{ "canonical": "https://news.jeremywhittaker.com/darkweb/", "categories": [ { "description": "Public reporting and advisories about ransomware activity, extortion trends, and defensive context.", "id": "ransomware-osint", "item_count": 8, "label": "Ransomware & Extortion OSINT", "latest_published_at": "2026-05-29T18:21:36Z", "order": 1, "source_count": 1, "sources": [ { "authentication_required": false, "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "bleepingcomputer", "item_count": 8, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "BleepingComputer", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://www.bleepingcomputer.com/feed/" } ] }, { "description": "Public government, court, policy, and takedown reporting related to darknet and cybercrime activity.", "id": "law-enforcement", "item_count": 0, "label": "Law Enforcement & Policy", "latest_published_at": null, "order": 2, "source_count": 0, "sources": [] }, { "description": "Government and security-community advisories about exploited vulnerabilities and exposure risk.", "id": "vulnerability-intelligence", "item_count": 8, "label": "Vulnerability Intelligence", "latest_published_at": "2026-05-29T00:00:00Z", "order": 3, "source_count": 1, "sources": [ { "authentication_required": false, "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "claim_status": "government-advisory", "credentials_required": false, "credibility": "government-advisory", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "cisa-kev", "item_count": 8, "item_limit": 12, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "CISA Known Exploited Vulnerabilities Catalog", "post_allowed": false, "response_byte_limit": 5000000, "source_type": "json", "timeout_seconds": 10, "tor_allowed": false, "type": "json", "url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" } ] }, { "description": "Analysis from established security publishers about threat activity, malware, fraud, and defensive findings.", "id": "security-research", "item_count": 16, "label": "Security Research", "latest_published_at": "2026-05-29T18:07:12Z", "order": 4, "source_count": 2, "sources": [ { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "krebsonsecurity", "item_count": 8, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "KrebsOnSecurity", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://krebsonsecurity.com/feed/" }, { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "thehackernews", "item_count": 8, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "The Hacker News", "post_allowed": false, "response_byte_limit": 900000, "source_type": "atom", "timeout_seconds": 8, "tor_allowed": false, "type": "atom", "url": "https://thehackernews.com/feeds/posts/default" } ] }, { "description": "Context on darknet-adjacent policy, safety, privacy, and public-interest research.", "id": "darknet-policy", "item_count": 0, "label": "Darknet Policy & Safety", "latest_published_at": null, "order": 5, "source_count": 0, "sources": [] } ], "counts": { "categories_registered": 5, "items": 32, "raw_records_read": 56, "sources_registered": 4 }, "generated_at": "2026-05-29T19:18:53Z", "items": [ { "canonical_url": "https://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-to-host-fake-outage-pages-to-deliver-malware/", "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "category_order": 1, "claim_status": "reported", "collected_at": "2026-05-29T19:18:52Z", "excerpt": "Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]", "fingerprint": "ff8fd85119d5e6f3d1", "id": "bleepingcomputer-ff8fd85119d5e6f3d1", "leaked_data_indexed": false, "published_at": "2026-05-29T18:21:36Z", "source": { "authentication_required": false, "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "bleepingcomputer", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "BleepingComputer", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://www.bleepingcomputer.com/feed/" }, "source_id": "bleepingcomputer", "source_name": "BleepingComputer", "source_type": "rss", "summary": "Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]", "tags": [], "title": "ChatGPT share links abused to host fake outage pages to deliver malware", "url": "https://www.bleepingcomputer.com/news/security/chatgpt-share-links-abused-to-host-fake-outage-pages-to-deliver-malware/", "verification_status": "reported" }, { "canonical_url": "https://www.bleepingcomputer.com/news/security/california-ag-sues-23andme-over-2023-breach-exposing-health-data/", "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "category_order": 1, "claim_status": "reported", "collected_at": "2026-05-29T19:18:52Z", "excerpt": "California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company's failure to protect sensitive customer genetic and personal information. [...]", "fingerprint": "74b9f583a2f70a2f2e", "id": "bleepingcomputer-74b9f583a2f70a2f2e", "leaked_data_indexed": false, "published_at": "2026-05-29T18:08:47Z", "source": { "authentication_required": false, "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "bleepingcomputer", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "BleepingComputer", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://www.bleepingcomputer.com/feed/" }, "source_id": "bleepingcomputer", "source_name": "BleepingComputer", "source_type": "rss", "summary": "California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company's failure to protect sensitive customer genetic and personal information. [...]", "tags": [], "title": "California AG sues 23andMe over 2023 breach exposing health data", "url": "https://www.bleepingcomputer.com/news/security/california-ag-sues-23andme-over-2023-breach-exposing-health-data/", "verification_status": "reported" }, { "canonical_url": "https://thehackernews.com/2026/05/chatgphish-vulnerability-turns-chatgpt.html", "category": "security-research", "category_label": "Security Research", "category_order": 4, "claim_status": "reported", "collected_at": "2026-05-29T19:18:53Z", "excerpt": "Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks....", "fingerprint": "7f002154476dde7278", "id": "thehackernews-7f002154476dde7278", "leaked_data_indexed": false, "published_at": "2026-05-29T18:07:12Z", "source": { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "thehackernews", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "The Hacker News", "post_allowed": false, "response_byte_limit": 900000, "source_type": "atom", "timeout_seconds": 8, "tor_allowed": false, "type": "atom", "url": "https://thehackernews.com/feeds/posts/default" }, "source_id": "thehackernews", "source_name": "The Hacker News", "source_type": "atom", "summary": "Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhish by Permiso Security. \"The chatgpt.com response renderer trusts Markdown links and Markdown", "tags": [], "title": "ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface", "url": "https://thehackernews.com/2026/05/chatgphish-vulnerability-turns-chatgpt.html", "verification_status": "reported" }, { "canonical_url": "https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html", "category": "security-research", "category_label": "Security Research", "category_order": 4, "claim_status": "reported", "collected_at": "2026-05-29T19:18:53Z", "excerpt": "An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability....", "fingerprint": "967f201d9affb2bd07", "id": "thehackernews-967f201d9affb2bd07", "leaked_data_indexed": false, "published_at": "2026-05-29T14:39:56Z", "source": { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "thehackernews", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "The Hacker News", "post_allowed": false, "response_byte_limit": 900000, "source_type": "atom", "timeout_seconds": 8, "tor_allowed": false, "type": "atom", "url": "https://thehackernews.com/feeds/posts/default" }, "source_id": "thehackernews", "source_name": "The Hacker News", "source_type": "atom", "summary": "An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. \"The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised", "tags": [], "title": "Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit", "url": "https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html", "verification_status": "reported" }, { "canonical_url": "https://www.bleepingcomputer.com/news/security/from-5-attacks-to-botnet-powered-platforms-inside-the-ddos-as-a-service-market/", "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "category_order": 1, "claim_status": "reported", "collected_at": "2026-05-29T19:18:52Z", "excerpt": "DDoS attacks are increasingly being sold like subscription services, complete with pricing tiers, support, and reseller programs. Flare explores how the DDoS-as-a-Service market has evolved from scattered tools into polished attack platforms. [...]", "fingerprint": "ce345487c371b8bc0f", "id": "bleepingcomputer-ce345487c371b8bc0f", "leaked_data_indexed": false, "published_at": "2026-05-29T14:32:02Z", "source": { "authentication_required": false, "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "bleepingcomputer", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "BleepingComputer", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://www.bleepingcomputer.com/feed/" }, "source_id": "bleepingcomputer", "source_name": "BleepingComputer", "source_type": "rss", "summary": "DDoS attacks are increasingly being sold like subscription services, complete with pricing tiers, support, and reseller programs. Flare explores how the DDoS-as-a-Service market has evolved from scattered tools into polished attack platforms. [...]", "tags": [], "title": "From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market", "url": "https://www.bleepingcomputer.com/news/security/from-5-attacks-to-botnet-powered-platforms-inside-the-ddos-as-a-service-market/", "verification_status": "reported" }, { "canonical_url": "https://www.bleepingcomputer.com/news/security/dutch-govt-disrupts-malware-botnet-with-17-million-infected-devices/", "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "category_order": 1, "claim_status": "reported", "collected_at": "2026-05-29T19:18:52Z", "excerpt": "Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation. [...]", "fingerprint": "0e0558c1a6164bc67d", "id": "bleepingcomputer-0e0558c1a6164bc67d", "leaked_data_indexed": false, "published_at": "2026-05-29T14:26:36Z", "source": { "authentication_required": false, "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "bleepingcomputer", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "BleepingComputer", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://www.bleepingcomputer.com/feed/" }, "source_id": "bleepingcomputer", "source_name": "BleepingComputer", "source_type": "rss", "summary": "Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation. [...]", "tags": [], "title": "Dutch govt disrupts malware botnet with 17 million infected devices", "url": "https://www.bleepingcomputer.com/news/security/dutch-govt-disrupts-malware-botnet-with-17-million-infected-devices/", "verification_status": "reported" }, { "canonical_url": "https://www.bleepingcomputer.com/news/security/google-chrome-adds-session-cookie-theft-protection-for-all-users/", "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "category_order": 1, "claim_status": "reported", "collected_at": "2026-05-29T19:18:52Z", "excerpt": "Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers. [...]", "fingerprint": "53bdb75e7690ba91ea", "id": "bleepingcomputer-53bdb75e7690ba91ea", "leaked_data_indexed": false, "published_at": "2026-05-29T12:08:08Z", "source": { "authentication_required": false, "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "bleepingcomputer", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "BleepingComputer", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://www.bleepingcomputer.com/feed/" }, "source_id": "bleepingcomputer", "source_name": "BleepingComputer", "source_type": "rss", "summary": "Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers. [...]", "tags": [], "title": "Google Chrome adds session cookie theft protection for all users", "url": "https://www.bleepingcomputer.com/news/security/google-chrome-adds-session-cookie-theft-protection-for-all-users/", "verification_status": "reported" }, { "canonical_url": "https://thehackernews.com/2026/05/new-russian-linked-greyvibe-targets.html", "category": "security-research", "category_label": "Security Research", "category_order": 4, "claim_status": "reported", "collected_at": "2026-05-29T19:18:53Z", "excerpt": "A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group...", "fingerprint": "75a927814b619ab3dd", "id": "thehackernews-75a927814b619ab3dd", "leaked_data_indexed": false, "published_at": "2026-05-29T11:31:59Z", "source": { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "thehackernews", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "The Hacker News", "post_allowed": false, "response_byte_limit": 900000, "source_type": "atom", "timeout_seconds": 8, "tor_allowed": false, "type": "atom", "url": "https://thehackernews.com/feeds/posts/default" }, "source_id": "thehackernews", "source_name": "The Hacker News", "source_type": "atom", "summary": "A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone, with the activities aligning with Kremlin state interests, specifically when it comes to", "tags": [], "title": "New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks", "url": "https://thehackernews.com/2026/05/new-russian-linked-greyvibe-targets.html", "verification_status": "reported" }, { "canonical_url": "https://www.bleepingcomputer.com/news/security/man-sent-to-prison-for-selling-data-of-7-millions-elderly-americans/", "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "category_order": 1, "claim_status": "reported", "collected_at": "2026-05-29T19:18:52Z", "excerpt": "A North Carolina man was sentenced to more than 10 years in prison for selling the personal information of over 7 million elderly Americans to Jamaican scammers. [...]", "fingerprint": "fbf7c6bbc9311739b9", "id": "bleepingcomputer-fbf7c6bbc9311739b9", "leaked_data_indexed": false, "published_at": "2026-05-29T11:07:07Z", "source": { "authentication_required": false, "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "bleepingcomputer", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "BleepingComputer", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://www.bleepingcomputer.com/feed/" }, "source_id": "bleepingcomputer", "source_name": "BleepingComputer", "source_type": "rss", "summary": "A North Carolina man was sentenced to more than 10 years in prison for selling the personal information of over 7 million elderly Americans to Jamaican scammers. [...]", "tags": [], "title": "Man sent to prison for selling data of 7 millions elderly Americans", "url": "https://www.bleepingcomputer.com/news/security/man-sent-to-prison-for-selling-data-of-7-millions-elderly-americans/", "verification_status": "reported" }, { "canonical_url": "https://thehackernews.com/2026/05/what-2000-exposed-vibe-coded-apps.html", "category": "security-research", "category_label": "Security Research", "category_order": 4, "claim_status": "reported", "collected_at": "2026-05-29T19:18:53Z", "excerpt": "Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in...", "fingerprint": "4354eb13cd92e8d1c9", "id": "thehackernews-4354eb13cd92e8d1c9", "leaked_data_indexed": false, "published_at": "2026-05-29T10:30:00Z", "source": { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "thehackernews", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "The Hacker News", "post_allowed": false, "response_byte_limit": 900000, "source_type": "atom", "timeout_seconds": 8, "tor_allowed": false, "type": "atom", "url": "https://thehackernews.com/feeds/posts/default" }, "source_id": "thehackernews", "source_name": "The Hacker News", "source_type": "atom", "summary": "Shadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop. The artifact moved from a prompt to a product. The risk surface moved with it. In The Shadow Builders report (get it here), a", "tags": [], "title": "What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks", "url": "https://thehackernews.com/2026/05/what-2000-exposed-vibe-coded-apps.html", "verification_status": "reported" }, { "canonical_url": "https://www.bleepingcomputer.com/news/security/us-charges-google-security-engineer-with-polymarket-insider-trading/", "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "category_order": 1, "claim_status": "reported", "collected_at": "2026-05-29T19:18:52Z", "excerpt": "A Google security engineer was charged with insider trading after winning $1.2 million using confidential company data to place bets on the cryptocurrency-based Polymarket decentralized prediction market. [...]", "fingerprint": "860be9c998b5228106", "id": "bleepingcomputer-860be9c998b5228106", "leaked_data_indexed": false, "published_at": "2026-05-29T10:11:44Z", "source": { "authentication_required": false, "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "bleepingcomputer", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "BleepingComputer", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://www.bleepingcomputer.com/feed/" }, "source_id": "bleepingcomputer", "source_name": "BleepingComputer", "source_type": "rss", "summary": "A Google security engineer was charged with insider trading after winning $1.2 million using confidential company data to place bets on the cryptocurrency-based Polymarket decentralized prediction market. [...]", "tags": [], "title": "US charges Google security engineer with Polymarket insider trading", "url": "https://www.bleepingcomputer.com/news/security/us-charges-google-security-engineer-with-polymarket-insider-trading/", "verification_status": "reported" }, { "canonical_url": "https://thehackernews.com/2026/05/malicious-sicoob-nuget-steals-banking.html", "category": "security-research", "category_label": "Security Research", "category_order": 4, "claim_status": "reported", "collected_at": "2026-05-29T19:18:53Z", "excerpt": "Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions...", "fingerprint": "1f8b9a2edd59a84db8", "id": "thehackernews-1f8b9a2edd59a84db8", "leaked_data_indexed": false, "published_at": "2026-05-29T09:11:25Z", "source": { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "thehackernews", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "The Hacker News", "post_allowed": false, "response_byte_limit": 900000, "source_type": "atom", "timeout_seconds": 8, "tor_allowed": false, "type": "atom", "url": "https://thehackernews.com/feeds/posts/default" }, "source_id": "thehackernews", "source_name": "The Hacker News", "source_type": "atom", "summary": "Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of \"Sicoob.Sdk\" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to", "tags": [], "title": "Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets", "url": "https://thehackernews.com/2026/05/malicious-sicoob-nuget-steals-banking.html", "verification_status": "reported" }, { "canonical_url": "https://www.bleepingcomputer.com/news/security/charter-communications-data-breach-affects-49-million-accounts/", "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "category_order": 1, "claim_status": "reported", "collected_at": "2026-05-29T19:18:52Z", "excerpt": "The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach notification service Have I Been Pwned. [...]", "fingerprint": "49458818a41bd81922", "id": "bleepingcomputer-49458818a41bd81922", "leaked_data_indexed": false, "published_at": "2026-05-29T08:29:40Z", "source": { "authentication_required": false, "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "bleepingcomputer", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "BleepingComputer", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://www.bleepingcomputer.com/feed/" }, "source_id": "bleepingcomputer", "source_name": "BleepingComputer", "source_type": "rss", "summary": "The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach notification service Have I Been Pwned. [...]", "tags": [], "title": "Charter Communications data breach affects 4.9 million accounts", "url": "https://www.bleepingcomputer.com/news/security/charter-communications-data-breach-affects-49-million-accounts/", "verification_status": "reported" }, { "canonical_url": "https://thehackernews.com/2026/05/kimsuky-deploys-httpspy-expands-arsenal.html", "category": "security-research", "category_label": "Security Research", "category_order": 4, "claim_status": "reported", "collected_at": "2026-05-29T19:18:53Z", "excerpt": "The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. \"Kimsuky employed a range of...", "fingerprint": "6098edf28357ffd40e", "id": "thehackernews-6098edf28357ffd40e", "leaked_data_indexed": false, "published_at": "2026-05-29T05:57:41Z", "source": { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "thehackernews", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "The Hacker News", "post_allowed": false, "response_byte_limit": 900000, "source_type": "atom", "timeout_seconds": 8, "tor_allowed": false, "type": "atom", "url": "https://thehackernews.com/feeds/posts/default" }, "source_id": "thehackernews", "source_name": "The Hacker News", "source_type": "atom", "summary": "The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. \"Kimsuky employed a range of tailored social engineering tactics, such as spoofing security software installation pages and crafting a fake Webex meeting page that leveraged", "tags": [], "title": "Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels", "url": "https://thehackernews.com/2026/05/kimsuky-deploys-httpspy-expands-arsenal.html", "verification_status": "reported" }, { "canonical_url": "https://security.paloaltonetworks.com/CVE-2026-0257 ; https://nvd.nist.gov/vuln/detail/CVE-2026-0257", "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "category_order": 3, "claim_status": "government-advisory", "collected_at": "2026-05-29T19:18:53Z", "excerpt": "CVE-2026-0257: Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.", "fingerprint": "c9378c729fabcd6eb4", "id": "cisa-kev-cve-2026-0257", "leaked_data_indexed": false, "published_at": "2026-05-29T00:00:00Z", "source": { "authentication_required": false, "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "claim_status": "government-advisory", "credentials_required": false, "credibility": "government-advisory", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "cisa-kev", "item_count": 0, "item_limit": 12, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "CISA Known Exploited Vulnerabilities Catalog", "post_allowed": false, "response_byte_limit": 5000000, "source_type": "json", "timeout_seconds": 10, "tor_allowed": false, "type": "json", "url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" }, "source_id": "cisa-kev", "source_name": "CISA Known Exploited Vulnerabilities Catalog", "source_type": "json", "summary": "CVE-2026-0257: Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.", "tags": [], "title": "CVE-2026-0257", "url": "https://security.paloaltonetworks.com/CVE-2026-0257 ; https://nvd.nist.gov/vuln/detail/CVE-2026-0257", "verification_status": "government-advisory" }, { "canonical_url": "https://thehackernews.com/2026/05/critical-gogs-rce-vulnerability-lets.html", "category": "security-research", "category_label": "Security Research", "category_order": 4, "claim_status": "reported", "collected_at": "2026-05-29T19:18:53Z", "excerpt": "A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring...", "fingerprint": "adf34adfc90d2ad20f", "id": "thehackernews-adf34adfc90d2ad20f", "leaked_data_indexed": false, "published_at": "2026-05-28T17:24:44Z", "source": { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "thehackernews", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "The Hacker News", "post_allowed": false, "response_byte_limit": 900000, "source_type": "atom", "timeout_seconds": 8, "tor_allowed": false, "type": "atom", "url": "https://thehackernews.com/feeds/posts/default" }, "source_id": "thehackernews", "source_name": "The Hacker News", "source_type": "atom", "summary": "A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE identifier. \"The vulnerability allows any authenticated user to achieve remote code execution (RCE) on", "tags": [], "title": "Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code", "url": "https://thehackernews.com/2026/05/critical-gogs-rce-vulnerability-lets.html", "verification_status": "reported" }, { "canonical_url": "https://thehackernews.com/2026/05/threat-actors-exploit-critical.html", "category": "security-research", "category_label": "Security Research", "category_order": 4, "claim_status": "reported", "collected_at": "2026-05-29T19:18:53Z", "excerpt": "Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. \"The campaign abused trusted endpoint management infrastructure to...", "fingerprint": "e887cb2c2a4cdc24c5", "id": "thehackernews-e887cb2c2a4cdc24c5", "leaked_data_indexed": false, "published_at": "2026-05-28T15:26:04Z", "source": { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "thehackernews", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "The Hacker News", "post_allowed": false, "response_byte_limit": 900000, "source_type": "atom", "timeout_seconds": 8, "tor_allowed": false, "type": "atom", "url": "https://thehackernews.com/feeds/posts/default" }, "source_id": "thehackernews", "source_name": "The Hacker News", "source_type": "atom", "summary": "Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. \"The campaign abused trusted endpoint management infrastructure to deliver malware across managed endpoints,\" Arctic Wolf said. \"Threat actors disguised the credential stealer payload as a Fortinet endpoint", "tags": [], "title": "Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer", "url": "https://thehackernews.com/2026/05/threat-actors-exploit-critical.html", "verification_status": "reported" }, { "canonical_url": null, "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "category_order": 3, "claim_status": "government-advisory", "collected_at": "2026-05-29T19:18:53Z", "excerpt": "CVE-2026-48027: Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on...", "fingerprint": "07213c16c22b622fb7", "id": "cisa-kev-cve-2026-48027", "leaked_data_indexed": false, "published_at": "2026-05-27T00:00:00Z", "source": { "authentication_required": false, "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "claim_status": "government-advisory", "credentials_required": false, "credibility": "government-advisory", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "cisa-kev", "item_count": 0, "item_limit": 12, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "CISA Known Exploited Vulnerabilities Catalog", "post_allowed": false, "response_byte_limit": 5000000, "source_type": "json", "timeout_seconds": 10, "tor_allowed": false, "type": "json", "url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" }, "source_id": "cisa-kev", "source_name": "CISA Known Exploited Vulnerabilities Catalog", "source_type": "json", "summary": "CVE-2026-48027: Nx Console contains an embedded malicious code vulnerability that allowed a malicious version of Nx Console to be published. The compromised extension fetched an obfuscated payload that could harvested credentials from multiple sources on disk and in memory.", "tags": [], "title": "CVE-2026-48027", "url": null, "verification_status": "government-advisory" }, { "canonical_url": null, "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "category_order": 3, "claim_status": "government-advisory", "collected_at": "2026-05-29T19:18:53Z", "excerpt": "CVE-2026-45321: TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.", "fingerprint": "b5579e891e513133df", "id": "cisa-kev-cve-2026-45321", "leaked_data_indexed": false, "published_at": "2026-05-27T00:00:00Z", "source": { "authentication_required": false, "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "claim_status": "government-advisory", "credentials_required": false, "credibility": "government-advisory", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "cisa-kev", "item_count": 0, "item_limit": 12, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "CISA Known Exploited Vulnerabilities Catalog", "post_allowed": false, "response_byte_limit": 5000000, "source_type": "json", "timeout_seconds": 10, "tor_allowed": false, "type": "json", "url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" }, "source_id": "cisa-kev", "source_name": "CISA Known Exploited Vulnerabilities Catalog", "source_type": "json", "summary": "CVE-2026-45321: TanStack contains an unspecified vulnerability that allowed malicious versions of the product to be published to the npm registry to publish credential-stealing malware under a trusted identity.", "tags": [], "title": "CVE-2026-45321", "url": null, "verification_status": "government-advisory" }, { "canonical_url": "https://blog.daemon-tools.cc/post/security-incident ; https://nvd.nist.gov/vuln/detail/CVE-2026-8398", "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "category_order": 3, "claim_status": "government-advisory", "collected_at": "2026-05-29T19:18:53Z", "excerpt": "CVE-2026-8398: Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability.", "fingerprint": "d3c12a28e3b39690fe", "id": "cisa-kev-cve-2026-8398", "leaked_data_indexed": false, "published_at": "2026-05-27T00:00:00Z", "source": { "authentication_required": false, "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "claim_status": "government-advisory", "credentials_required": false, "credibility": "government-advisory", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "cisa-kev", "item_count": 0, "item_limit": 12, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "CISA Known Exploited Vulnerabilities Catalog", "post_allowed": false, "response_byte_limit": 5000000, "source_type": "json", "timeout_seconds": 10, "tor_allowed": false, "type": "json", "url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" }, "source_id": "cisa-kev", "source_name": "CISA Known Exploited Vulnerabilities Catalog", "source_type": "json", "summary": "CVE-2026-8398: Daemon Tools contains an unspecified vulnerability that has a high impact on confidentiality, integrity, and availability.", "tags": [], "title": "CVE-2026-8398", "url": "https://blog.daemon-tools.cc/post/security-incident ; https://nvd.nist.gov/vuln/detail/CVE-2026-8398", "verification_status": "government-advisory" }, { "canonical_url": "https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-48172", "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "category_order": 3, "claim_status": "government-advisory", "collected_at": "2026-05-29T19:18:53Z", "excerpt": "CVE-2026-48172: LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with root privileges.", "fingerprint": "3f49807dcdfa1f2b45", "id": "cisa-kev-cve-2026-48172", "leaked_data_indexed": false, "published_at": "2026-05-26T00:00:00Z", "source": { "authentication_required": false, "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "claim_status": "government-advisory", "credentials_required": false, "credibility": "government-advisory", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "cisa-kev", "item_count": 0, "item_limit": 12, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "CISA Known Exploited Vulnerabilities Catalog", "post_allowed": false, "response_byte_limit": 5000000, "source_type": "json", "timeout_seconds": 10, "tor_allowed": false, "type": "json", "url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" }, "source_id": "cisa-kev", "source_name": "CISA Known Exploited Vulnerabilities Catalog", "source_type": "json", "summary": "CVE-2026-48172: LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with root privileges.", "tags": [], "title": "CVE-2026-48172", "url": "https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-48172", "verification_status": "government-advisory" }, { "canonical_url": "https://krebsonsecurity.com/2026/05/netherlands-seizes-800-servers-arrests-2-for-aiding-cyberattacks/", "category": "security-research", "category_label": "Security Research", "category_order": 4, "claim_status": "reported", "collected_at": "2026-05-29T19:18:52Z", "excerpt": "Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The...", "fingerprint": "3ab30845a1d7adf78a", "id": "krebsonsecurity-https-krebsonsecurity-com-p-73630", "leaked_data_indexed": false, "published_at": "2026-05-25T13:21:49Z", "source": { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "krebsonsecurity", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "KrebsOnSecurity", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://krebsonsecurity.com/feed/" }, "source_id": "krebsonsecurity", "source_name": "KrebsOnSecurity", "source_type": "rss", "summary": "Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had assumed control over the technical infrastructure of Stark Industries Solutions, an Internet service provider sanctioned last year by the EU as a frequent staging ground for cyber mischief from Russia's intelligence agencies.", "tags": [], "title": "Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks", "url": "https://krebsonsecurity.com/2026/05/netherlands-seizes-800-servers-arrests-2-for-aiding-cyberattacks/", "verification_status": "reported" }, { "canonical_url": "https://krebsonsecurity.com/2026/05/lawmakers-demand-answers-as-cisa-tries-to-contain-data-leak/", "category": "security-research", "category_label": "Security Research", "category_order": 4, "claim_status": "reported", "collected_at": "2026-05-29T19:18:52Z", "excerpt": "Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other...", "fingerprint": "1dd2b098636c6aa25c", "id": "krebsonsecurity-https-krebsonsecurity-com-p-73638", "leaked_data_indexed": false, "published_at": "2026-05-22T16:34:24Z", "source": { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "krebsonsecurity", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "KrebsOnSecurity", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://krebsonsecurity.com/feed/" }, "source_id": "krebsonsecurity", "source_name": "KrebsOnSecurity", "source_type": "rss", "summary": "Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials.", "tags": [], "title": "Lawmakers Demand Answers as CISA Tries to Contain Data Leak", "url": "https://krebsonsecurity.com/2026/05/lawmakers-demand-answers-as-cisa-tries-to-contain-data-leak/", "verification_status": "reported" }, { "canonical_url": "https://www.drupal.org/sa-core-2026-004 ; https://nvd.nist.gov/vuln/detail/CVE-2026-9082", "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "category_order": 3, "claim_status": "government-advisory", "collected_at": "2026-05-29T19:18:53Z", "excerpt": "CVE-2026-9082: Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.", "fingerprint": "706f1efa2d18f78559", "id": "cisa-kev-cve-2026-9082", "leaked_data_indexed": false, "published_at": "2026-05-22T00:00:00Z", "source": { "authentication_required": false, "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "claim_status": "government-advisory", "credentials_required": false, "credibility": "government-advisory", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "cisa-kev", "item_count": 0, "item_limit": 12, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "CISA Known Exploited Vulnerabilities Catalog", "post_allowed": false, "response_byte_limit": 5000000, "source_type": "json", "timeout_seconds": 10, "tor_allowed": false, "type": "json", "url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" }, "source_id": "cisa-kev", "source_name": "CISA Known Exploited Vulnerabilities Catalog", "source_type": "json", "summary": "CVE-2026-9082: Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.", "tags": [], "title": "CVE-2026-9082", "url": "https://www.drupal.org/sa-core-2026-004 ; https://nvd.nist.gov/vuln/detail/CVE-2026-9082", "verification_status": "government-advisory" }, { "canonical_url": "https://krebsonsecurity.com/2026/05/alleged-kimwolf-botmaster-dort-arrested-charged-in-u-s-and-canada/", "category": "security-research", "category_label": "Security Research", "category_order": 4, "claim_status": "reported", "collected_at": "2026-05-29T19:18:52Z", "excerpt": "Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service...", "fingerprint": "d4de72045a8a8a75ee", "id": "krebsonsecurity-https-krebsonsecurity-com-p-73656", "leaked_data_indexed": false, "published_at": "2026-05-21T21:50:25Z", "source": { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "krebsonsecurity", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "KrebsOnSecurity", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://krebsonsecurity.com/feed/" }, "source_id": "krebsonsecurity", "source_name": "KrebsOnSecurity", "source_type": "rss", "summary": "Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February 2026 after the accused launched a volley of DDoS, doxing and swatting campaigns against this author and a security researcher. He now faces criminal hacking charges in both Canada and the United States.", "tags": [], "title": "Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada", "url": "https://krebsonsecurity.com/2026/05/alleged-kimwolf-botmaster-dort-arrested-charged-in-u-s-and-canada/", "verification_status": "reported" }, { "canonical_url": null, "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "category_order": 3, "claim_status": "government-advisory", "collected_at": "2026-05-29T19:18:53Z", "excerpt": "CVE-2025-34291: Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that...", "fingerprint": "b0a8964dabe0a17b55", "id": "cisa-kev-cve-2025-34291", "leaked_data_indexed": false, "published_at": "2026-05-21T00:00:00Z", "source": { "authentication_required": false, "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "claim_status": "government-advisory", "credentials_required": false, "credibility": "government-advisory", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "cisa-kev", "item_count": 0, "item_limit": 12, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "CISA Known Exploited Vulnerabilities Catalog", "post_allowed": false, "response_byte_limit": 5000000, "source_type": "json", "timeout_seconds": 10, "tor_allowed": false, "type": "json", "url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" }, "source_id": "cisa-kev", "source_name": "CISA Known Exploited Vulnerabilities Catalog", "source_type": "json", "summary": "CVE-2025-34291: Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. This could allow the attacker to execute arbitrary code and achieve full system compromise via obtained tokens that permit access to authenticated endpoints.", "tags": [], "title": "CVE-2025-34291", "url": null, "verification_status": "government-advisory" }, { "canonical_url": "https://success.trendmicro.com/en-US/solution/KA-0023430 ; https://nvd.nist.gov/vuln/detail/CVE-2026-34926", "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "category_order": 3, "claim_status": "government-advisory", "collected_at": "2026-05-29T19:18:53Z", "excerpt": "CVE-2026-34926: Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.", "fingerprint": "86aad4597f3c2ab3f7", "id": "cisa-kev-cve-2026-34926", "leaked_data_indexed": false, "published_at": "2026-05-21T00:00:00Z", "source": { "authentication_required": false, "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "claim_status": "government-advisory", "credentials_required": false, "credibility": "government-advisory", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "cisa-kev", "item_count": 0, "item_limit": 12, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "CISA Known Exploited Vulnerabilities Catalog", "post_allowed": false, "response_byte_limit": 5000000, "source_type": "json", "timeout_seconds": 10, "tor_allowed": false, "type": "json", "url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" }, "source_id": "cisa-kev", "source_name": "CISA Known Exploited Vulnerabilities Catalog", "source_type": "json", "summary": "CVE-2026-34926: Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to deploy to agents on affected installations.", "tags": [], "title": "CVE-2026-34926", "url": "https://success.trendmicro.com/en-US/solution/KA-0023430 ; https://nvd.nist.gov/vuln/detail/CVE-2026-34926", "verification_status": "government-advisory" }, { "canonical_url": "https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/", "category": "security-research", "category_label": "Security Research", "category_order": 4, "claim_status": "reported", "collected_at": "2026-05-29T19:18:52Z", "excerpt": "Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems....", "fingerprint": "57c4fa98536753747b", "id": "krebsonsecurity-https-krebsonsecurity-com-p-73607", "leaked_data_indexed": false, "published_at": "2026-05-18T20:48:21Z", "source": { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "krebsonsecurity", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "KrebsOnSecurity", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://krebsonsecurity.com/feed/" }, "source_id": "krebsonsecurity", "source_name": "KrebsOnSecurity", "source_type": "rss", "summary": "Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.", "tags": [], "title": "CISA Admin Leaked AWS GovCloud Keys on Github", "url": "https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/", "verification_status": "reported" }, { "canonical_url": "https://krebsonsecurity.com/2026/05/patch-tuesday-may-2026-edition/", "category": "security-research", "category_label": "Security Research", "category_order": 4, "claim_status": "reported", "collected_at": "2026-05-29T19:18:52Z", "excerpt": "Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of...", "fingerprint": "56fb75d4a282b06b1e", "id": "krebsonsecurity-https-krebsonsecurity-com-p-73582", "leaked_data_indexed": false, "published_at": "2026-05-12T21:46:45Z", "source": { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "krebsonsecurity", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "KrebsOnSecurity", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://krebsonsecurity.com/feed/" }, "source_id": "krebsonsecurity", "source_name": "KrebsOnSecurity", "source_type": "rss", "summary": "Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers -- including Apple, Google, Microsoft, Mozilla and Oracle -- fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases.", "tags": [], "title": "Patch Tuesday, May 2026 Edition", "url": "https://krebsonsecurity.com/2026/05/patch-tuesday-may-2026-edition/", "verification_status": "reported" }, { "canonical_url": "https://krebsonsecurity.com/2026/05/canvas-breach-disrupts-schools-colleges-nationwide/", "category": "security-research", "category_label": "Security Research", "category_order": 4, "claim_status": "reported", "collected_at": "2026-05-29T19:18:52Z", "excerpt": "An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service's login page...", "fingerprint": "ff1ab3b2e3534ab853", "id": "krebsonsecurity-https-krebsonsecurity-com-p-73563", "leaked_data_indexed": false, "published_at": "2026-05-08T02:58:46Z", "source": { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "krebsonsecurity", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "KrebsOnSecurity", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://krebsonsecurity.com/feed/" }, "source_id": "krebsonsecurity", "source_name": "KrebsOnSecurity", "source_type": "rss", "summary": "An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service's login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions.", "tags": [], "title": "Canvas Breach Disrupts Schools & Colleges Nationwide", "url": "https://krebsonsecurity.com/2026/05/canvas-breach-disrupts-schools-colleges-nationwide/", "verification_status": "reported" }, { "canonical_url": "https://krebsonsecurity.com/2026/04/anti-ddos-firm-heaped-attacks-on-brazilian-isps/", "category": "security-research", "category_label": "Security Research", "category_order": 4, "claim_status": "reported", "collected_at": "2026-05-29T19:18:52Z", "excerpt": "A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity...", "fingerprint": "03d3ffcf80f3529ba1", "id": "krebsonsecurity-https-krebsonsecurity-com-p-73488", "leaked_data_indexed": false, "published_at": "2026-04-30T14:04:26Z", "source": { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "krebsonsecurity", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "KrebsOnSecurity", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://krebsonsecurity.com/feed/" }, "source_id": "krebsonsecurity", "source_name": "KrebsOnSecurity", "source_type": "rss", "summary": "A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm's chief executive says the malicious activity resulted from a security breach and was likely the work of a competitor trying to tarnish his company's public image.", "tags": [], "title": "Anti-DDoS Firm Heaped Attacks on Brazilian ISPs", "url": "https://krebsonsecurity.com/2026/04/anti-ddos-firm-heaped-attacks-on-brazilian-isps/", "verification_status": "reported" }, { "canonical_url": "https://krebsonsecurity.com/2026/04/scattered-spider-member-tylerb-pleads-guilty/", "category": "security-research", "category_label": "Security Research", "category_order": 4, "claim_status": "reported", "collected_at": "2026-05-29T19:18:52Z", "excerpt": "A 24-year-old British national and senior member of the cybercrime group \"Scattered Spider\" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the...", "fingerprint": "3e0254754c0652e4d1", "id": "krebsonsecurity-https-krebsonsecurity-com-p-73470", "leaked_data_indexed": false, "published_at": "2026-04-21T14:53:59Z", "source": { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "krebsonsecurity", "item_count": 0, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "KrebsOnSecurity", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://krebsonsecurity.com/feed/" }, "source_id": "krebsonsecurity", "source_name": "KrebsOnSecurity", "source_type": "rss", "summary": "A 24-year-old British national and senior member of the cybercrime group \"Scattered Spider\" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors.", "tags": [], "title": "‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty", "url": "https://krebsonsecurity.com/2026/04/scattered-spider-member-tylerb-pleads-guilty/", "verification_status": "reported" } ], "product": "darkweb_news_feed", "site": "news.jeremywhittaker.com", "source_policy": { "collection": "Default collection uses allowlisted public clearnet RSS/Atom/JSON sources only.", "publication": "The site publishes public source metadata, article/advisory summaries, safe clearnet links, and claim status.", "safety": "No purchasing, illicit authentication, exploit execution, credential collection, stolen-data download, leaked-data indexing, browser automation, JavaScript execution, forms, or POST requests.", "tor": "Optional Tor collection is disabled unless TOR_SOCKS_PROXY and --include-tor are explicitly used; this is not a full sandbox." }, "sources": [ { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "krebsonsecurity", "item_count": 8, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "KrebsOnSecurity", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://krebsonsecurity.com/feed/" }, { "authentication_required": false, "category": "ransomware-osint", "category_label": "Ransomware & Extortion OSINT", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "bleepingcomputer", "item_count": 8, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "BleepingComputer", "post_allowed": false, "response_byte_limit": 750000, "source_type": "rss", "timeout_seconds": 8, "tor_allowed": false, "type": "rss", "url": "https://www.bleepingcomputer.com/feed/" }, { "authentication_required": false, "category": "security-research", "category_label": "Security Research", "claim_status": "reported", "credentials_required": false, "credibility": "established-security-journalism", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "thehackernews", "item_count": 8, "item_limit": 8, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "The Hacker News", "post_allowed": false, "response_byte_limit": 900000, "source_type": "atom", "timeout_seconds": 8, "tor_allowed": false, "type": "atom", "url": "https://thehackernews.com/feeds/posts/default" }, { "authentication_required": false, "category": "vulnerability-intelligence", "category_label": "Vulnerability Intelligence", "claim_status": "government-advisory", "credentials_required": false, "credibility": "government-advisory", "default_enabled": true, "enabled": true, "forms_allowed": false, "id": "cisa-kev", "item_count": 8, "item_limit": 12, "javascript_required": false, "leaked_data_policy": "no_download_no_index", "media_byte_limit": 0, "media_permission": "none", "method": "GET", "name": "CISA Known Exploited Vulnerabilities Catalog", "post_allowed": false, "response_byte_limit": 5000000, "source_type": "json", "timeout_seconds": 10, "tor_allowed": false, "type": "json", "url": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json" } ] }