sittisak mintaboon

248/69 Thursday, May 7, 2026 Microsoft has disclosed a large-scale phishing campaign targeting more than 35,000 users across 26 countries during mid-April 2026. The attackers used fraudulent emails themed around “Code of Conduct” violations, delivered through legitimate email services, to lure victims into visiting fake websites designed to steal authentication tokens and login credentials. Microsoft […]

247/69 Thursday, May 7, 2026 Vimeo has confirmed a data breach incident affecting approximately 119,000 users during April 2026. The company stated that the breach did not originate from a direct compromise of Vimeo’s own systems, but was instead linked to a vulnerability involving Anodot, a third-party analytics service provider. Through this connection, the ShinyHunters […]

246/69 Wednesday, May 6, 2026 Palo Alto Networks has confirmed the discovery of a critical zero-day vulnerability, tracked as CVE-2026-0300, affecting PAN-OS. The flaw is a Buffer Overflow vulnerability in the User-ID Authentication Portal (Captive Portal) service and impacts PA-Series and VM-Series firewalls with the feature enabled. The vulnerability could allow unauthenticated remote attackers to […]

245/69 Wednesday, May 6, 2026 The National Cyber Security Centre (NCSC) has warned that artificial intelligence (AI) is significantly accelerating the discovery of software vulnerabilities, increasing the global risk of cyberattacks. According to the agency, highly skilled threat actors can now leverage AI to identify hidden vulnerabilities much faster than before, potentially leading to the […]

244/69 Wednesday, May 6, 2026 Researchers from Kaspersky have reported a significant rise in cyberattack campaigns where threat actors abuse Amazon Web Services Simple Email Service (SES), a legitimate and trusted email delivery platform, to distribute large-scale phishing emails targeting organizations. The primary cause is the exposure of AWS IAM Access Keys through public sources […]

243/69 Tuesday, May 5, 2026 Microsoft has confirmed that its April 2026 Windows security updates may cause certain backup applications to malfunction. The issue primarily affects software that relies on the psmounterex.sys driver for mounting or managing backup image files. It may impact some devices running Windows 10, Windows 11, and Windows Server, resulting in […]

242/69 Tuesday, May 5, 2026 In late April 2026, a cybersecurity incident targeted Sistemi Informativi, an IBM subsidiary responsible for managing critical IT infrastructure for government and industrial sectors in Italy. The incident raised concerns among security agencies and critical infrastructure providers, as the company’s systems are interconnected with multiple sectors across the country. IBM […]

241/69 Tuesday, May 5, 2026 Google has announced a major overhaul of its Vulnerability Reward Programs (VRP) for both Android and Chrome, adapting to a new era where artificial intelligence plays a significant role in bug discovery. Reports indicate that advanced AI tools-such as GPT-5.4 Cyber-can rapidly analyze code and help generate attack models, leading […]

240/69 Friday, May 1, 2026 Security researchers from Anchor Hosting have revealed that the Quick Page/Post Redirect WordPress plugin—used for creating redirects and installed on over 70,000 websites—has contained a hidden backdoor since 2020. The issue was identified after abnormal activity alerts were detected across 12 managed websites. Investigation found that versions 5.2.1 and 5.2.2 […]

239/69 Friday, May 1, 2026 cPanel has released a security update to address an authentication vulnerability that could allow unauthorized access to server control panels. The flaw affects all currently supported versions and poses a significant risk to systems exposed to the internet. cPanel is a widely used web hosting control panel that enables users […]