Google spotted an AI-developed zero-day before attackers could use it
Google researchers found a zero-day exploit developed by artificial intelligence and alerted the susceptible vendor to the imminent threat before a well-known cybercrime group initiated a mass-exploitation campaign, the company said in a report released Monday. The averted disaster probably isn't the first time attackers used AI to build a zero-day, but it is the first time Google Threat Intelligence Group found compelling evidence that this escalation in exploit development is underway. READ MORE...
ShinyHunters Claims Second Attack Against Instructure
The ShinyHunters gang has claimed a second successive breach of Instructure, the supplier of the Canvas learning management system (LMS), mere hours after the company claimed the whole affair was over. On April 25, the ShinyHunters cybercrime operation did what it's been doing for years now: it took advantage of some large, well-connected organization's exposed cloud infrastructure to access, steal, and then threaten to leak some huge trove of data. READ MORE...
Skoda Data Breach Hits Online Shop Customers
Automobile manufacturer Skoda has disclosed a data breach impacting the personal information of its online shop's users. The incident, the company says, was discovered as part of its technical security monitoring and was the result of a vulnerability in the portal's software. Immediately after learning of the cyberattack, the car maker took the shop offline, patched the exploited vulnerability, and reviewed existing security mechanisms. READ MORE...
Over 500 Organizations Hit in Years-Long Phishing Campaign
A phishing campaign that has been ongoing for more than four years has made hundreds of victims across multiple industries, SOCRadar reports. Dubbed Operation HookedWing, the campaign was first documented in 2022 but has sustained activity and adapted its infrastructure while keeping core patterns largely unchanged. Over the course of four years, more than 2,000 user credentials across over 500 organizations in several sectors were stolen as part of the campaign. READ MORE...
Cyber Espionage Group Targets Aviation Firms to Steal Map Data
As cyber operations continue to support regional conflicts, threat groups are targeting a wider range of information, including geospatial mapping and global positioning systems (GPS) data that can be used to locate enemy assets and gather information on a rival's own intelligence capabilities, cybersecurity firms warn. One cyber espionage group has used specially crafted phishing and malvertising campaigns to target aerospace firms and drone operators. READ MORE...
JDownloader site hacked to replace installers with Python RAT malware
The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based remote access trojan. The supply chain attack affects those who downloaded installers from the official website between May 6 and May 7, 2026 via the Windows "Download Alternative Installer" links or the Linux shell installer. READ MORE...
Worm rubs out competitor's malware, then takes control
There's a mysterious framework worming its way through exposed cloud instances removing all traces of TeamPCP infections, but it's not benevolent by a long shot: Whoever is behind this bit of malware may be cleaning up who came before, but only so they can take their place. Discovered by security outfit SentinelOne's SentinelLabs researchers and dubbed PCPJack, the worm was first spotted in late April hiding among a Kubernetes-focused VirusTotal hunting rule. READ MORE...
Anthropic's Claude used in attempted compromise of Mexican water utility
An unknown cyber threat group abused Anthropic's Claude AI to assist in a sophisticated takeover attempt against a local water utility in Mexico, according to a report released Wednesday by Dragos. The attack was part of a larger months-long campaign between December of 2025 and February of this year targeting multiple government agencies inside the country. Researchers said the incident raised troubling questions about how attackers quickly weaponized Claude against a critical sector. READ MORE...
Inside Department 4: Russia's secret school for hackers
Most universities have a careers fair. At Bauman Moscow State Technical University, however, an elite group of students appear to have something rather more unusual: a direct pipeline into some of the world's most notorious state-sponsored hacking groups. A new investigation by a consortium of journalists has lifted the lid on a secretive faculty inside one of Russia's most prestigious technical universities - that has spent years grooming students to become hackers for Russian intelligence. READ MORE...
Yarbo responds to robot flaws that could mow down their owners
A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords. Security researcher Andreas Makris found he could remotely hijack thousands of Yarbo yard robots worldwide, and proved it by having his mower run him over. The root cause was a cluster of "legacy" design choices: every robot shared the same hardcoded root password, remote tunnels were left open, and MQTT messaging was weakly protected. READ MORE...
- ...in 1904, surrealist painter Salvador Dali is born in Catalonia, Spain.
- ...in 1918, Nobel Prize-winning physicist and engineer Richard Feynman is born in New York City.
- ...in 1946, scientist Robert Jarvik, the designer of the revolutionary Jarvik-7 artificial heart, is born in Midland, MI.
- ...in 1997, IBM's supercomputer Deep Blue defeats grandmaster Garry Kasparov in a six-game match, becoming the first machine to defeat a world-champion human player.
