CyberSecure Specialist

Russian Spies Are Aggressively Seeking Western Technology as Sanctions Bite, Officials Say

Russia’s intelligence agencies have grown more aggressive in their efforts to steal Western technology and defense secrets as sanctions squeeze the country’s wartime economy, three senior European intelligence officials told The Associated Press. Moscow’s agents are building fake companies, recruiting middlemen and deploying cyber spies and hackers who are gathering information that could also be used to attack key infrastructure, they said. Four years of international sanctions have hampered Moscow’s ability to procure machinery, technology…

Read More

Exploit Code Published for Critical Flowise RCE Vulnerability

Obsidian Security has released technical information and proof-of-concept (PoC) code targeting a remote code execution (RCE) vulnerability in Flowise. The issue, tracked as CVE-2026-40933 (CVSS score of 9.9), was disclosed in April along with several other security defects impacting AI ecosystems that rely on Anthropic’s MCP protocol. Flowise, a popular open source platform that provides developers with a drag-and-drop interface for building LLM flows and AI agents, and which has over 52,000 GitHub stars, was…

Read More

In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Trump Mobile data breach Phone provider Trump Mobile has confirmed that…

Read More

What to consider before asking an AI chatbot for health advice

Using chatbots for medical advice could elicit hallucinations and even expose you to security and privacy risks. Here’s what’s at stake and how to stay safe. Phil Muncaster 27 May 2026  •  , 5 min. read For better or worse, chatbots are changing the way we think, learn and perceive the world around us. This kind of disruption is manifest in many areas of life, but perhaps one of the most sensitive and often concerning…

Read More

Geordie Raises $30 Million for AI Security and Governance Platform

AI security and governance startup Geordie today announced raising $30 million in a Series A funding round that brings the total raised by the company to $36.5 million. Founded in early 2025, London-based Geordie has built a platform that helps organizations secure and govern AI agents deployed across their environments, at scale. As organizations are increasingly relying on AI agents to automate operations at scale, they also require visibility, governance, and operational control to deploy…

Read More

Supply Chain Compromises Impact Nx Console and GitHub Repositories

CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development (CI/CD) pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code (VS Code) extension and the “Megalodon” supply chain intrusion campaign, demonstrate how cyber threat actors are abusing tools and processes that support enterprise, cloud, and DevOps environments—specifically CI/CD pipelines, code extensions and workflows.  Threat actors leveraged a prior compromise…

Read More

BTMOB: A stealthy RAT burrowing deep into Android devices

The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise Daniel Cunha Barbosa 26 May 2026  •  , 6 min. read Our recent review of threat detections in Brazil surfaced BTMOB, an Android remote access trojan (RAT) that is less notable for detection volume than for the damage it can wreak. The combination of phishing-led delivery, ready-made app-building tooling and device takeover capabilities makes BTMOB a threat to…

Read More

UK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About Russia

Artificial intelligence is “an unstoppable force” that is being weaponized in ways that fall just short of traditional warfare, Britain’s cyberspying chief warned Wednesday. Anne Keast-Butler, director of the communications intelligence agency GCHQ, also said Britain and its allies are in “a space between peace and war” as Russia increases its “daily hybrid activity” against the West — even as Russian combat deaths in Ukraine approach 500,000. She said the West risks losing the conflict…

Read More

AppOmni’s Marlin AI Brings Autonomous Investigation to SaaS Security

Securing software-as-a-service (SaaS) apps is hard. The standard cybersecurity controls are not designed for SaaS. The difficulty is the software doesn’t belong to the user and usually runs on somebody else’s infrastructure. Standard cybersecurity products are designed to operate on software owned by the user and housed on the users’ infrastructure. SaaS providers attempt to maintain security inside their apps, but they cannot control how they are used. Usage varies from user to user and…

Read More

Ghost CMS Vulnerability Exploited to Hack Over 700 Websites

A vulnerability patched a few months ago in the Ghost content management system (CMS) has been exploited to hack hundreds of websites, including ones belonging to major organizations, according to Chinese cybersecurity company Qianxin. The exploited vulnerability is tracked as CVE-2026-26980 and its existence came to light in February when it was patched. Ghost is a widely used open source CMS designed specifically for blogging, newsletters, and publishing, offering built-in tools for memberships, subscriptions, and…

Read More