no alarms and no surprises please..
-
Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address
Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address “Ghost-Sender” uses Exchange Online or on-premises in hybrid mode with a third-party mail server or spam filter to achieve this level of spoofing. Alexander Culafi Go to gbhackers.com
-
Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories
Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories The attacks stemmed from a GitHub account that was also compromised in a previous Miasmi attack on Microsoft last month. Rob Wright Go to gbhackers.com
-
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine. Elizabeth Montalbano Go to gbhackers.com
-
Ghost-Sender Flaw Exposes Exchange Online Users to Sender Spoofing Attacks
Ghost-Sender Flaw Exposes Exchange Online Users to Sender Spoofing Attacks A newly disclosed “Ghost-Sender” flaw is exposing Microsoft Exchange Online environments to large-scale email spoofing attacks, allowing threat actors to bypass standard email authentication… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Entra Agent ID Logs Expose Suspicious Assistive Agent Activity
Microsoft Entra Agent ID Logs Expose Suspicious Assistive Agent Activity Microsoft Entra Agent ID logs have exposed a subtle but consequential threat vector: assistive agents using the OAuth On-Behalf-Of (OBO) flow to act with… Delivered by PolitePaul service Go to gbhackers.com
-
Linux Kernel Flaw Allows Local Attackers to Gain Root Privileges
Linux Kernel Flaw Allows Local Attackers to Gain Root Privileges A newly disclosed Linux kernel vulnerability tracked as CVE-2026-23111 allows local attackers to escalate privileges to root by exploiting a use-after-free flaw in the… Delivered by PolitePaul service Go to gbhackers.com
-
Top 10 Best Zero Trust Network Access (ZTNA) Solutions 2026
Top 10 Best Zero Trust Network Access (ZTNA) Solutions 2026 In 2026, the traditional network perimeter is obsolete. With the widespread adoption of remote and hybrid work models, multi-cloud environments, and a proliferation of… Delivered by PolitePaul service Go to gbhackers.com
-
WhatsApp Blocks Pegasus Spyware Campaign Linked to NSO Group
WhatsApp Blocks Pegasus Spyware Campaign Linked to NSO Group WhatsApp has disrupted a new spyware campaign linked to the NSO Group, the controversial surveillance vendor behind Pegasus, while simultaneously seeking legal action against… Delivered by PolitePaul service Go to gbhackers.com
-
CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day
CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. […] Sergiu Gatlan Go to bleepingcomputer
-
Google patches new Chrome zero-day flaw exploited in the wild
Google patches new Chrome zero-day flaw exploited in the wild Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. […] Sergiu Gatlan Go to bleepingcomputer
-
NFCShare Android malware spreads via fake banking app updates on GitHub
NFCShare Android malware spreads via fake banking app updates on GitHub New variants of the NFCShare Android malware are being distributed as fake updates for legitimate banking apps hosted on GitHub. […] Bill Toulas Go to bleepingcomputer
-
SoFi confirms third-party data breach at Hong Kong subsidiary
SoFi confirms third-party data breach at Hong Kong subsidiary SoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information. […] Lawrence Abrams Go to bleepingcomputer
-
New Apple feature automatically changes your compromised passwords
New Apple feature automatically changes your compromised passwords At WWDC 26, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. This works in Safari, and it’s rolling out with iOS 27. […] Mayank Parmar Go to bleepingcomputer
-
Hackers Exploiting LiteLLM RCE Vulnerability in the Wild to Run Arbitrary Commands
Hackers Exploiting LiteLLM RCE Vulnerability in the Wild to Run Arbitrary Commands Threat actors are actively exploiting a critical chained vulnerability in LiteLLM, a popular open-source AI gateway proxy, allowing unauthenticated remote code execution (RCE) on vulnerable deployments. Researchers at Horizon3.ai confirmed that combining two CVEs creates a CVSS 10.0 Critical attack path requiring zero…
-
SAP Security Patch Day – Critical Vulnerabilities in SAP NetWeaver Patched
SAP Security Patch Day – Critical Vulnerabilities in SAP NetWeaver Patched SAP’s June 2026 Security Patch Day, observed on Tuesday, June 9, delivered 15 new security notes addressing a broad range of vulnerabilities across core SAP products, including four critical-severity flaws that demand immediate enterprise attention. SAP strongly urges all customers to visit the SAP…
-
Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials
Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials Cybercriminals have found a clever new trick: turning the world’s most popular AI tools into traps. By disguising phishing attacks with the branding of platforms like ChatGPT, Claude, and DeepSeek, threat actors are luring users into handing over login credentials, credit…
-
Apache HTTP Server 2.4.68 Released With Fix For Use-After-Free, DoS, XSS, and Buffer Overflow Flaws
Apache HTTP Server 2.4.68 Released With Fix For Use-After-Free, DoS, XSS, and Buffer Overflow Flaws The Apache Software Foundation released Apache HTTP Server version 2.4.68 on June 8, 2026, addressing 13 security vulnerabilities spanning multiple modules. The patched flaws include use-after-free conditions, cross-site scripting, heap-based buffer overflows, denial-of-service, privilege escalation, and out-of-bounds read issues affecting…
-
21 0-Day Vulnerabilities in FFmpeg Enables Remote Code Execution Attacks
21 0-Day Vulnerabilities in FFmpeg Enables Remote Code Execution Attacks An autonomous security agent uncovered 21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. FFmpeg quietly powers media processing across browsers, streaming platforms, surveillance systems, and cloud…
-
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command injection vulnerability that could…
-
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel’s nf_tables packet-filtering code and was patched upstream on February…
-
Meta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt Order
Meta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt Order Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group. In addition, the tech giant said it’s filing a federal court contempt order against the company for violating a permanent injunction that barred it from targeting WhatsApp…
-
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a…
-
AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload
AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload Phishing has always been a numbers game. AI has turned it into a volume machine. Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another…
-
Critical Zcash Vulnerability Found and Fixed
Critical Zcash Vulnerability Found and Fixed If you’re a user—owner?—of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He found one fast enough to…
-
Anthropic’s Project Glasswing Update
Anthropic’s Project Glasswing Update In April, Anthropic initated Project Glasswing. The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritically parroted Anthropic’s claims that it’s now common wisdom that Mythos is better at…
-
ISC Stormcast For Tuesday, June 9th, 2026 https://isc.sans.edu/podcastdetail/9964, (Tue, Jun 9th)
ISC Stormcast For Tuesday, June 9th, 2026 https://isc.sans.edu/podcastdetail/9964, (Tue, Jun 9th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)
TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th) This diary continues the Internet Storm Center’s tracking of the TeamPCP supply chain campaign, first documented in the SANS white paper When the Security Scanner Became the Weapon and most recently in the handler diary Activity Through 2026-05-24. Since that update, the story moved into two new places:…
-
Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks
Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks The financially motivated group is combining vishing, IT impersonation, and in-person office intrusions to steal data and extort victims. Jai Vijayan Go to gbhackers.com
-
Check Point VPN Flaw Exploited Since Early May
Check Point VPN Flaw Exploited Since Early May A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident. Alexander Culafi Go to gbhackers.com
-
Iran Signed a Ceasefire — Its Hackers Didn’t
Iran Signed a Ceasefire — Its Hackers Didn’t An extension of the Geneva Conventions could impose restrictions on cyberwarfare under ceasefire conditions and close a major loophole in international conflict. Emil Sayegh Go to gbhackers.com
-
‘Hades’ Campaign Against PyPI Puts New Spin on Shai-Hulud
‘Hades’ Campaign Against PyPI Puts New Spin on Shai-Hulud The latest attacks, which hit 37 PyPI wheels and 19 code packages, show a continued evolution of the persistent software supply chain threat. Elizabeth Montalbano Go to gbhackers.com
-
Internet Explorer WebBrowser Control Abuse Lets Attackers Convert Clicks Into RCE
Internet Explorer WebBrowser Control Abuse Lets Attackers Convert Clicks Into RCE Internet Explorer’s legacy WebBrowser control can be abused to turn seemingly harmless user clicks into full remote code execution (RCE), even on systems that… Delivered by PolitePaul service Go to gbhackers.com
-
China-Linked OP-512 Targets IIS Servers With Unique Web Shell Framework
China-Linked OP-512 Targets IIS Servers With Unique Web Shell Framework A suspected China-linked espionage cluster dubbed OP-512 after rapidly correlating many low-fidelity events into a single high-priority incident that human analysts then validated. OP-512… Delivered by PolitePaul service Go to gbhackers.com
-
Lucid Stealer Hits 18 Browsers, Crypto Wallets, and Discord Tokens
Lucid Stealer Hits 18 Browsers, Crypto Wallets, and Discord Tokens A new, fully featured Lucid Stealer build that combines large-scale credential theft with hidden remote access. The sample, distributed through Telegram-linked underground channels, is… Delivered by PolitePaul service Go to gbhackers.com
-
Critical Redis Vulnerability Could Let Attackers Execute Code and Hijack Servers
Critical Redis Vulnerability Could Let Attackers Execute Code and Hijack Servers A critical vulnerability in Redis, tracked as CVE-2026-23631 and dubbed “DarkReplica,” exposes authenticated deployments to remote code execution (RCE) through a complex use-after-free (UAF)… Delivered by PolitePaul service Go to gbhackers.com
-
Instagram Patches Account Recovery Flaw Leaking User Contact Information
Instagram Patches Account Recovery Flaw Leaking User Contact Information A critical logic flaw in Instagram’s web-based account recovery workflow exposed unredacted user contact information, including full email addresses and phone numbers, before Meta… Delivered by PolitePaul service Go to gbhackers.com
-
Over 20,000 Instagram accounts stolen in Meta AI support hack
Over 20,000 Instagram accounts stolen in Meta AI support hack Meta has revealed that 20,225 Instagram users had their accounts hijacked in a recent incident where attackers used Meta’s AI-powered support system to reset passwords. […] Sergiu Gatlan Go to bleepingcomputer
-
Hands on with Intelligent Terminal, an AI-powered Windows Terminal
Hands on with Intelligent Terminal, an AI-powered Windows Terminal Microsoft has created an open-source fork of Windows Terminal called “Intelligent Terminal,” and it allows you to use AI directly inside Terminal without interfering with the regular session. […] Mayank Parmar Go to bleepingcomputer
-
C0XMO botnet spreads via DD-WRT router flaw, kills rival malware
C0XMO botnet spreads via DD-WRT router flaw, kills rival malware A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with various CPU architectures. […] Bill Toulas Go to bleepingcomputer
-
Silent Ransom Group targets law firms with fake IT support calls
Silent Ransom Group targets law firms with fake IT support calls The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant. […] Lawrence Abrams Go…
-
Multiple VMware Stored XSS Vulnerabilities Allow Attackers to Inject Malicious Scripts
Multiple VMware Stored XSS Vulnerabilities Allow Attackers to Inject Malicious Scripts Broadcom has disclosed three stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation Operations and several related products, warning that authenticated attackers could inject malicious scripts to perform administrative actions within the environment. Tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, the flaws were addressed in…
-
UniFi OS Server Critical RCE Chain Allows Root Access Without Credentials
UniFi OS Server Critical RCE Chain Allows Root Access Without Credentials A critical vulnerability chain in the UniFi OS Server software has put thousands of organizations at serious risk. Researchers confirmed that an attacker can gain full root access to affected devices without a single credential, turning one unauthenticated request into a complete system takeover.…
-
Critical Redis RCE Vulnerability Enable Attackers to Gain Complete Control to Host Server
Critical Redis RCE Vulnerability Enable Attackers to Gain Complete Control to Host Server In May 2026, Redis developers fixed a dangerous post-authentication remote code execution vulnerability, dubbed DarkReplica (CVE-2026-23631), that allowed attackers to gain full control of a Redis host. Redis provides powerful server-side Lua engines, allowing administrators to run custom logic directly in the…
-
Cybercriminals Exploit 2026 FIFA World Cup With Phishing, Fake Stores, and Ticket Scams
Cybercriminals Exploit 2026 FIFA World Cup With Phishing, Fake Stores, and Ticket Scams The 2026 FIFA World Cup is not just a celebration of football. For cybercriminals, it is a business opportunity, and they have already gotten to work. Threat actors have been building fake FIFA stores, spinning up phishing pages, and launching purchase scams…
-
Microsoft Warns Claude Code GitHub Action Could Leak CI/CD Workflow Secrets
Microsoft Warns Claude Code GitHub Action Could Leak CI/CD Workflow Secrets AI-powered coding tools are rapidly changing how developers build and ship software. But as these tools enter everyday development pipelines, they are also opening new doors for attackers. A recently uncovered vulnerability in a widely used AI coding assistant shows just how far that…
-
ISC Stormcast For Monday, June 8th, 2026 https://isc.sans.edu/podcastdetail/9962, (Mon, Jun 8th)
ISC Stormcast For Monday, June 8th, 2026 https://isc.sans.edu/podcastdetail/9962, (Mon, Jun 8th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
The Evil MSI Background is Back!, (Fri, Jun 5th)
The Evil MSI Background is Back!, (Fri, Jun 5th) A few months ago, I wrote a diary about a payload that was embedded into a JPEG picture. It was a MSI-branded background[1]. Yesterday, I spotted another one! It seems that the technic is getting more and more popular. This time, it started with a mail…
-
China-Linked Espionage Cluster Deploys Custom ASPX/ASHX Shells on IIS
China-Linked Espionage Cluster Deploys Custom ASPX/ASHX Shells on IIS A previously disclosed China-linked threat cluster, tracked as OP-512, has been observed deploying a purpose-built web shell framework to compromise Internet Information Services (IIS)… Delivered by PolitePaul service Go to gbhackers.com
-
Critical Everest Forms Pro flaw exploited to take over WordPress sites
Critical Everest Forms Pro flaw exploited to take over WordPress sites Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website. […] Bill Toulas Go to bleepingcomputer
-
Instagram Fixes Password Reset Flaw That Exposes User Emails and Phone Numbers
Instagram Fixes Password Reset Flaw That Exposes User Emails and Phone Numbers A critical logic bug in Instagram’s web-based password reset flow on June 6, 2026, exposed unredacted email addresses and phone numbers associated with user accounts, including those belonging to high-profile individuals such as Meta CEO Mark Zuckerberg and model Georgina Rodriguez. Instagram’s parent…
-
CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks
CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel vulnerability, tracked as CVE-2022-0492, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. The issue, categorized as improper authentication, affects Linux…
-
New ChatGPT Lockdown Mode to Mitigate Prompt Injection and Data Exfiltration Attacks
New ChatGPT Lockdown Mode to Mitigate Prompt Injection and Data Exfiltration Attacks OpenAI has released ChatGPT Lockdown Mode, a new security feature designed to limit outbound network access and reduce the risk of data exfiltration from prompt-injection attacks. The feature is now available to eligible personal accounts, self-serve ChatGPT Business users, and managed enterprise workspaces.…
-
Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies
Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies Free apps available on Samsung, LG, Roku, and other major smart TV platforms have been quietly enrolling millions of living room devices into a commercial residential proxy network used to scrape web data for AI training all through a consent…
-
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection…
-
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the AI industry.…
-
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service…
-
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped…
-
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack Microsoft’s GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, per OpenSourceMalware. The development has GitHub…
-
Critical UniFi OS Auth Bypass Flaws Lead to Unauthenticated Root RCE
Critical UniFi OS Auth Bypass Flaws Lead to Unauthenticated Root RCE Ubiquiti has addressed three critical vulnerabilities within the UniFi OS Server that attackers can chain together to achieve unauthenticated remote code execution (RCE) with… Delivered by PolitePaul service Go to gbhackers.com
-
CISA Alerts on Actively Exploited SolarWinds Serv-U Denial-of-Service Flaw
CISA Alerts on Actively Exploited SolarWinds Serv-U Denial-of-Service Flaw The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability in SolarWinds Serv-U to its Known Exploited Vulnerabilities (KEV) catalog…. Delivered by PolitePaul service Go to gbhackers.com
-
Malspam Campaign Abuses DoubleClick to Deploy Stealthy .NET Loader
Malspam Campaign Abuses DoubleClick to Deploy Stealthy .NET Loader A sophisticated new malspam campaign is actively exploiting Google’s DoubleClick ad-tracking infrastructure to bypass enterprise email security gateways. Discovered by researchers at Huntress, the… Delivered by PolitePaul service Go to gbhackers.com
-
UNC3753 Targets US Law Firms with Vishing, RMM Tools, and Physical Break-Ins
UNC3753 Targets US Law Firms with Vishing, RMM Tools, and Physical Break-Ins Threat cluster UNC3753, widely tracked as Silent Ransom Group or Luna Moth, is actively targeting professional, legal, and financial services in the United States…. Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Weaponize Trusted Tools to Deploy Notorious Malware
Hackers Weaponize Trusted Tools to Deploy Notorious Malware Attackers are leaning harder on legitimate, preinstalled, or widely used system tools to deliver and operate notorious malware families, creating a stealthy, high-velocity threat… Delivered by PolitePaul service Go to gbhackers.com
-
Suspicious Polyfill login prompts pop up on Toshiba, Muji websites
Suspicious Polyfill login prompts pop up on Toshiba, Muji websites Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could collect credentials. […] Bill Toulas Go to bleepingcomputer
-
CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. […] Sergiu Gatlan Go to bleepingcomputer
-
Chinese APT deploys new malware to keep access to hacked networks
Chinese APT deploys new malware to keep access to hacked networks A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. […] Bill Toulas Go to bleepingcomputer
-
Dark web Nemesis Market vendor gets 26 years for selling drugs
Dark web Nemesis Market vendor gets 26 years for selling drugs A California man was sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine through Nemesis Market, one of the world’s largest dark web marketplaces. […] Sergiu Gatlan Go to bleepingcomputer
-
Over 900 US gas station tank gauge systems exposed to attacks
Over 900 US gas station tank gauge systems exposed to attacks Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure sectors, have been found exposed online and are vulnerable to ongoing attacks. […] Sergiu Gatlan Go to bleepingcomputer
-
CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks
CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in the wild. Tracked as CVE-2026-28318, the vulnerability affects SolarWinds Serv-U file transfer software and…
-
Top 5 Best Tools for Simulated DDoS Attacks in 2026
Top 5 Best Tools for Simulated DDoS Attacks in 2026 Last year, a botnet hurled 31.4 Tbps of junk traffic at a single target—enough data to stream every Netflix movie at once. The record-shattering flood forced boards, regulators, and cloud teams to ask one question: are we sure our defenses work when the internet turns…
-
Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks
Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks A newly disclosed critical vulnerability in the HuggingFace Transformers library, tracked as CVE-2026-4372, allows attackers to achieve remote code execution (RCE) through malicious model configuration files. The flaw exposes a significant supply chain risk in one of the most widely used machine learning frameworks, impacting…
-
OWASP CVE Lite CLI – New Tool to Scan for Vulnerabilities in Your Projects
OWASP CVE Lite CLI – New Tool to Scan for Vulnerabilities in Your Projects CVE Lite CLI is a free, open-source vulnerability scanner officially recognized as an OWASP Incubator Project, designed to bring dependency security directly into developers’ terminals rather than leaving it buried in CI pipelines. Maintained by Sonu Kapoor and backed by the…
-
Anthropic’s Claude Services Down — claude.ai, Claude Code, and Cowork Affected [Updated]
Anthropic’s Claude Services Down — claude.ai, Claude Code, and Cowork Affected [Updated] Anthropic’s Claude platform suffered a significant service disruption on June 5, 2026, with elevated error rates impacting multiple frontier AI models and key services, including claude.ai, Claude API, Claude Code, and Claude Cowork, raising concerns not just about infrastructure resilience but also about…
-
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types – On-Prem Deployment…
-
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer “scrapes every…
-
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making…
-
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 (where “OP” stands for “opponent”) that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework. ReliaQuest has assessed with moderate to high confidence that…
-
Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver
Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver Eighteen months ago, the AI SOC was a marketing line. Today it’s a budget item. The category has crossed over from interesting to inevitable, with billions of dollars now flowing into AI-powered security operations platforms, agentic…
-
AI Worm
AI Worm Researchers have prototyped an AI-powered internet worm. The coolest thing about the prototype is that it carries its own LLM with it, and runs it on computers that have been broken into. This is the closest to John Brunner’s original 1975 conception of a computer worm that I’ve seen. Bruce Schneier Go to…
-
Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5
Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5 If you’ve ever received an out-of-the-blue message via LinkedIn from a recruiter offering some well-paid consultancy work, intelligence agencies have a message for you: be very careful. Read more in my article on the Hot for Security blog. Graham…
-
Exposed Fuel Tank Gauges Under Attack in the US
Exposed Fuel Tank Gauges Under Attack in the US Threat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption. Nate Nelson Go to gbhackers.com
-
Adaptive, Agentic AI Worms Loom as Next Enterprise Threat
Adaptive, Agentic AI Worms Loom as Next Enterprise Threat AI worms, or “viruses with wings and brains,” adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say. Robert Lemos Go to gbhackers.com
-
Trump AI Order Seeks Voluntary Frontier Model Testing
Trump AI Order Seeks Voluntary Frontier Model Testing The White House’s executive order establishes voluntary framework for early government access to frontier models while investing in federal security. Alexander Culafi Go to gbhackers.com
-
Hugging Face Transformers Security Flaw Allows Remote Code Execution
Hugging Face Transformers Security Flaw Allows Remote Code Execution A critical security flaw in Hugging Face Transformers, tracked as CVE-2026-4372, has exposed millions of machine learning workflows to silent remote code execution (RCE)… Delivered by PolitePaul service Go to gbhackers.com
-
New Gafgyt Variant Targets Linux Systems With Modular Spread Tactics
New Gafgyt Variant Targets Linux Systems With Modular Spread Tactics A new Gafgyt-family botnet, tracked as C0XMO, marks a notable technical shift in IoT malware design: the separation of scanning and propagation into distinct… Delivered by PolitePaul service Go to gbhackers.com
-
Malicious Browser Add-Ons Target Major AI Chatbot Users
Malicious Browser Add-Ons Target Major AI Chatbot Users Malicious browser add-ons are actively harvesting conversations and personal data from users of major AI platforms including ChatGPT, Claude, Copilot, Gemini, and DeepSeek. The threat… Delivered by PolitePaul service Go to gbhackers.com
-
New SHub Stealer Variant Targets Major Browsers and Crypto Wallets
New SHub Stealer Variant Targets Major Browsers and Crypto Wallets Threat actors have resurfaced with an upgraded SHub stealer for macOS, now branded “Reaper,” and they’re using a stealthy distribution trick that should worry… Delivered by PolitePaul service Go to gbhackers.com
-
AI-Powered Worm Leverages Stolen Compute to Target Linux, Windows, and IoT Devices
AI-Powered Worm Leverages Stolen Compute to Target Linux, Windows, and IoT Devices AI-powered malware is moving from theory to reality, with new proof-of-concept worms showing how large language models (LLMs) can autonomously compromise mixed networks of… Delivered by PolitePaul service Go to gbhackers.com
-
Cisco warns of unpatched SD-WAN zero-day exploited in attacks
Cisco warns of unpatched SD-WAN zero-day exploited in attacks On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. […] Sergiu Gatlan Go to bleepingcomputer
-
Brave Software releases Origin for a paid, bloat-free browsing experience
Brave Software releases Origin for a paid, bloat-free browsing experience Brave has announced the public release of Brave Origin, a paid minimalist version of its browser that strips out cryptocurrency, AI, rewards, and other monetization-focused features. […] Lawrence Abrams Go to bleepingcomputer
-
Hola Browser for Windows compromised to deliver cryptominer
Hola Browser for Windows compromised to deliver cryptominer The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. […] Bill Toulas Go to bleepingcomputer
-
Credit card theft campaign abuses Stripe to host stolen payment info
Credit card theft campaign abuses Stripe to host stolen payment info A new Magecart campaign is using Stripe’s API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. […] Bill Toulas Go to bleepingcomputer
-
DentaQuest data breach exposed info of 2.6 million accounts
DentaQuest data breach exposed info of 2.6 million accounts A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts. […] Bill Toulas Go to bleepingcomputer
-
VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore
VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore A new ransomware strain called VECT 2.0 is raising serious concerns among security professionals, and for a troubling reason — even if a victim pays the ransom, the attacker’s own decryptor may not fully restore their files. This is not a typical failure…
-
Cisco SD-WAN Vulnerability Exploited in the Wild to Execute Arbitrary Commands as Root User
Cisco SD-WAN Vulnerability Exploited in the Wild to Execute Arbitrary Commands as Root User Cisco has disclosed a high-severity vulnerability in its Catalyst SD-WAN Manager that is actively being exploited in the wild, allowing attackers to execute arbitrary commands with root privileges. The issue, tracked as CVE-2026-20245, carries a CVSS score of 7.8 and stems…
-
Let’s Encrypt Unveils Merkle Tree Certificates to Secure the Web Against Quantum Threats
Let’s Encrypt Unveils Merkle Tree Certificates to Secure the Web Against Quantum Threats Let’s Encrypt has announced its roadmap for post-quantum Web PKI, centering on a novel approach called Merkle Tree Certificates (MTCs), a design that delivers quantum-resistant authentication without bloating TLS handshakes or breaking the web’s performance expectations. Traditional X.509 certificate chains require significant…
-
Microsoft Edge Vulnerability Allows Remote Attackers to Execute Arbitrary Code
Microsoft Edge Vulnerability Allows Remote Attackers to Execute Arbitrary Code Microsoft has released a security update addressing a critical vulnerability in Microsoft Edge that could allow remote attackers to execute arbitrary code on vulnerable systems. Tracked as CVE-2026-45495 and reported by Orange Tsai of DEVCORE, the flaw carries a CVSS v3 score of 7.5 and…
-
Dashlane Details How Hackers Managed to Download Encrypted Password Vaults
Dashlane Details How Hackers Managed to Download Encrypted Password Vaults Dashlane has disclosed that threat actors successfully brute-forced two-factor authentication (2FA) protections to register unauthorized devices and download encrypted password vaults belonging to fewer than 20 personal plan users, with a completed investigation confirming no broader impact on its internal systems. Beginning Sunday, May 31,…
-
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. “Compromised business servers across the U.S., Europe, and Asia were quietly converted…
-
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco’s PSIRT says it…