SecurityTicks - Security Ticks

We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is

We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is 2026-05-05 at 17:46 By While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, […]

We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is Read More »

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Uncategorized / SecurityTicks

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks 2026-05-05 at 17:46 By Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks Read More »

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations

AitM, Microsoft, phishing / SecurityTicks

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations 2026-05-05 at 17:45 By Eduard Kovacs The malicious emails claim to contain a conduct report and lure victims to a Microsoft phishing website that leverages AitM. The post Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations appeared first on SecurityWeek. This article is an excerpt

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations Read More »

More missions, less money, higher risk: NASA’s back to the ’90s playbook

Uncategorized / SecurityTicks

More missions, less money, higher risk: NASA’s back to the ’90s playbook 2026-05-05 at 17:33 By Richard Speed Faster, better, cheaper is back and history suggests you can’t get all three at the same time OPINION NASA’s budget and its new administrator’s statements are evoking a ghost from the agency’s past: Faster, better, cheaper.… This

More missions, less money, higher risk: NASA’s back to the ’90s playbook Read More »

Google to pay up to $1.5 million for zero-click Pixel Titan M exploits

Android, bug bounty, Chrome, Google, News / SecurityTicks

Google to pay up to $1.5 million for zero-click Pixel Titan M exploits 2026-05-05 at 17:29 By Anamarija Pogorelec Google has revised its Android and Chrome Vulnerability Reward Programs (VRPs), which pay security researchers to report vulnerabilities in Android, Google hardware, and the Chrome browser. The update raises top bounties to $1.5 million and adjusts

Google to pay up to $1.5 million for zero-click Pixel Titan M exploits Read More »

Bun posts Rust porting guide, says rewrite is still half-baked

Uncategorized / SecurityTicks

Bun posts Rust porting guide, says rewrite is still half-baked 2026-05-05 at 17:08 By Tim Anderson Zig’s no-AI policy is at odds with view that most open source code will be AI-written in future Bun creator Jarred Sumner has posted a Zig-to-Rust porting guide, igniting speculation that the project may migrate away from Zig, though

Bun posts Rust porting guide, says rewrite is still half-baked Read More »

LevelBlue TTP Briefing Q1 2026: Trust Abuse Exposes Weaknesses

DFIR, Emerging Threats, Reports / SecurityTicks

LevelBlue TTP Briefing Q1 2026: Trust Abuse Exposes Weaknesses 2026-05-05 at 17:00 By Explore the latest trends, techniques, and procedures (TTPs) our incident response (IR) experts are actively facing with the TTP Briefing Q1 2026, a report built on frontline threat intelligence from our global incident response investigations across LevelBlue. This article is an excerpt

LevelBlue TTP Briefing Q1 2026: Trust Abuse Exposes Weaknesses Read More »

Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking

Uncategorized / SecurityTicks

Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking 2026-05-05 at 16:34 By Connor Jones Cushman & Wakefield activated incident response protocols after serial extortionists issued separate threats Real estate giant Cushman & Wakefield has confirmed a data breach after two cybercrime groups, ShinyHunters and Qilin, separately claimed responsibility for attacks

Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking Read More »

Hacker Conversations: Joey Melo on Hacking AI

AI, Artificial Intelligence, Hacker Conversations, LLM / SecurityTicks

Hacker Conversations: Joey Melo on Hacking AI 2026-05-05 at 16:30 By Kevin Townsend AI red team specialist details his methods for manipulating AI guardrails through jailbreaking and data poisoning, helping developers harden machine learning models. The post Hacker Conversations: Joey Melo on Hacking AI appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Hacker Conversations: Joey Melo on Hacking AI Read More »

Unexpected item in Windows’ bagging area

Uncategorized / SecurityTicks

Unexpected item in Windows’ bagging area 2026-05-05 at 13:21 By Richard Speed Activating Windows will cost more than a couple of cheap carrier bags Bork!Bork!Bork! Things must be tough for UK grocery retailer Sainsbury’s, judging by the state of Windows Activation on one of its self-service kiosks.… This article is an excerpt from The Register

Unexpected item in Windows’ bagging area Read More »

Microsoft’s bad obsession is showing up in shabby services and slipshod software. Here’s proof

Uncategorized / SecurityTicks

Microsoft’s bad obsession is showing up in shabby services and slipshod software. Here’s proof 2026-05-05 at 13:21 By Rupert Goodwins If you can’t bother to keep GitHub running, why should we bother with you? Opinion It’s been another shabby week for Microsoft, and a shabbier one for its users. We learnt that Windows 11’s epic

Microsoft’s bad obsession is showing up in shabby services and slipshod software. Here’s proof Read More »

NHS to close-source hundreds of GitHub repos over AI, security concerns

Uncategorized / SecurityTicks

NHS to close-source hundreds of GitHub repos over AI, security concerns 2026-05-05 at 13:21 By Connor Jones Healthcare giant’s maintainers handed May deadline to enact the change The UK’s National Health Service (NHS) is ordering all of its technology leaders to temporarily wall off the organization’s open source projects over concerns relating to advanced AI

NHS to close-source hundreds of GitHub repos over AI, security concerns Read More »

Meta adds proof-based security to encrypted backups

backup, Encryption, Facebook Messenger, Meta, News, Privacy, WhatsApp / SecurityTicks

Meta adds proof-based security to encrypted backups 2026-05-05 at 13:21 By Anamarija Pogorelec Meta has updated its infrastructure for protecting password-based and end-to-end encrypted backups, introducing over-the-air fleet key distribution for Messenger and a commitment to publishing evidence of secure fleet deployments. How encrypted backups work These updates build on the company’s HSM-based Backup Key

Meta adds proof-based security to encrypted backups Read More »

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China

attack, cybercrime, ESET, Malware, News, North Korea, online gaming, supply chain attacks, threats / SecurityTicks

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China 2026-05-05 at 13:21 By Sinisa Markovic A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts traditional card and board games for a community that

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China Read More »

One in four MCP servers opens AI agent security to code execution risk

agentic AI, AI, cybersecurity, data, enterprise, framework, News, report / SecurityTicks

One in four MCP servers opens AI agent security to code execution risk 2026-05-05 at 13:21 By Anamarija Pogorelec Enterprise deployments of AI agents lean on two extension mechanisms that introduce risk at different layers of the stack. MCP servers expose deterministic code functions with structured, loggable invocations. Skills load textual instruction sets directly into

One in four MCP servers opens AI agent security to code execution risk Read More »

Can your coding style predict whether your code is vulnerable?

code analysis, cybersecurity, Don't miss, LLMs, News, research, software development / SecurityTicks

Can your coding style predict whether your code is vulnerable? 2026-05-05 at 13:21 By Sinisa Markovic Developers leave fingerprints in the code they write. Naming choices, indentation patterns, preferred APIs, and the way someone structures a loop or handles a pointer all carry traces of individual habit. Researchers have used these stylistic signals for years

Can your coding style predict whether your code is vulnerable? Read More »

Cybersecurity jobs available right now: May 5, 2026

cybersecurity jobs, News / SecurityTicks

Cybersecurity jobs available right now: May 5, 2026 2026-05-05 at 13:21 By Anamarija Pogorelec Armis Security Specialist HCLTech | Ireland | On-site – View job details As an Armis Security Specialist, you will manage and optimize the Armis deployment to strengthen security across lab, OT, and IoT environments. You will maintain device visibility, refine policies

Cybersecurity jobs available right now: May 5, 2026 Read More »

MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs

China, exploited, MetInfo, Vulnerabilities, vulnerability, Weaver E-cology / SecurityTicks

MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs 2026-05-05 at 13:20 By Ionut Arghire The security defects allow unauthenticated, remote attackers to execute arbitrary code through crafted requests. The post MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs Read More »

WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities

Featured, patch, spoofing, Vulnerabilities, vulnerability, WhatsApp / SecurityTicks

WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities 2026-05-05 at 13:20 By Eduard Kovacs The vulnerabilities were reported to Meta through its bug bounty program and were patched with updates released earlier this year. The post WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities Read More »

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

Uncategorized / SecurityTicks

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows 2026-05-05 at 13:20 By The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China. While prior versions

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows Read More »