Microsoft

Active attack: Dirty Frag Linux vulnerability expands post-compromise risk

Dirty Frag is a newly disclosed Linux local privilege escalation vulnerability affecting kernel networking and ...

JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows ...
The Hacker News

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

PhantomCore exploited three TrueConf flaws since September 2025, enabling remote access and lateral movement across Russian ...

New PCPJack worm steals credentials, cleans TeamPCP infections

A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing ...
Morning Overview on MSN

Hackers are now exploiting vulnerabilities 7 days before patches exist — and hand off access in 22 seconds, Mandiant warns

A vulnerability tracked as CVE-2025-53770 and referred to as ToolShell is already being used against real targets, and the ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...

Trader or driller? Iran war exposes Big Oil's transatlantic divide

European oil majors’ first-quarter profits were lifted by bumper trading gains as the Iran war upended supply chains, ...
The Hacker News

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

CVE-2026-32202 actively exploited after April 27 advisory fix, exposing NTLMv2 hashes via zero-click SMB authentication.
Infosecurity Magazine

Cline Kanban Flaw Lets Websites Hijack AI Coding Agents

Cline is one of the most widely adopted open-source AI coding assistants, and its Kanban feature provides a web-based project ...

200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...
Windows Report

CISA Orders Urgent Patch for Actively Exploited Windows Shell Vulnerability

CISA orders urgent patching of a Windows Shell flaw actively exploited in zero-click attacks. Federal agencies must update by ...

Banks must work harder to navigate a tsunami of cyber, fraud risks

The latest mortgage fraud tally is at $3 billion and CBA is investigating 10 brokers, but this may just be the tip of the ...