RC RANDOM CHAOS

The Wire

Curated cybersecurity and tech news — AI-summarized, source attributed.

cybersecurityvulnerability

CISA: 13-Year-Old ActiveMQ Flaw Found by Claude AI Now Under Active Exploit

CISA added CVE-2026-34197, a high-severity Apache ActiveMQ vulnerability, to its Known Exploited Vulnerabilities catalog this week, giving federal agencies unti

via BleepingComputer ·
cybersecurityvulnerability

CISA Flags Apache ActiveMQ Flaw CVE-2026-34197 as Actively Exploited

CISA has added CVE-2026-34197, a vulnerability in Apache ActiveMQ, to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the wi

via The Hacker News ·
privacypolicy

Friday Squid Blogging: Giant Squid Filmed Eating Another Squid

Schneier's weekly squid post highlights a Japanese video capturing a giant squid consuming another squid, serving as the recurring open thread for security topi

via Schneier on Security ·
privacycybersecurity

Google Blocks 8.3B Bad Ads in 2025, Ships Android 17 Privacy Overhaul

Google says it stopped 8.3 billion ads from running in 2025 for breaching its policies, a scale that underscores how much of the ad ecosystem is adversarial rat

via The Hacker News ·
cybersecuritymalware

Kaseya-BleepingComputer webinar pitches integrated security-plus-recovery model for MSPs

BleepingComputer is hosting a sponsored webinar with Kaseya on May 14, 2026, framed around a single argument: MSPs can no longer treat prevention and recovery a

via BleepingComputer ·
vulnerabilitycybersecurity

NIST Throttles CVE Enrichment as Vulnerability Submissions Surge 263%

NIST is scaling back the depth of analysis it applies to incoming CVE records, citing a 263% jump in vulnerability submissions that has overwhelmed the National

via The Hacker News ·
cybersecurityvulnerability

NIST's NVD Retreat Leaves Defenders Scrambling for CVE Enrichment Alternatives

NIST has scaled back its handling of the National Vulnerability Database, creating a widening enrichment gap that security teams previously relied on for CVSS s

via Dark Reading ·
aicybersecurity

Old Vulnerabilities Get a Second Life as AI Attack Surface Expands

Legacy weaknesses - injection flaws, broken access controls, insecure deserialization, exposed secrets - are resurfacing inside AI systems. The same classes of

via Dark Reading ·
cybersecuritypolicy

Operation PowerOFF Seizes 53 DDoS-for-Hire Domains, Exposes 3M Accounts

International law enforcement coordinated under Operation PowerOFF has seized 53 domains tied to DDoS-for-hire services, commonly known as booters or stressers.

via The Hacker News ·
cybersecuritymalware

Payouts King ransomware hides payloads inside QEMU VMs to evade endpoint scans

Sophos has documented two active campaigns abusing the open-source QEMU emulator to run hidden Alpine Linux virtual machines on compromised Windows hosts, placi

via BleepingComputer ·
cybersecuritypolicy

Sanctioned Grinex exchange loses $13.7M, pins breach on 'Western intelligence'

Grinex, a Kyrgyzstan-based crypto exchange widely regarded as a rebrand of the seized Russian platform Garantex, halted operations after attackers drained $13.7

via BleepingComputer ·
cybersecurityvulnerability

Three Defender Zero-Days Under Active Exploitation, Two Remain Unpatched

Three zero-day vulnerabilities in Microsoft Defender are being actively exploited in the wild, with only one of the flaws currently addressed by a patch. The re

via The Hacker News ·