Home

CYBER SECURITY NEWS

• TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
  May 12, 2026
  Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. "If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously," the cybersecurity company said in a statement over the […]
• cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
  May 12, 2026
  A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of […]
• Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
  May 12, 2026
  Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and exploit generation. The activity is said […]
• ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
  May 11, 2026
  Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically […]
• Your Purple Team Isn't Purple — It's Just Red and Blue in the Same Room
  May 11, 2026
  Defending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into a SIEM query. A red team script is being rewritten by hand so the blue team can use it. A patch waiting on a change-approval window that's longer than the exploitation window itself. Nobody in […]
• Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
  May 11, 2026
  A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. The project, named Open-OSS/privacy-filter, masqueraded as its legitimate counterpart released by OpenAI late last month (openai/privacy-filter), including copying the entire description
• Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
  May 10, 2026
  Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers globally, is tracked as CVE-2026-7482 (CVSS score: 9.1). It has been codenamed Bleeding Llama by Cyera. Ollama is a

LATEST POSTS

• Data Protection and Backup
• Awakening Conference Byron Bay (19th – 21st September) 2025
• Online Conference 14th September (Sydney A.E.S.T)
• WebRoot Zero Day Malware Protection
• Cyber Security (MailGuard)