Pear
You must login to view this content
Aggregator
Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
1 month 2 weeks ago
Shortly after the authentication-bypass flaw was disclosed multiple proof-of-concept exploits appeared, and one researcher claims there's been zero-day activity for at least a month.
Rob Wright
Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940
1 month 2 weeks ago
Attackers exploit a critical cPanel flaw to target government and MSP networks across Southeast Asia and several countries, including the U.S. and Canada. A threat actor is exploiting critical cPanel vulnerability CVE-2026-41940 to target government and military organizations in Southeast Asia, along with MSPs and hosting providers in countries like the Philippines, Laos, Canada, South […]
Pierluigi Paganini
2026 LSF/MM/BPF第一天结束
1 month 2 weeks ago
地点:克罗地亚第一天结束如下日程:
21cnbao
When a Screensaver Cracked the Internet's Trust Layer: Inside the DigiCert Hack
1 month 2 weeks ago
Certificate authorities sit at the foundation of online trust. So when one of the largest, DigiCert, gets hacked through a fake screenshot in a customer support chat, it is worth paying attention.
Dark Web Informer
Managing the Deprecation of Threat Actor Aliases
1 month 2 weeks ago
SANS Digital Forensics and Incident Response
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
1 month 2 weeks ago
An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts.
The activity, codenamed VENOMOUS#HELPER, has impacted over 80 organizations, most of which are in the U.S., according to Securonix. It shares overlaps with clusters
The Hacker News
Qilin
1 month 2 weeks ago
You must login to view this content
cohenido
Qilin
1 month 2 weeks ago
You must login to view this content
cohenido
Qilin
1 month 2 weeks ago
You must login to view this content
cohenido
Qilin
1 month 2 weeks ago
You must login to view this content
cohenido
Qilin
1 month 2 weeks ago
You must login to view this content
cohenido
Всего один клик... и минус аккаунт: какие расширения браузера украдут ваши данные, а какие можно оставить
1 month 2 weeks ago
Практичный чек-лист: права, обновления и быстрый аудит аддонов без паранойи.
Вашу работу теперь делает нейросеть? Это ещё не повод вас увольнять
1 month 2 weeks ago
Разбираемся в логике судей, лишивших топ-менеджеров важного козыря.
Europe Cuts Off Funding for Chinese Solar Inverters
1 month 2 weeks ago
Solar Energy Spurt Comes Freighted With Chinese Nation-State Hacking Worries
The European Commission froze funding for solar energy projects that use crucial components from Chinese companies such as Huawei, due to cybersecurity fears. The decision affects projects being funded by the European Investment Bank and other partner banks.
The European Commission froze funding for solar energy projects that use crucial components from Chinese companies such as Huawei, due to cybersecurity fears. The decision affects projects being funded by the European Investment Bank and other partner banks.
DigiCert Hacked via Weaponized Screensaver File to Obtain EV Code Signing Certificates
1 month 2 weeks ago
A sophisticated threat actor breached DigiCert’s internal support environment in early April 2026 by tricking support analysts into executing a disguised malicious screensaver file, ultimately obtaining stolen EV Code Signing certificates used to distribute the “Zhong Stealer” malware family. On April 2, 2026, a threat actor contacted DigiCert’s customer support team through a Salesforce-based chat […]
The post DigiCert Hacked via Weaponized Screensaver File to Obtain EV Code Signing Certificates appeared first on Cyber Security News.
Guru Baran
Секреты в RAR-архиве и дырявый Exchange. Шпионы годами грабят оборонку и госсектор, используя старые бреши Microsoft
1 month 2 weeks ago
Заметка для тех, кто верит, что «забытый» сервер никому не нужен.
"Copy Fail" Lands on CISA's KEV: A Nine-Year-Old Linux Bug Becomes a Patch Deadline
1 month 2 weeks ago
On May 1, 2026, CISA added CVE-2026-31431, better known as "Copy Fail," to its Known Exploited Vulnerabilities (KEV) catalog. Federal civilian agencies have until May 15 to patch under BOD 22-01. Everyone else should read that deadline as a strong hint.
Dark Web Informer
Educational company Instructure reports cyber incident
1 month 2 weeks ago
By Saturday, Infrastructure’s chief information security officer Steve Proud confirmed that the hackers gained access to information about users at some educational institutions, including names, email addresses, student ID numbers and messages between users.
Backdoored PyTorch Lightning package drops credential stealer
1 month 2 weeks ago
A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. [...]
Bill Toulas