Linux kernel flaw opens root-only files to unprivileged users

Another Linux kernel flaw has handed local unprivileged users a way to peek at files they should never be able to read, ...
The Hacker News

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Laravel-Lang compromise tagged 700+ versions on May 22–23, 2026, triggering PHP stealers that exfiltrate credentials.
Microsoft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...

Chinese hackers target telcos with new Linux, Windows malware

A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows ...
SecurityWeek

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

Microsoft’s May update is failing to install on some Windows 11 PCs

Windows 11 update KB5089549 fails with error 0x800f0922 on some PCs with limited EFI partition space. Here's a workaround you ...

AIXHost.exe error The application is exiting and cannot service this request

To fix the AIXHost.exe error "The application is exiting and cannot service this request", disable Windows Search, reset the ...
WeLiveSecurity

Webworm: New burrowing techniques

EchoCreep, which uses Discord for C&C communication, and GraphWorm, which uses Microsoft Graph API for the same purpose. The ...
Microsoft

Exposing Fox Tempest: A malware-signing service operation

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...
How-To Geek on MSN

I went ghost hunting in Windows and uncovered these 6 forgotten tools

A walk through memory lane.
The Hacker News

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are ...