CVE-2026-42891

creationtimestamp| type| source ---|---|--- 2026-05-12 16:38:43+00:00| seen| https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review 2026-05-13 01:08:48+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20...

Microsoft Power Pages Misconfigurations Expose Millions of Records Globally

SaaS Security firm AppOmni has identified misconfigurations in Microsoft Power Pages that can lead to severe data breaches.…...

Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining

The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver...

North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry

The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems, underscoring the persistent nature of their campaigns. The packages in question, harthat-api and harthat-hash, we...

Low-Drama ‘Dark Angels’ Reap Record Ransoms

A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company. Security experts say the Dark Angels have been around since 2021, but the group doesnt get much press...

Don’t Fall for CrowdStrike Outage Scams

Swindlers are spinning up bogus websites in an attempt to dupe people with “CrowdStrike support” scams following the security firm's catastrophic software update...

New Medusa Android Trojan Targets Banking Users Across 7 Countries

Cybersecurity researchers have discovered an updated version of an Android banking trojan called Medusa that has been used to target users in Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. The new fraud campaigns, observed in May 2024 and active since July 2023, manifested through...

Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years

An Indian hack-for-hire group targeted the U.S., China, Myanmar, Pakistan, Kuwait, and other countries as part of a wide-ranging espionage, surveillance, and disruptive operation for over a decade. Indian security firm under scrutiny, according to an in-depth analysis from SentinelOne, began as a...

Moses Staff Hackers Publish Footage of Jerusalem Explosion

By Habiba Rashid According to claims made by Moses Staff hackers, they hacked a major Israeli security firm to access and leak the footage. This is a post from HackRead.com Read the original post: Moses Staff Hackers Publish Footage of Jerusalem Explosion...

Researchers Detail Malicious Tools Used by Cyber Espionage Group Earth Aughisky

A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat APT group named Earth Aughisky. "Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets...

Researchers Detail OriginLogger RAT — Successor to Agent Tesla Malware

Palo Alto Networks Unit 42 has detailed the inner workings of a malware called OriginLogger, which has been touted as a successor to the widely used information stealer and remote access trojan RAT known as Agent Tesla. A .NET based keylogger and remote access, Agent Tesla has had a long-standing...

TeaBot Trojan Haunts Google Play Store, Again

The TeaBot banking trojan – also known as “Anatsa” – has been spotted on the Google Play store, researchers from Cleafy have discovered. The malware – designed to intercept SMS messages and login credentials from unwitting users – affected users of “more than 400 banking and financial apps,...

TeaBot Android Banking Malware Spreads Again Through Google Play Store Apps

An Android banking trojan designed to steal credentials and SMS messages has been observed once again sneaking past Google Play Store protections to target users of more than 400 banking and financial apps, including those from Russia, China, and the U.S. "TeaBot RAT capabilities are achieved via...

China Suspected of News Corp Cyberespionage Attack

The Chinese hackers responsible for an attack on media giant News Corp last month likely were seeking intelligence to serve China’s interests in a cyberespionage incident that shows the persistent vulnerability of corporate networks to email-based attacks, security professionals said. Reports on...

Security researchers play peek-a-boo with Conti ransomware server

It’s not been a great time for ransomware authors recently. Well, some ransomware authors at any rate. While many are making huge amounts of money from their device-locking antics, its not a profession without risk. Every so often something can and does go wrong, and ransomware groups get into al...

Amnesty Intl. accuses Indian cyber security firm of spyware attacks

By Waqas According to Amnesty International, it found evidence that attackers testing the spyware were using the IP address of Indian cyber security firm Innefu Labs. This is a post from HackRead.com Read the original post: Amnesty Intl. accuses Indian cyber security firm of spyware attacks...

FIN8 Targets US Bank With New ‘Sardonic’ Backdoor

The financially motivated FIN8 cybergang used a brand-new backdoor – dubbed Sardonic by the Bitdender researchers who first spotted it – in attempted but unsuccessful breaches of networks belonging to two unidentified U.S. financial organizations. It’s a nimble newcomer, researchers wrote: “The...

Hackers Steal Over $600 Million Worth of Cryptocurrencies from Poly Network

Hackers have siphoned $611 million worth of cryptocurrencies from a blockchain-based financial network in what's believed to be one of the largest heists targeting the digital asset industry, putting it ahead of breaches targeting exchanges Coincheck and Mt. Gox in recent years. Poly Network, a...

Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing

A Moroccan man suspected of being “Dr HeX” – the prolific threat actor behind a nine-year cyber-blitz on thousands of victims through phishing, website defacing, malware development, fraud and carding – has been arrested. Interpol announced the bust – which took place in Morocco in May – on...

NFC Flaws Let Researchers Hack ATMs by Waving a Phone

Flaws in card reader technology let a security firm consultant wreak havoc with point-of-sale systems and more...