no alarms and no surprises please..
-
Salesforce Data Thefts Continue via Klue App Compromise
Salesforce Data Thefts Continue via Klue App Compromise Klue’s Battlecards is now the third integrated application that has been compromised to steal customers’ Salesforce data, and victims include Huntress, the cybersecurity vendor. Rob Wright Go to gbhackers.com
-
Get Out of Security Debt by Tackling the Exposure Problem
Get Out of Security Debt by Tackling the Exposure Problem Teams digging out of security debt need to answer only two simple questions: Which vulnerabilities in our systems are exposed, and how long should they stay that way? Chris Wysopal Go to gbhackers.com
-
Hackers Could Abuse SQL Server 2025 AI Features to Steal Sensitive Data
Hackers Could Abuse SQL Server 2025 AI Features to Steal Sensitive Data A new security analysis has revealed that Microsoft SQL Server 2025’s native AI capabilities can be repurposed by attackers to stealthily exfiltrate sensitive data… Delivered by PolitePaul service Go to gbhackers.com
-
Windows 11 June Patch Triggers Microsoft Office Startup Issues
Windows 11 June Patch Triggers Microsoft Office Startup Issues Microsoft’s June 2026 cumulative update for Windows 11 (KB5095051, OS Build 28000.2269) introduces an unexpected application compatibility issue that may disrupt enterprise workflows, as… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Exploit WordPress SMTP Plugin With 100,000+ Installs to Steal Sensitive Data
Hackers Exploit WordPress SMTP Plugin With 100,000+ Installs to Steal Sensitive Data Threat actors are actively exploiting a critical security flaw in the widely used Gravity SMTP WordPress plugin to extract sensitive configuration data, including API… Delivered by PolitePaul service Go to gbhackers.com
-
Splunk AI Toolkit Vulnerability Allows Arbitrary OS Command Execution
Splunk AI Toolkit Vulnerability Allows Arbitrary OS Command Execution Splunk has disclosed a critical security vulnerability in its AI Toolkit that could allow authenticated administrators to execute arbitrary operating system commands on affected… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Confirms RoguePlanet Zero-Day Exploit Targeting Defender
Microsoft Confirms RoguePlanet Zero-Day Exploit Targeting Defender Microsoft has confirmed a newly disclosed zero-day vulnerability, tracked as CVE-2026-50656, affecting Microsoft Defender, following the public release of a proof-of-concept (PoC) exploit dubbed… Delivered by PolitePaul service Go to gbhackers.com
-
Leak confirms OpenAI is testing a ChatGPT for Science subscription
Leak confirms OpenAI is testing a ChatGPT for Science subscription OpenAI appears to be testing a new subscription and experience for science use cases, but it’s unclear if it’ll be available to everyone regardless of their background. […] Mayank Parmar Go to bleepingcomputer
-
Google to use UK and EU user IP addresses for ad personalization
Google to use UK and EU user IP addresses for ad personalization From August 3, 2026, Google will use IP addresses from UK, EEA and Switzerland users for ad measurement and personalization. It lands as the ICO weighs new consent rules, and years after Google itself called using such signals to identify devices “wrong.” […]…
-
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. A newly discovered data leak dubbed “FortiBleed” has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. […] Lawrence Abrams Go to bleepingcomputer
-
Why Account Takeovers Are Rising and How to Stop Them
Why Account Takeovers Are Rising and How to Stop Them Account takeovers are rising as attackers bypass traditional defenses through phishing, session hijacking, and MFA fatigue. Specops Software explores how device trust and continuous verification help reduce account takeover risk. […] Sponsored by Specops Software Go to bleepingcomputer
-
India’s Telegram ban hit the UAE too. Here’s how to get around it
India’s Telegram ban hit the UAE too. Here’s how to get around it India has banned Telegram until June 22 after the app was used to circulate leaked exam papers. CEO Pavel Durov accuses telecom Reliance of BGP hijacking that disrupted the app as far away as the UAE. Here’s what happened, and how to…
-
Microsoft Confirms Defender RoguePlanet 0-Day Exploit and Working to Release Patch
Microsoft Confirms Defender RoguePlanet 0-Day Exploit and Working to Release Patch Microsoft has officially acknowledged a critical zero-day vulnerability in Microsoft Defender, publicly dubbed “RoguePlanet,” and confirmed it is actively developing a security patch to address the flaw. Tracked as CVE-2026-50656, the vulnerability was formally published on June 16, 2026, by the Microsoft Security Response…
-
Google Cloud Vertex AI Allows Attacker to Hijack Victim’s Model and Poison it
Google Cloud Vertex AI Allows Attacker to Hijack Victim’s Model and Poison it A newly disclosed vulnerability in Google Cloud Vertex AI could have allowed attackers to hijack machine learning model uploads and execute malicious code in victim environments, according to research shared with Google under responsible disclosure. The issue affects the Vertex AI Python…
-
GitBait Phishing Campaign Abuses GitHub Pages to Attack Financial Institutions
GitBait Phishing Campaign Abuses GitHub Pages to Attack Financial Institutions A sophisticated phishing campaign called “GitBait” has been caught targeting Mexico’s financial sector with a level of precision rarely seen in credential-theft operations. The campaign abuses GitHub Pages, a widely trusted free hosting service, to deliver fake banking portals that look nearly identical to the…
-
Hackers Abuse Cloud Logging Services to Evade Detection and Defender’s Visibility
Hackers Abuse Cloud Logging Services to Evade Detection and Defender’s Visibility Threat actors are increasingly targeting cloud logging services to evade detection and maintain persistent visibility into compromised environments, according to recent research by Palo Alto Networks Unit 42. These services, designed as a critical security layer, are now being weaponized to create blind spots…
-
SpyCloud Report Finds Phishing Attacks Surge as Employee Data Is Exposed at 86% of Fortune 100 Companies
SpyCloud Report Finds Phishing Attacks Surge as Employee Data Is Exposed at 86% of Fortune 100 Companies Austin, TX, USA, June 17th, 2026, CyberNewswire New SpyCloud research highlights the expansion of phishing attacks as AI and phishing-as-a-service fuel enterprise targeting. SpyCloud, the leader in identity threat protection, today released its 2026 Phishing Pulse Report, revealing…
-
Protecting legacy OT systems against modern cyberthreats
Protecting legacy OT systems against modern cyberthreats Many manufacturing plants depend on OT systems that stay in service for many years. That long run can hide significant cybersecurity risks. Go to eset
-
EU Gets a Head Start in Developing 6G Network Security
EU Gets a Head Start in Developing 6G Network Security “Shield-6G” will combine AI threat detection, digital twins, honeypots, and more, to help carriers protect 6G networks against the threats of tomorrow. Nate Nelson Go to gbhackers.com
-
Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments
Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phishing page…
-
Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development Microsoft has formally disclosed that it’s working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a privilege escalation flaw. “Microsoft is aware…
-
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim’s…
-
Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization
Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization For security teams, the findings never stop, but confidence in knowing which ones matter is becoming harder to maintain. The problem is no longer visibility. It’s validation. Security teams must decide which findings warrant action while operating under constant pressure and incomplete information. Increasingly, the challenge…
-
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats Cybersecurity researchers have flagged a “coordinated malware campaign” on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys. “Every plugin poses as an AI coding assistant built on DeepSeek and other…
-
AI in the underground: Curiosity, claims, and concerns
AI in the underground: Curiosity, claims, and concerns Amid discussions about how artificial intelligence can facilitate cybercrime, some threat actors remain skeptical Categories: Threat Research Tags: AI, Dark Web, underground Go to sophos
-
AI Use by the US Government
AI Use by the US Government On 14 April, the Trump administration quietly acknowledged the widespread use of AI to automate government processes. The office of management and budget (OMB) disclosed a staggering 3,611 active or planned use cases for AI across the federal government. The list has ballooned by 70% from the one published…
-
ISC Stormcast For Thursday, June 18th, 2026 https://isc.sans.edu/podcastdetail/9978, (Thu, Jun 18th)
ISC Stormcast For Thursday, June 18th, 2026 https://isc.sans.edu/podcastdetail/9978, (Thu, Jun 18th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th)
The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th) [This is a Guest Diary by Adam Nason, an ISC intern as part of the SANS.edu BACS program] Brute force SSH attacks are an ever-present threat on the internet today. We examine probing behavior over the last…
-
The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary], (Wed, Jun 17th)
The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary], (Wed, Jun 17th) [This is a guest diary submitted by Varun Murdula] SUMMARY CASB block policies rely on inspecting TCP traffic. QUIC, the protocol powering HTTP/3, runs over UDP, a protocol most CASBs cannot inspect. The…
-
ISC Stormcast For Wednesday, June 17th, 2026 https://isc.sans.edu/podcastdetail/9976, (Wed, Jun 17th)
ISC Stormcast For Wednesday, June 17th, 2026 https://isc.sans.edu/podcastdetail/9976, (Wed, Jun 17th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
From a VHDX File to a Remcos RAT, (Tue, Jun 16th)
From a VHDX File to a Remcos RAT, (Tue, Jun 16th) Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094[1]). Once unzipped, it contains a VHDX file that discloses a malicious JavaScript after being mounted (which is automatic on modern Windows OSs): Two different techniques to hide the payload help to bypass most first-line…
-
Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed
Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed What if your AI coding assistant could be tricked into stealing your own company’s secrets – by reading a single booby-trapped bug report? No phishing email. No malware. No password ever stolen. Just an AI doing exactly what it was told. Meanwhile, someone themselves…
-
INC Ransomware Thrives by Mastering the Basics
INC Ransomware Thrives by Mastering the Basics And one of those basics is focusing on sectors where a ransomware disruption creates immediate pressure to pay up, like with healthcare. Alexander Culafi Go to gbhackers.com
-
Sweeping Credential-Harvesting Heist Compromises +30K Fortinet Devices
Sweeping Credential-Harvesting Heist Compromises +30K Fortinet Devices Attackers actively are targeting various sectors across nearly 200 countries and have already compiled a list of working credentials for tens of thousands of compromised devices Elizabeth Montalbano Go to gbhackers.com
-
Attackers Exploit Cloud Logging Platforms to Hide Malicious Activity
Attackers Exploit Cloud Logging Platforms to Hide Malicious Activity Attackers are increasingly targeting cloud logging platforms to evade detection and maintain persistent visibility into compromised environments. The report highlights how critical services such as… Delivered by PolitePaul service Go to gbhackers.com
-
SprySOCKS Windows Backdoor Uses Kernel Driver to Hide Processes, Files, and Network Traffic
SprySOCKS Windows Backdoor Uses Kernel Driver to Hide Processes, Files, and Network Traffic Windows variants of SprySOCKS, a backdoor long associated with FishMonger (aka Earth Lusca/TAG-22), expanding a toolset that was until now Linux-only. The two Windows… Delivered by PolitePaul service Go to gbhackers.com
-
7-Year-Old OpenBSD Security Flaw Exposes Systems to Full PAP Authentication Bypass
7-Year-Old OpenBSD Security Flaw Exposes Systems to Full PAP Authentication Bypass A significant authentication flaw has been discovered in the PPP stack of OpenBSD, allowing attackers to bypass the Password Authentication Protocol (PAP) validation and… Delivered by PolitePaul service Go to gbhackers.com
-
Steam Workshop Malware Campaign Uses Wallpaper Engine to Steal Accounts and Infect Gamers
Steam Workshop Malware Campaign Uses Wallpaper Engine to Steal Accounts and Infect Gamers A sophisticated malware campaign has been abusing Steam Workshop’s sharing model to distribute backdoors, infostealers and crypto miners hidden inside Wallpaper Engine packages, primarily… Delivered by PolitePaul service Go to gbhackers.com
-
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft working on Defender patch for RoguePlanet zero-day
Microsoft working on Defender patch for RoguePlanet zero-day Microsoft confirmed that it’s working on a security patch for a Defender zero-day vulnerability named “RoguePlanet,” disclosed one week ago. […] Sergiu Gatlan Go to bleepingcomputer
-
Kodak confirms data breach claimed by ShinyHunters extortion gang
Kodak confirms data breach claimed by ShinyHunters extortion gang Kodak has confirmed that it’s working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company’s data. […] Sergiu Gatlan Go to bleepingcomputer
-
Malicious JetBrains Marketplace plugins steal AI API keys from developers
Malicious JetBrains Marketplace plugins steal AI API keys from developers At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. […] Lawrence Abrams Go to bleepingcomputer
-
New Rokarolla Android malware targets 217 banking, crypto apps
New Rokarolla Android malware targets 217 banking, crypto apps A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands. […] Bill Toulas Go to bleepingcomputer
-
Steam Workshop abused to spread malware via Wallpaper Engine app
Steam Workshop abused to spread malware via Wallpaper Engine app Threat actors are abusing Steam Workshop, Valve’s community hub for downloading game-related content, to push various malware hidden in wallpaper packages. […] Bill Toulas Go to bleepingcomputer
-
AIRecon: AI-Powered Penetration Testing Tool with Kali Linux Sandbox
AIRecon: AI-Powered Penetration Testing Tool with Kali Linux Sandbox AIRecon is an autonomous penetration testing agent that runs entirely offline, combining a self-hosted Ollama LLM with a Kali Linux Docker sandbox to automate end-to-end security assessments without exposing any data to the cloud. Developed by researcher pikpikcu, it eliminates the prohibitive cost of commercial API-based…
-
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection A critical security vulnerability has been disclosed in LiteLLM, an increasingly popular proxy used for managing large language model (LLM) APIs. The flaw, tracked as CVE-2026-49468, allows attackers to bypass authentication mechanisms under specific conditions by exploiting improper handling of the Host header. The issue…
-
Critical Chrome Vulnerabilities Allow Attackers to Execute Arbitrary Code – Update Now!
Critical Chrome Vulnerabilities Allow Attackers to Execute Arbitrary Code – Update Now! Google has released a critical security update for its Chrome browser, addressing multiple high-severity vulnerabilities that could allow attackers to execute arbitrary code on affected systems. Users are strongly advised to update immediately as several flaws impact core browser components. The latest Chrome…
-
Hackers Use Rokarolla Android Malware to Disable Google Play Protect and Control Devices
Hackers Use Rokarolla Android Malware to Disable Google Play Protect and Control Devices A newly discovered Android banking trojan called Rokarolla is making waves in the cybersecurity world, and it is more dangerous than most threats we have seen lately. This malware is built to take full control of an infected device while staying completely…
-
Deno-Based RAT Uses Microsoft Teams Impersonation and Mailbombing to Target Employees
Deno-Based RAT Uses Microsoft Teams Impersonation and Mailbombing to Target Employees A new strain of malware has emerged that combines two well-known social engineering tactics into one effective attack chain. Researchers have uncovered a Remote Access Trojan built on Deno, an unconventional JavaScript runtime, being deployed against employees through email flooding and fake Microsoft Teams…
-
FishMonger’s arsenal upgraded: SprySOCKS for Windows
FishMonger’s arsenal upgraded: SprySOCKS for Windows ESET researchers have discovered SprySOCKS for Windows, FishMonger’s backdoor weaponizing a kernel driver for advanced stealthiness Go to eset
-
UK Social Media Ban for Minors Has Privacy Experts Worried
UK Social Media Ban for Minors Has Privacy Experts Worried The UK will ban adolescents under 16 years old from user-to-user social-media platforms, despite age-verification issues and privacy concerns. Robert Lemos Go to gbhackers.com
-
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-48907 (CVSS score: 10.0), is…
-
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim’s project hijack the victim’s machine learning model upload and run code inside Google’s serving infrastructure. Palo Alto Networks Unit 42, which found…
-
ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader, observed in April 2026, have targeted education and financial organizations.…
-
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds Security researchers at Zimperium’s zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends SMS, rewrites…
-
Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive
Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and platforms. Yet despite this abundance of information, many organizations continue to face…
-
June Patch Tuesday smashes past 500-CVE mark
June Patch Tuesday smashes past 500-CVE mark 209 patches + 388 advisories = welcome to summer 2026 Categories: Threat Research Tags: x-ops, Patch Tuesday, MICROSOFT PATCH TUESDAY Go to sophos
-
Flock Cameras Are Being Used for Stalking
Flock Cameras Are Being Used for Stalking There are over a dozen cases around the country where police officers are using the Flock surveillance camera system to obsessively and illegally stalk people. Alternate link. Bruce Schneier Go to bruce schneier
-
Fileless Phantom Stealer Targets Browser Credentials
Fileless Phantom Stealer Targets Browser Credentials In addition to executing entirely in memory, the malware’s infection chain incorporates other anti-analysis techniques designed to frustrate detection. Jai Vijayan Go to gbhackers.com
-
Security Community Slams US Ban on Exporting Mythos, Fable
Security Community Slams US Ban on Exporting Mythos, Fable An open letter signed by dozens of security experts asked the government to reverse export restrictions on Anthropic’s Claude Fable 5 and Mythos 5 models. Alexander Culafi Go to gbhackers.com
-
SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection
SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection FishMonger, a China-nexus threat group, has deployed an undocumented version of the Linux backdoor against government targets in Honduras, Taiwan, Thailand, and Pakistan. Rob Wright Go to gbhackers.com
-
Rokarolla Android Trojan Levels Up to Full Device Control, Persistence
Rokarolla Android Trojan Levels Up to Full Device Control, Persistence The emerging malware, spread via fake TikTok and Chrome downloads, demonstrates an evolution by combining banking fraud with extensive device surveillance and remote control. Elizabeth Montalbano Go to gbhackers.com
-
‘Lorem Ipsum’ Malware Pivots to ClickFix Delivery
‘Lorem Ipsum’ Malware Pivots to ClickFix Delivery New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and data extortion group Vice Society. Jai Vijayan Go to gbhackers.com
-
Hackers Abuse Compromised WordPress Sites to Deliver GULoader Through EtherHiding Chain
Hackers Abuse Compromised WordPress Sites to Deliver GULoader Through EtherHiding Chain In April 2026, incident responders traced a sophisticated intrusion that abused compromised WordPress sites to deliver GULoader via an EtherHiding → ClickFix → UNC-chain…. Delivered by PolitePaul service Go to gbhackers.com
-
Ghostwriter APT Uses Fake Gmail Login Panels to Steal Passwords and 2FA Codes
Ghostwriter APT Uses Fake Gmail Login Panels to Steal Passwords and 2FA Codes Ghostwriter (UNC1151) has escalated its long-standing phishing operations by deploying convincing fake Gmail login panels that harvest both passwords and two-factor authentication (2FA) codes,… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Abuse Microsoft OAuth Device Code Flow to Take Over Microsoft 365 Accounts
Hackers Abuse Microsoft OAuth Device Code Flow to Take Over Microsoft 365 Accounts An active campaign in which attackers are abusing Microsoft’s OAuth 2.0 Device Authorization Grant (device code) flow to take over Microsoft 365 accounts. Rather… Delivered by PolitePaul service Go to gbhackers.com
-
OptinMonster Plugin Vulnerability Exposes 1.2 Million WordPress Sites to Cyberattacks
OptinMonster Plugin Vulnerability Exposes 1.2 Million WordPress Sites to Cyberattacks A large-scale supply chain attack targeting the popular OptinMonster WordPress plugin has exposed more than 1.2 million websites to active compromise. The campaign also affects… Delivered by PolitePaul service Go to gbhackers.com
-
Rhysida and Interlock Ransomware Groups Linked to Initial Access Brokers and Crypter Ecosystem
Rhysida and Interlock Ransomware Groups Linked to Initial Access Brokers and Crypter Ecosystem Rhysida and Interlock sit inside the same ransomware supply chain, but their latest observed behavior shows a more nuanced relationship than simple code reuse…. Delivered by PolitePaul service Go to gbhackers.com
-
Critical Fortinet FortiSandbox flaws now exploited in attacks
Critical Fortinet FortiSandbox flaws now exploited in attacks Attackers are now exploiting several critical vulnerabilities in Fortinet’s FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. […] Sergiu Gatlan Go to bleepingcomputer
-
Windows version of SprySOCKS Linux malware used to attack govt orgs
Windows version of SprySOCKS Linux malware used to attack govt orgs Windows variants for the SprySOCKS Linux malware have been used in attacks targeting government organizations in at least four countries. […] Bill Toulas Go to bleepingcomputer
-
iRhythm discloses data breach, says hackers stole patient info
iRhythm discloses data breach, says hackers stole patient info Digital healthcare company iRhythm Holdings has disclosed a data breach after hackers stole patients’ personal and health information stored on third-party-hosted business applications. […] Sergiu Gatlan Go to bleepingcomputer
-
DOJ seizes CFAKE, SOCFAKE deepfake nude sites under TAKE IT DOWN Act
DOJ seizes CFAKE, SOCFAKE deepfake nude sites under TAKE IT DOWN Act The U.S. Department of Justice announced Friday that it has seized the CFAKE.com and SOCFAKE.com websites, which allegedly hosted nonconsensual AI-generated nude images and videos of women, in what appears to be the first publicly announced domain seizure under the TAKE IT DOWN…
-
SimpleHelp bug lets hackers create rogue remote support accounts
SimpleHelp bug lets hackers create rogue remote support accounts A vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) authentication protocol. […] Bill Toulas Go to bleepingcomputer
-
OptinMonster Plugin Hack Exposes 1.2 Million WordPress Sites to Cyberattack
OptinMonster Plugin Hack Exposes 1.2 Million WordPress Sites to Cyberattack A large-scale supply chain attack targeting widely used WordPress plugins has exposed more than 1.2 million websites to potential compromise after attackers injected malicious code into legitimate JavaScript files distributed through trusted CDN infrastructure. Security researchers at Sansec discovered an ongoing campaign targeting plugins developed…
-
Ransomware Ecosystem Consolidates Around LockBit Alumni, Qilin, Hyflock, and The Gentlemen
Ransomware Ecosystem Consolidates Around LockBit Alumni, Qilin, Hyflock, and The Gentlemen The global ransomware landscape shifted noticeably in the first quarter of 2026, as former operators from well-known criminal groups began launching their own competing programs. Data leak sites tracked 2,122 new victims during Q1 2026, making it the second-highest first-quarter total on record. Despite…
-
Hackers Abuse Legitimate RMM Tools in The Quarry IRS and SSA Phishing Campaigns
Hackers Abuse Legitimate RMM Tools in The Quarry IRS and SSA Phishing Campaigns A wave of phishing campaigns targeting American taxpayers has been traced back to a single, highly organized cybercrime operation known as The Quarry. What appeared to be dozens of unrelated incidents impersonating the IRS, Social Security Administration, and platforms like DocuSign turned…
-
LiteSpeed cPanel Plugin 0-Day Vulnerability Actively Exploited in the Wild
LiteSpeed cPanel Plugin 0-Day Vulnerability Actively Exploited in the Wild A critical zero-day vulnerability in the LiteSpeed cPanel user-end plugin is being actively exploited in the wild, posing a serious threat to shared hosting environments worldwide. The flaw, tracked as CVE-2026-54420, enables privilege escalation to root level, allowing attackers to take full control of affected…
-
Cisco SD-WAN vManage Vulnerability Exploited in Zero-Day Attacks
Cisco SD-WAN vManage Vulnerability Exploited in Zero-Day Attacks Cisco has disclosed a critical security issue in its Catalyst SD-WAN Manager (formerly vManage) that is now being actively exploited in zero-day attacks, raising concerns for enterprise network environments worldwide. The vulnerability, tracked as CVE-2026-20262, is an arbitrary-file-write flaw in the web-based management interface. It carries a…
-
EvilTokens: A phishing attack that doesn’t steal your password
EvilTokens: A phishing attack that doesn’t steal your password A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing passwords or creating fake login pages Go to eset
-
Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw
Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0. “A vulnerability in the web UI of Cisco…
-
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026. The vulnerability in question is…
-
Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration…
-
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi). According to a report published by Proofpoint, the threat actor has been found orchestrating phishing…
-
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model…
-
The FCC Wants to Eliminate Burner Phones
The FCC Wants to Eliminate Burner Phones A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country’s telecoms to store a wealth of personal information about essentially all phone customers, including a government issued identification number…
-
ISC Stormcast For Tuesday, June 16th, 2026 https://isc.sans.edu/podcastdetail/9974, (Tue, Jun 16th)
ISC Stormcast For Tuesday, June 16th, 2026 https://isc.sans.edu/podcastdetail/9974, (Tue, Jun 16th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Evil MSI Background: BASE64 Statistical Analysis, (Mon, Jun 15th)
Evil MSI Background: BASE64 Statistical Analysis, (Mon, Jun 15th) I like it when a fellow handler posts a diary entry about images with malicious content. Last one is Xavier: “The Evil MSI Background is Back!“. I like to have a go at the sample with my tools, and see if there are any improvements I…
-
Maine forced to take down data breach portal after fake notices filed with authorities
Maine forced to take down data breach portal after fake notices filed with authorities The US state of Maine has taken its public data breach notification portal offline after someone submitted fraudulent breach disclosures impersonating two well-known technology companies. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Weekly Update 508
Weekly Update 508 Light switches. How on earth is it so hard to find decent light switches?! It sounds ridiculous until you actually spend enough time looking for ones that meet two simple criteria: Aren’t stateful (switch is up or down, has to be push-button) Looks good Now, I’m conscious that this is also very…
-
Copilot ‘SearchLeak’ Attack Allows 1-Click Data Theft
Copilot ‘SearchLeak’ Attack Allows 1-Click Data Theft The critical, three-stage attack is now patched, but it’s part of a new group of AI prompt-injection issues that use hidden URLs and other variables. Alexander Culafi Go to gbhackers.com
-
China-Nexus Actor Spied on US Researchers Undetected for a Year
China-Nexus Actor Spied on US Researchers Undetected for a Year Google discovered and disrupted the sprawling campaign, which stole RedCAP credentials to target numerous institutions and exfiltrate sensitive data. Elizabeth Montalbano Go to gbhackers.com
-
The Beginning of the End of Social Engineering
The Beginning of the End of Social Engineering AI-native operating systems are shifting the responsibility to stay vigilant against social engineering cyberattacks from the user onto the system itself. Arun Vishwanath Go to gbhackers.com
-
US Cracks Down on Anthropic AI Models Amid Abuse Concerns
US Cracks Down on Anthropic AI Models Amid Abuse Concerns Anthropic abruptly suspended all access to Fable 5 and Mythos 5 after receiving an export control directive that banned foreign nationals from using the AI models. Robert Lemos Go to gbhackers.com
-
New DPAPISnoop Tool Enables Extraction of CREDHIST Hashes From Windows Systems
New DPAPISnoop Tool Enables Extraction of CREDHIST Hashes From Windows Systems A newly enhanced version of the open-source DPAPISnoop tool is drawing attention in the security community after researchers demonstrated its ability to extract offline-crackable… Delivered by PolitePaul service Go to gbhackers.com
-
SearchJack Adware Campaign Exposes 758,000 Users to Privacy and Phishing Risks
SearchJack Adware Campaign Exposes 758,000 Users to Privacy and Phishing Risks A coordinated campaign of 23 seemingly legitimate Chrome extensions tracked as “SearchJack” has quietly hijacked the default search settings of roughly 758,000 users, routing… Delivered by PolitePaul service Go to gbhackers.com
-
SHADOWBYT3$ Allegedly Claims Nintendo Breach and Theft of Sensitive Data
SHADOWBYT3$ Allegedly Claims Nintendo Breach and Theft of Sensitive Data Threat intelligence sources have flagged a potential cybersecurity incident involving Nintendo after threat actor “SHADOWBYT3$” allegedly claimed responsibility for breaching internal systems and exfiltrating… Delivered by PolitePaul service Go to gbhackers.com
-
Palo Alto Warns GlobalProtect VPN Flaw Is Being Actively Exploited
Palo Alto Warns GlobalProtect VPN Flaw Is Being Actively Exploited Palo Alto Networks has issued an urgent warning after confirming active exploitation of a GlobalProtect VPN vulnerability, tracked as CVE-2026-0257, impacting PAN-OS deployments with… Delivered by PolitePaul service Go to gbhackers.com
-
PromptSnatcher Browser Extensions Abuse AI Platforms to Capture Full Chat Conversations
PromptSnatcher Browser Extensions Abuse AI Platforms to Capture Full Chat Conversations PromptSnatcher (internal identifier: Panel 231) is a modern, stealthy data collection operation embedded inside two browser extensions that masquerade as ad‑blockers while harvesting full… Delivered by PolitePaul service Go to gbhackers.com
-
FBI disrupts massive AI-powered phishing service using a million URLs
FBI disrupts massive AI-powered phishing service using a million URLs In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords. […] Bill Toulas Go to bleepingcomputer
-
SecSuite – AI-powered Tool for OSINT, Web and API Security Testing
SecSuite – AI-powered Tool for OSINT, Web and API Security Testing A new open-source security platform called SecSuite, developed under the TheSecuredAnalyst project, has been released, combining OSINT reconnaissance, web vulnerability scanning, API security assessment, compliance checking, and AI-powered analysis into a single unified toolkit. Available on GitHub at 53cur3dL34rn/security-suite, the tool targets security professionals, penetration testers, and red…