SHub macOS infostealer variant spoofs Apple security updates
SHub macOS infostealer variant spoofs Apple security updates By Bill Toulas May 18, 2026 05:42 PM A new variant of the ‘SHub’ macOS infostealer uses AppleScript to show a fake security…
Search
Top stories
Ivanti warns of new EPMM flaw exploited in zero-day attacks
…The security flaw (tracked as CVE-2026-6973) stems from an Improper Input Validation weakness that allows remote attackers with administrative privileges to execute arbitrary code on targeted systems running EPMM 12…
Max severity Cisco Secure Workload flaw gives Site Admin privileges
…In early May, Cisco also released security updates for a denial-of-service (DoS) vulnerability in Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO), which requires manually rebooting targeted systems to…
New TCLBanker malware self-spreads over WhatsApp and Outlook
New TCLBanker malware self-spreads over WhatsApp and Outlook By Bill Toulas May 7, 2026 06:06 PM A new trojan named TCLBanker, which targets 59 banking, fintech, and cryptocurrency platforms, uses…
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
…security update. SentinelOne published on February 27 details about CVE-2026-26980 being exploited in attacks and how incidents can be detected. The researchers observed at least two distinct activity clusters targeting…
Instagram users locked out after Meta AI abused to steal accounts
…as if they connected from the target’s usual region, to pass geolocation checks that would trigger a more complex login flow for added security. After changing the email address, the attacker…
GPU mining malware spreads via SEO poisoning, AI chatbots
GPU mining malware spreads via SEO poisoning, AI chatbots By Ionut Ilascu May 27, 2026 05:31 PM Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign…
Microsoft releases Windows 10 KB5087544 extended security update
…With this update, Windows quality updates include additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Devices receive the new certificates only after…
Drupal: Critical SQL injection flaw now targeted in attacks
…Critical SQL injection flaw now targeted in attacks By Bill Toulas May 22, 2026 09:14 AM Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability…
Leaked Shai-Hulud malware fuels new npm infostealer campaign
…Researchers at OXsecurity, a company that secures applications from code to runtime, discovered the malicious uploads over the weekend and noticed that the threat actor used misspelled names (typosquatting) targeting Axios users…