Security firms took down all four command-and-control (C&C) channels used by the GlassWorm malware.
The post GlassWorm Botnet Disrupted appeared first on SecurityWeek.
Gitea Vulnerability Exposes Private Container Images without Authentication
Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials.
The vulnerability, tracked as CVE-2026-27771 (CVSS score: N/A), affects all versions of Gitea prior to 1.26.2
CISA gives feds 4 days to patch actively exploited cPanel plugin flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is actively being exploited in attacks. […]
LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers
The attack was claimed by a hacktivist group, but evidence showed it used infrastructure linked to Iranian government threat actors.
The post LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers appeared first on SecurityWeek.
Dutch police arrests suspect linked to Ajax football club hack
The Dutch National Police arrested a 35-year-old man suspected of hacking the professional football club Ajax Amsterdam (AFC Ajax) earlier this year. […]
Windows 11 KB5089573 update released with performance improvements
Microsoft has released the KB5089573 preview cumulative update for Windows 11 versions 25H2 and 24H2, which comes with 30 changes, including performance and reliability improvements. […]
FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data
The FBI has issued an alert warning of Silent Ransom Group attacks targeting law firms.
The post FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data appeared first on SecurityWeek.
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites.
“This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations,” Microsoft Defender Experts and the Microsoft
CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day
Resolved last week, the vulnerability was exploited in the wild as a zero-day to execute scripts with root privileges.
The post CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day appeared first on SecurityWeek.
Anthropic Releases New Claude Sandbox, Security Guidance Plugin
The AI giant says the new plugin, which helps developers find vulnerabilities as they write code, has been used extensively internally.
The post Anthropic Releases New Claude Sandbox, Security Guidance Plugin appeared first on SecurityWeek.