CyberSecurity88

Last week in cyber? A lot happened. New threats. Smarter defenses. Shifting trends. We broke it all down so you don't have to. 📬 CyberSecurity88 Newsletter is live — the intel you actually need, zero fluff. Your first line of defence starts with staying informed. 👇

How Kimsuky Is Blending Malware with Trusted Platforms to Evade Detection What happens when cybercriminals start blending malware with trusted developer tools? The latest Kimsuky campaign shows how modern espionage groups are becoming harder to detect than ever. 🔍 Key findings: • Kimsuky expanded its toolkit with new malware, including HelloDoor and HTTPSpy. • Attackers are abusing VS Code Remote Tunnels to gain remote access through legitimate infrastructure. • Cloudflare tunneling services are being used to hide command-and-control operations. • Researchers also found signs that AI-assisted development may have played a role in malware creation. • Phishing remains the primary entry point for these attacks. 📌 The campaign highlights a growing trend: threat actors increasingly combining custom malware with trusted platforms to evade detection. Full Story 👉 https://lnkd.in/ga3-yR33 #CyberSecurity #ThreatIntelligence #CyberEspionage #Kimsuky #MalwareAnalysis #ThreatHunting #InfoSec #CyberDefense 

What This Google Insider Trading Case Means for Cybersecurity Professionals What happens when insider information meets prediction markets? And can insider trading laws extend beyond traditional stock markets? 🔍 U.S. authorities have charged a Google security engineer for allegedly using confidential Google search trend data to place profitable bets on Polymarket. Key highlights: Alleged profits exceeded $1.2 million • Internal "Year in Search" data was reportedly used before public release • Charges include commodities fraud, wire fraud, and money laundering • The case could set an important precedent for prediction markets This story highlights how valuable non-public data can be and why organizations must strengthen controls around sensitive information. Full Story 👉 https://lnkd.in/gTH2gZhq #CyberSecurity #DataSecurity #InsiderTrading #Google #Polymarket #Compliance #RiskManagement #CyberNews 

A Small Group of AI “Power Users” May Be Creating the Biggest Enterprise Security Risks A small group of employees may be creating the biggest AI security risks inside enterprises. The latest AI usage report shows that “power users” are becoming a major cybersecurity concern. 📊 Key findings from the report: • Most risky AI activity comes from a limited number of heavy AI users • Sensitive company data is being shared with external AI tools • “Shadow AI” usage is growing across organizations • Data exposure risks are increasing faster than AI governance policies The report highlights an important reality: AI security is now as much about user behavior as technology itself. Full Story 👉 https://lnkd.in/gk5HHWe2 #ArtificialIntelligence #CyberSecurity #EnterpriseSecurity #AIGovernance #DataSecurity #ShadowAI #GenerativeAI #RiskManagement

One Employee Account Led to a Massive Carnival Cruise Data Breach 6 million people affected all because one employee account was compromised. Another reminder that cyberattacks no longer start with code… they start with people. 🚢 Carnival Cruise has confirmed a major data breach impacting nearly 6 million individuals after attackers gained access through a social engineering attack. 🔍 Key highlights: • Unauthorized access detected in April 2026 • Personal data including names, emails, and passport details exposed • Researchers linked the incident to the “ShinyHunters” hacking group • Security monitoring and response measures have now been strengthened This breach highlights the growing risk of phishing and identity-based attacks targeting large enterprises. Full Story 👉 https://lnkd.in/gSgfkC8H #CyberSecurity #DataBreach #CarnivalCruise #CyberAttack #InformationSecurity #DataPrivacy #PhishingAttack #ThreatIntelligence

Major GlassWorm Malware Operation Disrupted by Security Researchers    A malware operation didn’t just target developers, it targeted the software supply chain itself. The GlassWorm campaign shows how modern cyber threats are evolving far beyond traditional malware tactics. 🔍 Key highlights: • Fake VS Code extensions were used to infect developers • Over 300 GitHub repositories were reportedly compromised • Stolen credentials included GitHub and npm tokens • The malware used blockchain, BitTorrent DHT, and Google Calendar titles to hide its infrastructure • CrowdStrike, Google, and Shadowserver successfully disrupted all known communication channels This incident is another reminder that developer environments are now a major attack surface in cybersecurity. Full story 👉 https://lnkd.in/gJbqkGJQ #CyberSecurity #Malware #SupplyChainSecurity #ThreatIntelligence #InfoSec #DeveloperSecurity #GitHub #CyberThreats 

Private No More: Gitea Vulnerability Exposes Container Images    Private doesn’t always mean protected. A newly discovered Gitea flaw shows how silent permission issues can expose critical infrastructure for years. 🔍 Researchers uncovered CVE-2026-27771, a vulnerability affecting Gitea versions before 1.26.2. Key findings: • Private container images could be accessed without authentication • Over 30,000 deployments across 30+ countries may be affected • The flaw reportedly existed unnoticed for nearly four years • Industries impacted may include healthcare, aerospace, ISPs, and retail infrastructure The incident highlights how small access-control mistakes in DevOps platforms can create major exposure risks. Full story 👉 https://lnkd.in/gvkgNX4c #CyberSecurity #Gitea #DevSecOps #ContainerSecurity #DataSecurity #VulnerabilityManagement #CloudSecurity #CVE2026_27771 

Microsoft Is Bringing Real-Time Automated Containment to Cybersecurity A compromised device can now isolate itself before attackers spread further. Microsoft is pushing endpoint defense toward fully automated response. 🔐 Microsoft Defender for Endpoint can now automatically isolate hacked systems during active cyberattacks. Key highlights: • Stops lateral movement across enterprise networks • Helps contain ransomware attacks faster • Keeps isolated devices connected for monitoring and investigation • Uses Microsoft’s Automatic Attack Disruption technology • Reduces manual response delays during critical incidents This marks another major step toward AI-driven and automated cybersecurity operations where speed is becoming just as important as detection. Full Story 👉 https://lnkd.in/dsGpRGYs #CyberSecurity #MicrosoftDefender #EndpointSecurity #RansomwareProtection #ThreatDetection #CyberDefense #InfoSec #SecurityOperations

Trusted Searches, Hidden Threats: Inside the MiniFast Malware Campaign   Trusted software searches are now becoming cyberattack entry points. And phishing campaigns are evolving faster than many organizations expected. Researchers uncovered a new Iranian-linked cyber campaign using MiniFast and MiniJunk V2 malware through phishing emails and SEO poisoning techniques. 🔍 Key findings: • Fake Oracle SQL Developer download pages appeared in search results • Modified Zoom installers were used to spread malware • Targets included aviation, telecom, defense, and software sectors • Researchers suspect AI-assisted malware development based on coding patterns • Victims were identified across the U.S., Europe, Middle East, Israel, UAE, and Australia This campaign highlights how threat actors are combining social engineering, search manipulation, and advanced persistence techniques in modern cyber-espionage operations. Full Story 👉 https://lnkd.in/g8mFM9z7 #CyberSecurity #ThreatIntelligence #CyberEspionage #Malware #Phishing #SEOpoisoning #InformationSecurity #CyberThreats  

700+ Trusted Websites Compromised Through Critical Ghost CMS Flaw    700+ trusted websites silently turned into malware delivery platforms. A single Ghost CMS vulnerability made it possible. Researchers have confirmed active exploitation of CVE-2026-26980, a critical Ghost CMS flaw with a CVSS score of 9.4, in a large-scale ClickFix malware campaign. 🔍 Key findings: • Attackers injected malicious JavaScript into legitimate websites • Victims were redirected to fake CAPTCHA pages • Malware payloads used PowerShell, DLL files, and remote loaders • Universities, SaaS firms, fintech, AI, and media platforms were impacted The incident highlights how unpatched CMS systems can quickly become part of advanced malware operations. Full story 👉 https://lnkd.in/g4WhHP6H #CyberSecurity #ThreatIntelligence #GhostCMS #CyberAttack #Malware #InfoSec #VulnerabilityManagement #ClickFix