Warning: TCLBANKER Malware Targets Financial Platforms and Spreads via WhatsApp and Outlook

253/69 Monday, May 11, 2026 Researchers from Elastic Security Labs have identified a new malware strain known as TCLBANKER (tracked as REF3076), a Brazilian banking trojan targeting more than 59 financial platforms, fintech services, and cryptocurrency-related systems. The malware is particularly concerning because it evolved from the Maverick malware family and now includes worm-like self-propagation […]

sittisak mintaboon

May 11, 2026

Hackers Abuse Google Ads to Impersonate GoDaddy ManageWP Login Pages and Steal User Accounts

252/69 Friday, May 8, 2026 Researchers from Guardio Labs have uncovered a phishing campaign that abuses Google Ads to impersonate the login page of GoDaddy ManageWP, a platform used to manage multiple WordPress websites from a single dashboard. The malicious advertisements appeared above legitimate search results when users searched for the keyword “managewp,” leading victims […]

sittisak mintaboon

May 8, 2026

Taiwanese Student Disrupts High-Speed Rail System, Exposing Security Weaknesses in Critical Infrastructure

251/69 Friday, May 8, 2026 Taiwan’s high-speed rail system experienced a temporary service disruption after four trains received emergency alarm signals and were forced into emergency stop mode, causing operations to halt for nearly one hour and affecting a large number of passengers. Subsequent investigations revealed that the incident was caused by a 23-year-old university […]

sittisak mintaboon

May 8, 2026

New xlabs_v1 Botnet Targets IoT Devices via Exposed ADB Services, Offers DDoS-for-Hire Attacks Against Servers

250/69 Friday, May 8, 2026 Cybersecurity researchers from Hunt.io have disclosed the discovery of a new Mirai-based botnet named “xlabs_v1,” which specifically targets devices exposing Android Debug Bridge (ADB) services over TCP port 5555. The botnet primarily focuses on Android TV boxes, smart TVs, set-top boxes, home routers, and various IoT devices supporting ARM, MIPS, […]

sittisak mintaboon

May 8, 2026

Critical Vulnerability in Ollama May Expose Over 300,000 Publicly Accessible Instances

249/69 Thursday, May 7, 2026 Security researchers from Cyera have warned about a critical vulnerability in Ollama tracked as CVE-2026-7482, also referred to as “Bleeding Llama,” which could place more than 300,000 internet-exposed Ollama instances at risk of sensitive data theft. The vulnerability is a heap out-of-bounds read issue within the GGUF model loader and […]

sittisak mintaboon

May 7, 2026

Microsoft Warns of Global Phishing Campaign Stealing Authentication Tokens, Affecting Over 35,000 Users

248/69 Thursday, May 7, 2026 Microsoft has disclosed a large-scale phishing campaign targeting more than 35,000 users across 26 countries during mid-April 2026. The attackers used fraudulent emails themed around “Code of Conduct” violations, delivered through legitimate email services, to lure victims into visiting fake websites designed to steal authentication tokens and login credentials. Microsoft […]

sittisak mintaboon

May 7, 2026

Vimeo Confirms Data Breach Affecting 119,000 Users After ShinyHunters Exploited Third-Party Vendor Vulnerability

247/69 Thursday, May 7, 2026 Vimeo has confirmed a data breach incident affecting approximately 119,000 users during April 2026. The company stated that the breach did not originate from a direct compromise of Vimeo’s own systems, but was instead linked to a vulnerability involving Anodot, a third-party analytics service provider. Through this connection, the ShinyHunters […]

sittisak mintaboon

May 7, 2026

Palo Alto Networks prepares emergency patches for a zero-day vulnerability after active exploitation against real-world firewalls was detected.

246/69 Wednesday, May 6, 2026 Palo Alto Networks has confirmed the discovery of a critical zero-day vulnerability, tracked as CVE-2026-0300, affecting PAN-OS. The flaw is a Buffer Overflow vulnerability in the User-ID Authentication Portal (Captive Portal) service and impacts PA-Series and VM-Series firewalls with the feature enabled. The vulnerability could allow unauthenticated remote attackers to […]

sittisak mintaboon

May 6, 2026

National Cyber Security Centre warns that AI is accelerating vulnerability discovery, raising concerns over a global “Patch Wave.”

245/69 Wednesday, May 6, 2026 The National Cyber Security Centre (NCSC) has warned that artificial intelligence (AI) is significantly accelerating the discovery of software vulnerabilities, increasing the global risk of cyberattacks. According to the agency, highly skilled threat actors can now leverage AI to identify hidden vulnerabilities much faster than before, potentially leading to the […]

sittisak mintaboon

May 6, 2026

Hackers increasingly abuse Amazon SES services to deliver phishing emails and bypass security systems.

244/69 Wednesday, May 6, 2026 Researchers from Kaspersky have reported a significant rise in cyberattack campaigns where threat actors abuse Amazon Web Services Simple Email Service (SES), a legitimate and trusted email delivery platform, to distribute large-scale phishing emails targeting organizations. The primary cause is the exposure of AWS IAM Access Keys through public sources […]

sittisak mintaboon

May 6, 2026
1 11 12 13 100