ποΈ Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. Like in the case of CVE202633829, which impacted the Windows Snipping Tool's msscreensketch URI handler, the newly flagged issue resides in the search URI handler, per Huntress. CVE202633829 refers to a spoofing vulnerability that could expose.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have discovered a remote denialofservice exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP2 Bomb by Calif. "The vulnerable behavior exists in each server's default HTTP2 configuration," the company said, adding it was discovered by OpenAI Codex by chaining.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Infosecurity Europe: Vulnerability Management Innovator Konvu Wins Cyber Startup Award π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Inaugural Infosecurity Europe Cyber Startup Award Winner Impresses Panel with Ability Help Prioritize Vulnerabilities in AI era.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Vulnerability Management Innovator Konvu Wins Cyber Startup Award
Inaugural Infosecurity Europe Cyber Startup Award Winner Impresses Panel with Ability Help Prioritize Vulnerabilities in AI era
π Trump Signs Order Inviting Voluntary Review of Frontier AI Models π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Trump's executive order invites voluntary prerelease review of frontier AI models.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Trump Signs Order Inviting Voluntary Review of Frontier AI Models
Trump's executive order invites voluntary pre-release review of frontier AI models
π Infosecurity Europe: How to Get Boards to Prioritize Cyber Risk Quantification π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cybersecurity leaders major companies discuss how they got support from the board on cyber risk.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
How to Get Boards to Prioritize Cyber Risk Quantification
Cyber leaders from BP and NatWest discuss how to get support from the board for cyber risk quantification
π Anthropic Expands Mythos Access to 150 More Organizations π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Anthropic widens Project Glasswing access to 150 more firms as patching becomes the bottleneck.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Anthropic Expands Mythos Access to 150 More Organizations
Anthropic widens Project Glasswing access to 150 more firms as patching becomes the bottleneck
π Infosecurity Europe: Patch Responsibility Remains Up for Grabs as AI Unearths Decades of Flaws π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The emergence of AI models capable to autonomously find and fix vulnerabilities at scale is having a significant impact on patching management, experts say.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Patch Responsibility Remains Up for Grabs as AI Unearth Flaws At Scale
The emergence of AI models capable to autonomously find and fix vulnerabilities at scale is having a significant impact on patching management, experts say
π Infosecurity Europe: Execs Must Treat Cyber Threats as Statecraft, ISACA Expert Say π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Private firms are being targeted by nationstate groups for reasons beyond finance, argued ISACAs Bharat Thakrar.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Why Execs and CISOs Must Treat Cyber Threats as Statecraft
Private firms are being targeted by nation-state groups for reasons beyond finance, argued ISACAβs Bharat Thakrar
π¦
How AI-Powered Brand Impersonation Works β And Why Traditional Security Misses It Entirely π¦
π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
For most of the digital era, fraud had friction. It required effort, time, and enough technical inconsistency that security systems or even a careful human could spot the seams. That assumption no longer holds. Brand impersonation has evolved into a scalable, automated industry powered by generative AI. What used to be isolated phishing attempts has become a distributed ecosystem of cloned identities, synthetic media, and disposable infrastructure that can convincingly replicate trusted organizations on a global scale. The uncomfortable reality modern impersonation campaigns don't need to break in anywhere. They only need to look legitimate long enough to be believed. And increasingly, that window is all attackers need. According to the U.S. Federal Trade Commission, consume...π Read more.
π Via "CYBLE"
----------
ποΈ Seen on @cibsecurity
Cyble
AI-Powered Brand Impersonation: The New Fraud Industry
AI is fueling a surge in brand impersonation scams using deepfakes, fake domains, and social engineering at unprecedented scale.
ποΈ WhatsApp, Slack Notifications Could Hijack Google Gemini on Android ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its longterm memory. No malicious app on the phone is required. The assistant just had to treat a hostile.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan RAT named DesckVB RAT. "Before the victim ever reaches attackercontrolled infrastructure, the lure routes through DoubleClick, a legitimate Googleowned domain that many security tools are less likely to treat as.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Assume the breach. Zerodays keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You don't control which bug lands. You control what it can reach once it does. That is a question about the shape of your network, and most teams have the shape wrong. HD Moore, creator of Metasploit.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits accounttoken sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signedin user's token and get it, then read email, open files, browse the calendar, and send messages as that user. No password, no login screen, no permission prompt.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479) ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Redis has patched a useafterfree in its blockingclient code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases. Tracked as CVE202623479, the flaw was introduced in Redis 7.2.0 and remained in every stable branch until the May 5 fixes, unnoticed for over two years.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦Ώ Appleβs 2026 Security Events: iPhone Exploits, Zero-Days Put Millions at Risk π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Apples 2026 security year includes zerodays, iPhone exploit kits, WebKit fixes, and background patches that users and IT teams need to track. The post Apples 2026 Security Events iPhone Exploits, ZeroDays Put Millions at Risk appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Appleβs 2026 Security Events: iPhone Exploits, Zero-Days Put Millions at Risk
Appleβs 2026 security year includes zero-days, iPhone exploit kits, WebKit fixes, and background patches that users and IT teams need to track.
π¦Ώ Microsoft Tests Wearable AI Badge for Office Workers π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Microsoft showed Project Solara concept devices at Build 2026, including a wearable AI badge for office workers using AI agents. The post Microsoft Tests Wearable AI Badge for Office Workers appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Microsoft Tests Wearable AI Badge for Work
Microsoft showed Project Solara concept devices at Build 2026, including a wearable AI badge for office workers using AI agents.
π¦Ώ CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
CISA added Oracle WebLogic flaw CVE202421182 to its KEV catalog, giving federal agencies until June 4 to patch exposed servers. The post CISA Flags 2YearOld Oracle WebLogic Vulnerability as Actively Exploited appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited
CISA added Oracle WebLogic flaw CVE-2024-21182 to its KEV catalog, giving federal agencies until June 4 to patch exposed servers.
β€1