Maine Govt Portal Lists 10M Discord Data Breach Notice, But Filing Shows Red Flags

Maine Attorney General portal lists a Discord breach notice claiming 10 million affected, but odd filing details leave it unverified and questionable...

Americans lost nearly $900 million to AI-powered scams, FBI says

The 2025 Federal Bureau of Investigation FBI Internet Crime Report shows that Americans reported $893,346,472 in AI‑related scam losses. Those losses stem from 22,364 AI-related complaints. And these figures represent only the reported losses, which may well be the proverbial tip of the iceberg...

Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps

Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin , according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites...

CVE-2026-10868

creationtimestamp| type| source ---|---|--- 2026-06-05 06:28:56+00:00| seen| https://www.acn.gov.it/portale/w/rilevata-vulnerabilita-in-misp-project-1...

PT-2026-46112

This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview. The module doesn't sufficiently restrict access to a view of Service Contacts at which...

China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan

A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to Seqrite Labs, targets of the campaign include government, research, academic, technology, and financial...

Human Factors in Cybersecurity in Icelandic Small and Medium-Sized Enterprises

Cybersecurity threats are increasing in all aspects of society due to the integration of digital systems into modern-day life and a volatile geo-political landscape. Technical factors are an ongoing arms race; however, the threat surface from human and social factors is still present, often...

New Russia-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone,...

S3C2 Summit 2025-07: Government Secure Supply Chain Summit

Software supply chains, while providing immense economic and software development value, are only as strong as their weakest link. Over the past several years, there has been an exponential increase in cyberattacks specifically targeting vulnerable links in critical software supply chains. The...

indo-cpanel-exploit

🦉 Indo cPanel Exploit Toolkit ⚠️ FOR AUTHORIZED SECURITY TE...

CVE-2017-9300

creationtimestamp| type| source ---|---|--- 2026-05-26 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-146-05...

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

The Belarus-aligned threat actor known as Ghostwriter aka UAC-0057 and UNC1151 has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the Computer Emergency Response Team of Ukraine CERT-UA,...

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

In 2025, we observed pervasive SSH tunnel activity, which has remained active into 2026, affecting many government organizations and commercial companies in Russia and Belarus. Behind some of this activity is Cloud Atlas, a group we have known since 2014. During our investigation, we identified n...

CVE-2026-45659

creationtimestamp| type| source ---|---|--- 2026-05-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1886 2026-05-22 13:10:21+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mmgz25nmtv2h 2026-05-22 23:22:57+00:00| seen|...

CVE-2026-42827

creationtimestamp| type| source ---|---|--- 2026-05-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1886...

CVE-2026-42901

creationtimestamp| type| source ---|---|--- 2026-05-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1886 2026-05-23 00:00:40+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mmi5exmxxb2y 2026-05-23 00:00:41+00:00| seen|...

CVE-2026-41104

creationtimestamp| type| source ---|---|--- 2026-05-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1886 2026-05-23 03:34:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmijdcsc7g2r 2026-05-29 21:37:06+00:00| seen|...

CVE-2026-23663

creationtimestamp| type| source ---|---|--- 2026-05-21 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1886...

Fake malware-signing service Fox Tempest dismantled by Microsoft

Microsoft says it dismantled a malware-signing-as-a-service MSaaS called Fox Tempest, which helped cybercriminals make malware appear legitimate. The service let customers submit malicious files to be digitally signed with short-lived Microsoft-issued certificates, making the malware look...

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service MSaaS operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attribut...