no alarms and no surprises please..
-
Chinese LLMs Broaden the Gap Between Attackers & Defenders
Chinese LLMs Broaden the Gap Between Attackers & Defenders Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried? Robert Lemos Go to gbhackers.com
-
Alibaba Reportedly Bans Claude Code Over Alleged Backdoor Risk in AI Coding Tool
Alibaba Reportedly Bans Claude Code Over Alleged Backdoor Risk in AI Coding Tool Alibaba is reportedly preparing to ban the use of Anthropic’s Claude Code across its internal environments starting July 10. This decision comes in light… Delivered by PolitePaul service Go to gbhackers.com
-
Fake Google and Cloudflare Verification Pages Spread StealC, HijackLoader, and NetSupport Malware
Fake Google and Cloudflare Verification Pages Spread StealC, HijackLoader, and NetSupport Malware Threat actors are currently exploiting sophisticated ClickFix social engineering campaigns that mimic Google and Cloudflare verification systems to distribute several high-impact malware families, including… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Exchange SSRF Vulnerability Lets Low-Privileged Attackers Read Arbitrary Files
Microsoft Exchange SSRF Vulnerability Lets Low-Privileged Attackers Read Arbitrary Files A newly disclosed vulnerability in Microsoft Exchange, identified as CVE-2026-45504 (CVSS score: 8.8), exposes a critical server-side request forgery (SSRF) flaw. This issue allows… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Use Fake API Documentation to Trick AI Agents Into Sending Crypto Payments
Hackers Use Fake API Documentation to Trick AI Agents Into Sending Crypto Payments Hackers are now weaponizing documentation and site metadata to mislead autonomous AI agents into executing cryptocurrency payments. The attack leverages indirect prompt injection (IPI): malicious… Delivered by PolitePaul service Go to gbhackers.com
-
Anthropic Unveils Cyber Jailbreak Severity Framework for Claude Fable 5 Safeguards
Anthropic Unveils Cyber Jailbreak Severity Framework for Claude Fable 5 Safeguards Anthropic has provided detailed technical insights into the cybersecurity safeguards of its redeployed Claude Fable 5 model. Alongside this, they have introduced a proposed… Delivered by PolitePaul service Go to gbhackers.com
-
Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says
Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says Anthropic says Claude Fable 5 won’t be accessible via Claude subscriptions after July 7, but it’s not a permanent change, and the company expects the model to return outside the usage-based plan soon. […] Mayank Parmar Go to bleepingcomputer
-
Claude Fable relaunch disappoints users with nerfed performance
Claude Fable relaunch disappoints users with nerfed performance Claude Fable, the company’s most powerful model, is now available to all users, but early impressions are disappointing, as it appears to be nowhere near the original release. […] Mayank Parmar Go to bleepingcomputer
-
Google loses final appeal to overturn €4.1 billion EU fine
Google loses final appeal to overturn €4.1 billion EU fine Court of Justice of the European Union (CJEU) has dismissed Google’s final appeal against a €4.1 billion ($4.7 billion) antitrust fine over the company’s use of Android to promote its Chrome browser and search service. […] Bill Toulas Go to bleepingcomputer
-
ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. […] Sponsored by Huntress Labs Go to bleepingcomputer
-
Microsoft fixes bug that removed Copilot buttons in Outlook
Microsoft fixes bug that removed Copilot buttons in Outlook Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic) license. […] Sergiu Gatlan Go to bleepingcomputer
-
Multiple WatchGuard Firebox OS Vulnerabilities Enable Arbitrary Code Execution Attacks
Multiple WatchGuard Firebox OS Vulnerabilities Enable Arbitrary Code Execution Attacks Multiple high‑severity vulnerabilities in WatchGuard Firebox devices running Fireware OS could let authenticated attackers execute arbitrary code and take full control of affected appliances. WatchGuard has disclosed three high‑impact vulnerabilities in Fireware OS affecting Firebox firewall appliances, all scored 8.6 under CVSS v4.0 and already…
-
North Korea-Linked Hackers Hide JavaScript Loaders in Open Source Repositories
North Korea-Linked Hackers Hide JavaScript Loaders in Open Source Repositories A new wave of supply chain attacks is spreading across the open source world, and this time the target is developers themselves. Security researchers have uncovered a campaign called PolinRider that hides malicious JavaScript loaders inside trusted code repositories, waiting for unsuspecting developers to run…
-
Microsoft Exchange SSRF Vulnerability Details Released Along With Public PoC Exploit
Microsoft Exchange SSRF Vulnerability Details Released Along With Public PoC Exploit Security researchers from HawkTrace have disclosed technical details of a high-severity server-side request forgery (SSRF) vulnerability in Microsoft Exchange, tracked as CVE-2026-45504. The flaw, which carries a CVSS score of 8.8, allows authenticated, low-privileged users to read arbitrary files from vulnerable Exchange servers, raising…
-
Hacker Used Claude AI to Score Free Tickets to Nearly Every US Music Show
Hacker Used Claude AI to Score Free Tickets to Nearly Every US Music Show A critical unauthenticated SQL injection vulnerability in Front Gate Tickets (FGT), a Live Nation/Ticketmaster subsidiary that powers ticketing for major US festivals including EDC, Bonnaroo, and Outside Lands, allowed full administrative takeover of the platform with help from Anthropic’s Claude AI…
-
Anthropic Details Claude Fable 5 Cybersecurity Safeguards and Jailbreak Framework
Anthropic Details Claude Fable 5 Cybersecurity Safeguards and Jailbreak Framework Anthropic has published detailed technical documentation on the cybersecurity safeguards protecting Claude Fable 5, following the model’s global redeployment. The disclosure covers both the AI’s safety classifier system and a draft framework for grading jailbreak severity, developed in partnership with Glasswing. Fable 5’s safety classifiers…
-
Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices
Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people’s traffic. Working with the FBI, Lumen, and others, Google’s Threat Intelligence Group (GTIG) said this week it had reduced the network’s pool of usable devices by…
-
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. “Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential…
-
ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories
ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one…
-
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that’s designed to gain surreptitious access to a victim’s email correspondence via the Google API. “In this campaign, the attackers focused their attention on corporate email communications hosted on…
-
Identity Lifecycle Management Wasn’t Built for AI Agents
Identity Lifecycle Management Wasn’t Built for AI Agents Identity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals proliferate across enterprise environments, the governance model built for humans develops structural blind spots that traditional IGA tools weren’t designed…
-
Vect and TeamPCP partner for ransomware campaigns
Vect and TeamPCP partner for ransomware campaigns Credentials harvested through supply chain compromises enable large‑scale ransomware deployment Categories: Threat Research Tags: Vect, TeamPCP, Ransomware Go to sophos
-
Cybersecurity Mission Creep in the US
Cybersecurity Mission Creep in the US Interesting paper: “Cybersecurity Mission Creep.” Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social media safety laws, to antitrust regulations, to alleged journalist misconduct, to anti-sex trafficking statutes become what…
-
FBI Seizes NetNut Proxy Platform, Popa Botnet
FBI Seizes NetNut Proxy Platform, Popa Botnet The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity published findings from multiple…
-
The Gentlemen ransomware: what you need to know
The Gentlemen ransomware: what you need to know Who Are The Gentlemen? Despite the impeccably polite name, there is nothing polite or refined about this particular gang of cybercriminals. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs
Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs Improved institutional safeguards and stricter regulations have pushed the burdens of protection and risk reduction on to Australian businesses. Nate Nelson Go to gbhackers.com
-
Apple Reverses Age-Old Patch Policy to Keep Up With AI
Apple Reverses Age-Old Patch Policy to Keep Up With AI Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit. Nate Nelson Go to gbhackers.com
-
FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs
FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs After gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug. Rob Wright Go to gbhackers.com
-
Ransomware Thugs Masquerade as Interpol to Entice Small Biz
Ransomware Thugs Masquerade as Interpol to Entice Small Biz The ransomware campaign relies on basic social engineering and stretches across multiple regions, including the US, Europe, Middle East, and elsewhere. Jai Vijayan Go to gbhackers.com
-
Anthropic’s AI Finds Bugs. IBM Bets $5B It Can Fix Them.
Anthropic’s AI Finds Bugs. IBM Bets $5B It Can Fix Them. IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic’s Mythos findings ignite debate over how to secure the open-source software supply chain. Jeffrey Schwartz Go to gbhackers.com
-
Hackers Use Geofenced Webpages to Deliver Ousaban Banking Trojan in Spain and Portugal
Hackers Use Geofenced Webpages to Deliver Ousaban Banking Trojan in Spain and Portugal A targeted phishing campaign delivering the Ousaban banking Trojan to users in Spain and Portugal, notable for its use of geofenced webpages, layered evasion… Delivered by PolitePaul service Go to gbhackers.com
-
JetBrains Patches Critical Hub Authentication Bypass and Account Takeover Vulnerabilities
JetBrains Patches Critical Hub Authentication Bypass and Account Takeover Vulnerabilities JetBrains has released patches for several critical vulnerabilities in JetBrains Hub that could allow for full authentication bypass, account takeover, and unauthorized privilege escalation… Delivered by PolitePaul service Go to gbhackers.com
-
ValleyRAT Uses RC4 Encryption, Donut Shellcode, and rundll32 Injection for Stealth
ValleyRAT Uses RC4 Encryption, Donut Shellcode, and rundll32 Injection for Stealth A recent surge in ValleyRAT activity that combines RC4-encrypted payloads, Donut-generated shellcode, and in-memory execution via suspended rundll32 processes to evade detection. First named… Delivered by PolitePaul service Go to gbhackers.com
-
Apple Hide My Email Vulnerability Lets Attackers Reveal Users’ Real Email Addresses
Apple Hide My Email Vulnerability Lets Attackers Reveal Users’ Real Email Addresses Apple’s Hide My Email privacy feature currently faces a significant flaw that may expose users’ real email addresses, compromising one of iCloud+’s core anonymity… Delivered by PolitePaul service Go to gbhackers.com
-
JADEPUFFER Agentic Ransomware Uses LLM to Automate Database Extortion
JADEPUFFER Agentic Ransomware Uses LLM to Automate Database Extortion The first instance of agentic ransomware: JADEPUFFER, an LLM-driven extortion operation that automated an end-to-end database-crippling campaign. The actor gained execution on an internet-facing… Delivered by PolitePaul service Go to gbhackers.com
-
Alleged Scattered Spider hacker extradited to the United States
Alleged Scattered Spider hacker extradited to the United States A dual United States and Estonian citizen has been extradited to the U.S. to face charges alleging he was a member of the Scattered Spider hacking collective. […] Sergiu Gatlan Go to bleepingcomputer
-
Medtronic notifies customers impacted by ShinyHunters data breach
Medtronic notifies customers impacted by ShinyHunters data breach Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. […] Bill Toulas Go to bleepingcomputer
-
FortiBleed credential-theft campaign linked to Lynx ransomware
FortiBleed credential-theft campaign linked to Lynx ransomware The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions. […] Lawrence Abrams Go to bleepingcomputer
-
Kubota says hackers had month-long access to network systems
Kubota says hackers had month-long access to network systems Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year. […] Bill Toulas Go to bleepingcomputer
-
New ChocoPoC malware targets researchers via trojanized PoC exploits
New ChocoPoC malware targets researchers via trojanized PoC exploits Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a campaign believed to target cybersecurity researchers. […] Bill Toulas Go to bleepingcomputer
-
CISA Warns of Microsoft SharePoint Server Code Execution Vulnerability Exploited in Attacks
CISA Warns of Microsoft SharePoint Server Code Execution Vulnerability Exploited in Attacks CISA has added a newly disclosed Microsoft SharePoint Server vulnerability, tracked as CVE-2026-45659, to its Known Exploited Vulnerabilities (KEV) Catalog, warning that the flaw is actively being exploited in real-world attacks. The vulnerability is a deserialization of untrusted data issue (CWE-502) that allows…
-
Browser-Only Ransomware Abuses Chrome File System Access API to Encrypt Android Photos
Browser-Only Ransomware Abuses Chrome File System Access API to Encrypt Android Photos A new ransomware technique can now run entirely inside a web browser, with no app installation or root access required. It targets Android photo directories by abusing a legitimate Chrome feature meant for photo editing. The attack begins with something as simple as…
-
Multiple ClamAV Vulnerabilities Allow Remote Attacker to Cause a DoS Condition
Multiple ClamAV Vulnerabilities Allow Remote Attacker to Cause a DoS Condition Multiple high-severity vulnerabilities in Cisco’s ClamAV engine allow remote attackers to crash the antivirus scanning process, causing a denial-of-service (DoS) on affected Cisco Secure Endpoint Connector deployments. The flaws affect Windows, Linux, and macOS, with the highest impact on Windows, where they are rated…
-
Medtronic Confirms Data Breach – Hackers Gained Access to Corporate IT Systems
Medtronic Confirms Data Breach – Hackers Gained Access to Corporate IT Systems Medical technology giant Medtronic Inc. has disclosed a cybersecurity incident involving unauthorized access to its corporate IT systems, potentially affecting sensitive personal and health-related information of patients using Medtronic medical devices. Medtronic detected unusual activity in certain corporate IT systems on April 15,…
-
WinRAR 7.23 Fixes Heap Overflow Vulnerability that Leads to Application Crashes
WinRAR 7.23 Fixes Heap Overflow Vulnerability that Leads to Application Crashes WinRAR 7.23 addresses a newly disclosed heap overflow vulnerability in the RAR5 recovery volume processing code, tracked as CVE-2026-14191. Closing a memory-corruption flaw that could be triggered by malicious recovery volume (.rev) data and potentially lead to application crashes or further exploitation. WinRAR 7.23…
-
SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution…
-
Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters
Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component’s internal network port. Synacktiv, which found the bug, says it can…
-
19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges
19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1. Peter Stokes, 19, a dual U.S. and Estonian citizen, appeared in a…
-
SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT
SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT Unknown threat actors are leveraging the ScreenConnect remote access tool as a way to deploy and execute AsyncRAT. Kaspersky said the activity is part of a “massive, multi-domain, multi-language” campaign that distributes malicious installer archives hosted on spoofed websites. These installers masquerade as popular software like OBS…
-
VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer
VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEIL#DROP by Securonix. It’s suspected that the initial payloads are distributed either via spear-phishing or…
-
Papa Johns Surveillance-Based Advertising
Papa Johns Surveillance-Based Advertising Papa Johns is spying on people’s buying activities to predict when they are low on food: The pizza chain recently tapped NBCUniversal, Instacart and the dentsu-owned media agency Carat for help reaching consumers when they’re low on groceries—and thus more likely to be swayed by a mouth-watering ad. The idea is…
-
ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd)
ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Why Ask Credentials If There Are Secret Codes?, (Wed, Jul 1st)
Why Ask Credentials If There Are Secret Codes?, (Wed, Jul 1st) This morning, an interesting phishing email hit my mailbox. It targets Metamask[1], a cryptocurrency wallet, available as a browser extension and a mobile app, that lets users store, send, and receive crypto money. It’s pretty popular, so a juicy target for criminals. In February,…
-
ISC Stormcast For Wednesday, July 1st, 2026 https://isc.sans.edu/podcastdetail/9990, (Wed, Jul 1st)
ISC Stormcast For Wednesday, July 1st, 2026 https://isc.sans.edu/podcastdetail/9990, (Wed, Jul 1st) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
June 2026 Apple Updates, (Tue, Jun 30th)
June 2026 Apple Updates, (Tue, Jun 30th) Apple released updates for iOS/iPadOS, macOS, and Safari on Monday. There have been no updates for other Apple operating systems (visionOS, watchOS, tvOS). Usually, Apple updates all products at the same time. Most of the vulnerabilities affect the web browser (WebKit, libxslt, WebRTC, and Web Extension). Only four…
-
ISC Stormcast For Tuesday, June 30th, 2026 https://isc.sans.edu/podcastdetail/9988, (Tue, Jun 30th)
ISC Stormcast For Tuesday, June 30th, 2026 https://isc.sans.edu/podcastdetail/9988, (Tue, Jun 30th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Smashing Security podcast #474: Polymarket can predict the future. So how did it miss this hack?
Smashing Security podcast #474: Polymarket can predict the future. So how did it miss this hack? Polymarket has built an entire business on predicting the future. So how did it manage to spectacularly fail to predict its own hack? Plus, the Google engineer with a million-dollar secret, and the curious case of the airport hairdryer.…
-
Crafty Phishing Campaigns Auto-Adapt to Victim’s Device, OS
Crafty Phishing Campaigns Auto-Adapt to Victim’s Device, OS Attackers fingerprint victims through user-agent data to deliver OS-specific payloads, increasing compromise rates and campaign profitability. Alexander Culafi Go to gbhackers.com
-
And the Winner in Dominant Malware Delivery? ClickFix
And the Winner in Dominant Malware Delivery? ClickFix Researchers say the highly effective social engineering technique is no longer the exception for malware attacks — it’s now the rule. Rob Wright Go to gbhackers.com
-
‘Phantom Squatting’: An Emerging AI-Driven Supply Chain Threat
‘Phantom Squatting’: An Emerging AI-Driven Supply Chain Threat LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect attack vector. Elizabeth Montalbano Go to gbhackers.com
-
Safe Events Start With Threat Intel and Digital Security
Safe Events Start With Threat Intel and Digital Security Planning ahead to defend against cyber threats is the work that keeps events uneventful. Olga Polishchuk Go to gbhackers.com
-
The Gentlemen Ransomware Targets Large Corporations and Critical Infrastructure Worldwide
The Gentlemen Ransomware Targets Large Corporations and Critical Infrastructure Worldwide The Gentlemen ransomware group has emerged in 2026 as a highly adaptive and technically sophisticated ransomware-as-a-service (RaaS) operation targeting large corporations and critical infrastructure… Delivered by PolitePaul service Go to gbhackers.com
-
RedLine Infostealer Thread Reveals Hidden Maritime Phishing and BEC Infrastructure
RedLine Infostealer Thread Reveals Hidden Maritime Phishing and BEC Infrastructure A routine threat-feed alert for a RedLine Stealer command-and-control (C2) IP morphed into a full-scale pivot investigation that exposed a tailored maritime spear‑phishing and… Delivered by PolitePaul service Go to gbhackers.com
-
Fluentd Security Flaws Enable Remote Code Execution, SSRF, DoS, and Credential Exposure
Fluentd Security Flaws Enable Remote Code Execution, SSRF, DoS, and Credential Exposure Fluentd, a widely used open-source data collector for unified logging, has reported several high-impact vulnerabilities that could enable attackers to achieve remote code execution… Delivered by PolitePaul service Go to gbhackers.com
-
New RustDuck Botnet Targets IoT Devices and Servers With Weak Passwords and RCE Exploits
New RustDuck Botnet Targets IoT Devices and Servers With Weak Passwords and RCE Exploits A sophisticated new botnet family dubbed RustDuck emerged in early 2026, leveraging a two-stage Loader and Core architecture to compromise IoT devices, routers, and… Delivered by PolitePaul service Go to gbhackers.com
-
Glitch SPY RAT Abuses Android Accessibility Service for Full Device Control
Glitch SPY RAT Abuses Android Accessibility Service for Full Device Control An emerging Android remote-access trojan platform, tracked as Glitch SPY, that leverages a fraudulent Polish apartment-rental website to trick victims into sideloading a malicious… Delivered by PolitePaul service Go to gbhackers.com
-
Amazon fined $2.25M for withholding evidence from fraud victims
Amazon fined $2.25M for withholding evidence from fraud victims The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims’ access to transaction records. […] Sergiu Gatlan Go to bleepingcomputer
-
Adobe patches seven max severity ColdFusion, Campaign flaws
Adobe patches seven max severity ColdFusion, Campaign flaws Adobe has released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic marketing automation platform. […] Sergiu Gatlan Go to bleepingcomputer
-
Anthropic to restore Claude Fable access on Wednesday
Anthropic to restore Claude Fable access on Wednesday Anthropic has confirmed that the Department of Commerce has lifted export controls on Claude’s two most powerful models, Fable 5 and Mythos 5. […] Mayank Parmar Go to bleepingcomputer
-
Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price
Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price Anthropic is now rolling out Sonnet 5, and it’s almost as good as the Opus range, but it is designed to be cheaper than the company’s flagship model. […] Mayank Parmar Go to bleepingcomputer
-
New BioShocking attack manipulates AI browser into data theft
New BioShocking attack manipulates AI browser into data theft A new prompt injection attack dubbed “BioShocking” could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails. […] Bill Toulas Go to bleepingcomputer
-
Chrome Update Fixes 382 Vulnerabilities, Including 15 Critical Ones – Update Now!
Chrome Update Fixes 382 Vulnerabilities, Including 15 Critical Ones – Update Now! Chrome 151’s latest stable-channel update delivers patches for 382 security vulnerabilities, including 15 critical bugs that can be weaponized for remote code execution and full browser compromise if left unpatched. Google is rolling this update out for Windows, macOS, Linux, and Chrome for…
-
Multiple Apache Tomcat Vulnerabilities Allow Attackers to Bypass Authentication
Multiple Apache Tomcat Vulnerabilities Allow Attackers to Bypass Authentication The Apache Software Foundation has disclosed two vulnerabilities affecting Apache Tomcat that could allow attackers to bypass authentication and security constraints protecting web applications. The flaws, tracked as CVE-2026-55957 and CVE-2026-55956, impact multiple major versions of the widely deployed servlet container, prompting urgent upgrade recommendations across…
-
U.S. Lifts Export Controls on Claude Fable 5 and Mythos 5
U.S. Lifts Export Controls on Claude Fable 5 and Mythos 5 The U.S. Department of Commerce has formally withdrawn export control restrictions on Anthropic’s Claude Fable 5 and Mythos 5 AI models, ending an 18-day standoff that had blocked global access to the company’s most advanced systems. In a letter dated June 30, 2026, Commerce…
-
Anthropic’s Claude Code Reportedly Uses Hidden Code to Detect Chinese Users
Anthropic’s Claude Code Reportedly Uses Hidden Code to Detect Chinese Users A Reddit disclosure has ignited a serious debate about developer trust and covert surveillance, alleging that Anthropic embedded undisclosed detection logic inside its Claude Code CLI tool, specifically targeting users in China or those routing traffic through Chinese AI lab proxies. A Reddit user…
-
Microsoft Teams’ New Feature Blocks Bots from Joining Meetings
Microsoft Teams’ New Feature Blocks Bots from Joining Meetings Microsoft has rolled out a new bot protection capability in Microsoft Teams that gives IT administrators and meeting organizers greater control over external bots attempting to join meetings, a move designed to address growing privacy and security concerns around AI-powered meeting tools. As AI note-taking bots…
-
This month in security with Tony Anscombe – June 2026 edition
This month in security with Tony Anscombe – June 2026 edition Three-day patching deadlines, exposed fuel-tank systems, scams costing billions of dollars, and social media bans for children all gave Tony plenty to unpack in June 2026 Go to eset
-
Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts
Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts Cybersecurity researchers have warned of a “massive, ongoing, automated password spray attack” aimed at Microsoft’s Azure command-line interface (CLI), compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address range (2a0a:d683::/32) controlled by internet infrastructure provider…
-
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery ClickFix, the trick that fools people into running malware by hand, has quietly grown a back office. New research shows the malicious commands behind its fake “prove you’re human” pages are now handed out by API-driven servers that give each visitor the same malware in…
-
Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service
Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-service (DoS) condition. The vulnerabilities are listed below…
-
Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data
Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data New Microsoft research shows how attackers can hijack AI agents that act on a user’s behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider. The trick is that the agent never breaks a…
-
RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS
RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline. Researchers at QiAnXin’s XLab have tracked it since February 2026, and say…
-
The Realities of AI Video Surveillance
The Realities of AI Video Surveillance The Financial Times has a good article on how AI is changing the capabilities of video surveillance, with information from both Israel/Iran and Russia. I wrote about this sort of thing a few years ago, how AI enables mass spying in the way that computers and networks enabled mass…
-
Scammers race to cash in on Venezuelan earthquake disaster
Scammers race to cash in on Venezuelan earthquake disaster Scammers wasted no time exploiting Venezuela’s devastating earthquake, with researchers uncovering 212 newly-registered relief-themed domains in just five days. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
USB drives carrying China-linked malware infected Japanese military networks for nearly a year
USB drives carrying China-linked malware infected Japanese military networks for nearly a year Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
China-Linked Group Targets Southeast Asia Critical Systems
China-Linked Group Targets Southeast Asia Critical Systems The group compromised at least 10 regional organizations, including two state-owned entities, and deployed a new backdoor. Robert Lemos Go to gbhackers.com
-
Weekly Update 510: Live From Mallorca with Scott Helme
Weekly Update 510: Live From Mallorca with Scott Helme How’s the view?! Back to business, it’s now 8 years ago that Scott and I thought it would be a cool idea to build Why no HTTPS? We used the site to shame companies for not implementing their transport later security property, and to make it…
-
Fake Bug Report Hijacks AI Coding Agents at Scale
Fake Bug Report Hijacks AI Coding Agents at Scale “Agentjacking” is the latest demonstration of how easily attackers can exploit an AI agent’s inability to differentiate between content and instructions. Jai Vijayan Go to gbhackers.com
-
Attackers Hijack Exposed AI Endpoints to Power Offensive Ops
Attackers Hijack Exposed AI Endpoints to Power Offensive Ops Attackers don’t need any special authentication to reach a target endpoint — they just need to know where it is. Alexander Culafi Go to gbhackers.com
-
Why Identity Security Is Your Cyber Career Entry Point
Why Identity Security Is Your Cyber Career Entry Point As AI reshapes cybersecurity workflows, John Paul Cunningham, CISO at SIlverfort, says the technology is creating opportunities rather than eliminating jobs — and there are more ways than ever to break into the essential field. Kristina Beek Go to gbhackers.com
-
Phishers Gain Persistence at EU, Asia Hospitality Orgs
Phishers Gain Persistence at EU, Asia Hospitality Orgs Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse. Elizabeth Montalbano Go to gbhackers.com
-
AI-Generated Workflows Are a Silent Security Disaster
AI-Generated Workflows Are a Silent Security Disaster Teams are dealing with a truly dangerous problem — automation that works, but that no one understands. Yelena Mujibur Sheikh Go to gbhackers.com
-
NIST Enrichment Reductions Impact CVE Coverage, Accuracy
NIST Enrichment Reductions Impact CVE Coverage, Accuracy The National Institute of Standards and Technology (NIST) scaled back on the number of CVEs it selects for in-depth analysis, but the move has produced mixed results, according to researchers. Rob Wright Go to gbhackers.com
-
Kali Linux 2026.2 Release With new Hacking Tool and With Updated Desktop Environments
Kali Linux 2026.2 Release With new Hacking Tool and With Updated Desktop Environments Kali Linux 2026.2 arrives on schedule in the final week of Q2 with a pragmatic blend of desktop environment refreshes, infrastructure hardening, and practical… Delivered by PolitePaul service Go to gbhackers.com
-
Boss Scam Uses DLL Sideloading to Hijack WhatsApp Web and Defraud Enterprises
Boss Scam Uses DLL Sideloading to Hijack WhatsApp Web and Defraud Enterprises The new “Boss Scam” is a sharp escalation in CEO fraud: attackers now combine impersonation, Windows DLL sideloading, and WhatsApp Web session theft to… Delivered by PolitePaul service Go to gbhackers.com
-
Japan Hotel Industry Targeted With TONResolver RAT and Guest Complaint Phishing Emails
Japan Hotel Industry Targeted With TONResolver RAT and Guest Complaint Phishing Emails Japan’s hotel sector is the latest target of a sophisticated phishing and remote-access trojan (RAT) campaign that leverages guest-complaint lures and an unusual resilience… Delivered by PolitePaul service Go to gbhackers.com
-
Mustang Panda Targets India’s Government and Energy Sectors With ZOHOMURK and MINIRECON
Mustang Panda Targets India’s Government and Energy Sectors With ZOHOMURK and MINIRECON Two concurrent espionage campaigns by Mustang Panda targeting Indian government and energy-sector organisations, deploying a novel malware suite that includes SHARDLOADER, MINIRECON and ZOHOMURK…. Delivered by PolitePaul service Go to gbhackers.com
-
Malicious Chromium Extension Spoofs Perplexity AI to Hijack Browser Searches
Malicious Chromium Extension Spoofs Perplexity AI to Hijack Browser Searches A malicious Chromium extension that impersonated the Perplexity AI brand to intercept browser searches and capture keystrokes before delivering users to legitimate search results…. Delivered by PolitePaul service Go to gbhackers.com
-
Kali Linux 2026.2 released with 9 new tools, NetHunter updates
Kali Linux 2026.2 released with 9 new tools, NetHunter updates Kali Linux 2026.2, the second release of the year, is now available for download, featuring 9 new tools and numerous Kali NetHunter improvements. […] Sergiu Gatlan Go to bleepingcomputer
-
Blackfield ransomware asks Nidec Corporation for $2 million ransom
Blackfield ransomware asks Nidec Corporation for $2 million ransom The Blackfield ransomware gang is asking for a $2 million ransom from Nidec Corporation, a large Japanese manufacturer of electronic components for automotive and computing applications. […] Bill Toulas Go to bleepingcomputer