Latest Internet & Cybersecurity News
2026: The Year of AI-Assisted Attacks
AI has drastically lowered barriers for cyberattacks, enabling non-experts like teens to breach millions of records using tools like ChatGPT and Claude Code. Examples include a 17-year-old hacking 7M Kaikatsu Club users for Pokémon cards and teens DDoSing Rakuten Mobile.
Time-to-exploit for vulnerabilities dropped to 44 days in 2025, with 28.3% exploited within 24 hours of disclosure.
Copy Fail Linux Vulnerability Actively Exploited
CISA added CVE-2026-31431, a Linux privilege escalation flaw, to its Known Exploited Vulnerabilities catalog due to wild exploitation. The vulnerability impacts various Linux distributions, allowing attackers to gain elevated privileges.
Organizations are urged to patch immediately.
TeamPCP Expands Supply Chain Attacks on npm, PyPI, Packagist
Cybercriminal group TeamPCP conducted a 'Mini Shai Hulud' campaign, compromising multiple packages across npm, PyPI, and Packagist ecosystems. This follows prior hits on Trivy and KICS from Aqua Security and Checkmarx.
The attacks deliver malware through trusted open-source software.
Critical GitHub RCE Vulnerability Disclosed
Wiz researchers revealed CVE-2026-3854 (CVSS 8.7) in GitHub.com and Enterprise Server, enabling authenticated RCE via a single 'git push'. Attackers could execute arbitrary code on GitHub infrastructure.
GitHub has patched the issue.
Surge in Microsoft Teams Phishing Attacks
eSentire reports increased Teams phishing in 2026, with actors impersonating IT support after email bombing to gain remote device access. Victims are tricked into allowing control under false assistance pretexts.
Enhanced user training is recommended.
European Authorities Dismantle €50M Crypto Fraud Ring
Albanian and Austrian police busted a two-year cryptocurrency scam causing over €50 million in global losses, arresting 10 suspects. Seizures included 891,735 in cash, 443 computers, and hundreds of devices.
The ring targeted investors worldwide.
EU to Ban High-Risk Chinese Inverters Over Cyber Threats
The European Commission will phase out Chinese-made solar inverters from Huawei and Sungrow in EU-funded projects due to serious cybersecurity risks. Concerns involve potential blackouts from threats by China, Iran, North Korea, Russia; new rules start July 2026.
Transitional periods apply until full enforcement in 2027.
Global Cyberattack Epidemic Exposes Technical Solution Limits
UN expert highlights trillions in cybercrime costs, rising state-linked attacks on infrastructure, urging shift to cyber resilience. Past incidents like NotPetya ($10B damage) and WannaCry show global ripple effects.
Upcoming UN Global Mechanism to boost cooperation and capacity building.
NIST Promotes Small Business Cybersecurity for 2026
NIST launches Small Business Cybersecurity Corner and webinar on May 5, 2026, focusing on building teams from in-house to outsourcing. Public comments on cybersecurity framework close May 14.
Aims to strengthen business resilience.
FTC Webinar: Protecting Small Businesses from Online Scams
During National Small Business Week, FTC and NIST host May 5 webinar on managing cybersecurity risks via team strategies. Part of virtual summit May 5-6 covering scam protection.
Emphasizes risk reduction for small enterprises.
Mythos AI Model Ushers Preemptive Cybersecurity Era
Advanced AI like Anthropic's Mythos enables machine-speed threats, making traditional prevention insufficient. Experts advocate proactive defenses against AI-driven attacks.
Highlights need for new security paradigms.