26.05.2026

Krebs Security 25.05.2026 13:21
Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had assumed control over the technical infrastructure of Stark Industries Solutions, an Internet service provider sanctioned last year by the EU as a frequent staging ground for cyber mischief from Russia's intelligence agencies.

The Hacker News 25.05.2026 12:02
Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks.

According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost's Content API that could allow an unauthenticated attacker to read arbitrary data from the

Golem 25.05.2026 09:39
Wegen einer Schwachstelle beim Logging von Löschanfragen könnten Signal-Nachrichten auch nach Jahren wiederherstellbar sein. (Signal, Instant Messenger)

The Hacker News 25.05.2026 09:32
Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations.

RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain that involves two loaders tracked as DPAPILoader and RemotePELoader.

"DPAPILoader decrypts and

Golem 25.05.2026 08:00
CVE-2026-34197 in Apache ActiveMQ wird aktiv ausgenutzt. Die Schwachstelle liegt in der Jolokia-API, in einigen Versionen ist keine Authentisierung nötig. Was zu tun ist. Eine Analyse von Steffen Zahn (Security, Virtualisierung)