• Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
• Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
• Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
• Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/TheHackersNews.

• Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/krebsonsecurity.

• Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
• MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
• The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open
• Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/TheHackersNews.

• Hackers abuse Google ads for GoDaddy ManageWP login phishing
• Critical vm2 sandbox bug lets attackers execute code on hosts
• New Cisco DoS flaw requires manual reboot to revive devices
• DAEMON Tools devs confirm breach, release malware-free version

Site: defaultcreds.lol. Source feed: https://www.bleepingcomputer.com/feed/.

• Autonomous Offensive Security Firm XBOW Raises $35 Million
• Herd Security Raises $3 Million for AI-Powered Training Platform
• Iranian APT Intrusion Masquerades as Chaos Ransomware Attack
• Romanian Man Extradited to US for Role in Hacking Scheme 17 Years Ago

Site: defaultcreds.lol. Source feed: https://www.securityweek.com/feed/.

• Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired
• Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition
• Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats
• Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

Site: defaultcreds.lol. Source feed: https://grahamcluley.com/feed/.

• Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
• ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
• Patch Tuesday, April 2026 Edition
• Russia Hacked Routers to Steal Microsoft Office Tokens

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/krebsonsecurity.

• Rowhammer Attack Against NVIDIA Chips
• DarkSword Malware
• Hacking Polymarket
• A Ransomware Negotiator Was Working for a Ransomware Gang

Site: defaultcreds.lol. Source feed: https://www.schneier.com/feed/atom/.

• Yet Another Way to Bypass Google Chrome's Encryption Protection
• Instructure Breach Exposes Schools' Vendor Dependence
• From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber
• Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA

Site: defaultcreds.lol. Source feed: https://www.darkreading.com/rss.xml.

• North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware
• Palo Alto warns of critical software bug used in firewall attacks
• New CISA initiative aims for critical infrastructure to operate offline during cyberattacks
• Hackers compromise Daemon Tools in global supply-chain attack, researchers say

Site: defaultcreds.lol. Source feed: https://therecord.media/feed.

• An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
• Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
• SSL.com rotates their root certificate today, (Tue, May 5th)
• TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)

Site: defaultcreds.lol. Source feed: https://isc.sans.edu/rssfeed.xml.

• Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
• Ubuntu infrastructure has been down for more than a day
• GPT-5.5 matches heavily hyped Mythos Preview in new cybersecurity tests
• The most severe Linux threat to surface in years catches the world flat-footed

Site: defaultcreds.lol. Source feed: https://arstechnica.com/security/feed/.

• Google Chrome’s silent 4GB AI download problem
• Attackers adopt JavaScript runtime Bun to spread NWHStealer
• Millions of students’ personal data stolen in major education breach
• Update WhatsApp now: Two new flaws could expose you to malicious files

Site: defaultcreds.lol. Source feed: https://www.malwarebytes.com/blog/feed/index.xml.

• Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)
• Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware
• A Walkthrough of the 2026 Global Cybersecurity Summit Agenda
• Metasploit Wrap-Up 05/01/2026

Site: defaultcreds.lol. Source feed: https://blog.rapid7.com/rss/.

• PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
• ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
• Day Zero Readiness: The Operational Gaps That Break Incident Response
• PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/TheHackersNews.

• Americans sentenced for running 'laptop farms' for North Korea
• Crypto gang member gets 6.5 years for role in $230 million heist
• Webinar: Why modern attacks require both security and recovery
• Palo Alto Networks firewall zero-day exploited for nearly a month

Site: defaultcreds.lol. Source feed: https://www.bleepingcomputer.com/feed/.

• Attackers Could Exploit AI Vision Models Using Imperceptible Image Changes
• Vendor Says Daemon Tools Supply Chain Attack Contained
• AI Coding Agents Could Fuel Next Supply Chain Crisis
• Webinar Today: Securing Identity Across Humans, Machines and AI

Site: defaultcreds.lol. Source feed: https://www.securityweek.com/feed/.

• If a fake moustache can fool age checks, is the Online Safety Act working?
• Google Chrome’s silent 4GB AI download problem
• Attackers adopt JavaScript runtime Bun to spread NWHStealer
• Millions of students’ personal data stolen in major education breach

Site: defaultcreds.lol. Source feed: https://www.malwarebytes.com/blog/feed/index.xml.

• Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired
• Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition
• Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats
• Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

Site: defaultcreds.lol. Source feed: https://grahamcluley.com/feed/.

• Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
• ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
• Patch Tuesday, April 2026 Edition
• Russia Hacked Routers to Steal Microsoft Office Tokens

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/krebsonsecurity.

• Smart Glasses for the Authorities
• Rowhammer Attack Against NVIDIA Chips
• DarkSword Malware
• Hacking Polymarket

Site: defaultcreds.lol. Source feed: https://www.schneier.com/feed/atom/.

• World's First AI-Driven Cyberattack Couldn't Breach OT Systems
• 'TrustFall' Convention Exposes Claude Code Execution Risk
• Yet Another Way to Bypass Google Chrome's Encryption Protection
• Instructure Breach Exposes Schools' Vendor Dependence

Site: defaultcreds.lol. Source feed: https://www.darkreading.com/rss.xml.

• Polish intelligence warns hackers attacked water treatment control systems
• North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware
• Palo Alto warns of critical software bug used in firewall attacks
• New CISA initiative aims for critical infrastructure to operate offline during cyberattacks

Site: defaultcreds.lol. Source feed: https://therecord.media/feed.

• An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
• Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
• SSL.com rotates their root certificate today, (Tue, May 5th)
• TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)

Site: defaultcreds.lol. Source feed: https://isc.sans.edu/rssfeed.xml.

• Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
• Ubuntu infrastructure has been down for more than a day
• GPT-5.5 matches heavily hyped Mythos Preview in new cybersecurity tests
• The most severe Linux threat to surface in years catches the world flat-footed

Site: defaultcreds.lol. Source feed: https://arstechnica.com/security/feed/.

• Why Security in 2026 Requires Continuous Threat and Exposure Management (CTEM) at Scale
• Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)
• Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware
• A Walkthrough of the 2026 Global Cybersecurity Summit Agenda

Site: defaultcreds.lol. Source feed: https://blog.rapid7.com/rss/.

• Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
• PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
• One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches
• PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/TheHackersNews.

• New PCPJack worm steals credentials, cleans TeamPCP infections
• Australia warns of ClickFix attacks pushing Vidar Stealer malware
• Ivanti warns of new EPMM flaw exploited in zero-day attacks
• The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls

Site: defaultcreds.lol. Source feed: https://www.bleepingcomputer.com/feed/.

• Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders
• Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking
• Boost Security Raises $4 Million for SDLC Defense Platform
• Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking

Site: defaultcreds.lol. Source feed: https://www.securityweek.com/feed/.

• Massive AI investment scam network spans 15,500 domains
• If a fake moustache can fool age checks, is the Online Safety Act working?
• Google Chrome’s silent 4GB AI download problem
• Attackers adopt JavaScript runtime Bun to spread NWHStealer

Site: defaultcreds.lol. Source feed: https://www.malwarebytes.com/blog/feed/index.xml.

• Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired
• Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition
• Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats
• Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

Site: defaultcreds.lol. Source feed: https://grahamcluley.com/feed/.

• Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
• ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
• Patch Tuesday, April 2026 Edition
• Russia Hacked Routers to Steal Microsoft Office Tokens

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/krebsonsecurity.

• Smart Glasses for the Authorities
• Rowhammer Attack Against NVIDIA Chips
• DarkSword Malware
• Hacking Polymarket

Site: defaultcreds.lol. Source feed: https://www.schneier.com/feed/atom/.

• After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
• Has CISA Finally Found Its New Leader in Tom Parker?
• 'TrustFall' Convention Exposes Claude Code Execution Risk
• World's First AI-Driven Cyberattack Couldn't Breach OT Systems

Site: defaultcreds.lol. Source feed: https://www.darkreading.com/rss.xml.

• North Carolina man pleads guilty to doxxing Supreme Court justices
• Polish intelligence warns hackers attacked water treatment control systems
• European leaders unveil tentative deal for AI Act simplification, including a ban on nudification tools
• North Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malware

Site: defaultcreds.lol. Source feed: https://therecord.media/feed.

• An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
• Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
• SSL.com rotates their root certificate today, (Tue, May 5th)
• TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)

Site: defaultcreds.lol. Source feed: https://isc.sans.edu/rssfeed.xml.

• Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
• Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
• Ubuntu infrastructure has been down for more than a day
• GPT-5.5 matches heavily hyped Mythos Preview in new cybersecurity tests

Site: defaultcreds.lol. Source feed: https://arstechnica.com/security/feed/.

• Why Security in 2026 Requires Continuous Threat and Exposure Management (CTEM) at Scale
• Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)
• Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware
• A Walkthrough of the 2026 Global Cybersecurity Summit Agenda

Site: defaultcreds.lol. Source feed: https://blog.rapid7.com/rss/.

• Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
• One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
• New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
• Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/TheHackersNews.

• Trellix source code breach claimed by RansomHouse hackers
• CISA gives feds four days to patch Ivanti flaw exploited as zero-day
• Zara data breach exposed personal information of 197,000 people
• Former govt contractor convicted for wiping dozens of federal databases

Site: defaultcreds.lol. Source feed: https://www.bleepingcomputer.com/feed/.

• Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
• AI Firm Braintrust Prompts API Key Rotation After Data Breach
• Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom
• ‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

Site: defaultcreds.lol. Source feed: https://www.securityweek.com/feed/.

• Microsoft says Edge’s plaintext password behavior is “by design”
• ShinyHunters escalates Canvas attacks with school login defacements
• Massive AI investment scam network spans 15,500 domains
• If a fake moustache can fool age checks, is the Online Safety Act working?

Site: defaultcreds.lol. Source feed: https://www.malwarebytes.com/blog/feed/index.xml.

• Sri Lanka makes 37 arrests as it raids another scam centre
• Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired
• Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition
• Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats

Site: defaultcreds.lol. Source feed: https://grahamcluley.com/feed/.

• Canvas Breach Disrupts Schools & Colleges Nationwide
• Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
• ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
• Patch Tuesday, April 2026 Edition

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/krebsonsecurity.

• Smart Glasses for the Authorities
• Rowhammer Attack Against NVIDIA Chips
• DarkSword Malware
• Hacking Polymarket

Site: defaultcreds.lol. Source feed: https://www.schneier.com/feed/atom/.

• After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
• Has CISA Finally Found Its New Leader in Tom Parker?
• AI-Driven Cyberattack on Mexico Couldn't Breach OT Systems
• 'TrustFall' Convention Exposes Claude Code Execution Risk

Site: defaultcreds.lol. Source feed: https://www.darkreading.com/rss.xml.

• Pro-Ukraine BO Team and Head Mare hackers appear to team up in attacks against Russia
• Iranian government hackers using Chaos ransomware as cover, researchers say
• North Carolina man pleads guilty to doxxing Supreme Court justices
• Polish intelligence warns hackers attacked water treatment control systems

Site: defaultcreds.lol. Source feed: https://therecord.media/feed.

• Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
• An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
• Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
• SSL.com rotates their root certificate today, (Tue, May 5th)

Site: defaultcreds.lol. Source feed: https://isc.sans.edu/rssfeed.xml.

• Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
• Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
• Ubuntu infrastructure has been down for more than a day
• GPT-5.5 matches heavily hyped Mythos Preview in new cybersecurity tests

Site: defaultcreds.lol. Source feed: https://arstechnica.com/security/feed/.

• Zero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As Code
• Rapid7 and OpenAI: Helping Defenders Move at Machine Speed
• Why Security in 2026 Requires Continuous Threat and Exposure Management (CTEM) at Scale
• Critical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)

Site: defaultcreds.lol. Source feed: https://blog.rapid7.com/rss/.

• TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
• Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
• One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches
• Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/TheHackersNews.

• NVIDIA confirms GeForce NOW data breach affecting Armenian users
• Why More Analysts Won’t Solve Your SOC’s Alert Problem
• Trellix source code breach claimed by RansomHouse hackers
• CISA gives feds four days to patch Ivanti flaw exploited as zero-day

Site: defaultcreds.lol. Source feed: https://www.bleepingcomputer.com/feed/.

• In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
• Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
• AI Firm Braintrust Prompts API Key Rotation After Data Breach
• Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom

Site: defaultcreds.lol. Source feed: https://www.securityweek.com/feed/.

• Microsoft says Edge’s plaintext password behavior is “by design”
• ShinyHunters escalates Canvas attacks with school login defacements
• Massive AI investment scam network spans 15,500 domains
• If a fake moustache can fool age checks, is the Online Safety Act working?

Site: defaultcreds.lol. Source feed: https://www.malwarebytes.com/blog/feed/index.xml.

• One in eight UK workers has sold their company passwords, and bosses think it’s fine
• Inside Department 4: Russia’s secret school for hackers
• Sri Lanka makes 37 arrests as it raids another scam centre
• Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired

Site: defaultcreds.lol. Source feed: https://grahamcluley.com/feed/.

• Canvas Breach Disrupts Schools & Colleges Nationwide
• Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
• ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
• Patch Tuesday, April 2026 Edition

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/krebsonsecurity.

• Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia
• Insider Betting on Polymarket
• Smart Glasses for the Authorities
• Rowhammer Attack Against NVIDIA Chips

Site: defaultcreds.lol. Source feed: https://www.schneier.com/feed/atom/.

• ShinyHunters Claims Second Attack Against Instructure
• After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
• Has CISA Finally Found Its New Leader in Tom Parker?
• 'TrustFall' Convention Exposes Claude Code Execution Risk

Site: defaultcreds.lol. Source feed: https://www.darkreading.com/rss.xml.

• GM to pay over $12 million in California privacy settlement involving driver data
• Kingdom Market administrator given 16-year sentence
• Virginia man found guilty of deleting 96 government databases
• Multiple universities forced to reschedule final exams after Canvas cyber incident

Site: defaultcreds.lol. Source feed: https://therecord.media/feed.

• Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
• An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
• Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
• SSL.com rotates their root certificate today, (Tue, May 5th)

Site: defaultcreds.lol. Source feed: https://isc.sans.edu/rssfeed.xml.

• Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
• Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
• Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
• Ubuntu infrastructure has been down for more than a day

Site: defaultcreds.lol. Source feed: https://arstechnica.com/security/feed/.

• Metasploit Wrap-Up 05/08/2026
• Zero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As Code
• Rapid7 and OpenAI: Helping Defenders Move at Machine Speed
• Why Security in 2026 Requires Continuous Threat and Exposure Management (CTEM) at Scale

Site: defaultcreds.lol. Source feed: https://blog.rapid7.com/rss/.

• cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
• TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
• Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
• One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/TheHackersNews.

• NVIDIA confirms GeForce NOW data breach affecting Armenian users
• Why More Analysts Won’t Solve Your SOC’s Alert Problem
• Trellix source code breach claimed by RansomHouse hackers
• CISA gives feds four days to patch Ivanti flaw exploited as zero-day

Site: defaultcreds.lol. Source feed: https://www.bleepingcomputer.com/feed/.

• In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
• Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
• AI Firm Braintrust Prompts API Key Rotation After Data Breach
• Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom

Site: defaultcreds.lol. Source feed: https://www.securityweek.com/feed/.

• Microsoft says Edge’s plaintext password behavior is “by design”
• ShinyHunters escalates Canvas attacks with school login defacements
• Massive AI investment scam network spans 15,500 domains
• If a fake moustache can fool age checks, is the Online Safety Act working?

Site: defaultcreds.lol. Source feed: https://www.malwarebytes.com/blog/feed/index.xml.

• One in eight UK workers has sold their company passwords, and bosses think it’s fine
• Inside Department 4: Russia’s secret school for hackers
• Sri Lanka makes 37 arrests as it raids another scam centre
• Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired

Site: defaultcreds.lol. Source feed: https://grahamcluley.com/feed/.

• Canvas Breach Disrupts Schools & Colleges Nationwide
• Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
• ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
• Patch Tuesday, April 2026 Edition

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/krebsonsecurity.

• Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia
• Insider Betting on Polymarket
• Smart Glasses for the Authorities
• Rowhammer Attack Against NVIDIA Chips

Site: defaultcreds.lol. Source feed: https://www.schneier.com/feed/atom/.

• ShinyHunters Claims Second Attack Against Instructure
• After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
• Has CISA Finally Found Its New Leader in Tom Parker?
• 'TrustFall' Convention Exposes Claude Code Execution Risk

Site: defaultcreds.lol. Source feed: https://www.darkreading.com/rss.xml.

• GM to pay over $12 million in California privacy settlement involving driver data
• Kingdom Market administrator given 16-year sentence
• Virginia man found guilty of deleting 96 government databases
• Multiple universities forced to reschedule final exams after Canvas cyber incident

Site: defaultcreds.lol. Source feed: https://therecord.media/feed.

• Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
• An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
• Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
• SSL.com rotates their root certificate today, (Tue, May 5th)

Site: defaultcreds.lol. Source feed: https://isc.sans.edu/rssfeed.xml.

• Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
• Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
• Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
• Ubuntu infrastructure has been down for more than a day

Site: defaultcreds.lol. Source feed: https://arstechnica.com/security/feed/.

• Metasploit Wrap-Up 05/08/2026
• Zero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As Code
• Rapid7 and OpenAI: Helping Defenders Move at Machine Speed
• Why Security in 2026 Requires Continuous Threat and Exposure Management (CTEM) at Scale

Site: defaultcreds.lol. Source feed: https://blog.rapid7.com/rss/.

• cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
• TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
• Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
• One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/TheHackersNews.

• JDownloader site hacked to replace installers with Python RAT malware
• Fake OpenAI repository on Hugging Face pushes infostealer malware
• NVIDIA confirms GeForce NOW data breach affecting Armenian users
• Why More Analysts Won’t Solve Your SOC’s Alert Problem

Site: defaultcreds.lol. Source feed: https://www.bleepingcomputer.com/feed/.

• In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
• Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
• AI Firm Braintrust Prompts API Key Rotation After Data Breach
• Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom

Site: defaultcreds.lol. Source feed: https://www.securityweek.com/feed/.

• Microsoft says Edge’s plaintext password behavior is “by design”
• ShinyHunters escalates Canvas attacks with school login defacements
• Massive AI investment scam network spans 15,500 domains
• If a fake moustache can fool age checks, is the Online Safety Act working?

Site: defaultcreds.lol. Source feed: https://www.malwarebytes.com/blog/feed/index.xml.

• One in eight UK workers has sold their company passwords, and bosses think it’s fine
• Inside Department 4: Russia’s secret school for hackers
• Sri Lanka makes 37 arrests as it raids another scam centre
• Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired

Site: defaultcreds.lol. Source feed: https://grahamcluley.com/feed/.

• Canvas Breach Disrupts Schools & Colleges Nationwide
• Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
• ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
• Patch Tuesday, April 2026 Edition

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/krebsonsecurity.

• Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia
• Insider Betting on Polymarket
• Smart Glasses for the Authorities
• Rowhammer Attack Against NVIDIA Chips

Site: defaultcreds.lol. Source feed: https://www.schneier.com/feed/atom/.

• ShinyHunters Claims Second Attack Against Instructure
• After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
• Has CISA Finally Found Its New Leader in Tom Parker?
• 'TrustFall' Convention Exposes Claude Code Execution Risk

Site: defaultcreds.lol. Source feed: https://www.darkreading.com/rss.xml.

• GM to pay over $12 million in California privacy settlement involving driver data
• Kingdom Market administrator given 16-year sentence
• Virginia man found guilty of deleting 96 government databases
• Multiple universities forced to reschedule final exams after Canvas cyber incident

Site: defaultcreds.lol. Source feed: https://therecord.media/feed.

• Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
• An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
• Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
• SSL.com rotates their root certificate today, (Tue, May 5th)

Site: defaultcreds.lol. Source feed: https://isc.sans.edu/rssfeed.xml.

• Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
• Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
• Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
• Ubuntu infrastructure has been down for more than a day

Site: defaultcreds.lol. Source feed: https://arstechnica.com/security/feed/.

• Metasploit Wrap-Up 05/08/2026
• Zero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As Code
• Rapid7 and OpenAI: Helping Defenders Move at Machine Speed
• Why Security in 2026 Requires Continuous Threat and Exposure Management (CTEM) at Scale

Site: defaultcreds.lol. Source feed: https://blog.rapid7.com/rss/.

• Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
• cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
• TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
• Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/TheHackersNews.

• JDownloader site hacked to replace installers with Python RAT malware
• Fake OpenAI repository on Hugging Face pushes infostealer malware
• NVIDIA confirms GeForce NOW data breach affecting Armenian users
• Why More Analysts Won’t Solve Your SOC’s Alert Problem

Site: defaultcreds.lol. Source feed: https://www.bleepingcomputer.com/feed/.

• In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
• Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
• AI Firm Braintrust Prompts API Key Rotation After Data Breach
• Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom

Site: defaultcreds.lol. Source feed: https://www.securityweek.com/feed/.

• Microsoft says Edge’s plaintext password behavior is “by design”
• ShinyHunters escalates Canvas attacks with school login defacements
• Massive AI investment scam network spans 15,500 domains
• If a fake moustache can fool age checks, is the Online Safety Act working?

Site: defaultcreds.lol. Source feed: https://www.malwarebytes.com/blog/feed/index.xml.

• One in eight UK workers has sold their company passwords, and bosses think it’s fine
• Inside Department 4: Russia’s secret school for hackers
• Sri Lanka makes 37 arrests as it raids another scam centre
• Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired

Site: defaultcreds.lol. Source feed: https://grahamcluley.com/feed/.

• Canvas Breach Disrupts Schools & Colleges Nationwide
• Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
• ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
• Patch Tuesday, April 2026 Edition

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/krebsonsecurity.

• Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia
• Insider Betting on Polymarket
• Smart Glasses for the Authorities
• Rowhammer Attack Against NVIDIA Chips

Site: defaultcreds.lol. Source feed: https://www.schneier.com/feed/atom/.

• ShinyHunters Claims Second Attack Against Instructure
• After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
• Has CISA Finally Found Its New Leader in Tom Parker?
• 'TrustFall' Convention Exposes Claude Code Execution Risk

Site: defaultcreds.lol. Source feed: https://www.darkreading.com/rss.xml.

• GM to pay over $12 million in California privacy settlement involving driver data
• Kingdom Market administrator given 16-year sentence
• Virginia man found guilty of deleting 96 government databases
• Multiple universities forced to reschedule final exams after Canvas cyber incident

Site: defaultcreds.lol. Source feed: https://therecord.media/feed.

• Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
• An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
• Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
• SSL.com rotates their root certificate today, (Tue, May 5th)

Site: defaultcreds.lol. Source feed: https://isc.sans.edu/rssfeed.xml.

• Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
• Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
• Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
• Ubuntu infrastructure has been down for more than a day

Site: defaultcreds.lol. Source feed: https://arstechnica.com/security/feed/.

• Metasploit Wrap-Up 05/08/2026
• Zero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As Code
• Rapid7 and OpenAI: Helping Defenders Move at Machine Speed
• Why Security in 2026 Requires Continuous Threat and Exposure Management (CTEM) at Scale

Site: defaultcreds.lol. Source feed: https://blog.rapid7.com/rss/.

• Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
• cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
• TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
• Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/TheHackersNews.

• Hackers abuse Google ads, Claude.ai chats to push Mac malware
• Police shut down reboot of Crimenetwork marketplace, arrest admin
• JDownloader site hacked to replace installers with Python RAT malware
• Fake OpenAI repository on Hugging Face pushes infostealer malware

Site: defaultcreds.lol. Source feed: https://www.bleepingcomputer.com/feed/.

• In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
• Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
• AI Firm Braintrust Prompts API Key Rotation After Data Breach
• Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom

Site: defaultcreds.lol. Source feed: https://www.securityweek.com/feed/.

• Microsoft says Edge’s plaintext password behavior is “by design”
• ShinyHunters escalates Canvas attacks with school login defacements
• Massive AI investment scam network spans 15,500 domains
• If a fake moustache can fool age checks, is the Online Safety Act working?

Site: defaultcreds.lol. Source feed: https://www.malwarebytes.com/blog/feed/index.xml.

• One in eight UK workers has sold their company passwords, and bosses think it’s fine
• Inside Department 4: Russia’s secret school for hackers
• Sri Lanka makes 37 arrests as it raids another scam centre
• Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired

Site: defaultcreds.lol. Source feed: https://grahamcluley.com/feed/.

• Canvas Breach Disrupts Schools & Colleges Nationwide
• Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
• ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
• Patch Tuesday, April 2026 Edition

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/krebsonsecurity.

• Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia
• Insider Betting on Polymarket
• Smart Glasses for the Authorities
• Rowhammer Attack Against NVIDIA Chips

Site: defaultcreds.lol. Source feed: https://www.schneier.com/feed/atom/.

• ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
• Your Purple Team Isn't Purple — It's Just Red and Blue in the Same Room
• Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
• Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/TheHackersNews.

• Why Changing Passwords Doesn’t End an Active Directory Breach
• Google: Hackers used AI to develop zero-day exploit for web admin tool
• Webinar this week: Prevention alone is not enough against modern attacks
• TrickMo Android banker adopts TON blockchain for covert comms

Site: defaultcreds.lol. Source feed: https://www.bleepingcomputer.com/feed/.

• Google Detects First AI-Generated Zero-Day Exploit
• Skoda Data Breach Hits Online Shop Customers
• Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring
• SailPoint Discloses GitHub Repository Hack

Site: defaultcreds.lol. Source feed: https://www.securityweek.com/feed/.

• Yarbo responds to robot flaws that could mow down their owners
• A week in security (May 4 – May 10)
• Microsoft says Edge’s plaintext password behavior is “by design”
• ShinyHunters escalates Canvas attacks with school login defacements

Site: defaultcreds.lol. Source feed: https://www.malwarebytes.com/blog/feed/index.xml.

• One in eight UK workers has sold their company passwords, and bosses think it’s fine
• Inside Department 4: Russia’s secret school for hackers
• Sri Lanka makes 37 arrests as it raids another scam centre
• Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired

Site: defaultcreds.lol. Source feed: https://grahamcluley.com/feed/.

• Canvas Breach Disrupts Schools & Colleges Nationwide
• Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
• ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
• Patch Tuesday, April 2026 Edition

Site: defaultcreds.lol. Source feed: https://feeds.feedburner.com/krebsonsecurity.

• LLMs and Text-in-Text Steganography
• Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia
• Insider Betting on Polymarket
• Smart Glasses for the Authorities

Site: defaultcreds.lol. Source feed: https://www.schneier.com/feed/atom/.

• Hackers Use AI for Exploit Development, Attack Automation
• Cyber Espionage Group Targets Aviation Firms to Steal Map Data
• ShinyHunters Claims Second Attack Against Instructure
• After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets

Site: defaultcreds.lol. Source feed: https://www.darkreading.com/rss.xml.

• Why we use CAPTCHAs, (Mon, May 11th)
• YARA-X 1.16.0 Release, (Sun, May 10th)
• Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
• An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)

Site: defaultcreds.lol. Source feed: https://isc.sans.edu/rssfeed.xml.

• Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
• Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
• Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
• Ubuntu infrastructure has been down for more than a day

Site: defaultcreds.lol. Source feed: https://arstechnica.com/security/feed/.

• Metasploit Wrap-Up 05/08/2026
• Zero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As Code
• Rapid7 and OpenAI: Helping Defenders Move at Machine Speed
• Why Security in 2026 Requires Continuous Threat and Exposure Management (CTEM) at Scale

Site: defaultcreds.lol. Source feed: https://blog.rapid7.com/rss/.

• Texas Parks and Wildlife vendor breach exposes 3 million driver's licenses and passports
• Operation Endgame disrupts SocGholish, cleans nearly 15,000 WordPress sites
• FortiBleed: tens of thousands of Fortinet credentials leaked, CISA urges hardening
• usbliter8: Unpatchable BootROM Exploit Hits Apple A12 and A13 Chips
• The Gentlemen RaaS ships affiliates a ready-made EDR killer suite built around GentleKiller

Site: defaultcreds.lol.