World's First AI-Driven Cyberattack Couldn't Breach OT Systems
The most sophisticated AI-integrated campaign to date hit a brick wall in the form of a SCADA login screen.
The most sophisticated AI-integrated campaign to date hit a brick wall in the form of a SCADA login screen.
A 20-year-old California man was sentenced to 78 months in prison for serving as a home invader and money launderer in a criminal ring that stole over $250 million in cryptocurrency. [...]
Outdated maintenance software increases ransomware risk by exposing weak access controls, unpatched systems, and critical operational data to attackers.
Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated any…
A Apache Software Foundation lançou uma atualização de segurança para corrigir uma falha crítica no Apache HTTP Server que afeta o processamento de conexões HTTP/2 e pode causar negação de serviço ou, em cenários específicos, execução remota de código. A vulnerabilidade é rastrea…
A Palo Alto Networks confirmou que uma vulnerabilidade zero-day crítica no PAN-OS vem sendo explorada em ataques reais desde pelo menos abril de 2026. A falha afeta firewalls PA-Series e VM-Series expostos à internet com o User-ID Authentication Portal habilitado. Rastreada como …
Um grupo de hackers ligado ao Irã usou o Microsoft Teams como porta de entrada para roubar credenciais, manipular configurações de autenticação multifator e manter acesso persistente em redes corporativas. A campanha foi associada ao MuddyWater, também rastreado como Mango Sandst…
Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month. [...]
Scammers are hiding invisible text inside phishing emails to manipulate AI-powered email filters and increase the chances of scams reaching inboxes.
A fake version for the Claude AI website offers a malicious Claude-Pro Relay download that pushes a previously undocumented backdoor for Windows named Beagle. [...]
Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the features …
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside…
Explore the best OSINT tools for your digital investigations, threat intelligence, reconnaissance, and tracking online activity in 2026.
A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy's platform for managing fleets of WordPress websites. [...]
Authors of the VoidStealer Trojan uncovered a way to get around Google's App-Bound Encryption (ABE), opening the door to infostealers.
Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks. Hunt.io, wh…
Google patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise.
A Cisco publicou hoje atualizações de segurança para corrigir uma vulnerabilidade de negação de serviço (DoS) que afeta os sistemas Crosswork Network Controller (CNC) e Network Services Orchestrator (NSO). De acordo com o aviso da empresa, a falha permite que atacantes não autent…
Pesquisadores da Trend Micro identificaram o Quasar Linux (QLNX), um trojan de acesso remoto (RAT) anteriormente não documentado, projetado para furtividade e roubo de credenciais em ambientes Linux. De acordo com o relatório publicado dia 4 de maio de 2026 pela equipe TrendAI™, …
A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. [...]