no alarms and no surprises please..
-
Texas TPWD Vendor Breach Exposes 3 Million Customer Records
Texas TPWD Vendor Breach Exposes 3 Million Customer Records Texas Cyber Command has disclosed a massive third-party data breach affecting the Texas Parks and Wildlife Department (TPWD), exposing the personal records of exactly… Delivered by PolitePaul service Go to gbhackers.com
-
Vidar Infostealer Bypasses Google Chrome’s ABE Encryption via APC Injection
Vidar Infostealer Bypasses Google Chrome’s ABE Encryption via APC Injection A sophisticated evasion technique developed by Vidar infostealer operators successfully bypasses Google Chrome’s Application-Bound Encryption (ABE). Introduced in 2024, ABE was designed to protect… Delivered by PolitePaul service Go to gbhackers.com
-
Gentlemen RaaS Unifies HexKiller, ThrottleBlood, and HavocKiller in New Evasion Suite
Gentlemen RaaS Unifies HexKiller, ThrottleBlood, and HavocKiller in New Evasion Suite An analysis of the Gentlemen ransomware-as-a-service (RaaS) operation has revealed a sophisticated, centralized approach to neutralizing endpoint detection and response (EDR) solutions. This unified defense… Delivered by PolitePaul service Go to gbhackers.com
-
AutoJack Exploit Chain Hits Microsoft AutoGen Studio With Zero-Click RCE Attack
AutoJack Exploit Chain Hits Microsoft AutoGen Studio With Zero-Click RCE Attack A critical exploit chain dubbed AutoJack that allows a single malicious web page to hijack Microsoft’s AutoGen Studio browsing agent and silently execute arbitrary code on… Delivered by PolitePaul service Go to gbhackers.com
-
Critical Chrome Extension Vulnerabilities Let Attackers Easily Compromise Browsers
Critical Chrome Extension Vulnerabilities Let Attackers Easily Compromise Browsers A critical security flaws in widely used Chrome extensions, exposing millions of users to the risk of full browser compromise. The vulnerabilities, named “MaXSS”… Delivered by PolitePaul service Go to gbhackers.com
-
Klue OAuth breach victim list grows as Icarus hackers claim attack
Klue OAuth breach victim list grows as Icarus hackers claim attack Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers’ Salesforce environments, as the new “Icarus” extortion group publicly claims the attack. […] Lawrence Abrams Go to bleepingcomputer
-
Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin
Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. […] Bill Toulas Go to bleepingcomputer
-
Texas govt data breach exposes over 3 million driver’s licenses
Texas govt data breach exposes over 3 million driver’s licenses The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its license system vendor that exposed personal information for more than three million individuals. […] Bill Toulas Go to bleepingcomputer
-
Every AI Agent Is an Identity. Most Organizations Don’t Treat Them That Way
Every AI Agent Is an Identity. Most Organizations Don’t Treat Them That Way AI agents can access data, trigger workflows, deploy code, and interact with critical business systems, often with little oversight. Token Security breaks down why AI agents are becoming a new identity and governance challenge. […] Sponsored by Token Security Go to bleepingcomputer
-
Webinar: How attackers bypass MFA and how defenders can respond
Webinar: How attackers bypass MFA and how defenders can respond Modern phishing attacks, including Device Code phishing, can undermine MFA protections and grant attackers access to corporate accounts without stealing passwords. This webinar explores how behavioral AI can help security teams detect compromised accounts faster and automate response workflows. […] BleepingComputer Go to bleepingcomputer
-
AutoJack – A Single Web Page Can Hijack Your AI Agent to Execute Malicious Code
AutoJack – A Single Web Page Can Hijack Your AI Agent to Execute Malicious Code A critical exploit chain dubbed AutoJack that allows a single malicious web page to hijack Microsoft’s AutoGen Studio browsing agent and execute arbitrary code on the host machine without any user interaction beyond submitting a URL. AutoJack is a three-vulnerability…
-
CISA Adds LiteSpeed cPanel Plugin Vulnerability to KEV List Following Active Exploitation
CISA Adds LiteSpeed cPanel Plugin Vulnerability to KEV List Following Active Exploitation CISA has added a critical LiteSpeed cPanel Plugin vulnerability, tracked as CVE-2026-54420, to its Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation in the wild. The flaw affects shared hosting environments and poses a significant risk to servers running CloudLinux with…
-
Chrome Extensions’ Critical Flaws Let Attackers Easily Compromise Millions of Browsers
Chrome Extensions’ Critical Flaws Let Attackers Easily Compromise Millions of Browsers Critical security flaws discovered in widely used Chrome extensions SiderAI and MaxAI are putting millions of users at risk, enabling attackers to fully compromise browser sessions and potentially access sensitive data across websites and local systems. Security researchers at Rebora Security uncovered vulnerabilities dubbed…
-
Gcore Helps Ucom Safeguard Public Live Broadcast Infrastructure During Armenia’s Parliamentary Elections
Gcore Helps Ucom Safeguard Public Live Broadcast Infrastructure During Armenia’s Parliamentary Elections Luxembourg, Luxembourg, June 19th, 2026, CyberNewswire Gcore’s Network Layer DDoS Protection helped Ucom maintain service continuity and operational readiness for critical public-facing broadcast services Gcore, the global edge AI, cloud, network, and security solutions provider, supported Ucom, one of Armenia’s leading telecommunications providers,…
-
Critical WordPress Plugin Vulnerability Exposes 1 Million Sites to File Deletion Attacks
Critical WordPress Plugin Vulnerability Exposes 1 Million Sites to File Deletion Attacks A critical security vulnerability in the widely used Avada (Fusion) Builder WordPress plugin has exposed over 1 million websites to arbitrary file-deletion attacks, potentially leading to full-site compromise and remote code execution. The flaw, tracked as CVE-2026-8713 with a CVSS score of 9.1,…
-
Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips. That code is burned into the silicon at manufacture. No software update can reach it. Affected devices will carry this flaw…
-
The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes
The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affiliates for impairing system defenses before deploying the encryptor. This mature portfolio of EDR-terminating tools is centered around a framework…
-
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker’s web page, and that page’s JavaScript can reach a privileged local service on…
-
Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites
Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites. “With these actions we deprive cybercriminals of access to infected computer systems,” Maikel Rollman of the Netherlands…
-
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices. The sweeping campaign, believed to be the work of Russian-speaking threat actors, has been…
-
Friday Squid Blogging: Victims of Unregulated Squid Fishing
Friday Squid Blogging: Victims of Unregulated Squid Fishing Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. Bruce Schneier Go to bruce…
-
Anthropic’s Fable and the State of AI
Anthropic’s Fable and the State of AI On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from accessing it. Unable to differentiate between Americans and foreigners, the company shut off access for…
-
Imposter scams cost Americans $3.5 billion in 2025 – and it’s getting worse
Imposter scams cost Americans $3.5 billion in 2025 – and it’s getting worse Someone is pretending to be your bank, your government, or your local planning office. And according to the FTC, they’re making billions doing it. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Stressors, AI Forcing Changes to Cybersecurity Teams
Stressors, AI Forcing Changes to Cybersecurity Teams As threats proliferate and AI complicates cybersecurity, CISOs say the job is getting harder, but more companies still want cybersecurity expertise, if even on a part-time basis. Robert Lemos Go to gbhackers.com
-
UEFI DBX Update Guidance Targets Vulnerable Vendor-Signed Boot Applications
UEFI DBX Update Guidance Targets Vulnerable Vendor-Signed Boot Applications A recently disclosed vulnerability inc, which affects UEFI applications signed by multiple vendors, has prompted urgent recommendations to update the UEFI Forbidden Signature Database… Delivered by PolitePaul service Go to gbhackers.com
-
SmartApeSG Hackers Abuse Okendo Reviews Widget in E-Commerce Supply Chain Attack
SmartApeSG Hackers Abuse Okendo Reviews Widget in E-Commerce Supply Chain Attack A supply-chain style compromise in the Okendo Reviews widget that enabled the SmartApeSG threat actor to deliver staged JavaScript loaders across a wide e-commerce… Delivered by PolitePaul service Go to gbhackers.com
-
HazyBeacon Abuses AWS Lambda Function URLs for Stealthy Command-and-Control Operations
HazyBeacon Abuses AWS Lambda Function URLs for Stealthy Command-and-Control Operations HazyBeacon is a stealthy cloud-native malware campaign identified as CL-STA-1020. It is exploiting Amazon Web Services (AWS) Lambda Function URLs to create covert command-and-control… Delivered by PolitePaul service Go to gbhackers.com
-
CISA Issues Alert on Critical Splunk Enterprise Bug Under Active Exploitation
CISA Issues Alert on Critical Splunk Enterprise Bug Under Active Exploitation CISA has issued an urgent alert regarding a critical vulnerability in Splunk Enterprise, tracked as CVE-2026-20253, which is now listed in the Known Exploited… Delivered by PolitePaul service Go to gbhackers.com
-
Node.js Releases Security Updates for 12 Vulnerabilities, Two Rated High Severity
Node.js Releases Security Updates for 12 Vulnerabilities, Two Rated High Severity Node.js has announced critical security updates that address 12 vulnerabilities across its supported release lines. Among these, two high-severity flaws could lead to denial-of-service… Delivered by PolitePaul service Go to gbhackers.com
-
NY man charged after harassing college student with AI-generated nudes
NY man charged after harassing college student with AI-generated nudes A New York man faces cyberstalking charges after allegedly sharing AI-generated nude images and fabricated racist messages using fake social media profiles to harass a Georgia college student. […] Sergiu Gatlan Go to bleepingcomputer
-
CISA warns Fortinet users to secure devices after FortiBleed leak
CISA warns Fortinet users to secure devices after FortiBleed leak The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Fortinet customers to secure their devices after nearly 74,000 firewall and VPN credentials were exposed in a data leak dubbed “FortiBleed.” […] Sergiu Gatlan Go to bleepingcomputer
-
Gentlemen ransomware uses multiple EDR killers to disable defenses
Gentlemen ransomware uses multiple EDR killers to disable defenses The Gentlemen ransomware-as-a-service (RaaS) is actively developing and maintaining a suite of endpoint detection and response (EDR) killers to help affiliates evade detection in attacks. […] Bill Toulas Go to bleepingcomputer
-
Nintendo confirms data stolen in WebMD subsidiary cyberattack
Nintendo confirms data stolen in WebMD subsidiary cyberattack Nintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used internally, but its systems were not compromised. […] Bill Toulas Go to bleepingcomputer
-
USB worm spreads crypto-stealing malware via Windows shortcut files
USB worm spreads crypto-stealing malware via Windows shortcut files Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication. […] Bill Toulas Go to bleepingcomputer
-
China-Linked Showboat Malware Uses Linux Persistence to Target Telecom Companies
China-Linked Showboat Malware Uses Linux Persistence to Target Telecom Companies A sophisticated China-linked malware framework has been quietly targeting telecom companies across the Middle East for nearly four years. Showboat is a Linux-based tool that stayed completely hidden from antivirus systems until April 2026, raising serious concerns about the security of critical communications infrastructure worldwide.…
-
CISA Warns of Splunk Enterprise Critical Function Vulnerability Actively Exploited in Attacks
CISA Warns of Splunk Enterprise Critical Function Vulnerability Actively Exploited in Attacks CISA has issued a high-priority alert warning organizations about a critical vulnerability in Splunk Enterprise that is actively being exploited in the wild. The flaw, tracked as CVE-2026-20253, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling immediate risk to enterprise…
-
Node.js Fixes 12 Vulnerabilities, Including 2 High-Severity Authentication Bypasses
Node.js Fixes 12 Vulnerabilities, Including 2 High-Severity Authentication Bypasses Node.js has released a new round of security updates addressing 12 vulnerabilities across its supported release lines, including two high-severity flaws that could lead to authentication bypass and denial-of-service (DoS) attacks. The updates impact Node.js versions 22.x, 24.x, and 26.x, with patched releases now available as…
-
Hackers Use Weaponized Windows Shortcuts to Spread Crypto Clipper Across USB Drives
Hackers Use Weaponized Windows Shortcuts to Spread Crypto Clipper Across USB Drives A newly discovered cryptocurrency clipper malware has been quietly stealing digital assets from victims since February 2026, spreading through a trick that most users would never suspect: weaponized Windows shortcut files on USB drives. The malware is not just a simple thief. It…
-
AI-Powered Public Surveillance and Biometric Data Collection Expand Government Monitoring
AI-Powered Public Surveillance and Biometric Data Collection Expand Government Monitoring Governments are expanding their digital reach in ways unimaginable just a decade ago. A growing wave of AI-powered surveillance, biometric data collection, and commercial spyware is reshaping how states monitor citizens and visitors. The scale of this shift is drawing urgent attention from security professionals…
-
Killing me gently: Inside Gentlemen’s EDR killer framework
Killing me gently: Inside Gentlemen’s EDR killer framework ESET Research shares the results of a months-long investigation into the suite of EDR killers maintained by the RaaS gang Gentlemen Go to eset
-
Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone
Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting the Airoha…
-
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below – CVE-2026-42530 (CVSS v4 score: 9.2) – A use-after-free vulnerability in the…
-
Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network
Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network If an autonomous AI agent interacts with your company’s core intellectual property today, can your security team instantly name the person who authorized it? For most enterprises, the answer is a simple no. The rush to adopt internal AI tools has left a…
-
ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories
ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories The internet did not break this week. It got used exactly as designed, which is worse. Searches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks ran in memory and left almost nothing behind.…
-
Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2 Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026 with clipboard-intercepting malware with self-spreading capabilities and using the Tor anonymity network to hide communication. “The clipper in this campaign relies on Windows Script Host…
-
Embedding Forbidden Text in Spyware to Discourage AI Analysis
Embedding Forbidden Text in Spyware to Discourage AI Analysis At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it is inside…
-
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut,…
-
Novo Nordisk Breach Exposes Software Development Pipeline Risk
Novo Nordisk Breach Exposes Software Development Pipeline Risk A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem. Jai Vijayan Go to gbhackers.com
-
Operation Escaneo Signals Shift in LatAm Threat Landscape
Operation Escaneo Signals Shift in LatAm Threat Landscape The threat group’s curious business model may combine opportunistic monetization alongside intel collection, without much coordination between the two. Alexander Culafi Go to gbhackers.com
-
FIFA Bug Exposed World Cup Streams to Remote Takeover
FIFA Bug Exposed World Cup Streams to Remote Takeover A hacker could have “Rickrolled” the World Cup — or worse — thanks to FIFA’s unenforced Entra access controls. Nate Nelson Go to gbhackers.com
-
Salesforce Data Thefts Continue via Klue App Compromise
Salesforce Data Thefts Continue via Klue App Compromise Klue’s Battlecards is now the third integrated application that has been compromised to steal customers’ Salesforce data, and victims include Huntress, the cybersecurity vendor. Rob Wright Go to gbhackers.com
-
Get Out of Security Debt by Tackling the Exposure Problem
Get Out of Security Debt by Tackling the Exposure Problem Teams digging out of security debt need to answer only two simple questions: Which vulnerabilities in our systems are exposed, and how long should they stay that way? Chris Wysopal Go to gbhackers.com
-
Hackers Could Abuse SQL Server 2025 AI Features to Steal Sensitive Data
Hackers Could Abuse SQL Server 2025 AI Features to Steal Sensitive Data A new security analysis has revealed that Microsoft SQL Server 2025’s native AI capabilities can be repurposed by attackers to stealthily exfiltrate sensitive data… Delivered by PolitePaul service Go to gbhackers.com
-
Windows 11 June Patch Triggers Microsoft Office Startup Issues
Windows 11 June Patch Triggers Microsoft Office Startup Issues Microsoft’s June 2026 cumulative update for Windows 11 (KB5095051, OS Build 28000.2269) introduces an unexpected application compatibility issue that may disrupt enterprise workflows, as… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Exploit WordPress SMTP Plugin With 100,000+ Installs to Steal Sensitive Data
Hackers Exploit WordPress SMTP Plugin With 100,000+ Installs to Steal Sensitive Data Threat actors are actively exploiting a critical security flaw in the widely used Gravity SMTP WordPress plugin to extract sensitive configuration data, including API… Delivered by PolitePaul service Go to gbhackers.com
-
Splunk AI Toolkit Vulnerability Allows Arbitrary OS Command Execution
Splunk AI Toolkit Vulnerability Allows Arbitrary OS Command Execution Splunk has disclosed a critical security vulnerability in its AI Toolkit that could allow authenticated administrators to execute arbitrary operating system commands on affected… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Confirms RoguePlanet Zero-Day Exploit Targeting Defender
Microsoft Confirms RoguePlanet Zero-Day Exploit Targeting Defender Microsoft has confirmed a newly disclosed zero-day vulnerability, tracked as CVE-2026-50656, affecting Microsoft Defender, following the public release of a proof-of-concept (PoC) exploit dubbed… Delivered by PolitePaul service Go to gbhackers.com
-
Leak confirms OpenAI is testing a ChatGPT for Science subscription
Leak confirms OpenAI is testing a ChatGPT for Science subscription OpenAI appears to be testing a new subscription and experience for science use cases, but it’s unclear if it’ll be available to everyone regardless of their background. […] Mayank Parmar Go to bleepingcomputer
-
Google to use UK and EU user IP addresses for ad personalization
Google to use UK and EU user IP addresses for ad personalization From August 3, 2026, Google will use IP addresses from UK, EEA and Switzerland users for ad measurement and personalization. It lands as the ICO weighs new consent rules, and years after Google itself called using such signals to identify devices “wrong.” […]…
-
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. A newly discovered data leak dubbed “FortiBleed” has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. […] Lawrence Abrams Go to bleepingcomputer
-
Why Account Takeovers Are Rising and How to Stop Them
Why Account Takeovers Are Rising and How to Stop Them Account takeovers are rising as attackers bypass traditional defenses through phishing, session hijacking, and MFA fatigue. Specops Software explores how device trust and continuous verification help reduce account takeover risk. […] Sponsored by Specops Software Go to bleepingcomputer
-
India’s Telegram ban hit the UAE too. Here’s how to get around it
India’s Telegram ban hit the UAE too. Here’s how to get around it India has banned Telegram until June 22 after the app was used to circulate leaked exam papers. CEO Pavel Durov accuses telecom Reliance of BGP hijacking that disrupted the app as far away as the UAE. Here’s what happened, and how to…
-
Microsoft Confirms Defender RoguePlanet 0-Day Exploit and Working to Release Patch
Microsoft Confirms Defender RoguePlanet 0-Day Exploit and Working to Release Patch Microsoft has officially acknowledged a critical zero-day vulnerability in Microsoft Defender, publicly dubbed “RoguePlanet,” and confirmed it is actively developing a security patch to address the flaw. Tracked as CVE-2026-50656, the vulnerability was formally published on June 16, 2026, by the Microsoft Security Response…
-
Google Cloud Vertex AI Allows Attacker to Hijack Victim’s Model and Poison it
Google Cloud Vertex AI Allows Attacker to Hijack Victim’s Model and Poison it A newly disclosed vulnerability in Google Cloud Vertex AI could have allowed attackers to hijack machine learning model uploads and execute malicious code in victim environments, according to research shared with Google under responsible disclosure. The issue affects the Vertex AI Python…
-
GitBait Phishing Campaign Abuses GitHub Pages to Attack Financial Institutions
GitBait Phishing Campaign Abuses GitHub Pages to Attack Financial Institutions A sophisticated phishing campaign called “GitBait” has been caught targeting Mexico’s financial sector with a level of precision rarely seen in credential-theft operations. The campaign abuses GitHub Pages, a widely trusted free hosting service, to deliver fake banking portals that look nearly identical to the…
-
Hackers Abuse Cloud Logging Services to Evade Detection and Defender’s Visibility
Hackers Abuse Cloud Logging Services to Evade Detection and Defender’s Visibility Threat actors are increasingly targeting cloud logging services to evade detection and maintain persistent visibility into compromised environments, according to recent research by Palo Alto Networks Unit 42. These services, designed as a critical security layer, are now being weaponized to create blind spots…
-
SpyCloud Report Finds Phishing Attacks Surge as Employee Data Is Exposed at 86% of Fortune 100 Companies
SpyCloud Report Finds Phishing Attacks Surge as Employee Data Is Exposed at 86% of Fortune 100 Companies Austin, TX, USA, June 17th, 2026, CyberNewswire New SpyCloud research highlights the expansion of phishing attacks as AI and phishing-as-a-service fuel enterprise targeting. SpyCloud, the leader in identity threat protection, today released its 2026 Phishing Pulse Report, revealing…
-
Protecting legacy OT systems against modern cyberthreats
Protecting legacy OT systems against modern cyberthreats Many manufacturing plants depend on OT systems that stay in service for many years. That long run can hide significant cybersecurity risks. Go to eset
-
EU Gets a Head Start in Developing 6G Network Security
EU Gets a Head Start in Developing 6G Network Security “Shield-6G” will combine AI threat detection, digital twins, honeypots, and more, to help carriers protect 6G networks against the threats of tomorrow. Nate Nelson Go to gbhackers.com
-
Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments
Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phishing page…
-
Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development Microsoft has formally disclosed that it’s working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a privilege escalation flaw. “Microsoft is aware…
-
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim’s…
-
Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization
Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization For security teams, the findings never stop, but confidence in knowing which ones matter is becoming harder to maintain. The problem is no longer visibility. It’s validation. Security teams must decide which findings warrant action while operating under constant pressure and incomplete information. Increasingly, the challenge…
-
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats Cybersecurity researchers have flagged a “coordinated malware campaign” on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys. “Every plugin poses as an AI coding assistant built on DeepSeek and other…
-
AI in the underground: Curiosity, claims, and concerns
AI in the underground: Curiosity, claims, and concerns Amid discussions about how artificial intelligence can facilitate cybercrime, some threat actors remain skeptical Categories: Threat Research Tags: AI, Dark Web, underground Go to sophos
-
AI Use by the US Government
AI Use by the US Government On 14 April, the Trump administration quietly acknowledged the widespread use of AI to automate government processes. The office of management and budget (OMB) disclosed a staggering 3,611 active or planned use cases for AI across the federal government. The list has ballooned by 70% from the one published…
-
ISC Stormcast For Thursday, June 18th, 2026 https://isc.sans.edu/podcastdetail/9978, (Thu, Jun 18th)
ISC Stormcast For Thursday, June 18th, 2026 https://isc.sans.edu/podcastdetail/9978, (Thu, Jun 18th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th)
The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th) [This is a Guest Diary by Adam Nason, an ISC intern as part of the SANS.edu BACS program] Brute force SSH attacks are an ever-present threat on the internet today. We examine probing behavior over the last…
-
The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary], (Wed, Jun 17th)
The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary], (Wed, Jun 17th) [This is a guest diary submitted by Varun Murdula] SUMMARY CASB block policies rely on inspecting TCP traffic. QUIC, the protocol powering HTTP/3, runs over UDP, a protocol most CASBs cannot inspect. The…
-
ISC Stormcast For Wednesday, June 17th, 2026 https://isc.sans.edu/podcastdetail/9976, (Wed, Jun 17th)
ISC Stormcast For Wednesday, June 17th, 2026 https://isc.sans.edu/podcastdetail/9976, (Wed, Jun 17th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
From a VHDX File to a Remcos RAT, (Tue, Jun 16th)
From a VHDX File to a Remcos RAT, (Tue, Jun 16th) Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094[1]). Once unzipped, it contains a VHDX file that discloses a malicious JavaScript after being mounted (which is automatic on modern Windows OSs): Two different techniques to hide the payload help to bypass most first-line…
-
Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed
Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed What if your AI coding assistant could be tricked into stealing your own company’s secrets – by reading a single booby-trapped bug report? No phishing email. No malware. No password ever stolen. Just an AI doing exactly what it was told. Meanwhile, someone themselves…
-
INC Ransomware Thrives by Mastering the Basics
INC Ransomware Thrives by Mastering the Basics And one of those basics is focusing on sectors where a ransomware disruption creates immediate pressure to pay up, like with healthcare. Alexander Culafi Go to gbhackers.com
-
Sweeping Credential-Harvesting Heist Compromises +30K Fortinet Devices
Sweeping Credential-Harvesting Heist Compromises +30K Fortinet Devices Attackers actively are targeting various sectors across nearly 200 countries and have already compiled a list of working credentials for tens of thousands of compromised devices Elizabeth Montalbano Go to gbhackers.com
-
Attackers Exploit Cloud Logging Platforms to Hide Malicious Activity
Attackers Exploit Cloud Logging Platforms to Hide Malicious Activity Attackers are increasingly targeting cloud logging platforms to evade detection and maintain persistent visibility into compromised environments. The report highlights how critical services such as… Delivered by PolitePaul service Go to gbhackers.com
-
SprySOCKS Windows Backdoor Uses Kernel Driver to Hide Processes, Files, and Network Traffic
SprySOCKS Windows Backdoor Uses Kernel Driver to Hide Processes, Files, and Network Traffic Windows variants of SprySOCKS, a backdoor long associated with FishMonger (aka Earth Lusca/TAG-22), expanding a toolset that was until now Linux-only. The two Windows… Delivered by PolitePaul service Go to gbhackers.com
-
7-Year-Old OpenBSD Security Flaw Exposes Systems to Full PAP Authentication Bypass
7-Year-Old OpenBSD Security Flaw Exposes Systems to Full PAP Authentication Bypass A significant authentication flaw has been discovered in the PPP stack of OpenBSD, allowing attackers to bypass the Password Authentication Protocol (PAP) validation and… Delivered by PolitePaul service Go to gbhackers.com
-
Steam Workshop Malware Campaign Uses Wallpaper Engine to Steal Accounts and Infect Gamers
Steam Workshop Malware Campaign Uses Wallpaper Engine to Steal Accounts and Infect Gamers A sophisticated malware campaign has been abusing Steam Workshop’s sharing model to distribute backdoors, infostealers and crypto miners hidden inside Wallpaper Engine packages, primarily… Delivered by PolitePaul service Go to gbhackers.com
-
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft working on Defender patch for RoguePlanet zero-day
Microsoft working on Defender patch for RoguePlanet zero-day Microsoft confirmed that it’s working on a security patch for a Defender zero-day vulnerability named “RoguePlanet,” disclosed one week ago. […] Sergiu Gatlan Go to bleepingcomputer
-
Kodak confirms data breach claimed by ShinyHunters extortion gang
Kodak confirms data breach claimed by ShinyHunters extortion gang Kodak has confirmed that it’s working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company’s data. […] Sergiu Gatlan Go to bleepingcomputer
-
Malicious JetBrains Marketplace plugins steal AI API keys from developers
Malicious JetBrains Marketplace plugins steal AI API keys from developers At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. […] Lawrence Abrams Go to bleepingcomputer
-
New Rokarolla Android malware targets 217 banking, crypto apps
New Rokarolla Android malware targets 217 banking, crypto apps A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands. […] Bill Toulas Go to bleepingcomputer
-
Steam Workshop abused to spread malware via Wallpaper Engine app
Steam Workshop abused to spread malware via Wallpaper Engine app Threat actors are abusing Steam Workshop, Valve’s community hub for downloading game-related content, to push various malware hidden in wallpaper packages. […] Bill Toulas Go to bleepingcomputer
-
AIRecon: AI-Powered Penetration Testing Tool with Kali Linux Sandbox
AIRecon: AI-Powered Penetration Testing Tool with Kali Linux Sandbox AIRecon is an autonomous penetration testing agent that runs entirely offline, combining a self-hosted Ollama LLM with a Kali Linux Docker sandbox to automate end-to-end security assessments without exposing any data to the cloud. Developed by researcher pikpikcu, it eliminates the prohibitive cost of commercial API-based…
-
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection A critical security vulnerability has been disclosed in LiteLLM, an increasingly popular proxy used for managing large language model (LLM) APIs. The flaw, tracked as CVE-2026-49468, allows attackers to bypass authentication mechanisms under specific conditions by exploiting improper handling of the Host header. The issue…
-
Critical Chrome Vulnerabilities Allow Attackers to Execute Arbitrary Code – Update Now!
Critical Chrome Vulnerabilities Allow Attackers to Execute Arbitrary Code – Update Now! Google has released a critical security update for its Chrome browser, addressing multiple high-severity vulnerabilities that could allow attackers to execute arbitrary code on affected systems. Users are strongly advised to update immediately as several flaws impact core browser components. The latest Chrome…
-
Hackers Use Rokarolla Android Malware to Disable Google Play Protect and Control Devices
Hackers Use Rokarolla Android Malware to Disable Google Play Protect and Control Devices A newly discovered Android banking trojan called Rokarolla is making waves in the cybersecurity world, and it is more dangerous than most threats we have seen lately. This malware is built to take full control of an infected device while staying completely…
-
Deno-Based RAT Uses Microsoft Teams Impersonation and Mailbombing to Target Employees
Deno-Based RAT Uses Microsoft Teams Impersonation and Mailbombing to Target Employees A new strain of malware has emerged that combines two well-known social engineering tactics into one effective attack chain. Researchers have uncovered a Remote Access Trojan built on Deno, an unconventional JavaScript runtime, being deployed against employees through email flooding and fake Microsoft Teams…