Latest news as of 5/23/2026, 4:31:49 AM
Graham Cluley
The UK's National Cyber Security Centre (NCSC) has issued a warning about the threat posed by distributed denial-of-service (DDoS) attacks from Russia-linked hacking groups who are reported to be continuing to target British organisations. Are you prepared? Read more in my article on the Hot for Security blog.
The Hacker News
Gartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry's collective "to-do list" has become mathematically impossible to complete. And so it seems that the introduction of the Exposure Assessment Platforms (EAP) category is a formal admission that traditional Vulnerability Management (VM) is no longer a viable way to secure a modern
The Hacker News
The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence (AI) model. That's according to new findings from Check Point Research, which identified operational security blunders by malware's author that provided clues to its developmental origins. The latest insight makes
The Hacker News
Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization. Zafran Security said the high-severity flaws, collectively dubbed ChainLeak, could be abused to leak cloud environment API keys and steal sensitive files, or
Have I Been Pwned
In November 2025, , alleging they had obtained access to 343GB of data. , including 72M email addresses. Many records also contained additional personal information such as names, dates of birth, genders, geographic locations and purchase information. the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom In January 2026, customer data from the incident was published publicly on a popular hacking forum
The Hacker News
A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in the execution of arbitrary JavaScript. The vulnerability, tracked as CVE-2026-1245 (CVSS score: N/A), affects all versions of the module prior to version 2.3.0, which addresses the issue. Patches for the flaw were released on November 26, 2025. Binary-parser is a
The Hacker News
LastPass is alerting users to a new active phishing campaign that's impersonating the password management service, which aims to trick users into giving up their master passwords. The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenance and urging them to create a local backup of their password vaults in the next 24 hours. The
The Register
Maintainer hopes hackers send bug reports anyway, will keep shaming ‘silly ones’ The maintainer of popular open-source data transfer tool has ended the project’s bug bounty program after maintainers struggled to assess a flood of AI-generated contributions.… cURL
Bleeping Computer
Chromium-based ChatGPT Atlas browser is testing a new feature likely called "Actions," and it can also understand videos, which is why you might see ChatGPT generating timestamps for videos. [...]
Bleeping Computer
OpenAI recently rolled out ads to ChatGPT in the United States if you use $8 Go subscription or a free account, but Google says it does not plan to put ads in Gemini. [...]