no alarms and no surprises please..

PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. “Compromised business servers across the U.S., Europe, and Asia were quietly converted…

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco’s PSIRT says it…

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories A security researcher found a flaw in Anthropic’s Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic’s own action repo used the same workflow, a working attack…

Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic’s Claude Mythos model was made available to a limited set of organizations as a technical preview,…

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and…

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The “Disruption Week” operation began May 18, 2026, leading to the takedown…

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini’s voice assistant on Android and made it open a victim’s connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its…

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT Cybersecurity researchers have flagged a new malspam campaign that makes use of Google’s DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT. “Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick,…

Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and “patch everything in time” stopped working years ago. Stop betting the org on winning that race. You don’t control which bug lands. You control what it…

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user’s token and…

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims’ systems. The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active since January 2026…

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation. Tracked as CVE-2025-48595 (CVSS score: 8.4), the security flaw has…

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to…

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The vulnerability, CVE-2024-21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access…

AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It. AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and indiscriminate exploitation observed…