The News.
Daily intel.

Daily breach reporting, CVE disclosures, malware analyses, and threat campaigns. Yesterday's incidents, this morning's coverage — written by practitioners for the analysts and defenders who need it first.

148

Articles

143

Updated this month

14k+

Monthly readers

Showing 37–45 of 148 articles 143 updated this month

Intermediate 1.6k

News 8 min read

Inside Department 4: How Bauman University's Secret GRU Program Feeds Russia's Elite Hacking Units

An international investigation reveals Department 4 at Bauman Moscow State Technical University trains 10–15 students per year for GRU units including Fancy Bear and Sandworm.

Intermediate 1.6k

News 7 min read

TCLBANKER Banking Trojan Spreads via WhatsApp and Outlook Worm Modules

Elastic Security Labs exposes TCLBANKER, a Brazilian banking trojan targeting 59 financial platforms via DLL sideloading and self-spreading WhatsApp and Outlook worms.

Intermediate 1.9k

News 7 min read

ShinyHunters Hits Instructure Canvas Again: 9,000 Schools Face May 12 Data Leak Deadline

ShinyHunters defaced Canvas login pages on May 7, 2026, claiming a second Instructure breach with a May 12 ransom deadline. 275M student records at risk across 9,000 schools.

Intermediate 1.9k

News 8 min read

Metasploit Adds ARMLE Support to CVE-2026-31431 Copy Fail Linux Root Exploit

Rapid7's May 8 Metasploit update extends CVE-2026-31431 Copy Fail coverage to ARMLE Linux targets and improves Apache Shiro deserialization chain selection.

Intermediate 2.9k

News 7 min read

Salt Typhoon Compromises 200+ Networks in Global PRC Telecom Espionage Campaign

CISA AA25-239A: PRC-linked Salt Typhoon exploits CVE-2023-20198 and unpatched routers to compromise 200+ organizations in 80+ countries. Patch now.

Intermediate 4.0k

News 9 min read

CISA/USCG Threat Hunt Finds Flat IT/OT Networks and Plain-Text Credentials at US Critical Infrastructure

CISA advisory AA25-212A: proactive threat hunt at US critical infrastructure finds plain-text credentials, flat IT/OT networks, and shared admin accounts.

Intermediate 3.0k

News 7 min read

Braintrust AWS Breach Exposes AI Provider API Keys, All Customers Ordered to Rotate Secrets

AI evaluation startup Braintrust confirms AWS account breach exposing AI provider API keys. All org admins must rotate secrets immediately. Timeline and steps inside.

Intermediate 2.9k

News 8 min read

Zara Data Breach: 197,000 Records Now in Have I Been Pwned After ShinyHunters Attack

ShinyHunters breached Zara parent Inditex via analytics vendor Anodot, stealing 192 GB from Google BigQuery. 197,000 records now in Have I Been Pwned.

Intermediate 2.1k

News 9 min read

PamDOORa: New Linux Backdoor Sells for $900 on Russian Forum, Harvests SSH Credentials via PAM

PamDOORa is a commercial Linux PAM backdoor sold on the Rehub Russian cybercrime forum. It installs a magic-password hook into the SSH auth stack and wipes auth logs.