BuzzSec

Researchers at Push Security have analyzed a phishing platform used by organized criminal threat actors like ShinyHunters and BlackFile, finding more than 400 domains linked to attacks launched by the phishing kit. from KnowBe4 Blog https://blog.knowbe4.com/extortion-groups-automated-phishing-kits-aitm

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since at least early 2025, GlassWorm operators have systematically targeted software developers, a from The Hacker News https://thehackernews.com/2026/05/glassworm-malware-takedown-disrupts.html

When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should do: finding faster ways to work. Across most organizations today, employees are running three to five AI tools on any given day. Most were never reviewed by IT. A significant portion connects from The Hacker News https://thehackernews.com/2026/05/5-steps-to-managing-shadow-ai-tools.html

Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials. The vulnerability, tracked as CVE-2026-27771 (CVSS score: N/A), affects all versions of Gitea prior to 1.26.2 from The Hacker News https://thehackernews.com/2026/05/gitea-vulnerability-exposes-private.html

Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations," Microsoft Defender Experts and the Microsoft from The Hacker News https://thehackernews.com/2026/05/ai-chatbot-recommendations-redirect.html

Not identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals . This is accomplished through what is known as WiFi sensing , or the use of WiFi signals to infer information about a physical environment. When radio signals like WiFi travel through a space, they interact with the objects and people around them. Those signals can be reflected, scattered, or absorbed. By analyzing how the signal is expected to behave compared with how it is actually received, researchers can infer details about the surrounding environment. “By observing the propagation of radio waves, we can create an image of the surroundings and of persons who are present,” said Thorsten Strufe, a KIT professor and study co-author, in a press release . “This works similar to a normal camera, the difference being that in our case, radio waves instead of light waves are used for the recognition.” from Schneier on Security https://www.schneier.com/blog/arc...