no alarms and no surprises please..
-
China-Nexus Actor Spied on US Researchers Undetected for a Year
China-Nexus Actor Spied on US Researchers Undetected for a Year Google discovered and disrupted the sprawling campaign, which stole RedCAP credentials to target numerous institutions and exfiltrate sensitive data. Elizabeth Montalbano Go to gbhackers.com
-
The Beginning of the End of Social Engineering
The Beginning of the End of Social Engineering AI-native operating systems are shifting the responsibility to stay vigilant against social engineering cyberattacks from the user onto the system itself. Arun Vishwanath Go to gbhackers.com
-
US Cracks Down on Anthropic AI Models Amid Abuse Concerns
US Cracks Down on Anthropic AI Models Amid Abuse Concerns Anthropic abruptly suspended all access to Fable 5 and Mythos 5 after receiving an export control directive that banned foreign nationals from using the AI models. Robert Lemos Go to gbhackers.com
-
New DPAPISnoop Tool Enables Extraction of CREDHIST Hashes From Windows Systems
New DPAPISnoop Tool Enables Extraction of CREDHIST Hashes From Windows Systems A newly enhanced version of the open-source DPAPISnoop tool is drawing attention in the security community after researchers demonstrated its ability to extract offline-crackable… Delivered by PolitePaul service Go to gbhackers.com
-
SearchJack Adware Campaign Exposes 758,000 Users to Privacy and Phishing Risks
SearchJack Adware Campaign Exposes 758,000 Users to Privacy and Phishing Risks A coordinated campaign of 23 seemingly legitimate Chrome extensions tracked as “SearchJack” has quietly hijacked the default search settings of roughly 758,000 users, routing… Delivered by PolitePaul service Go to gbhackers.com
-
SHADOWBYT3$ Allegedly Claims Nintendo Breach and Theft of Sensitive Data
SHADOWBYT3$ Allegedly Claims Nintendo Breach and Theft of Sensitive Data Threat intelligence sources have flagged a potential cybersecurity incident involving Nintendo after threat actor “SHADOWBYT3$” allegedly claimed responsibility for breaching internal systems and exfiltrating… Delivered by PolitePaul service Go to gbhackers.com
-
Palo Alto Warns GlobalProtect VPN Flaw Is Being Actively Exploited
Palo Alto Warns GlobalProtect VPN Flaw Is Being Actively Exploited Palo Alto Networks has issued an urgent warning after confirming active exploitation of a GlobalProtect VPN vulnerability, tracked as CVE-2026-0257, impacting PAN-OS deployments with… Delivered by PolitePaul service Go to gbhackers.com
-
PromptSnatcher Browser Extensions Abuse AI Platforms to Capture Full Chat Conversations
PromptSnatcher Browser Extensions Abuse AI Platforms to Capture Full Chat Conversations PromptSnatcher (internal identifier: Panel 231) is a modern, stealthy data collection operation embedded inside two browser extensions that masquerade as ad‑blockers while harvesting full… Delivered by PolitePaul service Go to gbhackers.com
-
FBI disrupts massive AI-powered phishing service using a million URLs
FBI disrupts massive AI-powered phishing service using a million URLs In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords. […] Bill Toulas Go to bleepingcomputer
-
SecSuite – AI-powered Tool for OSINT, Web and API Security Testing
SecSuite – AI-powered Tool for OSINT, Web and API Security Testing A new open-source security platform called SecSuite, developed under the TheSecuredAnalyst project, has been released, combining OSINT reconnaissance, web vulnerability scanning, API security assessment, compliance checking, and AI-powered analysis into a single unified toolkit. Available on GitHub at 53cur3dL34rn/security-suite, the tool targets security professionals, penetration testers, and red…
-
WinRAR Vulnerability Exploited by Russian Hackers to Deploy GIFTEDCROOK Stealer
WinRAR Vulnerability Exploited by Russian Hackers to Deploy GIFTEDCROOK Stealer Russian hackers are exploiting a known flaw in WinRAR to quietly steal passwords, session cookies, and sensitive files from Ukrainian organizations. The vulnerability, tracked as CVE-2025-8088, was patched in July 2025, yet multiple Russia-aligned groups are still weaponizing it nearly a year later. This proves…
-
Palo Alto Warns of GlobalProtect VPN Vulnerability Actively Exploited in the Wild
Palo Alto Warns of GlobalProtect VPN Vulnerability Actively Exploited in the Wild Palo Alto Networks Unit 42 has issued an urgent warning about active exploitation of CVE-2026-0257, a critical authentication bypass vulnerability affecting the GlobalProtect portal and gateway components of PAN-OS software. The flaw allows unauthenticated remote attackers to circumvent security controls and initiate unauthorized…
-
Threat Actor Malware Platform Exposed via Unlocked PHP Installation Page
Threat Actor Malware Platform Exposed via Unlocked PHP Installation Page A misconfigured PHP installation page exposed the internal infrastructure of a live malware distribution platform, allowing a security researcher to gain unintentional administrative access to a threat actor’s dashboard. What initially appeared to be a fake software download site turned out to be an active…
-
Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface Management
Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface Management Torrance, United States / California, June 11th, 2026, CyberNewswire Criminal IP by AI SPERA, a cyber threat intelligence platform delivering decision-ready intelligence and attack surface visibility to security teams worldwide, participated in Infosecurity Europe 2026 at ExCeL London this week,…
-
Upcoming Speaking Engagements
Upcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: I’m giving a keynote at Cybernation 2026 in Berlin, Germany, on June 24, 2026. I’m speaking at the Potsdam Conference on National Cybersecurity at the Hasso Plattner Institut in Potsdam, Germany. The event runs June 24–25, 2026, and my…
-
ISC Stormcast For Monday, June 15th, 2026 https://isc.sans.edu/podcastdetail/9972, (Mon, Jun 15th)
ISC Stormcast For Monday, June 15th, 2026 https://isc.sans.edu/podcastdetail/9972, (Mon, Jun 15th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Ex-school district employee jailed for hacks on former employer
Ex-school district employee jailed for hacks on former employer A former IT employee at an Iowa school district was sentenced to 21 months in prison after conducting a prolonged cyberattack against the former employer that disrupted classroom operations, deleted accounts, and caused tens of thousands of dollars in damages. […] Lawrence Abrams Go to bleepingcomputer
-
Chinese hackers hijack auth flow, spy on isolated network for a decade
Chinese hackers hijack auth flow, spy on isolated network for a decade Chinese hackers took control of a target organization’s authentication stack and maintained persistence for 10 years, with full visibility into the administrative activity. […] Bill Toulas Go to bleepingcomputer
-
Maine Takes Data Breach Reporting Portal Offline After Fake VRChat and Discord Filings
Maine Takes Data Breach Reporting Portal Offline After Fake VRChat and Discord Filings The Office of the Maine Attorney General has temporarily taken its public-facing data breach reporting database offline after discovering that an unknown entity submitted fabricated breach notifications targeting two major online platforms, VRChat and Discord, in what officials are calling a deliberate…
-
152 Chrome Extensions Hide Ad Tracking and Fake Google Search Traffic
152 Chrome Extensions Hide Ad Tracking and Fake Google Search Traffic 152 Chrome “live wallpaper” extensions on the Chrome Web Store have been caught secretly logging user data and faking Google “organic search” traffic to inflate ad revenue, despite promising they do not collect any data. This adware‑adjacent campaign abuses new‑tab extensions to launder extension‑generated…
-
New Agentjacking Attack Hijacks Your AI Coding Agent to Run Code From a Hacker’s Server
New Agentjacking Attack Hijacks Your AI Coding Agent to Run Code From a Hacker’s Server New “Agentjacking” attack that hijacks AI coding agents and silently executes attacker-controlled code on developer machines using nothing more than a single injected Sentry error. The technique turns trusted AI assistants like Claude Code and Cursor into an execution layer…
-
BugHunter – Bug Bounty Toolkit Powered by Claude and Free AI Providers
BugHunter – Bug Bounty Toolkit Powered by Claude and Free AI Providers A new open-source bug bounty hunting toolkit called BugHunter, built on top of Anthropic’s Claude Code and now extended to support free AI providers like Ollama and Groq, is gaining traction in the security research community for automating the full vulnerability discovery and…
-
Splunk Enterprise Pre-Auth RCE Chain Exposes Database With Zero Authentication
Splunk Enterprise Pre-Auth RCE Chain Exposes Database With Zero Authentication A critical vulnerability chain in Splunk Enterprise has been disclosed, enabling unauthenticated attackers to achieve remote code execution (RCE) through a misconfigured PostgreSQL sidecar service. Tracked as CVE-2026-20253, the flaw has a CVSS score of 9.8 and affects Splunk Enterprise 10 and later. The issue…
-
Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. “In Splunk Enterprise versions…
-
New Agentjacking Attack Hijacks AI Coding Agents to Execute Malicious Code
New Agentjacking Attack Hijacks AI Coding Agents to Execute Malicious Code A newly disclosed Agentjacking attack class can silently weaponize AI coding agents against the very developers who rely on them, requiring no phishing, no… Delivered by PolitePaul service Go to gbhackers.com
-
Critical Splunk Enterprise Pre-Auth RCE Chain Exposes Databases
Critical Splunk Enterprise Pre-Auth RCE Chain Exposes Databases A critical pre-authentication remote code execution (RCE) vulnerability in Splunk Enterprise has been disclosed, carrying a near-perfect CVSS score of 9.8. Tracked as CVE-2026-20253, the… Delivered by PolitePaul service Go to gbhackers.com
-
Anthropic Blocks Fable 5 and Mythos 5 Following U.S. National Security Directive
Anthropic Blocks Fable 5 and Mythos 5 Following U.S. National Security Directive Anthropic has disabled all access to its Fable 5 and Mythos 5 artificial intelligence models following a sudden export-control directive from the United States… Delivered by PolitePaul service Go to gbhackers.com
-
Malicious 152 Chrome Extensions Caught Spoofing Google Organic Search Traffic
Malicious 152 Chrome Extensions Caught Spoofing Google Organic Search Traffic A massive, coordinated network of 152 malicious Google Chrome browser extensions has been dismantled after researchers caught the operation generating fake organic Google search… Delivered by PolitePaul service Go to gbhackers.com
-
GRU-Linked APT28 Uses MooBot Botnet and Compromised EdgeRouters for Cyber Operations
GRU-Linked APT28 Uses MooBot Botnet and Compromised EdgeRouters for Cyber Operations A notable operational pivot by the GRU-linked intrusion set APT28 (aka Fancy Bear, Sofacy, Forest Blizzard, Pawn Storm) that combines the MooBot botnet and… Delivered by PolitePaul service Go to gbhackers.com
-
US Gov asks Anthropic to ban ‘foreign national’ access to Fable, Mythos
US Gov asks Anthropic to ban ‘foreign national’ access to Fable, Mythos The US government has ordered Anthropic to block all foreign nationals from accessing Fable 5 and Mythos 5, forcing the company to suspend both models worldwide. Anthropic is complying but disputes the basis, calling the cited jailbreak narrow and the capability widely available…
-
Maine disables data breach notification portal after fake disclosures
Maine disables data breach notification portal after fake disclosures Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state’s website, prompting a review of procedures to prevent abuse in the future. […] Lawrence Abrams Go to bleepingcomputer
-
phpBB forum fixes auth bypass bug lurking for a decade
phpBB forum fixes auth bypass bug lurking for a decade A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. […] Bill Toulas Go to bleepingcomputer
-
Ukrainian national pleads guilty to role in Conti ransomware operation
Ukrainian national pleads guilty to role in Conti ransomware operation A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. […] Lawrence Abrams Go to bleepingcomputer
-
Over 400 Arch Linux packages compromised to push rootkit, infostealer
Over 400 Arch Linux packages compromised to push rootkit, infostealer More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. […] Bill Toulas Go to bleepingcomputer
-
Anthropic Fable 5 and Mythos 5 Access Blocked to All Users Following Government Directive
Anthropic Fable 5 and Mythos 5 Access Blocked to All Users Following Government Directive Anthropic has disabled its two most capable AI models, Fable 5 and Mythos 5, after the U.S. government issued an export control directive late on June 12 ordering the company to block access for any foreign national, whether inside or outside…
-
Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks
Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks One of the most persistent hacking groups in the world has found a new way to stay hidden. The threat actor known as Fancy Bear, formally tracked as APT28 and attributed to Russia’s military intelligence unit GRU Unit 26165, has been quietly shifting…
-
Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Traditional Malware Detection
Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Traditional Malware Detection A newly documented phishing campaign is using a legitimate remote management tool to silently take over victims’ computers, without deploying a single line of traditional malware. Researchers have uncovered an active operation targeting Brazilian organizations, where attackers trick employees into installing a real enterprise…
-
Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets
Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets A fresh wave of supply chain attacks is putting blockchain developers, Web3 teams, and cloud engineers at serious risk. Researchers have uncovered a coordinated campaign involving multiple malicious packages on the npm registry, each designed to quietly steal sensitive secrets the moment…
-
Hackers Use OnyxC2 Malware-as-a-Service to Steal Credentials From 210 Applications
Hackers Use OnyxC2 Malware-as-a-Service to Steal Credentials From 210 Applications A new and dangerous credential-stealing tool called OnyxC2 has emerged in the cybercrime underground, showing just how easy it has become for even low-skilled attackers to run a professional hacking operation. Sold as a complete package for $250 a month, the malware gives buyers everything…
-
U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals
U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals Anthropic said on Friday it will “abruptly disable” its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether inside…
-
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets.…
-
Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing
Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing Google on Friday said it’s pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans. The network is said to be behind the development and management of a…
-
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant, says it backdoored the PAM and OpenSSH components…
-
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report…
-
Friday Squid Blogging: Squid-Inspired Fluid Pump
Friday Squid Blogging: Squid-Inspired Fluid Pump This fluid pump was inspired by the way squids propel themselves through the water. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. Bruce Schneier Go to bruce schneier
-
Bernie Sanders’ AI Sovereign Wealth Fund Plan
Bernie Sanders’ AI Sovereign Wealth Fund Plan Let no one accuse Bernie Sanders of ducking the big questions. Writing in the New York Times last week, the senator asked: “Will the future of humanity be determined by a handful of billionaires who have promoted and developed AI, with virtually no democratic input, who stand to…
-
ISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970, (Fri, Jun 12th)
ISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970, (Fri, Jun 12th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Privacy own-goal: World Cup blunder leaks Lionel Messi’s passport details
Privacy own-goal: World Cup blunder leaks Lionel Messi’s passport details Argentina’s World Cup squad had their passport numbers leaked before a ball was kicked – not by hackers, but by someone who failed to redact a document properly. document. It’s a mistake that has been made many times in the past… Read more in my…
-
Silent Ransom Group: what you need to know
Silent Ransom Group: what you need to know Most extortion gangs hide behind a keyboard. Silent Ransom Group will phone your staff pretending to be IT support – and if that fails, send someone to your office in person to plug in a USB stick. Read more in my article on the Fortra blog. Graham…
-
ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed
ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed A major bug in Oracle’s ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data. Nate Nelson Go to gbhackers.com
-
Claude Fable 5 Doesn’t Change the Mythos Security Story
Claude Fable 5 Doesn’t Change the Mythos Security Story Stay cool: Mythos 5 is an upgrade over Mythos Preview while Fable 5 is Mythos “made safe for general use,” Anthropic explained. Alexander Culafi Go to gbhackers.com
-
Hackers Use Typosquatted npm Packages to Target Web3 Projects and Crypto Wallet Operators
Hackers Use Typosquatted npm Packages to Target Web3 Projects and Crypto Wallet Operators Hackers have been using typosquatting npm packages to weaponize the trust Web3 teams place in open-source dependencies, turning routine installs into a path for… Delivered by PolitePaul service Go to gbhackers.com
-
Attackers Can Exploit Microsoft Outlook and Word Flaws to Run Malicious Code
Attackers Can Exploit Microsoft Outlook and Word Flaws to Run Malicious Code Microsoft has disclosed a set of critical remote code execution (RCE) vulnerabilities affecting Outlook and Word that could allow attackers to execute arbitrary code… Delivered by PolitePaul service Go to gbhackers.com
-
Palo Alto PAN-OS Flaw Lets Attackers Run Arbitrary Commands With Root Privileges
Palo Alto PAN-OS Flaw Lets Attackers Run Arbitrary Commands With Root Privileges Palo Alto Networks has released patches for three new PAN-OS vulnerabilities that could allow authenticated administrators or users to execute arbitrary commands with root… Delivered by PolitePaul service Go to gbhackers.com
-
OnyxC2 Stealer Uses Cloudflare-Fronted C2 to Exfiltrate Browser Data and Credentials
OnyxC2 Stealer Uses Cloudflare-Fronted C2 to Exfiltrate Browser Data and Credentials A new commercial-grade information stealer, marketed as OnyxC2, surfaced on cybercrime forums in early 2026 and demonstrates how commodity malware is increasingly packaged as… Delivered by PolitePaul service Go to gbhackers.com
-
Tchap Messenger Hack Exposes Data of Over 73,000 French Government Employees
Tchap Messenger Hack Exposes Data of Over 73,000 French Government Employees A suspected cyberattack targeting Tchap, the secure messaging platform used by French government agencies, has reportedly exposed sensitive data belonging to more than 73,000… Delivered by PolitePaul service Go to gbhackers.com
-
CISA orders feds to patch actively exploited Ivanti flaw by Sunday
CISA orders feds to patch actively exploited Ivanti flaw by Sunday The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. […] Sergiu Gatlan Go to bleepingcomputer
-
Over 73,000 French govt employees affected in Tchap messenger breach
Over 73,000 French govt employees affected in Tchap messenger breach The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. […] Sergiu Gatlan Go to bleepingcomputer
-
Japanese energy firm loses drive with data of 10.9 million clients
Japanese energy firm loses drive with data of 10.9 million clients Kyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. […] Bill Toulas Go to bleepingcomputer
-
Maine breach portal abused to publish fake data breach disclosures
Maine breach portal abused to publish fake data breach disclosures In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine’s official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims. […] Bill Toulas Go to bleepingcomputer
-
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. […] Lawrence Abrams Go to bleepingcomputer
-
Microsoft Outlook and Word Vulnerabilities Allow Attackers to Execute Malicious Code
Microsoft Outlook and Word Vulnerabilities Allow Attackers to Execute Malicious Code Microsoft released critical fixes for three closely related remote code execution (RCE) vulnerabilities in Microsoft Outlook and Word that stem from low‑level memory‑safety flaws in the Word rendering engine and its integration with Outlook Classic. These bugs, tracked as CVE‑2026‑45456, CVE‑2026‑45458, and CVE‑2026‑47635, are…
-
Palo Alto PAN-OS Vulnerability Allows Attackers to Execute Arbitrary Commands as Root User
Palo Alto PAN-OS Vulnerability Allows Attackers to Execute Arbitrary Commands as Root User Palo Alto Networks fixed a new command injection vulnerability in PAN‑OS (CVE-2026-0273) that allows authenticated administrators to execute arbitrary commands as root via the CLI or web management interface. Two related medium‑severity issues in the same advisory window cover CLI privilege escalation…
-
Google Patches 28 Chrome Vulnerabilities that Allow Attackers to Execute Malicious Code
Google Patches 28 Chrome Vulnerabilities that Allow Attackers to Execute Malicious Code Google has released a new Chrome security update addressing 28 vulnerabilities, including several critical flaws that could allow attackers to execute malicious code on affected systems. The latest Stable channel update upgrades Chrome to version 149.0.7827.114/.115 on Windows and macOS, and to 149.0.7827.114…
-
Microsoft Teams for Android Vulnerability Allows Attackers to Disclose Sensitive Data
Microsoft Teams for Android Vulnerability Allows Attackers to Disclose Sensitive Data Microsoft has disclosed a significant security vulnerability in Microsoft Teams for Android that could allow an authenticated attacker to expose sensitive information over a network. The flaw, tracked as CVE-2026-42835, was officially released on June 9, 2026, and has been rated Important in severity.…
-
Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters
Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters Mandiant and Google Threat Intelligence Group (GTIG) have issued a critical warning after identifying an active compromise-and-extortion campaign targeting Oracle PeopleSoft infrastructure, attributed to the notorious threat actor UNC6240, also known as ShinyHunters. The campaign exploited CVE-2026-35273, a critical unauthenticated remote code execution (RCE) vulnerability…
-
OceanLotus: From external espionage to domestic targeting
OceanLotus: From external espionage to domestic targeting A shift in operational pattern of the infamous Vietnam-aligned APT group Go to eset
-
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google’s Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between…
-
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and location pins…
-
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender. “This was an accidental discovery, it took a total of 4 hours to find this,” the researcher…
-
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and…
-
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason is simple. Cybersecurity is full of work that deserves recognition and rarely gets it. Products that…
-
Enhanced License Plate Tracking
Enhanced License Plate Tracking The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers (ALPRs) that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique identifiers of mobile phones, wearables, and other Bluetooth-enabled devices in those…
-
Phishing Attack Volume Down 20%, but Risk Still Rising
Phishing Attack Volume Down 20%, but Risk Still Rising Hackers are valuing quality over quantity, using AI to upgrade their phishing attacks rather than multiplying them. Nate Nelson Go to gbhackers.com
-
Segmentation Works for OT If Operators Are Paying Attention
Segmentation Works for OT If Operators Are Paying Attention Operational technology security remains as difficult as ever, with even the best practice recommendation falling short. Arielle Waldman Go to gbhackers.com
-
Weaponized DMG Files Deliver macOS Infostealer Malware
Weaponized DMG Files Deliver macOS Infostealer Malware A recent surge in macOS-targeted campaigns shows threat actors favoring weaponized disk images (.dmg) as the primary delivery mechanism for infostealer malware. Attackers are… Delivered by PolitePaul service Go to gbhackers.com
-
BLUERABBIT Backdoor Encrypts Files, Wipes Windows Systems
BLUERABBIT Backdoor Encrypts Files, Wipes Windows Systems A new Golang-based backdoor dubbed BLUERABBIT has been observed performing combined data theft, file encryption and destructive disk wiping against Windows hosts. First seen in… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Use Residential Proxies Networks to Evade Detection
Hackers Use Residential Proxies Networks to Evade Detection The impact of residential proxies across our customer base by compiling billions of DNS resolutions and the associated network telemetry. The Kimwolf Botnet inside our enterprise customer… Delivered by PolitePaul service Go to gbhackers.com
-
Cybercriminals Exploit Chinese Guarantee Markets to Sell Stolen Credentials
Cybercriminals Exploit Chinese Guarantee Markets to Sell Stolen Credentials Chinese-language “guarantee” marketplaces hosted mainly on Telegram have become a core conduit for buying, selling, and laundering stolen credentials and a wide range of… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader
Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader Two closely related espionage campaigns targeting Cambodian government organizations that abuse a legitimate VMware-signed binary to sideload a custom loader dubbed NIGHTFORGE, which in… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft fixes BitLocker recovery bug on Windows Server 2025
Microsoft fixes BitLocker recovery bug on Windows Server 2025 Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. […] Sergiu Gatlan Go to bleepingcomputer
-
Nottingham University data breach affects over 450,000 students
Nottingham University data breach affects over 450,000 students The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. […] Sergiu Gatlan Go to bleepingcomputer
-
Max severity Ivanti Sentry vulnerability now exploited in attacks
Max severity Ivanti Sentry vulnerability now exploited in attacks Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. […] Sergiu Gatlan Go to bleepingcomputer
-
Path traversal flaw in AI dev platform Langflow exploited in attacks
Path traversal flaw in AI dev platform Langflow exploited in attacks Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. […] Bill Toulas Go to bleepingcomputer
-
The ‘Miasma’ worm source code briefly leaked on GitHub
The ‘Miasma’ worm source code briefly leaked on GitHub The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. […] Bill Toulas Go to bleepingcomputer
-
China-Linked JDY Botnet Uses 1,500+ SOHO and IoT Devices for Rapid Vulnerability Exploitation
China-Linked JDY Botnet Uses 1,500+ SOHO and IoT Devices for Rapid Vulnerability Exploitation A China-linked network of compromised routers and smart devices has grown into one of the most capable reconnaissance tools tied to a nation-state threat group. Researchers have identified a major resurgence of a botnet known as JDY, which now controls more than…
-
Microsoft Exchange Server 0-Day Vulnerability Exploited in Attacks Using Weaponized Email
Microsoft Exchange Server 0-Day Vulnerability Exploited in Attacks Using Weaponized Email Microsoft has confirmed active exploitation of a new zero‑day spoofing flaw in on‑premises Exchange Server, tracked as CVE‑2026‑42897. The flaw allows attackers to execute arbitrary JavaScript in Outlook Web Access (OWA) simply by sending a weaponized email that a victim opens in a browser.…
-
Ivanti Endpoint Manager Mobile Vulnerability Enables Remote Code Execution Attacks
Ivanti Endpoint Manager Mobile Vulnerability Enables Remote Code Execution Attacks A high-severity vulnerability, CVE-2026-6973, in Ivanti Endpoint Manager Mobile (EPMM) could allow authenticated attackers to achieve remote code execution by injecting malicious Apache configuration directives. The flaw, assigned a CVSS score of 7.2, is classified as a configuration control vulnerability (CWE-15) and affects multiple versions…
-
Anthropic’s Claude Fable 5 Jailbroken to Generate Stack Exploits
Anthropic’s Claude Fable 5 Jailbroken to Generate Stack Exploits Anthropic launched Claude Fable 5 on June 9, 2026, as the first publicly available model in its new Mythos class, its most capable AI to date, excelling in software engineering, knowledge work, and vision benchmarks. Researcher “Pliny the Liberator” defeats Claude Fable 5’s safety classifiers using…
-
Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency
Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency Hackers are turning everyday software searches into a trap. A sophisticated cryptojacking campaign is actively targeting users who search for popular PC utilities online, luring them into downloading malware-laced files that secretly mine cryptocurrency using their own GPU. The attackers have built a network…
-
SMB cyber-readiness: What makes or breaks it
SMB cyber-readiness: What makes or breaks it A company that’s expecting a cyberattack but hasn’t actively prepared for it risks making the hardest decisions at the worst possible moment Go to eset
-
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks GitHub has announced what it said are “breaking changes” coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the “npm install” command…
-
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance Cybersecurity researchers have warned of a “resurgence and expansion” of JDY, a covert network associated with China-nexus state-sponsored threat actors. “The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlled, high-performance scanner used to…
-
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI.…
-
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow…
-
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The list of vulnerabilities is as follows – CVE-2026-20245 (CVSS score: 7.8) – An improper encoding…
-
NSO Group Hacking WhatsApp Despite Court Order
NSO Group Hacking WhatsApp Despite Court Order WhatsApp has caught the NSO Group phishing its users, in violation of a court order. Bruce Schneier Go to bruce schneier
-
ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th)
ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)
How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th) Back in 2023, I wrote a diary[1] discussing how commonly X-Frame-Options and CSP headers containing the frame-ancestors directive were used on 1 million most popular domains on the internet (based on the Tranco list[2]), and how they were…