GPUBreach Exploit: How Hackers Can Hijack Your System Using Just a GPU
New research reveals the GPUBreach attack, which exploits GPU memory (Rowhammer) to escalate privileges and fully compromise systems — affecting major vendors like NVIDIA, AMD, and Qualcomm.
@Cyber_Security_Channel
New research reveals the GPUBreach attack, which exploits GPU memory (Rowhammer) to escalate privileges and fully compromise systems — affecting major vendors like NVIDIA, AMD, and Qualcomm.
@Cyber_Security_Channel
BleepingComputer
New GPUBreach attack enables system takeover via GPU rowhammer
A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise.
❤6👍5
Why U.S. Critical Infrastructure Is the Highest-Value Target in the Global Cyber War
This surge is directly tied to rising cybersecurity threats to the US critical infrastructure.
Attackers are no longer experimenting; they are executing repeatable, scalable campaigns designed to disrupt essential services.
Cyber_Security_Channel
This surge is directly tied to rising cybersecurity threats to the US critical infrastructure.
Attackers are no longer experimenting; they are executing repeatable, scalable campaigns designed to disrupt essential services.
Cyber_Security_Channel
Cyble
USA Critical Infrastructure Cyberattack Threats In 2026
Explore how a critical infrastructure cyberattack and rising nation-state threats are reshaping US cybersecurity risks in 2026.
❤4
Cloudflare Races to Beat Quantum Threats: Full Post-Quantum Security by 2029
Cloudflare accelerates its post-quantum security roadmap, aiming for full protection, including authentication, across all services by 2029 as quantum computing threats loom closer than expected.
@Cyber_Security_Channel
Cloudflare accelerates its post-quantum security roadmap, aiming for full protection, including authentication, across all services by 2029 as quantum computing threats loom closer than expected.
@Cyber_Security_Channel
The Cloudflare Blog
Cloudflare targets 2029 for full post-quantum security
Recent advances in quantum hardware and software have accelerated the timeline on which quantum attack might happen. Cloudflare is responding by moving our target for full post-quantum security to 2029.
❤3👍3
Zero-Day Alert: Adobe Reader Under Siege by Malicious PDFs Data Theft & RCE Risks Exposed!
Attackers have been exploiting an unpatched Adobe Reader zero-day via malicious PDFs since December 2025, enabling data theft and potential remote code execution even on updated systems. Users are urged to avoid untrusted files until a patch is released.
@Cyber_Security_Channel
Attackers have been exploiting an unpatched Adobe Reader zero-day via malicious PDFs since December 2025, enabling data theft and potential remote code execution even on updated systems. Users are urged to avoid untrusted files until a patch is released.
@Cyber_Security_Channel
Cyber Security News
Hackers Target Adobe Reader Users with Sophisticated Zero-Day Exploit
Security researchers warn that simply opening a booby‑trapped document is enough to trigger the attack on fully up‑to‑date installations of Adobe Reader.
❤3
Cisco Releases Open Source Tool for AI Model Provenance
The new Model Provenance Kit from Cisco, a Python-based toolkit and command-line interface (CLI), aims to address these issues by generating a ‘fingerprint’ for each model based on “metadata signals, tokenizer similarity, and weight-level identity signals such as embedding geometry, normalization layers, energy profiles, and direct weight comparisons”.
Cyber_Security_Channel
The new Model Provenance Kit from Cisco, a Python-based toolkit and command-line interface (CLI), aims to address these issues by generating a ‘fingerprint’ for each model based on “metadata signals, tokenizer similarity, and weight-level identity signals such as embedding geometry, normalization layers, energy profiles, and direct weight comparisons”.
Cyber_Security_Channel
SecurityWeek
Cisco Releases Open Source Tool for AI Model Provenance
The new kit aims to address risks related to poisoned models, regulatory issues, supply chain integrity, and incident response.
❤2👍2
🚨 Lazarus APT is Running An Active Campaign
They are using fake meetings to gain full access to corporate systems, credentials, and sensitive data.
• Who is at risk: Fintech, crypto, and high-value environments where macOS is widely used by developers, executives, and decision-makers.
• Why this is hard to detect: The attack relies on social engineering and native macOS binaries, reducing visibility for traditional EDR tools.
• How SOCs should respond: Identify credential exposure early by introducing @anyrun_app’s cross-platform analysis capabilities during triage that offers a 36% higher detection rate.
→ Read the breakdown and get key defense steps: available here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
They are using fake meetings to gain full access to corporate systems, credentials, and sensitive data.
• Who is at risk: Fintech, crypto, and high-value environments where macOS is widely used by developers, executives, and decision-makers.
• Why this is hard to detect: The attack relies on social engineering and native macOS binaries, reducing visibility for traditional EDR tools.
• How SOCs should respond: Identify credential exposure early by introducing @anyrun_app’s cross-platform analysis capabilities during triage that offers a 36% higher detection rate.
→ Read the breakdown and get key defense steps: available here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
🔥9❤7👍4
EU’s Age Verification App Cracked in 2 Minutes: Security Expert Exposes Fatal Flaws
Security researcher Paul Moore bypassed the EU’s new age verification app in under two minutes by editing a config file, exposing critical design flaws and weak local data storage.
@Cyber_Security_Channel
Security researcher Paul Moore bypassed the EU’s new age verification app in under two minutes by editing a config file, exposing critical design flaws and weak local data storage.
@Cyber_Security_Channel
Cyber Security News
EU’s New Age Verification App Can Be Hacked Within 2 Minutes, Researchers Claim
The European Commission's newly launched Digital Age Verification App, unveiled on April 14, 2026, to protect minors from harmful online content, has already been compromised, with UK-based security consultant Paul Moore demonstrating a full authentication…
👍6❤2
Hackers Breach Canvas Learning Platform, Exposing Data on Millions of Students and Teachers
A cybersecurity attack on the nation's most widely used classroom software has potentially exposed the personal data of millions of students and educators across the country.
Instructure, the company that runs the Canvas learning management system used by more than 7,000 universities, K-12 districts and education ministries worldwide, disclosed the breach to affected institutions this week.
The company confirmed names, email addresses, student ID numbers and private messages between users had been accessed before the breach was contained.
ShinyHunters warned that a failure to pay could result in the release of "several billions of private messages among students and teachers."
A ransom message on the platform appears to give Infrastructure until May 12 to respond and "negotiate a settlement" before the hackers leak information.
@Cyber_Security_Channel
A cybersecurity attack on the nation's most widely used classroom software has potentially exposed the personal data of millions of students and educators across the country.
Instructure, the company that runs the Canvas learning management system used by more than 7,000 universities, K-12 districts and education ministries worldwide, disclosed the breach to affected institutions this week.
The company confirmed names, email addresses, student ID numbers and private messages between users had been accessed before the breach was contained.
ShinyHunters warned that a failure to pay could result in the release of "several billions of private messages among students and teachers."
A ransom message on the platform appears to give Infrastructure until May 12 to respond and "negotiate a settlement" before the hackers leak information.
@Cyber_Security_Channel
The Conversation
Hackers just stole data from 9,000 schools and unis around the world. How can we protect student privacy?
A US-based education tech provider announced a cybersecurity incident affecting its Canvas platform – used by institutions around the world, including Australia.
👍2⚡1👎1
AI Titans Unite: Project Glasswing Deploys Frontier AI to Hunt Down Zero-Days in Critical Software
Project Glasswing, backed by tech giants and powered by Anthropic’s Claude Mythos Preview, uses AI to uncover and patch thousands of zero-day vulnerabilities in critical software, giving defenders the edge in the AI-driven cybersecurity era.
@Cyber_Security_Channel
Project Glasswing, backed by tech giants and powered by Anthropic’s Claude Mythos Preview, uses AI to uncover and patch thousands of zero-day vulnerabilities in critical software, giving defenders the edge in the AI-driven cybersecurity era.
@Cyber_Security_Channel
Anthropic
Project Glasswing: Securing critical software for the AI era
A new initiative to secure the world’s most critical software and give defenders a durable advantage in the coming AI-driven era of cybersecurity.
💩6👍2👎2❤1
Join the Webinar: Marketing Myths Versus the Reality to enhance your ImmuniWeb® AI Platform skills, earn CPE credits, and qualify to become ImmuniWeb® Certified Professional.
✔️ Key Insights:
• Brief history of AI and ML
• AI trends in cybersecurity and cybercrime
• Misuse of AI by cybercrime and fraud actors
• Regulatory & compliance trends for AI usage
• Vendor marketing vs real 2026 AI capabilities
• Novel vulnerabilities: OWASP Top 10 for LLMs
• Review of AI-specific attacks: MITRE ATLAS™
• Leveraging AI in cybersecurity and cyber-defense in 2026
• Review of agentic AI: OWASP Top 10 for Agentic Applications
→ Date & Time: May 20 at 10am and 5pm CEST.
→ Host: Dr. Ilia Kolochenko, CEO & Chief Architect at ImmuniWeb, Attorney-at-Law.
✅ Register Now:
Session 1 – May 20, 2026 – Geneva 10am | Dubai 1pm | Singapore 5pm
👉 Click here.
Session 2 – May 20, 2026 – Geneva 5pm | New York 11am | California 8am
👉 Click here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
✔️ Key Insights:
• Brief history of AI and ML
• AI trends in cybersecurity and cybercrime
• Misuse of AI by cybercrime and fraud actors
• Regulatory & compliance trends for AI usage
• Vendor marketing vs real 2026 AI capabilities
• Novel vulnerabilities: OWASP Top 10 for LLMs
• Review of AI-specific attacks: MITRE ATLAS™
• Leveraging AI in cybersecurity and cyber-defense in 2026
• Review of agentic AI: OWASP Top 10 for Agentic Applications
→ Date & Time: May 20 at 10am and 5pm CEST.
→ Host: Dr. Ilia Kolochenko, CEO & Chief Architect at ImmuniWeb, Attorney-at-Law.
✅ Register Now:
Session 1 – May 20, 2026 – Geneva 10am | Dubai 1pm | Singapore 5pm
👉 Click here.
Session 2 – May 20, 2026 – Geneva 5pm | New York 11am | California 8am
👉 Click here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
❤2
Security Fatigue: How Too Many Alerts Are Making Us All Less Safe Online
New research reveals that constant security demands, including password resets, phishing alerts, and training sessions, lead to "security fatigue."
This causes employees to ignore warnings and weaken organizational cyber defenses.
@Cyber_Security_Channel
New research reveals that constant security demands, including password resets, phishing alerts, and training sessions, lead to "security fatigue."
This causes employees to ignore warnings and weaken organizational cyber defenses.
@Cyber_Security_Channel
TechRepublic
Why Operationalizing AI Security Is the Next Great Enterprise Hurdle
NWN launches an AI-powered security platform to tackle tool sprawl, alert fatigue, and modern cyber threats in the era of agentic enterprises.
❤3🔥3
Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls
No other information has been shared about the attacks exploiting CVE-2026-0300, but limited exploitation typically indicates that a flaw has been leveraged in highly targeted attacks by sophisticated threat actors, often state-sponsored groups.
Cyber_Security_Channel
No other information has been shared about the attacks exploiting CVE-2026-0300, but limited exploitation typically indicates that a flaw has been leveraged in highly targeted attacks by sophisticated threat actors, often state-sponsored groups.
Cyber_Security_Channel
SecurityWeek
Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls
CVE-2026-0300 affects the Captive Portal service of PAN-OS software on PA and VM series firewalls.
🔥2❤1
🚀 Scale Your SOC With Special Offers From @anyrun_app
1. Give your team more visibility across Windows, Linux, macOS, and Android.
2. Detect threats earlier and reduce response time.
3. Boost investigation efficiency by up to 3x.
Save on enterprise-grade security workflows with limited-time offers through May 31: click here to explore all the deals.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
1. Give your team more visibility across Windows, Linux, macOS, and Android.
2. Detect threats earlier and reduce response time.
3. Boost investigation efficiency by up to 3x.
Save on enterprise-grade security workflows with limited-time offers through May 31: click here to explore all the deals.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
❤8🔥2
Slack Scam Alert: Fake Linux Foundation Leader Tricks Devs into Handing Over Secrets
Attackers impersonated a Linux Foundation leader on Slack, tricking developers into clicking a phishing link and installing a fake root certificate to steal credentials and intercept encrypted traffic.
@Cyber_Security_Channel
Attackers impersonated a Linux Foundation leader on Slack, tricking developers into clicking a phishing link and installing a fake root certificate to steal credentials and intercept encrypted traffic.
@Cyber_Security_Channel
theregister
Fake Linux Foundation leader using Slack to phish devs
: Google Sites lure leads to bogus root certificate
👍3❤2🍌1
Preparing for Identity Attacks: What Steps Do You Need to Take?
For partners, helping customers to spot gaps in their identity security is an opportunity.
As environments become more fragmented and identity becomes the primary attack surface, how can you help your customers get ahead of these risks?
Cyber_Security_Channel
For partners, helping customers to spot gaps in their identity security is an opportunity.
As environments become more fragmented and identity becomes the primary attack surface, how can you help your customers get ahead of these risks?
Cyber_Security_Channel
ChannelPro
Preparing for identity attacks: what steps do you need to take?
User identities are at risk - can you help your customers keep up with security in their fragmented environments?
👍2❤1
Over 10,000 Zimbra Servers Under Active XSS Attack
CISA confirmed active exploitation of CVE-2025-48700, an XSS flaw in Zimbra that lets unauthenticated attackers execute arbitrary JavaScript and steal session data just by getting a user to open a malicious email.
More than 10,500 unpatched instances remain exposed worldwide. Synacor released a fix in June 2025 — affected versions include ZCS 8.8.15, 9.0, 10.0, and 10.1.
@Cyber_Security_Channel
CISA confirmed active exploitation of CVE-2025-48700, an XSS flaw in Zimbra that lets unauthenticated attackers execute arbitrary JavaScript and steal session data just by getting a user to open a malicious email.
More than 10,500 unpatched instances remain exposed worldwide. Synacor released a fix in June 2025 — affected versions include ZCS 8.8.15, 9.0, 10.0, and 10.1.
@Cyber_Security_Channel
BleepingComputer
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw.
❤2
Romanian Hacker Sentenced to Prison in US for Selling Access to State Network
According to the US Justice Department, Dragomir hacked into the network of an Oregon state government office in June 2021.
He sold access to this and other compromised networks in the United States, resulting in losses exceeding $250,000.
Cyber_Security_Channel
According to the US Justice Department, Dragomir hacked into the network of an Oregon state government office in June 2021.
He sold access to this and other compromised networks in the United States, resulting in losses exceeding $250,000.
Cyber_Security_Channel
SecurityWeek
Romanian Hacker Sentenced to Prison in US for Selling Access to State Network
Catalin Dragomir previously pleaded guilty to selling access to an Oregon state government office’s network.
❤5
Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’
The company filed a lawsuit targeting Fox Tempest and Vanilla Tempest.
In cybercrime disruption operations, lawsuits serve as powerful legal mechanisms to seize malicious domains, dismantle server infrastructure, and compel third-party providers to take criminal operations offline.
Cyber_Security_Channel
The company filed a lawsuit targeting Fox Tempest and Vanilla Tempest.
In cybercrime disruption operations, lawsuits serve as powerful legal mechanisms to seize malicious domains, dismantle server infrastructure, and compel third-party providers to take criminal operations offline.
Cyber_Security_Channel
SecurityWeek
Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’
Fox Tempest provides a service that cybercriminals use to distribute ransomware and other malware disguised as legitimate software.
👍4❤3
CrowdStrike and Google Dismantle Glassworm Botnet Targeting Open Source Developers
CrowdStrike, Google and the Shadowserver Foundation dismantled the Glassworm botnet, active for two years and used to compromise software developers via malicious marketplace extensions, malvertising and stolen credentials.
Over 300 GitHub repos were poisoned to seed supply-chain attacks downstream.
Four C2 channels were disrupted, including ones abusing the Solana blockchain, BitTorrent, Google Calendar and rented VPSes.
Related developer-targeting campaigns include the recent Mini Shai-Hulud incident hitting two OpenAI developers and the March Axios hijack tied to suspected North Korean activity.
@Cyber_Security_Channel
CrowdStrike, Google and the Shadowserver Foundation dismantled the Glassworm botnet, active for two years and used to compromise software developers via malicious marketplace extensions, malvertising and stolen credentials.
Over 300 GitHub repos were poisoned to seed supply-chain attacks downstream.
Four C2 channels were disrupted, including ones abusing the Solana blockchain, BitTorrent, Google Calendar and rented VPSes.
Related developer-targeting campaigns include the recent Mini Shai-Hulud incident hitting two OpenAI developers and the March Axios hijack tied to suspected North Korean activity.
@Cyber_Security_Channel
TechCrunch
CrowdStrike and Google take down botnet used by hackers to target open source software developers | TechCrunch
Cybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the developers and companies that use that software.
🔥2👍1👏1
19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access
According to SpaceX security engineer Asim Viladi Oglu Manizada, the kernel does not check the origin of the request and the key description, which allows an attacker to call the request_key function directly and can supply their own key description fields, bypassing CIFS origin.
Cyber_Security_Channel
According to SpaceX security engineer Asim Viladi Oglu Manizada, the kernel does not check the origin of the request and the key description, which allows an attacker to call the request_key function directly and can supply their own key description fields, bypassing CIFS origin.
Cyber_Security_Channel
SecurityWeek
19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access
Proof-of-concept (PoC) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux systems.
🔥2❤1👍1