Tables Turn on 'The Gentlemen' RaaS Gang With Data Leak
An OPSEC failure provides a window into what helped the ransomware group rise: a generous affiliate model, opportunistic TTPs, and an effective organizational structure.
Aggregator
New critical Exim mailer flaw allows remote code execution
1 month 2 weeks ago
A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. [...]
Bill Toulas
DOJ releases legal rationale for nationwide voter data collection
1 month 2 weeks ago
The memo claims a robust executive branch role vetting voter eligibility. One Secretary of State called it a “fantasy” that “isn’t worth the paper it’s printed on.”
The post DOJ releases legal rationale for nationwide voter data collection appeared first on CyberScoop.
djohnson
German National Indicted Over Money Laundering Tied to Defunct "Dream Market" Darknet Marketplace
1 month 2 weeks ago
Federal prosecutors have charged Owe Martin Andresen, a 49-year-old German citizen believed to have served as the lead administrator of the once-massive darknet marketplace Dream Market, with laundering more than $2 million in proceeds tied to the site's commission accounts. German authorities arrested Andresen last week on parallel charges of their own.
Dark Web Informer
Webinar | The New Attack Surface: Defending the Autonomous AI Ecosystem
1 month 2 weeks ago
Linux Defenders Face Patch and Exploit Race
1 month 2 weeks ago
Kernel Privilege Escalation Has One Linux Maintainer Contemplating a 'Kill Switch'
Back-to-back kernel vulnerabilities in Linux has defenders scrambling to apply defenses in the age of quick turnaround time for hackers to exploit nascent flaws. "Dirty Frag" and "Copy Fail" kernel privilege escalation vulnerabilities became public knowledge within two weeks of each other.
Back-to-back kernel vulnerabilities in Linux has defenders scrambling to apply defenses in the age of quick turnaround time for hackers to exploit nascent flaws. "Dirty Frag" and "Copy Fail" kernel privilege escalation vulnerabilities became public knowledge within two weeks of each other.
Claude Code Attack Persists After Token Rotation
1 month 2 weeks ago
Malicious npm Package Lets Attackers Capture Refreshed Tokens
A researcher has mapped a five-step attack on Claude Code that intercepts the credentials giving AI agents access to Jira, GitHub and Confluence, and demonstrated that the standard incident response move, rotating the stolen token, hands the attacker a fresh one.
A researcher has mapped a five-step attack on Claude Code that intercepts the credentials giving AI agents access to Jira, GitHub and Confluence, and demonstrated that the standard incident response move, rotating the stolen token, hands the attacker a fresh one.
Mass Supply-Chain Attack Slams npm and PyPi, Hits Mistral AI
1 month 2 weeks ago
Latest Mini Shai-Hulud Worm Steals Credentials, Includes Wiper, Now Open Source
A new Shai-Hulud variant has infected multiple npm repositories and jumped to other widely used JavaScript and Python packages. Designed to rapidly propagate, the worm steals over 100 different types of credentials and can wipe systems, including if developers try to delete it.
A new Shai-Hulud variant has infected multiple npm repositories and jumped to other widely used JavaScript and Python packages. Designed to rapidly propagate, the worm steals over 100 different types of credentials and can wipe systems, including if developers try to delete it.
CyberEd Board Talks | Top 5 SASE Predictions and Trends
1 month 2 weeks ago
A Live Panel Discussion with CyberEdBoard and Fortinet
Secure Access Service Edge is entering mainstream adoption. Enterprises are shifting from point solutions to platforms. And AI is now at the core of SASE.
Secure Access Service Edge is entering mainstream adoption. Enterprises are shifting from point solutions to platforms. And AI is now at the core of SASE.
Alleged Dream Market admin arrested in Germany after US indictment
1 month 2 weeks ago
Court documents said Dream Market was launched in 2013 by Owe Martin Andresen and others before becoming one of the biggest criminal marketplaces online.
Apple security advisory (AV26-466)
1 month 2 weeks ago
Canadian Centre for Cyber Security
Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming
1 month 2 weeks ago
Microsoft’s May 2026 Patch Tuesday fixed 138 flaws, including 30 critical bugs, across Windows, Office, Azure, Edge, SQL Server, and more. Microsoft’s May 2026 Patch Tuesday patched 138 vulnerabilities in a single release. That is a number that gives pause even for people accustomed to these cycles. The affected products span virtually the entire Microsoft […]
Pierluigi Paganini
HPE security advisory (AV26-465)
1 month 2 weeks ago
Canadian Centre for Cyber Security
RAMunchers CTF
1 month 2 weeks ago
Name: RAMunchers CTF (an RAMunchers CTF event.)
Date: May 10, 2026, 8 a.m. — 13 May 2026, 15:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.ramunchers.com/
Rating weight: 23.30
Event organizers: R0073R5
Date: May 10, 2026, 8 a.m. — 13 May 2026, 15:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.ramunchers.com/
Rating weight: 23.30
Event organizers: R0073R5
Dark Reading Celebrates 20 Years as a Leading Authority on Cybersecurity, Highlighting the People, Events, Ideas, and Technologies Shaping the Modern Risk Landscape
1 month 2 weeks ago
Informa TechTarget's flagship cybersecurity media brand launches a special content series to mark two decades as a trusted source for cybersecurity professionals.
OpenLoop Health confirms January 2026 Data breach affecting 716,000
1 month 2 weeks ago
In January 2026, telehealth infrastructure firm OpenLoop Health suffered a security breach that exposed information of 716,000 people. OpenLoop Health confirmed a January 2026 cyberattack that exposed personal information of 716,000 individuals using its telehealth services. The breach was reported to authorities in March, but the full scope was only recently determined. Threat actors exfiltrated […]
Pierluigi Paganini
cPanel security advisory (AV26-464)
1 month 2 weeks ago
Canadian Centre for Cyber Security
Drupal security advisory (AV26-463)
1 month 2 weeks ago
Canadian Centre for Cyber Security
DragonForce
1 month 2 weeks ago
You must login to view this content
cohenido
Weaponized AI: The new frontier of fraud and identity spoofing
1 month 2 weeks ago
As fake identity fraud is projected to cause $40 billion in losses next year, leaders must abandon static security in favor of rapid-iteration, AI-enabled defenses that adapt in days, not months.
The post Weaponized AI: The new frontier of fraud and identity spoofing appeared first on CyberScoop.
Wyatt Kash