no alarms and no surprises please..
-
New Agentjacking Attack Hijacks AI Coding Agents to Execute Malicious Code
New Agentjacking Attack Hijacks AI Coding Agents to Execute Malicious Code A newly disclosed Agentjacking attack class can silently weaponize AI coding agents against the very developers who rely on them, requiring no phishing, no… Delivered by PolitePaul service Go to gbhackers.com
-
Critical Splunk Enterprise Pre-Auth RCE Chain Exposes Databases
Critical Splunk Enterprise Pre-Auth RCE Chain Exposes Databases A critical pre-authentication remote code execution (RCE) vulnerability in Splunk Enterprise has been disclosed, carrying a near-perfect CVSS score of 9.8. Tracked as CVE-2026-20253, the… Delivered by PolitePaul service Go to gbhackers.com
-
Anthropic Blocks Fable 5 and Mythos 5 Following U.S. National Security Directive
Anthropic Blocks Fable 5 and Mythos 5 Following U.S. National Security Directive Anthropic has disabled all access to its Fable 5 and Mythos 5 artificial intelligence models following a sudden export-control directive from the United States… Delivered by PolitePaul service Go to gbhackers.com
-
Malicious 152 Chrome Extensions Caught Spoofing Google Organic Search Traffic
Malicious 152 Chrome Extensions Caught Spoofing Google Organic Search Traffic A massive, coordinated network of 152 malicious Google Chrome browser extensions has been dismantled after researchers caught the operation generating fake organic Google search… Delivered by PolitePaul service Go to gbhackers.com
-
GRU-Linked APT28 Uses MooBot Botnet and Compromised EdgeRouters for Cyber Operations
GRU-Linked APT28 Uses MooBot Botnet and Compromised EdgeRouters for Cyber Operations A notable operational pivot by the GRU-linked intrusion set APT28 (aka Fancy Bear, Sofacy, Forest Blizzard, Pawn Storm) that combines the MooBot botnet and… Delivered by PolitePaul service Go to gbhackers.com
-
US Gov asks Anthropic to ban ‘foreign national’ access to Fable, Mythos
US Gov asks Anthropic to ban ‘foreign national’ access to Fable, Mythos The US government has ordered Anthropic to block all foreign nationals from accessing Fable 5 and Mythos 5, forcing the company to suspend both models worldwide. Anthropic is complying but disputes the basis, calling the cited jailbreak narrow and the capability widely available…
-
Maine disables data breach notification portal after fake disclosures
Maine disables data breach notification portal after fake disclosures Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state’s website, prompting a review of procedures to prevent abuse in the future. […] Lawrence Abrams Go to bleepingcomputer
-
phpBB forum fixes auth bypass bug lurking for a decade
phpBB forum fixes auth bypass bug lurking for a decade A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. […] Bill Toulas Go to bleepingcomputer
-
Ukrainian national pleads guilty to role in Conti ransomware operation
Ukrainian national pleads guilty to role in Conti ransomware operation A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. […] Lawrence Abrams Go to bleepingcomputer
-
Over 400 Arch Linux packages compromised to push rootkit, infostealer
Over 400 Arch Linux packages compromised to push rootkit, infostealer More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. […] Bill Toulas Go to bleepingcomputer
-
Anthropic Fable 5 and Mythos 5 Access Blocked to All Users Following Government Directive
Anthropic Fable 5 and Mythos 5 Access Blocked to All Users Following Government Directive Anthropic has disabled its two most capable AI models, Fable 5 and Mythos 5, after the U.S. government issued an export control directive late on June 12 ordering the company to block access for any foreign national, whether inside or outside…
-
Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks
Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks One of the most persistent hacking groups in the world has found a new way to stay hidden. The threat actor known as Fancy Bear, formally tracked as APT28 and attributed to Russia’s military intelligence unit GRU Unit 26165, has been quietly shifting…
-
Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Traditional Malware Detection
Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Traditional Malware Detection A newly documented phishing campaign is using a legitimate remote management tool to silently take over victims’ computers, without deploying a single line of traditional malware. Researchers have uncovered an active operation targeting Brazilian organizations, where attackers trick employees into installing a real enterprise…
-
Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets
Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets A fresh wave of supply chain attacks is putting blockchain developers, Web3 teams, and cloud engineers at serious risk. Researchers have uncovered a coordinated campaign involving multiple malicious packages on the npm registry, each designed to quietly steal sensitive secrets the moment…
-
Hackers Use OnyxC2 Malware-as-a-Service to Steal Credentials From 210 Applications
Hackers Use OnyxC2 Malware-as-a-Service to Steal Credentials From 210 Applications A new and dangerous credential-stealing tool called OnyxC2 has emerged in the cybercrime underground, showing just how easy it has become for even low-skilled attackers to run a professional hacking operation. Sold as a complete package for $250 a month, the malware gives buyers everything…
-
U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals
U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals Anthropic said on Friday it will “abruptly disable” its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether inside…
-
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets.…
-
Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing
Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing Google on Friday said it’s pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans. The network is said to be behind the development and management of a…
-
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant, says it backdoored the PAM and OpenSSH components…
-
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report…
-
Friday Squid Blogging: Squid-Inspired Fluid Pump
Friday Squid Blogging: Squid-Inspired Fluid Pump This fluid pump was inspired by the way squids propel themselves through the water. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. Bruce Schneier Go to bruce schneier
-
Bernie Sanders’ AI Sovereign Wealth Fund Plan
Bernie Sanders’ AI Sovereign Wealth Fund Plan Let no one accuse Bernie Sanders of ducking the big questions. Writing in the New York Times last week, the senator asked: “Will the future of humanity be determined by a handful of billionaires who have promoted and developed AI, with virtually no democratic input, who stand to…
-
ISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970, (Fri, Jun 12th)
ISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970, (Fri, Jun 12th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Privacy own-goal: World Cup blunder leaks Lionel Messi’s passport details
Privacy own-goal: World Cup blunder leaks Lionel Messi’s passport details Argentina’s World Cup squad had their passport numbers leaked before a ball was kicked – not by hackers, but by someone who failed to redact a document properly. document. It’s a mistake that has been made many times in the past… Read more in my…
-
Silent Ransom Group: what you need to know
Silent Ransom Group: what you need to know Most extortion gangs hide behind a keyboard. Silent Ransom Group will phone your staff pretending to be IT support – and if that fails, send someone to your office in person to plug in a USB stick. Read more in my article on the Fortra blog. Graham…
-
ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed
ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed A major bug in Oracle’s ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data. Nate Nelson Go to gbhackers.com
-
Claude Fable 5 Doesn’t Change the Mythos Security Story
Claude Fable 5 Doesn’t Change the Mythos Security Story Stay cool: Mythos 5 is an upgrade over Mythos Preview while Fable 5 is Mythos “made safe for general use,” Anthropic explained. Alexander Culafi Go to gbhackers.com
-
Hackers Use Typosquatted npm Packages to Target Web3 Projects and Crypto Wallet Operators
Hackers Use Typosquatted npm Packages to Target Web3 Projects and Crypto Wallet Operators Hackers have been using typosquatting npm packages to weaponize the trust Web3 teams place in open-source dependencies, turning routine installs into a path for… Delivered by PolitePaul service Go to gbhackers.com
-
Attackers Can Exploit Microsoft Outlook and Word Flaws to Run Malicious Code
Attackers Can Exploit Microsoft Outlook and Word Flaws to Run Malicious Code Microsoft has disclosed a set of critical remote code execution (RCE) vulnerabilities affecting Outlook and Word that could allow attackers to execute arbitrary code… Delivered by PolitePaul service Go to gbhackers.com
-
Palo Alto PAN-OS Flaw Lets Attackers Run Arbitrary Commands With Root Privileges
Palo Alto PAN-OS Flaw Lets Attackers Run Arbitrary Commands With Root Privileges Palo Alto Networks has released patches for three new PAN-OS vulnerabilities that could allow authenticated administrators or users to execute arbitrary commands with root… Delivered by PolitePaul service Go to gbhackers.com
-
OnyxC2 Stealer Uses Cloudflare-Fronted C2 to Exfiltrate Browser Data and Credentials
OnyxC2 Stealer Uses Cloudflare-Fronted C2 to Exfiltrate Browser Data and Credentials A new commercial-grade information stealer, marketed as OnyxC2, surfaced on cybercrime forums in early 2026 and demonstrates how commodity malware is increasingly packaged as… Delivered by PolitePaul service Go to gbhackers.com
-
Tchap Messenger Hack Exposes Data of Over 73,000 French Government Employees
Tchap Messenger Hack Exposes Data of Over 73,000 French Government Employees A suspected cyberattack targeting Tchap, the secure messaging platform used by French government agencies, has reportedly exposed sensitive data belonging to more than 73,000… Delivered by PolitePaul service Go to gbhackers.com
-
CISA orders feds to patch actively exploited Ivanti flaw by Sunday
CISA orders feds to patch actively exploited Ivanti flaw by Sunday The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. […] Sergiu Gatlan Go to bleepingcomputer
-
Over 73,000 French govt employees affected in Tchap messenger breach
Over 73,000 French govt employees affected in Tchap messenger breach The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. […] Sergiu Gatlan Go to bleepingcomputer
-
Japanese energy firm loses drive with data of 10.9 million clients
Japanese energy firm loses drive with data of 10.9 million clients Kyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. […] Bill Toulas Go to bleepingcomputer
-
Maine breach portal abused to publish fake data breach disclosures
Maine breach portal abused to publish fake data breach disclosures In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine’s official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims. […] Bill Toulas Go to bleepingcomputer
-
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. […] Lawrence Abrams Go to bleepingcomputer
-
Microsoft Outlook and Word Vulnerabilities Allow Attackers to Execute Malicious Code
Microsoft Outlook and Word Vulnerabilities Allow Attackers to Execute Malicious Code Microsoft released critical fixes for three closely related remote code execution (RCE) vulnerabilities in Microsoft Outlook and Word that stem from low‑level memory‑safety flaws in the Word rendering engine and its integration with Outlook Classic. These bugs, tracked as CVE‑2026‑45456, CVE‑2026‑45458, and CVE‑2026‑47635, are…
-
Palo Alto PAN-OS Vulnerability Allows Attackers to Execute Arbitrary Commands as Root User
Palo Alto PAN-OS Vulnerability Allows Attackers to Execute Arbitrary Commands as Root User Palo Alto Networks fixed a new command injection vulnerability in PAN‑OS (CVE-2026-0273) that allows authenticated administrators to execute arbitrary commands as root via the CLI or web management interface. Two related medium‑severity issues in the same advisory window cover CLI privilege escalation…
-
Google Patches 28 Chrome Vulnerabilities that Allow Attackers to Execute Malicious Code
Google Patches 28 Chrome Vulnerabilities that Allow Attackers to Execute Malicious Code Google has released a new Chrome security update addressing 28 vulnerabilities, including several critical flaws that could allow attackers to execute malicious code on affected systems. The latest Stable channel update upgrades Chrome to version 149.0.7827.114/.115 on Windows and macOS, and to 149.0.7827.114…
-
Microsoft Teams for Android Vulnerability Allows Attackers to Disclose Sensitive Data
Microsoft Teams for Android Vulnerability Allows Attackers to Disclose Sensitive Data Microsoft has disclosed a significant security vulnerability in Microsoft Teams for Android that could allow an authenticated attacker to expose sensitive information over a network. The flaw, tracked as CVE-2026-42835, was officially released on June 9, 2026, and has been rated Important in severity.…
-
Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters
Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters Mandiant and Google Threat Intelligence Group (GTIG) have issued a critical warning after identifying an active compromise-and-extortion campaign targeting Oracle PeopleSoft infrastructure, attributed to the notorious threat actor UNC6240, also known as ShinyHunters. The campaign exploited CVE-2026-35273, a critical unauthenticated remote code execution (RCE) vulnerability…
-
OceanLotus: From external espionage to domestic targeting
OceanLotus: From external espionage to domestic targeting A shift in operational pattern of the infamous Vietnam-aligned APT group Go to eset
-
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google’s Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between…
-
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and location pins…
-
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender. “This was an accidental discovery, it took a total of 4 hours to find this,” the researcher…
-
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and…
-
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason is simple. Cybersecurity is full of work that deserves recognition and rarely gets it. Products that…
-
Enhanced License Plate Tracking
Enhanced License Plate Tracking The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers (ALPRs) that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique identifiers of mobile phones, wearables, and other Bluetooth-enabled devices in those…
-
Phishing Attack Volume Down 20%, but Risk Still Rising
Phishing Attack Volume Down 20%, but Risk Still Rising Hackers are valuing quality over quantity, using AI to upgrade their phishing attacks rather than multiplying them. Nate Nelson Go to gbhackers.com
-
Segmentation Works for OT If Operators Are Paying Attention
Segmentation Works for OT If Operators Are Paying Attention Operational technology security remains as difficult as ever, with even the best practice recommendation falling short. Arielle Waldman Go to gbhackers.com
-
Weaponized DMG Files Deliver macOS Infostealer Malware
Weaponized DMG Files Deliver macOS Infostealer Malware A recent surge in macOS-targeted campaigns shows threat actors favoring weaponized disk images (.dmg) as the primary delivery mechanism for infostealer malware. Attackers are… Delivered by PolitePaul service Go to gbhackers.com
-
BLUERABBIT Backdoor Encrypts Files, Wipes Windows Systems
BLUERABBIT Backdoor Encrypts Files, Wipes Windows Systems A new Golang-based backdoor dubbed BLUERABBIT has been observed performing combined data theft, file encryption and destructive disk wiping against Windows hosts. First seen in… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Use Residential Proxies Networks to Evade Detection
Hackers Use Residential Proxies Networks to Evade Detection The impact of residential proxies across our customer base by compiling billions of DNS resolutions and the associated network telemetry. The Kimwolf Botnet inside our enterprise customer… Delivered by PolitePaul service Go to gbhackers.com
-
Cybercriminals Exploit Chinese Guarantee Markets to Sell Stolen Credentials
Cybercriminals Exploit Chinese Guarantee Markets to Sell Stolen Credentials Chinese-language “guarantee” marketplaces hosted mainly on Telegram have become a core conduit for buying, selling, and laundering stolen credentials and a wide range of… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader
Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader Two closely related espionage campaigns targeting Cambodian government organizations that abuse a legitimate VMware-signed binary to sideload a custom loader dubbed NIGHTFORGE, which in… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft fixes BitLocker recovery bug on Windows Server 2025
Microsoft fixes BitLocker recovery bug on Windows Server 2025 Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. […] Sergiu Gatlan Go to bleepingcomputer
-
Nottingham University data breach affects over 450,000 students
Nottingham University data breach affects over 450,000 students The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. […] Sergiu Gatlan Go to bleepingcomputer
-
Max severity Ivanti Sentry vulnerability now exploited in attacks
Max severity Ivanti Sentry vulnerability now exploited in attacks Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. […] Sergiu Gatlan Go to bleepingcomputer
-
Path traversal flaw in AI dev platform Langflow exploited in attacks
Path traversal flaw in AI dev platform Langflow exploited in attacks Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. […] Bill Toulas Go to bleepingcomputer
-
The ‘Miasma’ worm source code briefly leaked on GitHub
The ‘Miasma’ worm source code briefly leaked on GitHub The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. […] Bill Toulas Go to bleepingcomputer
-
China-Linked JDY Botnet Uses 1,500+ SOHO and IoT Devices for Rapid Vulnerability Exploitation
China-Linked JDY Botnet Uses 1,500+ SOHO and IoT Devices for Rapid Vulnerability Exploitation A China-linked network of compromised routers and smart devices has grown into one of the most capable reconnaissance tools tied to a nation-state threat group. Researchers have identified a major resurgence of a botnet known as JDY, which now controls more than…
-
Microsoft Exchange Server 0-Day Vulnerability Exploited in Attacks Using Weaponized Email
Microsoft Exchange Server 0-Day Vulnerability Exploited in Attacks Using Weaponized Email Microsoft has confirmed active exploitation of a new zero‑day spoofing flaw in on‑premises Exchange Server, tracked as CVE‑2026‑42897. The flaw allows attackers to execute arbitrary JavaScript in Outlook Web Access (OWA) simply by sending a weaponized email that a victim opens in a browser.…
-
Ivanti Endpoint Manager Mobile Vulnerability Enables Remote Code Execution Attacks
Ivanti Endpoint Manager Mobile Vulnerability Enables Remote Code Execution Attacks A high-severity vulnerability, CVE-2026-6973, in Ivanti Endpoint Manager Mobile (EPMM) could allow authenticated attackers to achieve remote code execution by injecting malicious Apache configuration directives. The flaw, assigned a CVSS score of 7.2, is classified as a configuration control vulnerability (CWE-15) and affects multiple versions…
-
Anthropic’s Claude Fable 5 Jailbroken to Generate Stack Exploits
Anthropic’s Claude Fable 5 Jailbroken to Generate Stack Exploits Anthropic launched Claude Fable 5 on June 9, 2026, as the first publicly available model in its new Mythos class, its most capable AI to date, excelling in software engineering, knowledge work, and vision benchmarks. Researcher “Pliny the Liberator” defeats Claude Fable 5’s safety classifiers using…
-
Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency
Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency Hackers are turning everyday software searches into a trap. A sophisticated cryptojacking campaign is actively targeting users who search for popular PC utilities online, luring them into downloading malware-laced files that secretly mine cryptocurrency using their own GPU. The attackers have built a network…
-
SMB cyber-readiness: What makes or breaks it
SMB cyber-readiness: What makes or breaks it A company that’s expecting a cyberattack but hasn’t actively prepared for it risks making the hardest decisions at the worst possible moment Go to eset
-
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks GitHub has announced what it said are “breaking changes” coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the “npm install” command…
-
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance Cybersecurity researchers have warned of a “resurgence and expansion” of JDY, a covert network associated with China-nexus state-sponsored threat actors. “The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlled, high-performance scanner used to…
-
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI.…
-
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow…
-
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The list of vulnerabilities is as follows – CVE-2026-20245 (CVSS score: 7.8) – An improper encoding…
-
NSO Group Hacking WhatsApp Despite Court Order
NSO Group Hacking WhatsApp Despite Court Order WhatsApp has caught the NSO Group phishing its users, in violation of a court order. Bruce Schneier Go to bruce schneier
-
ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th)
ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)
How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th) Back in 2023, I wrote a diary[1] discussing how commonly X-Frame-Options and CSP headers containing the frame-ancestors directive were used on 1 million most popular domains on the internet (based on the Tranco list[2]), and how they were…
-
Why schools remain one of cybercriminals’ favourite targets
Why schools remain one of cybercriminals’ favourite targets Schools on both sides of the Atlantic have been revealed in recent days to have been hit by hackers, reminding all of us that ransomware gangs see educational instituions as targets all year round. Read more in my article on the Hot for Security blog. Graham Cluley…
-
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success North Korea’s gross domestic product (GDP) has grown, in part because of the cybercrime gains of groups linked to the nation, which target business and financial firms. Robert Lemos Go to gbhackers.com
-
Weekly Update 507
Weekly Update 507 1,000 breaches is one hell of a milestone. It’s not just the process of getting data, verifying it, loading it, sending notifications etc, it’s all the other stuff that goes into keeping the whole thing afloat. Legal docs. Trademarks. Accounting. Agreements. The most mind-numbingly boring stuff you can imagine happening in the…
-
CISA Rewrites Federal Patching Requirements for AI Threat Era
CISA Rewrites Federal Patching Requirements for AI Threat Era The new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred. Jai Vijayan Go to gbhackers.com
-
Bug Bounty Research Triggers ServiceNow Security Alert
Bug Bounty Research Triggers ServiceNow Security Alert Bug bounty research inadvertently led organizations to believe they were being breached through their ServiceNow instances. Alexander Culafi Go to gbhackers.com
-
Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet
Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft. Elizabeth Montalbano Go to gbhackers.com
-
The Invisible Battlefield: How Cyber War Is Reshaping Everyday Life
The Invisible Battlefield: How Cyber War Is Reshaping Everyday Life Former National Cyber Director Chris Inglis warns that cyber attacks threaten hospitals, utilities and essential services. Chris Inglis Go to gbhackers.com
-
CISA Issues Alert on Actively Exploited Google Chromium Zero-Day Flaw
CISA Issues Alert on Actively Exploited Google Chromium Zero-Day Flaw CISA has issued a new warning about an actively exploited zero-day vulnerability in Google Chromium that could allow attackers to execute arbitrary code through… Delivered by PolitePaul service Go to gbhackers.com
-
Tax Phishing Emails Deliver In-Memory Malware to Windows Systems
Tax Phishing Emails Deliver In-Memory Malware to Windows Systems Cybercriminals are leveraging tax-themed phishing emails to deploy sophisticated in-memory malware on Windows systems, bypassing traditional disk-based detection mechanisms. The attack cascade begins when… Delivered by PolitePaul service Go to gbhackers.com
-
Malicious npm Package ‘dbmux’ Targets Developers
Malicious npm Package ‘dbmux’ Targets Developers Malware was discovered in the npm package dbmux. Any computer with this package installed or running should be considered fully compromised. The GitHub Advisory (GHSA-62wx-5f55-w8g2)… Delivered by PolitePaul service Go to gbhackers.com
-
Windows BitLocker 0-Day Flaw Enables Security Feature Bypass Attacks
Windows BitLocker 0-Day Flaw Enables Security Feature Bypass Attacks Microsoft has disclosed a newly identified zero-day vulnerability in Windows BitLocker that could allow attackers to bypass one of the operating system’s core disk… Delivered by PolitePaul service Go to gbhackers.com
-
Windows Defender Zero-Day “RoguePlanet” Lets Attackers Gain SYSTEM Privileges
Windows Defender Zero-Day “RoguePlanet” Lets Attackers Gain SYSTEM Privileges A newly disclosed zero-day vulnerability dubbed “RoguePlanet” is affecting Microsoft Defender, allowing attackers to escalate privileges and obtain full SYSTEM-level access on vulnerable Windows… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives. […] Sergiu Gatlan Go to bleepingcomputer
-
Ivanti: Max severity Sentry flaw allows code execution as root
Ivanti: Max severity Sentry flaw allows code execution as root Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. […] Sergiu Gatlan Go to bleepingcomputer
-
Anthropic rolls out Claude Fable 5, but it’s available for a limited time
Anthropic rolls out Claude Fable 5, but it’s available for a limited time Anthropic has begun rolling out a new model called “Fable,” which is based on the same underlying model as Mythos, its most powerful AI model class. […] Mayank Parmar Go to bleepingcomputer
-
Microsoft Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
Microsoft Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges A security researcher has released a new Microsoft Defender zero-day exploit named “RoguePlanet” just hours after Microsoft fixed two previously disclosed flaws during June 2026 Patch Tuesday. […] Lawrence Abrams Go to bleepingcomputer
-
ServiceNow discloses security incident exposing customer data
ServiceNow discloses security incident exposing customer data ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances. […] Lawrence Abrams Go to bleepingcomputer
-
Hackers Deploy MLTBackdoor Malware via Multi-Stage ClickFix Infection Chain
Hackers Deploy MLTBackdoor Malware via Multi-Stage ClickFix Infection Chain A newly discovered backdoor malware called MLTBackdoor is making waves in the cybersecurity community after being spotted in a carefully designed, multi-stage attack chain. Identified in May 2026, this threat stands out for its advanced ability to hide from security tools while quietly establishing a deep…
-
Hackers Abuse TikTok and Instagram Reels to Spread Malware via Fake Free Software Tutorials
Hackers Abuse TikTok and Instagram Reels to Spread Malware via Fake Free Software Tutorials Cybercriminals are now turning to short-form video platforms as a new attack surface, using fake software tutorials on TikTok and Instagram Reels to push malware onto unsuspecting users. The tactic is simple but remarkably effective: create polished, convincing videos that promise…
-
Windows BitLocker 0-Day Vulnerability Allows Attackers to Bypass Security Feature
Windows BitLocker 0-Day Vulnerability Allows Attackers to Bypass Security Feature Microsoft disclosed a new Windows BitLocker Security Feature Bypass vulnerability, tracked as CVE-2026-50507, on June 9, 2026, as part of its June Patch Tuesday security release. The flaw, rooted in a protection mechanism failure, allows an unauthorized attacker with physical access to bypass BitLocker Device Encryption…
-
Anthropic Released Claude Fable 5, the First Model in Mythos Class
Anthropic Released Claude Fable 5, the First Model in Mythos Class Anthropic has released Claude Fable 5, the first publicly available model in its new Mythos capability tier, a class powerful enough that the company says it ships with cybersecurity safeguards baked in from day one. Fable 5 sits above the Claude Opus line and…
-
New Windows Defender 0-Day Exploit “RoguePlanet” Grants SYSTEM Access to Attackers
New Windows Defender 0-Day Exploit “RoguePlanet” Grants SYSTEM Access to Attackers A researcher known as Nightmare Eclipse (also tracked as Chaotic Eclipse or Dead Eclipse) has publicly released a new proof-of-concept (PoC) exploit named RoguePlanet, targeting a previously undisclosed race condition vulnerability in Microsoft Windows Defender. When successfully executed, the exploit spawns a command shell…
-
Cybercriminals: the ‘auditors’ you never hired
Cybercriminals: the ‘auditors’ you never hired Every organisation gets audited. The question is who does the auditing. Go to eset