ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

May 28, 2026 at 07:03PM Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spin…

New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"

May 28, 2026 at 05:00PM State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise …

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

May 28, 2026 at 01:24PM A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organiz…

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

May 27, 2026 at 05:18PM CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous d…

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees

May 27, 2026 at 05:00PM When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summ…

Gitea Vulnerability Exposes Private Container Images without Authentication

May 27, 2026 at 03:36PM Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform f…

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

May 27, 2026 at 01:15PM Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) c…

MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

May 26, 2026 at 04:00PM Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant tha…

CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

May 26, 2026 at 02:43PM The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations t…

Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning

May 26, 2026 at 12:43PM The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) ha…

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

May 26, 2026 at 10:49AM A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Manage…

The Alert Firehose Finally Meets Its Match

May 25, 2026 at 05:00PM Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear "Noisy,&…