workflows.
Read full article →CrowdStrike Blog
CrowdStrike Named a Leader in Identity Threat Detection and Response
26 May 2026 · 05:00 UTC
Read full article →Disrupting Glassworm: Inside CrowdStrike’s Takedown of a Developer-Targeting Botnet
26 May 2026 · 05:00 UTC
Read full article →