no alarms and no surprises please..
-
AI Won’t Wipe-Out Entry-Level Cybersecurity Jobs
AI Won’t Wipe-Out Entry-Level Cybersecurity Jobs Instead of eliminating jobs for early-career cyber pros, AI is creating new opportunities for candidates with strong human decision-making skills. Jon France Go to gbhackers.com
-
Meeting Trump’s 2030 Quantum Deadline Will be Expensive, Complex
Meeting Trump’s 2030 Quantum Deadline Will be Expensive, Complex Getting accurate visibility into IT and OT systems will be compounded by multivendor environments, misaligned update life cycles, and interoperability gaps. Alexander Culafi Go to gbhackers.com
-
Thanks for Crushing the Submissions Inbox. We’re Trying to Keep Up
Thanks for Crushing the Submissions Inbox. We’re Trying to Keep Up It might be taking a bit longer than usual to respond to your submissions — here’s why. Becky Bracken Go to gbhackers.com
-
Hackers Exploit WinRAR CVE-2025-8088 to Plant Startup Shortcut and Run PowerShell Loader
Hackers Exploit WinRAR CVE-2025-8088 to Plant Startup Shortcut and Run PowerShell Loader Hackers have weaponized a WinRAR path-traversal flaw tracked as CVE-2025-8088 to silently plant a Startup shortcut and run a multi-stage PowerShell loader that maps… Delivered by PolitePaul service Go to gbhackers.com
-
Scammers Abuse Shopify to Send Fake Invoices and Steal Credentials via Fake Support Calls
Scammers Abuse Shopify to Send Fake Invoices and Steal Credentials via Fake Support Calls Scammers are increasingly exploiting Shopify’s ecosystem and its Shop order-tracking app to deliver fraudulent invoices directly into users’ purchase histories, marking a shift from… Delivered by PolitePaul service Go to gbhackers.com
-
Russian Authorities Used Cellebrite UFED to Break Into Human Rights Activist’s iPhone
Russian Authorities Used Cellebrite UFED to Break Into Human Rights Activist’s iPhone Russian authorities leveraged Cellebrite’s Universal Forensic Extraction Device (UFED) to gain access to a detained human rights activist’s iPhone, according to a detailed forensic… Delivered by PolitePaul service Go to gbhackers.com
-
KuinaExtractor Stealer Targets Browser Data, Crypto Wallets, Roblox, Steam, and Discord
KuinaExtractor Stealer Targets Browser Data, Crypto Wallets, Roblox, Steam, and Discord A previously undocumented Rust-based infostealer they call KuinaExtractor, a family that has evolved from a capable early prototype into a hardened, stealth-focused threat now… Delivered by PolitePaul service Go to gbhackers.com
-
WhatsApp Adds Security Warning Before Users Start Chat With Unknown Numbers
WhatsApp Adds Security Warning Before Users Start Chat With Unknown Numbers WhatsApp has introduced a new proactive security feature that warns users before they start conversations with unknown phone numbers. This update, currently being rolled… Delivered by PolitePaul service Go to gbhackers.com
-
Anthropic is testing desktop-like Claude Cowork for mobile
Anthropic is testing desktop-like Claude Cowork for mobile Anthropic appears to be testing Claude Cowork support on mobile, allowing you to manage long-running Claude tasks from your phone. […] Mayank Parmar Go to bleepingcomputer
-
Poland busts SIM-swapping gang tied to millions in crypto theft
Poland busts SIM-swapping gang tied to millions in crypto theft Authorities in Poland have arrested four members of an organized cybercrime group accused of breaching telecommunications partners and hijacking email accounts to carry out SIM-swapping attacks. […] Bill Toulas Go to bleepingcomputer
-
Order-tracking app Shop abused to push callback phishing attacks
Order-tracking app Shop abused to push callback phishing attacks Threat actors are increasingly abusing Shop, the order-tracking app from Shopify, by adding fake purchase receipts in users’ order histories to trick them into providing sensitive data or installing remote access software. […] Bill Toulas Go to bleepingcomputer
-
Microsoft quietly extends free Windows 10 ESU support to October 2027
Microsoft quietly extends free Windows 10 ESU support to October 2027 Microsoft has quietly extended its free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year, allowing enrolled devices to continue receiving security updates until October 12, 2027. […] Lawrence Abrams Go to bleepingcomputer
-
New macOS malware embeds fake errors to confuse AI analysis tools
New macOS malware embeds fake errors to confuse AI analysis tools A newly discovered macOS malware dubbed “Gaslight” is designed to confuse AI-assisted malware analysis tools by hiding prompt injection strings and fake debugging data within the executable. […] Lawrence Abrams Go to bleepingcomputer
-
CL-STA-1062 Hackers Use TinyRCT Backdoor to Target Southeast Asian Governments
CL-STA-1062 Hackers Use TinyRCT Backdoor to Target Southeast Asian Governments A Chinese-speaking threat group known as CL-STA-1062 has been running a quiet but aggressive campaign against government agencies and critical energy infrastructure across Southeast Asia. The attackers, active since at least March 2022, spent much of 2025 targeting state-owned enterprises with a toolkit that blends…
-
Miasma Malware Uses binding.gyp and Bun to Execute Hidden Payloads in npm Packages
Miasma Malware Uses binding.gyp and Bun to Execute Hidden Payloads in npm Packages Supply chain attackers are getting more creative, and the latest threat is proof of that. A malware campaign known as Miasma has been caught hiding inside widely used npm packages, using a clever mix of tools and techniques to stay hidden while…
-
Minecraft Malware Loader Uses RSA-Signed Smart Contract Updates for Persistent C2
Minecraft Malware Loader Uses RSA-Signed Smart Contract Updates for Persistent C2 A new and highly sophisticated malware loader has been found hiding inside what appears to be a harmless Minecraft mod. Researchers have uncovered a campaign that blends blockchain technology and social engineering to steal player credentials and deliver additional malicious payloads. The damage is…
-
CISA Warns of Cisco Unified CM Vulnerability Exploited in Attacks
CISA Warns of Cisco Unified CM Vulnerability Exploited in Attacks CISA has added a critical server-side request forgery (SSRF) vulnerability affecting Cisco Unified Communications Manager (Unified CM) to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies and organizations to apply patches immediately amid active exploitation in the wild. The flaw, tracked as CVE-2026-20230, enables…
-
Microsoft Extends Windows 10 Security Updates for Users Up to October 2027
Microsoft Extends Windows 10 Security Updates for Users Up to October 2027 Microsoft has quietly expanded its Windows 10 Extended Security Updates (ESU) program, allowing consumers to receive critical security patches through October 12, 2027, an additional year beyond the program’s originally planned expiration date of October 12, 2026. Windows 10 officially reached its end…
-
Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances
Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances ESET Research analyzes Gamaredon’s new toolset and the group’s growing reliance on legitimate online services to hide its C&C infrastructure and exfiltrate stolen data Go to eset
-
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), has more than 10 million installs and carries a Featured badge…
-
ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories
ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories It’s dumb out there again. This week has the usual smell of prod on fire and nobody wanting to admit who left the door open — old creds still working, trusted apps doing sketchy crap, browser tricks jumping the fence,…
-
Surviving the Mythos Era: Richard Bejtlich on the Case for NDR
Surviving the Mythos Era: Richard Bejtlich on the Case for NDR Despite the abundance of telemetry at analysts’ disposal, many security operations teams struggle to answer a few basic questions during incident investigation: What happened? What evidence do we have? How do we know we’re seeing it all, in context? Answering these questions requires teams…
-
New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis
New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst’s artificial intelligence (AI) tools and trick it into aborting or refusing an analysis of the artifact. The malware has been…
-
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026. According to Symantec and Carbon Black’s Threat Hunter Team, the backdoor, also tracked…
-
AI and Liability
AI and Liability Earlier this month, a German court ruled that Google is liable for its AI search summaries. Rejecting defenses like “users can check for themselves,” and that they generally know “that information generated with AI should not be blindly trusted,” the court held that the AI’s summaries are reflections of the company and…
-
Interesting Paper Exploring Prompt Injection
Interesting Paper Exploring Prompt Injection This is a fascinating explotation of how LLMs fall for prompt injection attacks. It turns out that they learn to recognize the style of text in different role/instruction blocks, and not just the tags. Their conclusion: Role tags were a formatting trick that became the security architecture and the cognitive…
-
What do Ports Hear When Nobody’s Listening? An Assessment of Automated Cybercrime [Guest Diary], (Wed, Jun 24th)
What do Ports Hear When Nobody’s Listening? An Assessment of Automated Cybercrime [Guest Diary], (Wed, Jun 24th) [This is a Guest Diary by Nicole Phillips, an ISC intern as part of the SANS.edu BACS program] “I was just sitting here enjoying the company. Plants got a lot to say, if you take the time to…
-
Linux Process Name Masquerading, (Wed, Jun 24th)
Linux Process Name Masquerading, (Wed, Jun 24th) In a previous diary, I talked about stack strings[1] with a practical example of them. Since my SEC670 class, I’m even more interested in malware obfuscation techniques. I had a look at process names. When you list running processes on a computer, can you trust what you see? If you’re…
-
In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw
In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified CM SME deployments. Jai Vijayan Go to gbhackers.com
-
Russian APT ‘Gamaredon’ Upgrades Its Arsenal, Requiring New Defenses
Russian APT ‘Gamaredon’ Upgrades Its Arsenal, Requiring New Defenses The FSB state-sponsored operation has gotten a lot better at loading its malware and hiding its servers. Nate Nelson Go to gbhackers.com
-
EdTech Attackers Shift From Schools to Their Software Suppliers
EdTech Attackers Shift From Schools to Their Software Suppliers Educational institutions, the edtech companies they rely on, and, more concerningly, the challenges they pose for schools are the focus of the latest Reporters’ Notebook video series. Arielle Waldman Go to gbhackers.com
-
Local Police Collusion Hampers Crackdown on Asian Scam Centers
Local Police Collusion Hampers Crackdown on Asian Scam Centers With tens of billions of dollars flowing into regional economies from cybercrime, scam centers continue to flourish, despite international and law-enforcement efforts. Robert Lemos Go to gbhackers.com
-
Gemini 3.5 Flash Now Supports Agentic Computer Use for Enterprise Automation Tasks
Gemini 3.5 Flash Now Supports Agentic Computer Use for Enterprise Automation Tasks Google has announced a significant enhancement to its AI platform with the release of Gemini 3.5 Flash, which now includes native support for agentic… Delivered by PolitePaul service Go to gbhackers.com
-
Shai-Hulud Hades Payload Hits 20 Leo/RStreams npm Packages in Fresh Supply Chain Attack
Shai-Hulud Hades Payload Hits 20 Leo/RStreams npm Packages in Fresh Supply Chain Attack A fresh supply-chain wave by the Shai-Hulud/Hades family that infected 20 npm packages in the Leo/RStreams ecosystem, an AWS-native event streaming SDK widely used… Delivered by PolitePaul service Go to gbhackers.com
-
Langflow RCE Flaw Lets Attackers Execute Arbitrary Python Code Without Authentication
Langflow RCE Flaw Lets Attackers Execute Arbitrary Python Code Without Authentication A critical unauthenticated remote code execution (RCE) vulnerability in Langflow, tracked as CVE-2026-33017, is being actively exploited in the wild within hours of its… Delivered by PolitePaul service Go to gbhackers.com
-
Curl 8.21.0 Released With 18 Security Fixes
Curl 8.21.0 Released With 18 Security Fixes The curl project has announced the release of version 8.21.0, marking its 275th release and including a significant security update. This version addresses 18… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Abuse Cloudflare-Hosted AWS Phishing Domains to Steal Console Logins
Hackers Abuse Cloudflare-Hosted AWS Phishing Domains to Steal Console Logins A concise but sophisticated phishing campaign that targeted AWS console users by abusing Cloudflare-hosted domains to deliver adversary-in-the-middle (AiTM) credential theft. Each domain served… Delivered by PolitePaul service Go to gbhackers.com
-
Europe Evolves Into Ransomware’s Favorite Region
Europe Evolves Into Ransomware’s Favorite Region After a global lull, ransomware gangs are setting sights on a rich new arena: attacking EU organizations and their suppliers. Nate Nelson Go to gbhackers.com
-
Google releases new privacy controls for activity history, personalization
Google releases new privacy controls for activity history, personalization Google is rolling out new privacy controls for Search services and Google Play, giving you more control over saved history and personalized recommendations. […] Mayank Parmar Go to bleepingcomputer
-
DraftKings hacker ‘Snoopy’ sentenced to 18 months in prison
DraftKings hacker ‘Snoopy’ sentenced to 18 months in prison A 21-year-old using the alias “Snoopy” was sentenced to 18 months in prison for his role in hacking DraftKings accounts in the November 2022 cyberattack. […] Bill Toulas Go to bleepingcomputer
-
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access New details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to create rogue root accounts on targeted devices. […] Lawrence Abrams Go to bleepingcomputer
-
Malicious Edge extension abuses Native Messaging as bridge to malware
Malicious Edge extension abuses Native Messaging as bridge to malware A malicious Microsoft Edge extension dubbed ‘Edgecution’ has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. […] Bill Toulas Go to bleepingcomputer
-
CISA warns of max severity Ubiquiti flaws exploited in attacks
CISA warns of max severity Ubiquiti flaws exploited in attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers. […] Bill Toulas Go to bleepingcomputer
-
OpenClaw Skill Marketplace Exposes AI Agents to Supply Chain Malware and Financial Fraud
OpenClaw Skill Marketplace Exposes AI Agents to Supply Chain Malware and Financial Fraud A wave of malicious skills targeting the OpenClaw AI agent marketplace has exposed a dangerous new frontier in software supply chain security. Attackers are using the ClawHub skill marketplace to push harmful code into AI agent environments, stealing data and running financial…
-
Hackers Use Cisco AnyConnect and Google Update Lures to Drop SharkLoader Malware
Hackers Use Cisco AnyConnect and Google Update Lures to Drop SharkLoader Malware A newly discovered malware family is making its way onto systems worldwide by hiding inside fake software installers that look completely legitimate. Researchers have identified a campaign where attackers disguise their malicious tools as trusted programs like Cisco AnyConnect and Google Update, tricking…
-
Chrome 149 Security Update — Patch for Critical Flaws that Enable Code Execution Attacks
Chrome 149 Security Update — Patch for Critical Flaws that Enable Code Execution Attacks Google has released a critical security update for its Chrome browser, pushing the Stable channel to version 149.0.7827.196/197 for Windows and Mac, and 149.0.7827.196 for Linux. The update addresses 18 security vulnerabilities, including four rated Critical and fourteen rated High severity,…
-
Anthropic Accuses Alibaba of ‘Illicitly’ Accessing Its Claude AI Models in Largest Known Distillation Attack
Anthropic Accuses Alibaba of ‘Illicitly’ Accessing Its Claude AI Models in Largest Known Distillation Attack Anthropic has formally accused Chinese tech and e-commerce giant Alibaba of orchestrating a massive, unauthorized extraction campaign targeting its Claude AI model, marking what the company describes as the largest known distillation attack in its history. In a letter dated…
-
Mistic Backdoor Blends With Microsoft Endpoint Security Tooling to Evade Detection
Mistic Backdoor Blends With Microsoft Endpoint Security Tooling to Evade Detection A new and stealthy backdoor named Mistic has been quietly targeting corporate networks since April 2026, disguising itself using the names and appearance of legitimate Microsoft endpoint security components. This clever camouflage helps it avoid detection, allowing attackers to maintain a persistent, low-profile foothold…
-
ESET takes part in Operation Endgame to disrupt Amadey and Stealc
ESET takes part in Operation Endgame to disrupt Amadey and Stealc ESET researchers assisted in the global disruption of the Amadey botnet and Stealc infostealer, providing technical analysis, infrastructure tracking, and affiliate-level insights Go to eset
-
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated,…
-
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026. The vulnerability in question is CVE-2025-67038…
-
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. “The main common goal was to disrupt the ‘assembly lines’ cybercriminals use to launch ransomware, financial…
-
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The “critical exploitable pattern” has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositories at dozens of…
-
Dawn of the Apex Agentic Adversary
Dawn of the Apex Agentic Adversary We are standing at the end of an era we never thought to mourn: the era of human-speed threats. For years, cybersecurity moved to a rhythm organizations could follow. A researcher found a bug, a CVE was cataloged, a vendor navigated a patch cycle, and weeks or even months…
-
Embedding Forbidden Text in Spyware to Discourage AI Analysis
Embedding Forbidden Text in Spyware to Discourage AI Analysis At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it is inside…
-
Smashing Security podcast #473: How a hacker could have Rickrolled the entire World Cup
Smashing Security podcast #473: How a hacker could have Rickrolled the entire World Cup A polite caller from your bank says there is a problem with your account. Don’t worry – they’ll send someone round to help. They’ll even take your cards away to keep them safe. The scam has run rampant, until Dutch police…
-
Weekly Update 509
Weekly Update 509 I know enough about home cinema audiovisual to know there’s a lot I don’t know. It’s conscious incompetence, if you like, which is different to the unconscious incompetence most people have on the topic. That’s not to sound derogatory (it’s spelled out that way in the competence model), rather it recognises that…
-
Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure
Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure Researchers believe rogue peering was used to connect to the victim’s SD-WAN devices to gain admin privileges and root-level access. Jai Vijayan Go to gbhackers.com
-
2026 FIFA World Cup Faces Surge in Cyber Threats
2026 FIFA World Cup Faces Surge in Cyber Threats Persistent cybercrime, social engineering, and infrastructure threats continue to plague the FIFA 2026 World Cup across the US, Canada, and Mexico. Alexander Culafi Go to gbhackers.com
-
Do CISOs Need a Code of Ethics?
Do CISOs Need a Code of Ethics? Kickbacks, no-show jobs, “dirty” VCs, and shelf ware — industry expert Robert “RSnake” Hansen explains why he thinks its time for a CISO code of ethics to ensure cybersecurity bosses aren’t engaged in self-dealing that could risk enterprise, and even national, security. Dark Reading Editorial Team Go to…
-
More Malicious OpenClaw Skills Threaten AI Supply Chain
More Malicious OpenClaw Skills Threaten AI Supply Chain OpenClaw removed five packages from ClawHub, its skills marketplace, that bypassed security checks even though they included infostealers and other threats. Elizabeth Montalbano Go to gbhackers.com
-
Apple’s MacOS Gap Lets Users Disable Security Tools
Apple’s MacOS Gap Lets Users Disable Security Tools Attackers can exploit the issue to disable security and integrated browser tools without needing administrator privileges or kernel exploits. Jai Vijayan Go to gbhackers.com
-
PoC Released for Microsoft Exchange Server EWS InstallApp SSRF Vulnerability
PoC Released for Microsoft Exchange Server EWS InstallApp SSRF Vulnerability A proof-of-concept exploit has been released for CVE-2026-45502, a server-side request forgery (SSRF) vulnerability in the Microsoft Exchange Server’s Exchange Web Services (EWS) InstallApp… Delivered by PolitePaul service Go to gbhackers.com
-
Webmin Stored XSS Vulnerability Lets Attackers Exploit Root Users
Webmin Stored XSS Vulnerability Lets Attackers Exploit Root Users A newly disclosed stored cross-site scripting (XSS) vulnerability in Webmin has raised significant security concerns, as it allows attackers with limited privileges to target… Delivered by PolitePaul service Go to gbhackers.com
-
Fable 5 AI Model Builds Bootable Windows Kernel in Rust in Just 38 Minutes
Fable 5 AI Model Builds Bootable Windows Kernel in Rust in Just 38 Minutes A newly released AI model, Claude Fable 5, has made a significant advancement in autonomous systems programming by generating a bootable Windows NT-style kernel… Delivered by PolitePaul service Go to gbhackers.com
-
Cisco Unified Communications Manager Flaw Exposes Systems to SSRF Attacks and Root Access
Cisco Unified Communications Manager Flaw Exposes Systems to SSRF Attacks and Root Access Cisco has disclosed a critical server-side request forgery (SSRF) vulnerability affecting its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Abuse Indian Tax Notice Lures to Deliver PE Loader and libsvcs.dll Payload
Hackers Abuse Indian Tax Notice Lures to Deliver PE Loader and libsvcs.dll Payload A targeted malware distribution campaign that abuses a counterfeit Indian Income Tax Department assessment notice to deliver a multi-stage Remote Access Trojan (RAT)-style payload…. Delivered by PolitePaul service Go to gbhackers.com
-
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks A high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being exploited in attacks. […] Lawrence Abrams Go to bleepingcomputer
-
Tata Electronics confirms cyberattack as hackers leak data
Tata Electronics confirms cyberattack as hackers leak data Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure. […] Bill Toulas Go to bleepingcomputer
-
Windows 11 KB5095093 update rolls out new Point-in-Time restore feature
Windows 11 KB5095093 update rolls out new Point-in-Time restore feature Microsoft has released the KB5095093 preview cumulative update for Windows 11 24H2 and 25H2, which fixes numerous bugs and begins rolling out new features, including the new Point-in-Time restore feature. […] Lawrence Abrams Go to bleepingcomputer
-
Healthtech firm Xolis suffers data breach impacting 1.4 million people
Healthtech firm Xolis suffers data breach impacting 1.4 million people Healthcare technology company Xsolis says that sensitive data belonging to nearly 1.4 million individuals was compromised in a phishing attack that gave attackers access to its network. […] Bill Toulas Go to bleepingcomputer
-
New macOS ClickFix attack silently mounts DMGs to push infostealer
New macOS ClickFix attack silently mounts DMGs to push infostealer A new macOS ClickFix campaign is using Terminal commands to silently download, mount, and launch info-stealing malware from malicious disk image (DMG) files. […] Lawrence Abrams Go to bleepingcomputer
-
Malicious AI Agent Skill Bypasses Security Scans and Seized Full Control of Over 26,000 Agents
Malicious AI Agent Skill Bypasses Security Scans and Seized Full Control of Over 26,000 Agents A malicious AI “skill” created as part of a controlled security experiment has exposed critical weaknesses in modern AI agent ecosystems, successfully bypassing security scanners and compromising more than 26,000 agents across individual and enterprise environments. According to researcher Niv…
-
Claude Fable 5 Wrote Windows Kernel Code in Rust in 38 Minutes
Claude Fable 5 Wrote Windows Kernel Code in Rust in 38 Minutes Anthropic’s Claude Fable 5 generated a complete, bootable NT-compatible Windows kernel written in Rust called ntoskrnl-rs from an empty directory in just 38 minutes of active model work, raising profound questions about AI-authored trust and the future of critical infrastructure security. Documented by…
-
GTA 6 Scam Websites Use AI-Generated Images and Fake Download Buttons to Lure Gamers
GTA 6 Scam Websites Use AI-Generated Images and Fake Download Buttons to Lure Gamers A fresh wave of scam websites is targeting gamers worldwide, using the massive hype around Grand Theft Auto VI to trick people into handing over their money. These fake pages promise something millions of players desperately want: early access to GTA…
-
FortiBleed Attack Hit 430,000+ FortiGate Firewalls, Stealing 110M+ Credentials
FortiBleed Attack Hit 430,000+ FortiGate Firewalls, Stealing 110M+ Credentials A large-scale, ongoing credential-harvesting campaign dubbed “FortiBleed” has silently compromised more than 430,000 FortiGate firewalls globally, siphoning over 110 million credentials directly from live network traffic since at least February 2026. The campaign came to light after security researcher Volodymyr “Bob” Diachenko discovered an exposed directory…
-
How Attackers Exploit Privileged Access and How to Lock Them Out
How Attackers Exploit Privileged Access and How to Lock Them Out Every major breach you read about has a quiet middle chapter that rarely makes the headline. The headline is the ransom note or the leaked customer database. The middle chapter the part that actually decided the outcome is almost always the same: an attacker found a privileged credential, used it…
-
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally. The campaign, active since February 2026, involves collecting credential lists, searching for exposed services, brute-forcing accessible…
-
Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it safe. The…
-
Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration
Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography. Key establishment must move by December 31, 2030; digital signatures by December 31, 2031. EO 14409 leaves national security systems on a…
-
GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns GitHub is moving to strengthen software supply chain security by updating “actions/checkout” to block pwn request attacks that exploit the risky use of the “pull_request_target workflow” trigger to run malicious code with the workflow’s full privileges. Effective June 18, 2026, the latest version of “actions/checkout,”…
-
Agentic AI: The Weapon That No Longer Needs a Warrior
Agentic AI: The Weapon That No Longer Needs a Warrior Every weapon begins as an extension of the hand that holds it. The spear lengthened the reach of the arm. The bow sent the point flying without the throw. The rifle placed a man’s death a quarter mile beyond his sight, and the aircraft carried…
-
Anthropic’s Fable 5 Model Jailbroken Within Days
Anthropic’s Fable 5 Model Jailbroken Within Days Fable 5 is the supposed safe version of Anthropic’s Mythos Preview, with guardrails to ensure that it can’t be used to create cyberattacks. Well, that restriction was bypassed within days. Bruce Schneier Go to bruce schneier
-
ISC Stormcast For Wednesday, June 24th, 2026 https://isc.sans.edu/podcastdetail/9984, (Wed, Jun 24th)
ISC Stormcast For Wednesday, June 24th, 2026 https://isc.sans.edu/podcastdetail/9984, (Wed, Jun 24th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Scattered Spider Hackers Plead Guilty on Day 1 of Trial
Scattered Spider Hackers Plead Guilty on Day 1 of Trial Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific…
-
Hacker hijacks Brazil’s national alert system, sending “misanthropy” to millions of phones
Hacker hijacks Brazil’s national alert system, sending “misanthropy” to millions of phones Emergency alert systems work because people believe them. Every time one of these systems issues a false alert – whether through negligence or a deliberate attack – trust erodes. Read more in my article on the Hot for Security blog. Graham Cluley Go…
-
Scope of Salesforce Attacks Expands as Icarus Leaks Data
Scope of Salesforce Attacks Expands as Icarus Leaks Data More victims have emerged after attackers breached application vendor Klue and used its OAuth tokens to steal customers’ Salesforce data. Rob Wright Go to gbhackers.com
-
‘Cordyceps’: Mushrooming Malicious Pull Requests Threaten Developer Workflows
‘Cordyceps’: Mushrooming Malicious Pull Requests Threaten Developer Workflows The CI/CD workflow weakness affects Microsoft’s Azure Sentinel, Google’s AI Agent Development Kit, Apache’s Doris analytics database, Cloudflare’s Workers SDK, and Python Software Foundation’s Black. Alexander Culafi Go to gbhackers.com
-
SocGholish Takedown Highlights Malicious TDS Threats
SocGholish Takedown Highlights Malicious TDS Threats SocGholish uses traffic distribution systems (TDSs) to provide initial access into victims’ networks for cybercrime groups such as the notorious Evil Corp. Rob Wright Go to gbhackers.com
-
FortiBleed Attackers Turn Firewalls Into Credentials Stealers as Heist Persists
FortiBleed Attackers Turn Firewalls Into Credentials Stealers as Heist Persists The threat actors engineered a Golang-based sniffer to target 430,000 FortiGate firewalls and identify 110 million credentials in the ongoing global campaign. Elizabeth Montalbano Go to gbhackers.com
-
DifyTap Bugs Let Attackers ‘Wiretap’ AI Chat Histories
DifyTap Bugs Let Attackers ‘Wiretap’ AI Chat Histories Four vulnerabilities allow attackers to exploit Dify, a platform for AI application building and management, to silently access and exfiltrate sensitive data. Alexander Culafi Go to gbhackers.com
-
Tata Electronics Data Breach Exposes 200,000+ Files Linked to Apple and Tesla, Hackers Claim
Tata Electronics Data Breach Exposes 200,000+ Files Linked to Apple and Tesla, Hackers Claim Tata Electronics has reported a cybersecurity incident following claims from a ransomware-linked threat group that it has exfiltrated and published over 200,000 files related… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Uncovers Parallel Threat Activity From Two Cyberattackers in Single Intrusion
Microsoft Uncovers Parallel Threat Activity From Two Cyberattackers in Single Intrusion Microsoft’s latest incident write-up shows that a single intrusion can mask two parallel threat activity streams, one tied to Storm-2603 and another to an… Delivered by PolitePaul service Go to gbhackers.com
-
Critical libssh2 Vulnerability Lets Remote Attackers Execute Code via Crafted SSH Packets
Critical libssh2 Vulnerability Lets Remote Attackers Execute Code via Crafted SSH Packets A critical security vulnerability has been identified in libssh2, a widely used client-side SSH library. This flaw allows remote attackers to execute code by… Delivered by PolitePaul service Go to gbhackers.com
-
Cybercriminals Abuse TDS Infrastructure to Bypass Firewalls and Hide Malicious Destinations
Cybercriminals Abuse TDS Infrastructure to Bypass Firewalls and Hide Malicious Destinations Cybercriminals are increasingly abusing traffic distribution systems (TDSs) to evade defenses, conceal malicious destinations, and funnel victims into phishing, fraud, and malware campaigns. Once… Delivered by PolitePaul service Go to gbhackers.com
-
Critical FFmpeg Vulnerability Lets Hackers Execute Remote Code via Malicious Media Files
Critical FFmpeg Vulnerability Lets Hackers Execute Remote Code via Malicious Media Files A critical memory corruption vulnerability in FFmpeg has been disclosed, allowing for remote code execution through specially crafted media files. This flaw, tracked as… Delivered by PolitePaul service Go to gbhackers.com
-
WhatsApp phishing attack uses fake business docs to hack PCs
WhatsApp phishing attack uses fake business docs to hack PCs An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access. […] Bill Toulas Go to bleepingcomputer
-
JaredFromSubway MEV bot hacked in $15 million crypto theft
JaredFromSubway MEV bot hacked in $15 million crypto theft The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities. […] Bill Toulas Go to bleepingcomputer
-
FFmpeg fixes PixelSmash flaw in widely used video decoder
FFmpeg fixes PixelSmash flaw in widely used video decoder A newly disclosed FFmpeg flaw dubbed ‘PixelSmash’ could be exploited for remote code execution on Jellyfin servers under certain conditions, and can also trigger a denial-of-service condition in applications like Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio. […] Bill Toulas Go to bleepingcomputer
-
FortiBleed campaign used custom FortiGate sniffer to steal credentials
FortiBleed campaign used custom FortiGate sniffer to steal credentials Security firm SOCRadar says the large-scale FortiBleed campaign targeting Fortinet FortiGate devices used custom sniffers to harvest authentication secrets from compromised firewalls and steal credentials. […] Lawrence Abrams Go to bleepingcomputer