Fake ChatGPT Download Used to Spread Infostealer Malware
Hackers have found a way to turn one of ChatGPT's own features against its users. A newly identified campaign is using ChatGPT's content-sharing tool to display convincing fake outage pages, pushing visitors toward a fake ChatGPT download that installs infostealer malware on their devices. The attack is especially dangerous because it never leaves a legitimate OpenAI domain. How the LLMShare
GPU Mining Malware Hides Inside Fake PC Tools
Hackers have found a new way to put your computer to work for them, and you might never notice it happening. Researchers have uncovered an active cryptojacking campaign that deploys GPU mining malware to hijack victims' graphics cards for cryptocurrency mining. What separates this campaign from similar attacks is the delivery method: poisoned search results and, for the first time,
Glassworm Botnet Taken Down in Coordinated Three-Way Strike
A developer-targeting botnet with one of the most resilient command-and-control architectures seen in recent memory has been dismantled. The Glassworm botnet, active since early 2025, was shut down on May 26, 2026 when CrowdStrike, Google, and the Shadowserver Foundation simultaneously cut off all four of its command-and-control channels in a precision operation. For organizations that build or consume software, the
Ajax Data Breach Leads to Dutch Police Arrest
Dutch police arrested a 35-year-old man from the municipality of Buren on the morning of May 27 in connection with the Ajax data breach. Investigators determined he had accessed the football club's computer systems without authorization on multiple occasions earlier this year. Officers searched his home and seized computers, hard drives, and other digital storage devices as part of the
Ghost CMS Flaw Hijacks 700+ Sites in ClickFix Attack
A security flaw in Ghost CMS is turning trusted websites into traps. Attackers are exploiting a critical SQL injection vulnerability to hijack hundreds of sites and launch a large-scale ClickFix attack against ordinary visitors — people who have no idea the pages they trust have been weaponized. The vulnerability, tracked as CVE-2026-26980, carries a CVSS score of 9.4. It affects
First VPN Seized by Police in Global Ransomware Crackdown
A criminal anonymization service called First VPN is now offline after an international law enforcement operation dismantled it on May 19 and 20, 2026. Ransomware gangs, fraudsters, and data thieves had used it for years to hide their activity. Codenamed Operation Saffron, the action took down 33 servers, seized three domains, and put the service's administrator in handcuffs in Ukraine.
Microsoft Shuts Down Fox Tempest Malware Operation
A cybercrime group called Fox Tempest turned Microsoft's own software infrastructure into a weapon. The group ran a malware-signing service that let ransomware gangs and other criminals make dangerous software look completely legitimate — and it worked for nearly a year before Microsoft shut it down. Microsoft's Digital Crimes Unit dismantled the operation in May 2026, seizing infrastructure, revoking over
Teen Ran Infostealer Malware That Stole 28,000 Accounts
An 18-year-old from Odesa, Ukraine, has been identified as a key operator behind an infostealer malware campaign that compromised tens of thousands of online shoppers in the United States. Ukrainian cyberpolice, working alongside U.S. law enforcement, linked the suspect to attacks that ran throughout 2024 and into 2025 — draining credentials, hijacking accounts, and generating hundreds of thousands of dollars
How an npm Supply Chain Attack Poisoned 600 Packages
Over 600 software packages got poisoned in a single hour in the latest wave of the Shai-Hulud npm supply chain attack — and this time, the malware can forge the security badges developers trust to verify safe code. The npm supply chain attack represents a sharp escalation from a campaign that first emerged last September and has steadily grown more
7-Eleven Confirms Data Breach Tied to ShinyHunters Gang
7-Eleven has confirmed a data breach affecting its internal systems, with the attack traced back to April 8, 2026. The 7-Eleven data breach exposed documents tied to the company's franchise application process, and the group behind it wasted no time making demands. ShinyHunters, one of the most active cybercrime groups operating today, claimed responsibility and threatened to publish stolen data
