no alarms and no surprises please..
-
Critical UniFi OS Auth Bypass Flaws Lead to Unauthenticated Root RCE
Critical UniFi OS Auth Bypass Flaws Lead to Unauthenticated Root RCE Ubiquiti has addressed three critical vulnerabilities within the UniFi OS Server that attackers can chain together to achieve unauthenticated remote code execution (RCE) with… Delivered by PolitePaul service Go to gbhackers.com
-
CISA Alerts on Actively Exploited SolarWinds Serv-U Denial-of-Service Flaw
CISA Alerts on Actively Exploited SolarWinds Serv-U Denial-of-Service Flaw The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability in SolarWinds Serv-U to its Known Exploited Vulnerabilities (KEV) catalog…. Delivered by PolitePaul service Go to gbhackers.com
-
Malspam Campaign Abuses DoubleClick to Deploy Stealthy .NET Loader
Malspam Campaign Abuses DoubleClick to Deploy Stealthy .NET Loader A sophisticated new malspam campaign is actively exploiting Google’s DoubleClick ad-tracking infrastructure to bypass enterprise email security gateways. Discovered by researchers at Huntress, the… Delivered by PolitePaul service Go to gbhackers.com
-
UNC3753 Targets US Law Firms with Vishing, RMM Tools, and Physical Break-Ins
UNC3753 Targets US Law Firms with Vishing, RMM Tools, and Physical Break-Ins Threat cluster UNC3753, widely tracked as Silent Ransom Group or Luna Moth, is actively targeting professional, legal, and financial services in the United States…. Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Weaponize Trusted Tools to Deploy Notorious Malware
Hackers Weaponize Trusted Tools to Deploy Notorious Malware Attackers are leaning harder on legitimate, preinstalled, or widely used system tools to deliver and operate notorious malware families, creating a stealthy, high-velocity threat… Delivered by PolitePaul service Go to gbhackers.com
-
Suspicious Polyfill login prompts pop up on Toshiba, Muji websites
Suspicious Polyfill login prompts pop up on Toshiba, Muji websites Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could collect credentials. […] Bill Toulas Go to bleepingcomputer
-
CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. […] Sergiu Gatlan Go to bleepingcomputer
-
Chinese APT deploys new malware to keep access to hacked networks
Chinese APT deploys new malware to keep access to hacked networks A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. […] Bill Toulas Go to bleepingcomputer
-
Dark web Nemesis Market vendor gets 26 years for selling drugs
Dark web Nemesis Market vendor gets 26 years for selling drugs A California man was sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine through Nemesis Market, one of the world’s largest dark web marketplaces. […] Sergiu Gatlan Go to bleepingcomputer
-
Over 900 US gas station tank gauge systems exposed to attacks
Over 900 US gas station tank gauge systems exposed to attacks Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure sectors, have been found exposed online and are vulnerable to ongoing attacks. […] Sergiu Gatlan Go to bleepingcomputer
-
CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks
CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in the wild. Tracked as CVE-2026-28318, the vulnerability affects SolarWinds Serv-U file transfer software and…
-
Top 5 Best Tools for Simulated DDoS Attacks in 2026
Top 5 Best Tools for Simulated DDoS Attacks in 2026 Last year, a botnet hurled 31.4 Tbps of junk traffic at a single target—enough data to stream every Netflix movie at once. The record-shattering flood forced boards, regulators, and cloud teams to ask one question: are we sure our defenses work when the internet turns…
-
Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks
Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks A newly disclosed critical vulnerability in the HuggingFace Transformers library, tracked as CVE-2026-4372, allows attackers to achieve remote code execution (RCE) through malicious model configuration files. The flaw exposes a significant supply chain risk in one of the most widely used machine learning frameworks, impacting…
-
OWASP CVE Lite CLI – New Tool to Scan for Vulnerabilities in Your Projects
OWASP CVE Lite CLI – New Tool to Scan for Vulnerabilities in Your Projects CVE Lite CLI is a free, open-source vulnerability scanner officially recognized as an OWASP Incubator Project, designed to bring dependency security directly into developers’ terminals rather than leaving it buried in CI pipelines. Maintained by Sonu Kapoor and backed by the…
-
Anthropic’s Claude Services Down — claude.ai, Claude Code, and Cowork Affected [Updated]
Anthropic’s Claude Services Down — claude.ai, Claude Code, and Cowork Affected [Updated] Anthropic’s Claude platform suffered a significant service disruption on June 5, 2026, with elevated error rates impacting multiple frontier AI models and key services, including claude.ai, Claude API, Claude Code, and Claude Cowork, raising concerns not just about infrastructure resilience but also about…
-
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types – On-Prem Deployment…
-
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer “scrapes every…
-
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making…
-
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 (where “OP” stands for “opponent”) that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework. ReliaQuest has assessed with moderate to high confidence that…
-
Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver
Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver Eighteen months ago, the AI SOC was a marketing line. Today it’s a budget item. The category has crossed over from interesting to inevitable, with billions of dollars now flowing into AI-powered security operations platforms, agentic…
-
AI Worm
AI Worm Researchers have prototyped an AI-powered internet worm. The coolest thing about the prototype is that it carries its own LLM with it, and runs it on computers that have been broken into. This is the closest to John Brunner’s original 1975 conception of a computer worm that I’ve seen. Bruce Schneier Go to…
-
Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5
Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5 If you’ve ever received an out-of-the-blue message via LinkedIn from a recruiter offering some well-paid consultancy work, intelligence agencies have a message for you: be very careful. Read more in my article on the Hot for Security blog. Graham…
-
Exposed Fuel Tank Gauges Under Attack in the US
Exposed Fuel Tank Gauges Under Attack in the US Threat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption. Nate Nelson Go to gbhackers.com
-
Adaptive, Agentic AI Worms Loom as Next Enterprise Threat
Adaptive, Agentic AI Worms Loom as Next Enterprise Threat AI worms, or “viruses with wings and brains,” adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say. Robert Lemos Go to gbhackers.com
-
Trump AI Order Seeks Voluntary Frontier Model Testing
Trump AI Order Seeks Voluntary Frontier Model Testing The White House’s executive order establishes voluntary framework for early government access to frontier models while investing in federal security. Alexander Culafi Go to gbhackers.com
-
Hugging Face Transformers Security Flaw Allows Remote Code Execution
Hugging Face Transformers Security Flaw Allows Remote Code Execution A critical security flaw in Hugging Face Transformers, tracked as CVE-2026-4372, has exposed millions of machine learning workflows to silent remote code execution (RCE)… Delivered by PolitePaul service Go to gbhackers.com
-
New Gafgyt Variant Targets Linux Systems With Modular Spread Tactics
New Gafgyt Variant Targets Linux Systems With Modular Spread Tactics A new Gafgyt-family botnet, tracked as C0XMO, marks a notable technical shift in IoT malware design: the separation of scanning and propagation into distinct… Delivered by PolitePaul service Go to gbhackers.com
-
Malicious Browser Add-Ons Target Major AI Chatbot Users
Malicious Browser Add-Ons Target Major AI Chatbot Users Malicious browser add-ons are actively harvesting conversations and personal data from users of major AI platforms including ChatGPT, Claude, Copilot, Gemini, and DeepSeek. The threat… Delivered by PolitePaul service Go to gbhackers.com
-
New SHub Stealer Variant Targets Major Browsers and Crypto Wallets
New SHub Stealer Variant Targets Major Browsers and Crypto Wallets Threat actors have resurfaced with an upgraded SHub stealer for macOS, now branded “Reaper,” and they’re using a stealthy distribution trick that should worry… Delivered by PolitePaul service Go to gbhackers.com
-
AI-Powered Worm Leverages Stolen Compute to Target Linux, Windows, and IoT Devices
AI-Powered Worm Leverages Stolen Compute to Target Linux, Windows, and IoT Devices AI-powered malware is moving from theory to reality, with new proof-of-concept worms showing how large language models (LLMs) can autonomously compromise mixed networks of… Delivered by PolitePaul service Go to gbhackers.com
-
Cisco warns of unpatched SD-WAN zero-day exploited in attacks
Cisco warns of unpatched SD-WAN zero-day exploited in attacks On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. […] Sergiu Gatlan Go to bleepingcomputer
-
Brave Software releases Origin for a paid, bloat-free browsing experience
Brave Software releases Origin for a paid, bloat-free browsing experience Brave has announced the public release of Brave Origin, a paid minimalist version of its browser that strips out cryptocurrency, AI, rewards, and other monetization-focused features. […] Lawrence Abrams Go to bleepingcomputer
-
Hola Browser for Windows compromised to deliver cryptominer
Hola Browser for Windows compromised to deliver cryptominer The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. […] Bill Toulas Go to bleepingcomputer
-
Credit card theft campaign abuses Stripe to host stolen payment info
Credit card theft campaign abuses Stripe to host stolen payment info A new Magecart campaign is using Stripe’s API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. […] Bill Toulas Go to bleepingcomputer
-
DentaQuest data breach exposed info of 2.6 million accounts
DentaQuest data breach exposed info of 2.6 million accounts A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts. […] Bill Toulas Go to bleepingcomputer
-
VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore
VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore A new ransomware strain called VECT 2.0 is raising serious concerns among security professionals, and for a troubling reason — even if a victim pays the ransom, the attacker’s own decryptor may not fully restore their files. This is not a typical failure…
-
Cisco SD-WAN Vulnerability Exploited in the Wild to Execute Arbitrary Commands as Root User
Cisco SD-WAN Vulnerability Exploited in the Wild to Execute Arbitrary Commands as Root User Cisco has disclosed a high-severity vulnerability in its Catalyst SD-WAN Manager that is actively being exploited in the wild, allowing attackers to execute arbitrary commands with root privileges. The issue, tracked as CVE-2026-20245, carries a CVSS score of 7.8 and stems…
-
Let’s Encrypt Unveils Merkle Tree Certificates to Secure the Web Against Quantum Threats
Let’s Encrypt Unveils Merkle Tree Certificates to Secure the Web Against Quantum Threats Let’s Encrypt has announced its roadmap for post-quantum Web PKI, centering on a novel approach called Merkle Tree Certificates (MTCs), a design that delivers quantum-resistant authentication without bloating TLS handshakes or breaking the web’s performance expectations. Traditional X.509 certificate chains require significant…
-
Microsoft Edge Vulnerability Allows Remote Attackers to Execute Arbitrary Code
Microsoft Edge Vulnerability Allows Remote Attackers to Execute Arbitrary Code Microsoft has released a security update addressing a critical vulnerability in Microsoft Edge that could allow remote attackers to execute arbitrary code on vulnerable systems. Tracked as CVE-2026-45495 and reported by Orange Tsai of DEVCORE, the flaw carries a CVSS v3 score of 7.5 and…
-
Dashlane Details How Hackers Managed to Download Encrypted Password Vaults
Dashlane Details How Hackers Managed to Download Encrypted Password Vaults Dashlane has disclosed that threat actors successfully brute-forced two-factor authentication (2FA) protections to register unauthorized devices and download encrypted password vaults belonging to fewer than 20 personal plan users, with a completed investigation confirming no broader impact on its internal systems. Beginning Sunday, May 31,…
-
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. “Compromised business servers across the U.S., Europe, and Asia were quietly converted…
-
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco’s PSIRT says it…
-
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories A security researcher found a flaw in Anthropic’s Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic’s own action repo used the same workflow, a working attack…
-
Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It
Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic’s Claude Mythos model was made available to a limited set of organizations as a technical preview,…
-
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and…
-
You do surprise me.exe: An unexpected executable in Hola Browser
You do surprise me.exe: An unexpected executable in Hola Browser <p>Following a certification test, Sophos X-Ops found an unexpected guest had hitched a ride</p> Categories: Threat Research Tags: Crypto mining, Supply chain Go to sophos
-
ISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960, (Fri, Jun 5th)
ISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960, (Fri, Jun 5th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Microsoft’s Coreutils for Windows, (Thu, Jun 4th)
Microsoft’s Coreutils for Windows, (Thu, Jun 4th) I’ve been using the GnuWin32 CoreUtils for Windows for many years now (it gives you many *nix core commands on Windows). Microsoft has just released their coreutils version for Windows. You can install them with a winget command (winget install Microsoft.Coreutils) or with the installer released on GitHub. It…
-
Rust-Written IronWorm Hits NPM Supply Chain
Rust-Written IronWorm Hits NPM Supply Chain Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel. Jai Vijayan Go to gbhackers.com
-
China’s TA4922 Expands Cybercrime Attacks Globally
China’s TA4922 Expands Cybercrime Attacks Globally One of the world’s most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia. Nate Nelson Go to gbhackers.com
-
4 Critical Threats Where Attackers Have the Advantage
4 Critical Threats Where Attackers Have the Advantage Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections. Rob Wright Go to gbhackers.com
-
Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs
Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs Organizations are growing serious about what nation’s rules apply to their data. Experts point to geopolitical tensions as a main contributing factor. Arielle Waldman Go to gbhackers.com
-
IronWorm npm Attack Steals Developer Secrets
IronWorm npm Attack Steals Developer Secrets A newly uncovered supply chain attack dubbed “IronWorm” is leveraging malicious npm packages to compromise developer environments, steal sensitive credentials, and propagate itself across… Delivered by PolitePaul service Go to gbhackers.com
-
Stock Exchange Executive’s Outlook Targeted in Credential Theft Attack
Stock Exchange Executive’s Outlook Targeted in Credential Theft Attack A prolonged and highly targeted espionage campaign has been uncovered involving the compromise of a senior executive’s Microsoft Outlook account at a major global… Delivered by PolitePaul service Go to gbhackers.com
-
PoC Exploit Released for Cisco Unified Communications Manager Security Vulnerability
PoC Exploit Released for Cisco Unified Communications Manager Security Vulnerability A proof-of-concept (PoC) exploit has been released for a critical server-side request forgery (SSRF) vulnerability impacting Cisco Unified Communications Manager (Unified CM) and Unified… Delivered by PolitePaul service Go to gbhackers.com
-
Proofpoint: TA4922 Deploys New RAT and Loader Arsenal
Proofpoint: TA4922 Deploys New RAT and Loader Arsenal A rapidly evolving threat cluster tracked as TA4922, a Chinese-speaking cybercriminal actor deploying a diverse and expanding malware arsenal that now includes Atlas RAT,… Delivered by PolitePaul service Go to gbhackers.com
-
Phishing Attacks Pivot to Infostealer Malware Over Fake Login Pages
Phishing Attacks Pivot to Infostealer Malware Over Fake Login Pages Cybercriminal tactics are evolving as phishing campaigns increasingly shift away from fake login pages toward infostealer malware designed to quietly harvest sensitive data from… Delivered by PolitePaul service Go to gbhackers.com
-
Chinese hackers use new Atlas RAT malware in European cyberattacks
Chinese hackers use new Atlas RAT malware in European cyberattacks A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. […] Bill Toulas Go to bleepingcomputer
-
U.S. sanctions Nobitex crypto exchange used by Iranian ransomware actors
U.S. sanctions Nobitex crypto exchange used by Iranian ransomware actors The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran’s largest cryptocurrency exchange, for facilitating payments related to terrorist activities. […] Bill Toulas Go to bleepingcomputer
-
CISA warns of cyberattacks targeting fuel tank monitoring systems
CISA warns of cyberattacks targeting fuel tank monitoring systems CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors. […] Lawrence Abrams Go to bleepingcomputer
-
New ‘HTTP/2 Bomb’ DoS attack crashes web servers in under a minute
New ‘HTTP/2 Bomb’ DoS attack crashes web servers in under a minute A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. […] Bill Toulas Go to bleepingcomputer
-
CISA warns of active attacks exploiting Android, Linux bugs
CISA warns of active attacks exploiting Android, Linux bugs The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. […] Bill Toulas Go to bleepingcomputer
-
Acer Working to Patch Wave 7 Router 0-day Vulnerability
Acer Working to Patch Wave 7 Router 0-day Vulnerability Acer is preparing a firmware update to address a critical zero-day vulnerability affecting its Wave 7 routers, following disclosure by independent security researcher Gergo Pap. The issue affects devices running firmware versions earlier than and poses a significant risk due to unauthenticated remote exploitation. According to…
-
Fake Claude Code Installer Via Google Sites Deliver Credential-Stealing Malware
Fake Claude Code Installer Via Google Sites Deliver Credential-Stealing Malware Cybercriminals have found a new and clever way to exploit the growing popularity of AI developer tools. A recently identified campaign uses fake pages mimicking Claude Code and OpenAI Codex, hosted on trusted Google Sites infrastructure, to trick users into running commands that quietly steal…
-
Bots Surpass Humans in Global Web Traffic for the First Time in Internet History
Bots Surpass Humans in Global Web Traffic for the First Time in Internet History For the first time ever, automated bots have officially overtaken human users in global internet traffic, and the shift is accelerating faster than even industry leaders predicted. Bots Surpass Humans in Web Traffic According to data from Cloudflare Radar, bots now…
-
Microsoft Unveils Always-On AI Agent Scout to Integrate With Teams, Outlook, and More
Microsoft Unveils Always-On AI Agent Scout to Integrate With Teams, Outlook, and More Microsoft has officially introduced Microsoft Scout, its first-ever “Autopilot” AI agent, a persistent, always-on autonomous assistant designed to operate continuously across Microsoft 365 apps without waiting to be prompted. Unveiled at Microsoft Build 2026 on June 2, Scout represents a fundamental shift…
-
New Google Gemini Vulnerability Exploited via Prompt Injections from WhatsApp, Slack, and SMS
New Google Gemini Vulnerability Exploited via Prompt Injections from WhatsApp, Slack, and SMS A new class of indirect prompt injection (IPI) attacks targets Google Gemini’s voice assistant, allowing attackers to silently hijack the AI through malicious payloads delivered via everyday messaging apps, including WhatsApp, Slack, Signal, SMS, Instagram, and Messenger. The research, led by Or…
-
Lessons for life: Why children’s data is a long-term identity risk
Lessons for life: Why children’s data is a long-term identity risk Your child’s first data breach may happen before they’ve even opened a bank account. Here’s how to keep their digital life safe. Go to eset
-
DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets
DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The “Disruption Week” operation began May 18, 2026, leading to the takedown…
-
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini’s voice assistant on Android and made it open a victim’s connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its…
-
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT Cybersecurity researchers have flagged a new malspam campaign that makes use of Google’s DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT. “Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick,…
-
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and “patch everything in time” stopped working years ago. Stop betting the org on winning that race. You don’t control which bug lands. You control what it…
-
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user’s token and…
-
AI Used to Decrypt Medieval Ciphers
AI Used to Decrypt Medieval Ciphers Researchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers. Bruce Schneier Go to bruce schneier
-
Pakistan Spies on Afghan Finance Ministry With Xeno RAT
Pakistan Spies on Afghan Finance Ministry With Xeno RAT Despite broadly connected digital infrastructure, standard fare TTPs are enough to cause trouble for Afghanistan’s porous cybersecurity. Nate Nelson Go to gbhackers.com
-
ISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958, (Thu, Jun 4th)
ISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958, (Thu, Jun 4th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Continuing Scans for swagger.json, (Wed, Jun 3rd)
Continuing Scans for swagger.json, (Wed, Jun 3rd) Enterprise applications often still use complex standards like SOAP for web services. The big advantage of SOAP is its tight and extensive standards, which enable interoperability across an enterprise governed by web services. The disadvantage of SOAP: First, while it is de facto usually used over HTTP, it…
-
ISC Stormcast For Wednesday, June 3rd, 2026 https://isc.sans.edu/podcastdetail/9956, (Wed, Jun 3rd)
ISC Stormcast For Wednesday, June 3rd, 2026 https://isc.sans.edu/podcastdetail/9956, (Wed, Jun 3rd) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
New Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd)
New Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd) For a few days, my SANS ISC mailbox is flooded with emails that delivers SVG files. An SVG (“Scalable Vector Graphic”) is a web-friendly vector file format used for graphics and icons. No URL in the body, just “an image”, that’s the perfect way…
-
Smashing Security podcast #470: This AI security flaw might be impossible to fix
Smashing Security podcast #470: This AI security flaw might be impossible to fix A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren’t. And when a journalist tried to warn the company, it was lawyers…
-
Welcoming the Philippine Government to Have I Been Pwned
Welcoming the Philippine Government to Have I Been Pwned Today, we welcome the 46th government onboarded to Have I Been Pwned’s free gov service: the Philippines. The Philippines’ National CERT, working with the Department of Information and Communications Technology, now has access to monitor official government domains against the data in HIBP. This gives their…
-
Attackers Use AI to Automate EDR Evasion Testing
Attackers Use AI to Automate EDR Evasion Testing Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender. Alexander Culafi Go to gbhackers.com
-
Tropical Blend: Cyber & Politics Ramp Up Across Latin America
Tropical Blend: Cyber & Politics Ramp Up Across Latin America China-linked espionage groups have attacked at least a dozen nations in the region, gathering information on maritime shipping, oil production, and other geopolitical interests. Robert Lemos Go to gbhackers.com
-
Cyber Insurance Rates Are Dropping, but Exclusions Widen
Cyber Insurance Rates Are Dropping, but Exclusions Widen Cyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix. Rob Wright Go to gbhackers.com
-
Malicious Notifications Could Trick Google Gemini Users
Malicious Notifications Could Trick Google Gemini Users A prompt injection flaw in Google Gemini’s voice assistant let attackers hide malicious commands in notifications, enabling social engineering and more. Alexander Culafi Go to gbhackers.com
-
Ivanti ITSM Flaw Could Allow Attackers to Escalate to Admin Access
Ivanti ITSM Flaw Could Allow Attackers to Escalate to Admin Access Ivanti has patched a high-severity vulnerability in its Ivanti Neurons for ITSM platform that could allow authenticated attackers to escalate privileges and gain full… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Leverage AI-Powered Tools to Streamline Active Directory Compromise
Hackers Leverage AI-Powered Tools to Streamline Active Directory Compromise A threat campaign in which attackers leveraged AI-powered tools to streamline Active Directory (AD) compromise and accelerate endpoint detection and response (EDR) evasion testing…. Delivered by PolitePaul service Go to gbhackers.com
-
HazyBeacon Campaign Abuses AWS for Stealthy C2 Communications
HazyBeacon Campaign Abuses AWS for Stealthy C2 Communications A newly documented cyber espionage operation known as HazyBeacon, tracked as CL-STA-1020, is leveraging Amazon Web Services (AWS) to build stealthy command-and-control (C2) channels… Delivered by PolitePaul service Go to gbhackers.com
-
Windows Search URI Handler Vulnerability Exposes NTLMv2 Hashes to Remote Attackers
Windows Search URI Handler Vulnerability Exposes NTLMv2 Hashes to Remote Attackers Windows systems are once again exposed to NTLM credential leakage through a newly observed abuse of the search, URI handler, a vulnerability class closely mirroring… Delivered by PolitePaul service Go to gbhackers.com
-
HTTP/2 Bomb Remote DoS Exploit Impacts nginx, Apache, IIS, Envoy, and Cloudflare Pingora
HTTP/2 Bomb Remote DoS Exploit Impacts nginx, Apache, IIS, Envoy, and Cloudflare Pingora A newly disclosed “HTTP/2 Bomb” attack is raising serious concerns across the web infrastructure ecosystem, enabling remote denial-of-service (DoS) conditions against widely deployed servers… Delivered by PolitePaul service Go to gbhackers.com
-
Global Stock Exchange Hit by Monthslong Email Campaign
Global Stock Exchange Hit by Monthslong Email Campaign A threat actor got a near-continuous view into an influential finance executive’s email inbox, thanks to clever use of legitimate, native Windows tools. Nate Nelson Go to gbhackers.com
-
Google adds Android protection against AI deepfake scam calls
Google adds Android protection against AI deepfake scam calls Google is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user’s personal contacts. […] Sergiu Gatlan Go to bleepingcomputer
-
VS Code zero-day lets hackers steal GitHub tokens in one click
VS Code zero-day lets hackers steal GitHub tokens in one click A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link. […] Sergiu Gatlan Go to bleepingcomputer
-
Microsoft’s Coreutils project brings Linux commands to Windows
Microsoft’s Coreutils project brings Linux commands to Windows Microsoft announced today at its Build 2026 developer conference the release of Coreutils for Windows, bringing many commonly used Linux command-line utilities to Windows as native applications. […] Lawrence Abrams Go to bleepingcomputer
-
OpenAI upgrades GPT-5.5, as it plans to retire legacy ChatGPT models
OpenAI upgrades GPT-5.5, as it plans to retire legacy ChatGPT models OpenAI says it’s rolling out a new update that improves the existing GPT-5.5 Instant model, and this move comes ahead of the scheduled retirement of multiple legacy models, including o3. […] Mayank Parmar Go to bleepingcomputer
-
Critical Kirki flaw exploited to hijack WordPress admin accounts
Critical Kirki flaw exploited to hijack WordPress admin accounts Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators. […] Bill Toulas Go to bleepingcomputer
-
HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora
HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora A newly disclosed remote denial-of-service exploit dubbed “HTTP/2 Bomb” targets the default HTTP/2 configurations of the world’s most widely deployed web servers, nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora, enabling a single attacker on a home internet connection to…
-
1-Click GitHub Token Vulnerability Lets Attackers Steal Users’ OAuth Tokens
1-Click GitHub Token Vulnerability Lets Attackers Steal Users’ OAuth Tokens A critical security vulnerability in Visual Studio Code’s webview implementation allows attackers to steal GitHub OAuth tokens, including read/write access to private repositories, simply by tricking a victim into clicking a single malicious link. The bug was publicly disclosed on June 2, 2026, by security…