π’ βThese sorts of post-compromise techniques used to be restricted to actors with the technical knowledge to carry them outβ: Anthropic warns AI is helping lower the bar for up-and-coming hackers π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
AI is making it harder to differentiate between high and lowskilled actors.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
βThese sorts of post-compromise techniques used to be restricted to actors with the technical knowledge to carry them outβ: Anthropicβ¦
AI is making it harder to differentiate between high and low-skilled actors
π’ Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chief π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chief
Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
ποΈ Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto the projects downstream that pull it. RyotaK of GMO.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great. Read the whole thing before it ruins your week anyway. Unauthenticated.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new Chinalinked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid operational tempo" and a continually evolving malware arsenal comprising known families like ValleyRAT aka Winos 4.0 and Atlas RAT aka AtlasCross RAT, as well as previously.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner aka FileRipple in late August 2025. The cybercrime group behind the two attack chains is.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have flagged a largescale operation that impersonates opensource and freeware projects to funnel unsuspecting users through a Traffic Distribution System TDS and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework. "The sites are welldesigned and often look like legitimate project portals at a glance, sometimes referencing.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black's Threat Hunter Team reported the campaign this week. This points to espionage, not a money grab.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Department of Justice DoJ on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyberenabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by transnational.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Chinese-Speaking Actor TA4922 Widens Its Global Reach π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Newly named Chinesespeaking actor TA4922 expands from East Asia into Europe and Africa.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Chinese-Speaking Actor TA4922 Widens Its Global Reach
Newly named Chinese-speaking actor TA4922 expands from East Asia into Europe and Africa
π Infosecurity Europe: AI Adoption Creates New Opportunities for Attackers to Distribute Malware, Microsoft Warns π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Microsoft Detection and Response Team DART details how it has uncovered malicious AI applications as cyber criminals manipulate organizations adopting AI tools.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
AI Adoption Creates New Opportunities for Attackers
Microsoft Detection and Response Team (DART) details how it has uncovered malicious AI applications as cyber criminals manipulate organizations adopting AI tools
π Infosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New Benchmark π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A Bugcrowd researcher has unveiled ExploitBench, an independent benchmark of AI models for vulnerability exploitation.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits
A Bugcrowd researcher has unveiled ExploitBench, an independent benchmark of AI models for vulnerability exploitation
π Infosecurity Europe: How Proton Fights Against Cybercriminals Using Its Services π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Proton uses machine learning models to detect abuse of its services especially email addresses used by cybercriminals.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
How Proton Fights Against Cybercriminals Using Its Services
Proton uses machine learning models to detect abuse of its services β especially email addresses used by cybercriminals
π Infosecurity Europe: How Businesses Can Prepare for a Cybersecurity Crisis with Effective Plans π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cybersecurity and business leaders with experience of dealing with major incidents from within the NCSC and at JLR detail what you need to prioritize if your organization is hit by a cyberattack.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
How Businesses Can Prepare for a Cybersecurity Crisis
Cybersecurity leaders with experience of dealing with incidents from within the NCSC and at JLR detail what you need to prioritize during a cyber-attack
π Infosecurity Europe: Ukraineβs Experience Highlights the Need for Preparation and Resilience in Cybersecurity π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Former Ukrainian foreign minister, Dmytro Kuleba, urges Infosecurity Europe attendees to fight the good fight.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ukraineβs Experience Highlights the Need for Preparation in Cyber
Former Ukrainian foreign minister, Dmytro Kuleba, urges Infosecurity Europe attendees to never give up
π Infosecurity Europe: Raise Security Concerns with Procurement Now, Because Quantum Canβt Wait π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Forescout VP of security intelligence, Rik Ferguson, warns that Qday is fast approaching.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Infosecurity Europe: Raise Security Concerns with Procurement Now, Bec
Forescout VP of security intelligence, Rik Ferguson, warns that Q-day is fast approaching
π Tanium Pricing Guide 2026: Real Costs, Modules, and What Enterprises Actually Pay π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Discover Tanium's true 2026 TCO across 5K to 100K endpoints. Module costs, FedRAMP rates, and renewal levers built for IT Directors. The post Tanium Pricing Guide 2026 Real Costs, Modules, and What Enterprises Actually Pay appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Tanium Pricing Guide 2026: Real Costs, Modules, and What Enterprises Actually Pay
Discover Tanium's true 2026 TCO across 5K to 100K endpoints. Module costs, FedRAMP rates, and renewal levers built for IT Directors.
π Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Everest Forms Pro Vulnerability Allows Remote Code Execution
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts
ποΈ Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE202620230, and proofofconcept exploit code is already public. Cisco's PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway. The flaw is a serverside request forgery.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦Ώ Microsoft 365 Android Apps Had a Token Flaw IT Teams Should Check Now π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
A debug flag left active in six Microsoft 365 Android apps allowed another installed app on the same device to request account tokens without user interaction. The post Microsoft 365 Android Apps Had a Token Flaw IT Teams Should Check Now appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Microsoft 365 Android Apps Had a Token Flaw IT Teams Should Check Now - TechRepublic
Microsoft patched a Microsoft 365 Android flaw that exposed account tokens across six apps. Hereβs what IT teams should check now.
π¦Ώ US Firms Try DeepSeek as Silicon Valley AI Costs Rise π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
US firms are testing Chinas DeepSeek as Silicon Valley AI costs rise, raising questions about savings, data residency, and risk. The post US Firms Try DeepSeek as Silicon Valley AI Costs Rise appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
US Firms Try DeepSeek as Silicon Valley AI Costs Rise
US firms are testing Chinaβs DeepSeek as Silicon Valley AI costs rise, raising questions about savings, data residency, and risk.