Cybersecurity Hacking News

17h ago

Cybersecurity Hacking News · 2026-05-27 Daily Digest

No significant updates today.

1d ago

Exposed Databases Fuel Silent Ransomware Economy

5-year study found 30,515 of 65,907 exposed databases carried ransom notes, hitting 215 billion records.
MongoDB and MySQL instances showed...

The Hidden Ransomware Economy Running on Exposed Databases

securityaffairs.com

The Hidden Ransomware Economy Running on Exposed Databases

1d ago

Lithuania Probes 600k Registry Breach by Foreign Actor

Foreign actor stole over 600,000 records from Lithuania’s Real Estate and Legal Entities Registers using misused institutional credentials.
-...

Lithuania investigates theft of 600,000 state registry records by foreign actor

therecord.media

Lithuania investigates theft of 600,000 state registry records by foreign actor

1d ago

AI-Scale Discovery Strains Vulnerability Ecosystem

AI is exposing vulnerabilities faster than traditional defenses can respond, forcing a multi-pronged crisis response.

Microsoft's emergency fix:...

Microsoft Issues Out-of-Band SharePoint Patch

darkreading.com

Microsoft Issues Out-of-Band SharePoint Patch

1d ago

Supply Chain Under Triple Pressure

Three simultaneous developments reveal the expanding software supply chain battlefield:

$60M defense funding targets AI-driven code risks and...

1d ago

MFA Reset and Token Theft Drive Financial Services Breaches

Financial services saw 43% more hands-on intrusions in 2025 as e-crime groups reset MFA through help-desk vishing or steal tokens via tools like...

The attack dominating financial services doesn't steal passwords. It resets MFA and steals the token.

venturebeat.com

The attack dominating financial services doesn't steal passwords. It resets MFA and steals the token.

1d ago

The Shadow Brokers Mystery Endures

A decade after dumping sophisticated NSA hacking tools, the Shadow Brokers remain completely unidentified with no arrests or confirmed motives. Their...

Ghost hackers: the cybersecurity mystery that nobody has solved

techcrunch.com

Ghost hackers: the cybersecurity mystery that nobody has solved

1d ago

Nimbus Manticore Accelerates Malware with AI and Fake Zoom Installers

Iran-linked Nimbus Manticore debuted MiniFast backdoor during conflict, showing AI-assisted code patterns like verbose error handling and modular...

Nimbus Manticore Expanded Attacks With AI-Assisted Malware and Fake Zoom Installers

securityaffairs.com

Nimbus Manticore Expanded Attacks With AI-Assisted Malware and Fake Zoom Installers

1d ago

Ransomware Underreporting Limits Visibility

Reported ransomware incidents are just the tip of the iceberg, indicating that incomplete data severely hampers accurate threat intelligence and coordinated incident response.

techradar.com

Reported ransomware incidents are just the tip of the iceberg

1d ago

Ghost CMS CVE-2026-26980: Tech vs Threat Intel View

CVE-2026-26980 SQL injection flaw lets attackers steal Admin API keys without authentication.

Technical breakdown details injection mechanics and...

1d ago

AI Accelerates Supply Chain Threats on Both Sides

Supply chain attacks have shifted from rare events to systematic campaigns targeting open-source packages, maintainers, and CI/CD pipelines.

Claude...

1d ago

Microsoft OAuth Device-Code Phishing Surges via PhaaS Kits

Device-code attacks abuse legitimate OAuth flows: attackers email a code for microsoft.com/devicelogin, poll for approval, and harvest tokens that...

Microsoft OAuth Phishing Surge: Device-Code Attacks Explode

aicerts.ai

Microsoft OAuth Phishing Surge: Device-Code Attacks Explode

1d ago

Play Ransomware's One-Day Multi-Sector Blitz

Play group struck at least four organizations on May 25, 2026: GW Mechanical, MyPillow, Legend Networking and Telecom, and Round Hill Country Club
-...

Ransomware gangs just hit a dozen companies in a single day — hospitals, law firms, a Vegas convention center, and an auto supplier all locked out at once

1d ago·

morningoverview.com

1d ago

Dark web leak puts journalists at risk of targeted harassment

A massive data exposure of over 116,000 records from major US newsrooms highlights serious personal safety threats.

Compromised details including...

Massive journalist data leak hits major US newsrooms

msn.com

Massive journalist data leak hits major US newsrooms

1d ago

AI Supercharges BEC Attacks with Deepfakes and Scale

AI is rapidly making business email compromise far harder to detect through realistic impersonation and organized operations.

Generative AI now...

AI is making business scams harder than ever to spot

computerworld.com

AI is making business scams harder than ever to spot

1d ago

Zero-Click WhatsApp Exploit Hides Rogue Sessions on iOS

A newly discovered zero-click exploit lets attackers hijack WhatsApp accounts on iOS 16 devices to send fake money requests while showing no linked...

WhatsApp zero-click exploit on iPhones sends fake money requests without linked devices showing

digitalmarketreports.com

WhatsApp zero-click exploit on iPhones sends fake money requests without linked devices showing

1d ago

Ubuntu Patches Intel IoT Real-Time Kernel Flaws

Ubuntu has released critical patches for the Linux kernel in Intel IoT real-time platforms, fixing a Copy Fail vulnerability in the algif_aead module...

USN-8305-1: Linux kernel (Intel IoTG Real-time) vulnerabilities

ubuntu.com

USN-8305-1: Linux kernel (Intel IoTG Real-time) vulnerabilities

1d ago

Torvalds Slams AI Bug Report Flood

AI tools are creating more problems than they solve for the Linux kernel. Torvalds called out developers for flooding RC5 with AI-generated trivial...

Linus Torvalds is fed up with AI-generated bug reports bloating the Linux kernel

techspot.com

Linus Torvalds is fed up with AI-generated bug reports bloating the Linux kernel

1d ago

Ghost CMS SQLi Enables 700+ Site Hijacks via ClickFix

A single unauthenticated SQL injection in Ghost CMS (versions 3.24.0–6.19.0) let attackers steal Admin API keys and hijack 700+ education/tech sites with ClickFix malware. Update to 6.19.1 now.

700+ education and tech websites hijacked in huge ClickFix malware campaign

securityboulevard.com

700+ education and tech websites hijacked in huge ClickFix malware campaign

1d ago

Defending Against 2026 Microsoft Phishing Surge

Microsoft impersonation phishing attacks surged sharply in 2026 with AI-driven tactics.

Attack Methods: Lookalike domains, AI voices, and deepfakes...

Patch & zero-day surge

Digest Calendar

Recent Posts