First reports come in of victims of critical cPanel vuln as ‘millions’ of sites potentially exposed 2026-05-01 at 18:23 By Carly Page Exploitation was underway before patches landed, at least one victim reports ransomware demand CISA has added a critical cPanel bug to its known-exploited list, confirming that attackers are already poking holes in one […]
Microsoft releases first big update after Nadella’s vow to ‘win back fans’ 2026-05-01 at 18:23 By Richard Speed Lots of fixes, some performance tweaks. Fingers crossed there’s no out-of-band patch to follow Microsoft is following through on its promise to prioritize Windows stability with its April 30 non-security update.… This article is an excerpt from
Microsoft releases first big update after Nadella’s vow to ‘win back fans’ Read More »
Download: Automating Pentest Delivery Guide 2026-05-01 at 18:21 By Help Net Security Pentesting remains one of the most effective ways to identify real-world weaknesses, but the method for delivering results hasn’t evolved. Manual workflows involving static documents and email threads introduce delays, create inefficiencies, and diminish the value of the work. This guide on Automating
Download: Automating Pentest Delivery Guide Read More »
In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability 2026-05-01 at 18:20 By SecurityWeek News Other noteworthy stories that might have slipped under the radar: OFAC hits Iranian central bank crypto reserves, ADT data leak, CISA guidance for zero trust in OT. The post In Other News: Scattered Spider Hacker Arrested,
Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge 2026-05-01 at 18:20 By Eduard Kovacs The maximum reward for a zero-click Pixel Titan M exploit with persistence has increased to $1.5 million. The post Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge appeared first
Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge Read More »
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks 2026-05-01 at 18:20 By Cybersecurity researchers are warning of two cybercrime groups that are carrying out “rapid, high-impact attacks” operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The clusters, Cordial Spider (aka BlackFile, CL-CRI-1116, O-UNC-045, and
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks Read More »
China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists 2026-05-01 at 18:20 By Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European government belonging to NATO. Trend Micro has attributed the activity to a threat activity cluster
China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists Read More »
OpenAI locks GPT-5.5-Cyber behind velvet rope despite slamming Anthropic for doing exactly that 2026-05-01 at 15:18 By Carly Page Altman’s crew now doing the same gatekeeping it recently mocked OpenAI is lining up a limited release of its new GPT-5.5-Cyber model to a handpicked circle of “cyber defenders,” just weeks after taking a swipe at
SpaceX rocket set for unintentional Moon landing – well, a piece of it anyway 2026-05-01 at 15:18 By Richard Speed But unlike most junkers, it’ll be traveling faster than the speed of sound, claims astronomy software dev An astronomy software dev claims a Falcon 9 upper stage will hit the Moon in August, traveling at
SpaceX rocket set for unintentional Moon landing – well, a piece of it anyway Read More »
Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down 2026-05-01 at 15:18 By Connor Jones 313 Team tells Canonical: pay up or the packets keep coming Canonical says its web infrastructure is under attack after a pro-Iran hacktivist group instructed its members to target the open source giant.… This article is an excerpt from
Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down Read More »
Two US Security Experts Sentenced to Prison for Helping Ransomware Gang 2026-05-01 at 15:18 By Eduard Kovacs Ryan Goldberg of Georgia and Kevin Martin of Texas were each sentenced to four years in prison. The post Two US Security Experts Sentenced to Prison for Helping Ransomware Gang appeared first on SecurityWeek. This article is an
Two US Security Experts Sentenced to Prison for Helping Ransomware Gang Read More »
Sophisticated Deep#Door Backdoor Enables Espionage, Disruption 2026-05-01 at 15:18 By Ionut Arghire The stealthy Python-based backdoor framework deploys a persistent Windows implant likely designed for espionage. The post Sophisticated Deep#Door Backdoor Enables Espionage, Disruption appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Sophisticated Deep#Door Backdoor Enables Espionage, Disruption Read More »
Top Five Sales Challenges Costing MSPs Cybersecurity Revenue 2026-05-01 at 15:18 By The managed security services market is projected to grow from $38.31 billion in 2025 to $69.16 billion by 2030[1], with cybersecurity being the fastest-growing sector[2]. Despite this opportunity, many MSPs leave revenue on the table because their go-to-market strategy fails to connect technical
Top Five Sales Challenges Costing MSPs Cybersecurity Revenue Read More »
Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks 2026-05-01 at 15:18 By The U.S. Department of Justice (DoJ) on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in 2023. Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of
Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks Read More »
UK pensions dept goes shopping for spy-van tech with £2M surveillance tender 2026-05-01 at 13:58 By Carly Page Covert cameras, live-streaming systems, and in-vehicle recording kit sought to catch out fraudsters The Department for Work and Pensions has gone shopping for covert cameras, live-streaming kit, and vehicle-based recording gear as it lines up a £2
UK pensions dept goes shopping for spy-van tech with £2M surveillance tender Read More »
Who needs ghost train scares when Windows is such a fright? 2026-05-01 at 13:58 By Richard Speed Things that go bork in the night Bork!Bork!Bork! What frightens you? What, as an IT professional, would make you shriek like a small child? What tech horrors are lurking under your bed?… This article is an excerpt from
Who needs ghost train scares when Windows is such a fright? Read More »
Cisco Releases Open Source Tool for AI Model Provenance 2026-05-01 at 13:57 By Eduard Kovacs The new kit aims to address risks related to poisoned models, regulatory issues, supply chain integrity, and incident response. The post Cisco Releases Open Source Tool for AI Model Provenance appeared first on SecurityWeek. This article is an excerpt from
Cisco Releases Open Source Tool for AI Model Provenance Read More »
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft 2026-05-01 at 13:57 By A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitHub
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft Read More »
Passport to £££: Home Office adds £216M to travel doc contract before a single bid’s been placed 2026-05-01 at 12:19 By SA Mathieson Start date pushed back a year, annual cost up a third, and UK’s now handing out eight million passports a year The Home Office has increased the annual value and overall duration
Open-source privacy proxy masks PII before prompts reach external AI services 2026-05-01 at 11:49 By Sinisa Markovic Enterprise developers routinely send prompts to external large language models that contain customer emails, support transcripts, and other identifying information, often without a sanitization layer between the application and the API. Dataiku has released Kiji Privacy Proxy, an
Open-source privacy proxy masks PII before prompts reach external AI services Read More »