The Hacker News

PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network

PCPJack built a 230-node SMTP relay from hijacked cloud servers, syncing verified proxies every five minutes for scalable ...
Spiceworks on MSN

Did AI write the worm that breached GitHub’s own house?

A single developer. One poisoned extension. Five supply chain surfaces compromised in 48 hours. And a threat group claiming ...
CoinJournal

TrapDoor attack targets crypto wallets, AWS keys and GitHub tokens

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.
techtimes

Microsoft 365 Phishing Kit Kali365 Bypasses MFA: FBI Warns Hundreds of Organizations Targeted

A criminal subscription service called Kali365 is hijacking Microsoft 365 accounts at organizations across multiple sectors without ever touching a user's password — and it defeats multi-factor ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Reuters

Fears of unfettered hacking spurred by Anthropic's Mythos AI model overstated

Cybersecurity experts say Mythos' hacking threat is overstated, citing existing AI capabilities Mythos improves vulnerability discovery but main challenge is validating and fixing flaws, experts say ...
Reuters

Canvas' parent company reaches agreement with hacking group behind breach

Instructure says all stolen data returned and deleted after agreement with ShinyHunters ShinyHunters tells Reuters it will not target or extort Instructure or its customers House Homeland Security ...
WRAL

'Security patches' put student learning system back online after hack

A web-based learning management system containing teachers' and students' data across North Carolina and the United States is back online after being breached, with one group claiming responsibility ...
The Daily Pennsylvanian

Cybercrime group crashes Penn’s Canvas system, demands ransom to prevent data release

This story is developing and will continue to be updated. Students were unable to access Canvas on Thursday afternoon after cybercrime group ShinyHunters shut down Penn’s access to the interface. The ...
The Daily Pennsylvanian

Over 300,000 Penn users affected in Canvas hack, cybercrime group claims

On May 3, cybercrime group ShinyHunters claimed responsibility for breaching Instructure — the parent company of Canvas — reportedly compromising the data of hundreds of millions of users, including ...
GitHub

Hacking Tools and Resources

Https://wizardforcel.gitbooks.io/web-hacking-101/content/ Web Hacking 101 Chinese Https://wizardforcel.gitbooks.io/asani/content/ Easy to get Android security Chinese ...
The Verge

Attack of the killer script kiddies

Last August, some of the best cybersecurity teams in the business gathered in Las Vegas to demonstrate the strength of their AI bug-finding systems at DARPA’s Artificial Intelligence Cyber Challenge ...