The CyberSignal (Page 2)

Latest

Editorial science-poster illustration of cyber threat intelligence symbols — a radar dish, a dossier folder, a pinned bulletin board, a magnifying lens, a signal waveform, and a fountain pen.

What Is Cyber Threat Intelligence (CTI)? Types and Use Cases

Cyber threat intelligence (CTI) explained — the four types, the CTI lifecycle, where intelligence comes from, and how organizations turn it into action.

Editorial science-poster illustration of threat intelligence symbols — a magnifying lens, a pinned map, an antenna, a dossier folder, a masked silhouette, and a network of nodes.

Threat Intelligence and Threat Actors: The Complete Guide

A complete guide to threat intelligence and threat actors — the four types of CTI, the major actor categories, the intelligence lifecycle, and the frameworks defenders use.

Editorial science-poster illustration of cyber resilience symbols — a fortress wall, a shield, a recovery arrow, a gear, a watchful eye, and a sapling.

What Is Cyber Resilience?

A clear guide to cyber resilience — how it goes beyond cybersecurity, the four pillars, the key practices, and the frameworks organizations use to build it.

Editorial science-poster illustration of breach notification law symbols — a gavel, a sealed envelope, a clock, legal documents, a globe, and a megaphone.

Data Breach Notification Laws Explained

A clear guide to data breach notification laws — what triggers them, who must be told, the major frameworks, the 72-hour rule, and how to prepare.

Flat white line-art of an AI core with one arrow to a shield and one to a crosshair, on a peacock-teal background — Mythos defensive and offensive use.

Mythos: NSA Reportedly Readies It for Offense as Anthropic Publishes a Misuse Analysis

Two Mythos threads landed this cycle: TechCrunch reports the NSA is said to be readying Anthropic's Mythos for cyber operations despite a federal restriction, while Anthropic published an analysis of 832 accounts banned for malicious cyber activity, mapped to MITRE ATT&CK.

Flat white line-art of a package, a browser, and a payment card in a row, on a raspberry background — trusted-channel abuse cluster.

Trusted Channels Turned Hostile: a Rust npm Worm, a Poisoned Browser, and Stripe Card Skimmers

Three disclosures this cycle share one thesis: attackers borrowing the trust of legitimate channels. A Rust-written npm worm (IronWorm), a cryptominer slipped into Hola Browser, and a Magecart skimmer hosted inside Stripe each hide in traffic defenders are inclined to allow.

Flat white line-art of a soccer ball beside a lookalike browser window with a fishing hook through it, on a burnt-amber background — FIFA World Cup 2026 scams.

FIFA World Cup Scams Are Already Live — Days Before Kickoff, the FBI Is Warning Fans

Days before the June 11 kickoff, the FBI and researchers warn that FIFA World Cup 2026 fraud is already live — thousands of lookalike FIFA domains, banking malware hidden in pirate streaming apps, and login pages cloned well enough to take over real accounts.

Flat white line-art of three cloud icons feeding envelopes into a single relay box, on an indigo background — PCPJack covert SMTP relay.

PCPJack Hijacked 230 AWS, Google Cloud, and Azure Servers Into a Covert SMTP Relay

Hunt.io found that a threat actor called PCPJack hijacked about 230 AWS, Google Cloud and Azure servers into a covert SMTP relay network — quietly converting business servers into verified mail proxies synced to a downstream consumer every five minutes.

Flat white line-art of a web server with a shell-prompt chevron on its face and a magnifier beside it, on a moss-green background — OP-512 IIS web shells.

OP-512: A China-Linked Cluster Is Planting Custom Web Shells on Microsoft IIS Servers

ReliaQuest disclosed OP-512, a previously unreported, China-linked espionage cluster that plants a custom three-web-shell framework on Microsoft IIS servers — the fourth such group to target IIS in a year. For anyone running IIS, it is a prompt to go hunting.

Flat white line-art of a tooth icon beside a stack of records folders with an open padlock, on an oxblood background — DentaQuest 2.6 million-account breach.

DentaQuest Breach Hits 2.6 Million as ShinyHunters Leaks a 234 GB Data Trove

DentaQuest, a Sun Life dental-benefits administrator serving 35 million people, confirmed a breach of 2.6 million accounts after ShinyHunters leaked about 234 GB of data — including names, dates of birth, Medicaid IDs and health-insurance information.

Flat white line-art of a central SD-WAN hub linked to three branch nodes with an open padlock, on a midnight-navy background — Cisco SD-WAN CVE-2026-20245.

Cisco SD-WAN Manager Zero-Day CVE-2026-20245 Is Exploited in the Wild With No Patch Yet

Cisco warns that CVE-2026-20245, a zero-day in Catalyst SD-WAN Manager, is being exploited to gain root, with no patch available. Exploitation needs netadmin access — obtainable by chaining CVE-2026-20182 — making it Cisco's seventh exploited SD-WAN zero-day of 2026.

Editorial science-poster illustration of digital forensics symbols — a magnifying glass over a hard drive, a fingerprint, a clock, a folder, a clipboard, and a wax seal.

What Is Digital Forensics?

A clear guide to digital forensics — the branches, the investigative process, chain of custody, and how forensics supports incident response and prosecutions.

Flat white line-art of an issue ticket feeding a gear workflow linked to a code repository, on a mulberry background — untrusted-input CI/CD action flaw.

Vulnerabilities

A Single GitHub Issue Could Hijack Repos Using Anthropic's Claude Code Action — Now Fixed

Researcher RyotaK of GMO Flatt Security found a flaw in Anthropic's Claude Code GitHub Action that let a single opened issue take over public repos running it. Anthropic fixed it within days (v1.0.94) and paid a bounty; the durable lesson is product-agnostic.

Flat white line-art of a registration form feeding a database cylinder with an open padlock, on a charcoal background — exposed aid-registration data.

Data Breaches

UN World Food Programme Breach Exposes Data on 600,000 Gaza Aid Recipients

The UN World Food Programme says its self-registration application for Palestine was breached, exposing names, ID and mobile numbers and location data for roughly 600,000 Gaza households — potentially the largest-known breach of humanitarian beneficiary data to date.

Flat white line-art of a fuel storage tank with a gauge dial linked to a globe icon, on a peacock-teal background — internet-exposed tank-gauge (ATG) systems.

Critical Infrastructure

CISA and Partners Warn Hackers Are Targeting Fuel-Tank Monitoring Systems

CISA, the FBI, NSA, Department of Energy and other US agencies warn that hackers are targeting internet-exposed automatic tank gauge (ATG) systems that monitor fuel storage, modifying device settings via command execution. The fix: get them off the public internet.

Flat white line-art of a CMS form panel and a storefront tile sharing one puzzle-piece module, on an antique-gold background — WordPress and Magento plugin RCE.

Vulnerabilities

WordPress and Magento Plugin RCE Keeps Coming: Everest Forms Exploited, Mirasvit Added to KEV

Two more plugin RCEs are under active exploitation: Everest Forms Pro CVE-2026-3300 (CVSS 9.8), a PHP-injection flaw Wordfence has blocked tens of thousands of times, and Magento's Mirasvit Cache Warmer CVE-2026-45247 (CVSS 9.8), now added to CISA's KEV catalog.

Flat white line-art of a phone with a notification banner feeding an assistant orb that links to a house icon, on a royal-violet background — Gemini hijack.

Artificial Intelligence (AI)

A Poisoned Notification Can Hijack Google Gemini's Voice Assistant on Android

SafeBreach researchers found that a single poisoned notification — from WhatsApp, Slack or SMS — could hijack Google Gemini's voice assistant on Android with no malicious app installed, reaching smart-home controls and poisoning the assistant's long-term memory. Google has patched it.

Flat white line-art of a code-editor window where a click releases a key token toward a folder of private repositories, on a forest-green background.

Vulnerabilities

One Click in VS Code Steals Your GitHub Token — the Researcher Skipped Coordinated Disclosure

Researcher Ammar Askar disclosed a one-click attack via VS Code's GitHub.dev that steals a GitHub OAuth token with read-write access to private repos. He published the PoC with about an hour's notice, blaming Microsoft's disclosure process.

Flat white line-art of a server with a balloon inside and a robot beside a database cylinder, on a brick-rust background — AI-found HTTP/2 and Redis bugs.

Vulnerabilities

The Bugs AI Found This Week: an HTTP/2 'Bomb' and a Two-Year-Old Redis RCE

Two vulnerabilities disclosed this cycle were found by AI tooling: HTTP/2 Bomb (CVE-2026-49975), a remote DoS that crashes NGINX, Apache, IIS, Envoy and Cloudflare Pingora in default config, and CVE-2026-23479, a two-year-old authenticated RCE in Redis.

Flat white line-art of a rack-mounted call server with a curved arrow looping back into its own port, on a cobalt background — Cisco Unified CM CVE-2026-20230.

Vulnerabilities

Cisco Unified CM CVE-2026-20230: A Public PoC for an Unauthenticated SSRF That Climbs to Root

Cisco patched CVE-2026-20230, an unauthenticated server-side request forgery flaw in Unified Communications Manager that lets a network attacker write files and escalate to root. Public proof-of-concept code is already out; Cisco's PSIRT reports no in-the-wild exploitation yet.

Editorial line-art illustration showing a shield, bug, calendar, lock, and ranked vulnerability list with a red marker, representing the top CVEs and cyber threats of May 2026.

CVE Watch

The Top CVEs of May 2026: Edge Devices Under Active Attack While Patch Tuesday Goes Quiet

Microsoft shipped its first zero-day-free Patch Tuesday since June 2024 — but the month's real action was elsewhere: a CISA Emergency Directive for Cisco SD-WAN, exploited PAN-OS flaws, and a Drupal core SQL-injection, all under active attack.

Editorial science-poster illustration of incident response planning symbols — a binder, a phone, a checklist, a stopwatch, a fire extinguisher, and a shield.

Cybersecurity 101

What Is an Incident Response Plan?

A clear guide to incident response plans — what they are, why every organization needs one, what they should contain, and how to build, test, and maintain one.

See all

Latest

What Is Cyber Threat Intelligence (CTI)? Types and Use Cases

Threat Intelligence and Threat Actors: The Complete Guide

What Is Cyber Resilience?

Data Breach Notification Laws Explained

Mythos: NSA Reportedly Readies It for Offense as Anthropic Publishes a Misuse Analysis

Trusted Channels Turned Hostile: a Rust npm Worm, a Poisoned Browser, and Stripe Card Skimmers

FIFA World Cup Scams Are Already Live — Days Before Kickoff, the FBI Is Warning Fans

PCPJack Hijacked 230 AWS, Google Cloud, and Azure Servers Into a Covert SMTP Relay

OP-512: A China-Linked Cluster Is Planting Custom Web Shells on Microsoft IIS Servers

DentaQuest Breach Hits 2.6 Million as ShinyHunters Leaks a 234 GB Data Trove

Cisco SD-WAN Manager Zero-Day CVE-2026-20245 Is Exploited in the Wild With No Patch Yet

What Is Digital Forensics?

A Single GitHub Issue Could Hijack Repos Using Anthropic's Claude Code Action — Now Fixed

UN World Food Programme Breach Exposes Data on 600,000 Gaza Aid Recipients

CISA and Partners Warn Hackers Are Targeting Fuel-Tank Monitoring Systems

Five Eyes: China Is Using LinkedIn and Job Sites to Recruit Insiders

WordPress and Magento Plugin RCE Keeps Coming: Everest Forms Exploited, Mirasvit Added to KEV

A Poisoned Notification Can Hijack Google Gemini's Voice Assistant on Android

One Click in VS Code Steals Your GitHub Token — the Researcher Skipped Coordinated Disclosure

The Bugs AI Found This Week: an HTTP/2 'Bomb' and a Two-Year-Old Redis RCE

Cisco Unified CM CVE-2026-20230: A Public PoC for an Unauthenticated SSRF That Climbs to Root

The Top CVEs of May 2026: Edge Devices Under Active Attack While Patch Tuesday Goes Quiet

What Is an Incident Response Plan?

Pentagon's Top Cyber Official Wants Cyber in Every Operation — and Security Built Into AI From Day One