no alarms and no surprises please..
-
Parrot 7.3 released With new menu system and smoother day-to-day use
Parrot 7.3 released With new menu system and smoother day-to-day use Parrot 7.3 arrives focused on refinement rather than a tool glut, rebuilding all editions to deliver perceptible gains on modern hardware and a smoother… Delivered by PolitePaul service Go to gbhackers.com
-
Armored Likho APT Deploys BusySnake Stealer Against Government and Power Sector Targets
Armored Likho APT Deploys BusySnake Stealer Against Government and Power Sector Targets A focused phishing campaign operated by a previously unreported APT we’ve named Armored Likho (also tracked under the provisional alias Eagle Werewolf). The group… Delivered by PolitePaul service Go to gbhackers.com
-
Avalon Malware Uses Legal Document Lure to Deliver CrownX Ransomware Capabilities
Avalon Malware Uses Legal Document Lure to Deliver CrownX Ransomware Capabilities A previously undocumented malware framework, tracked as Avalon, that uses a spoofed legal-document lure and a multi-stage, fileless-oriented chain to deliver a ransomware component… Delivered by PolitePaul service Go to gbhackers.com
-
TimbreStealer Malware Targets Mexico Companies With Advanced Evasion Techniques
TimbreStealer Malware Targets Mexico Companies With Advanced Evasion Techniques A new campaign linked to the TimbreStealer information stealer that specifically targets Mexican companies, employing layered evasion and sophisticated runtime tricks to frustrate detection… Delivered by PolitePaul service Go to gbhackers.com
-
Verified X Sponsored Ad Spreads Mac Malware While ConsentFix Hijacks Microsoft 365 Accounts
Verified X Sponsored Ad Spreads Mac Malware While ConsentFix Hijacks Microsoft 365 Accounts A Mac-targeting ClickFix campaign amplified through a verified X sponsored ad, and a novel browser-based hijack technique called ConsentFix that exfiltrates Microsoft 365 session… Delivered by PolitePaul service Go to gbhackers.com
-
NetNut proxy network disrupted, 2 million infected devices cut off
NetNut proxy network disrupted, 2 million infected devices cut off A joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android devices, including smart TVs and streaming boxes. […] Ionut Ilascu Go to bleepingcomputer
-
ARToken PhaaS exposes EvilTokens’ Microsoft 365 phishing toolkit
ARToken PhaaS exposes EvilTokens’ Microsoft 365 phishing toolkit A new phishing-as-a-service (PhaaS) platform dubbed “ARToken” appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed to compromise Microsoft 365. […] Lawrence Abrams Go to bleepingcomputer
-
PamStealer Mimics Maccy Clipboard Manager Silently Harvests Data and Clipboard Contents
PamStealer Mimics Maccy Clipboard Manager Silently Harvests Data and Clipboard Contents PamStealer is a newly identified macOS infostealer that disguises itself as the popular open-source clipboard manager “Maccy” while silently harvesting sensitive user data. Discovered by Jamf Threat Labs, the malware uses a stealthy two-stage infection chain designed to evade detection and blend into normal…
-
Multiple FatFs Vulnerabilities Expose Millions of Embedded Devices to Cyber Risks
Multiple FatFs Vulnerabilities Expose Millions of Embedded Devices to Cyber Risks Security researchers at runZero have disclosed seven new CVEs affecting FatFs, the ubiquitous lightweight FAT/exFAT filesystem driver used across embedded and IoT ecosystems. The vulnerabilities range from CVSS Medium to High, with no Critical-rated findings, but their reach is significant: FatFs underpins platforms including…
-
New “Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers and Android Devices
New “Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers and Android Devices A newly disclosed Linux kernel flaw dubbed “Bad Epoll” (CVE-2026-46242) allows an unprivileged local user to escalate to root on Linux servers, desktops, and Android devices by exploiting a race condition and a use-after-free (UAF) in the kernel’s epoll subsystem. Bad…
-
Indian Govt Bans Apps Being Misused to Stop E-Rickshaws Remotely
Indian Govt Bans Apps Being Misused to Stop E-Rickshaws Remotely The Indian government has directed Google and Apple to take down three mobile applications, BAT-BMS, Lossigy, and Epoch-i-ion, after they were allegedly misused to remotely disable e-rickshaws and other battery-operated three-wheelers mid-journey, putting passenger safety at risk. Authorities have also warned that any additional apps…
-
Top 10 Best Post-Quantum Cryptographic Solutions in 2026
Top 10 Best Post-Quantum Cryptographic Solutions in 2026 Quantum computing has crossed the line from research curiosity to board-level risk. Once a cryptographically relevant quantum computer arrives — an event security planners call “Q-Day” — the public-key cryptography that protects banking, government, healthcare, and the entire internet (RSA, ECC, Diffie-Hellman) collapses in hours. Worse, the…
-
Cyber readiness for SMBs: Getting the basics right
Cyber readiness for SMBs: Getting the basics right AI is changing cybercrime, but SMB cyber readiness still largely depends on closing the familiar gaps Go to eset
-
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws matter because FatFs is nearly everywhere. It ships inside the firmware that runs…
-
New “Bad Epoll” Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
New “Bad Epoll” Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll sits in…
-
New Avalon Malware Framework Packs CrownX Ransomware Capabilities
New Avalon Malware Framework Packs CrownX Ransomware Capabilities Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that’s distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls. Avalon combines credential collection, lateral movement, remote access, recovery disruption, and ransomware execution, bringing together diverse functions under one Go…
-
North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFrog, the packages “rollup-packages-polyfill-core” and “rollup-runtime-polyfill-core” mimic the legitimate “rollup-plugin-polyfill-node” project,…
-
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. “Armored Likho blends financially motivated campaigns targeting private individuals with targeted cyber espionage aimed at organizations,” Kaspersky…
-
Flock Cameras Can Surveil Cars Without License Plates
Flock Cameras Can Surveil Cars Without License Plates This is from a 2024 company presentation: Officers can also tap into data showing a car’s decals, bumper stickers, back and top racks—along with temporary and unique state tags. Flock calls it a “Vehicle Fingerprint” and it’s touted as a way for law enforcement officials to get…
-
Swimming Pools, Pee, and Trying to Delete Your Data From the Internet
Swimming Pools, Pee, and Trying to Delete Your Data From the Internet I can’t recall if someone else originally came up with this saying or if I said it in some off-the-cuff comment and it just propagated, but since it’s often attributed back to me, I’ll relay it here regardless: Trying to delete yourself from…
-
Chinese LLMs Broaden the Gap Between Attackers & Defenders
Chinese LLMs Broaden the Gap Between Attackers & Defenders Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried? Robert Lemos Go to gbhackers.com
-
Alibaba Reportedly Bans Claude Code Over Alleged Backdoor Risk in AI Coding Tool
Alibaba Reportedly Bans Claude Code Over Alleged Backdoor Risk in AI Coding Tool Alibaba is reportedly preparing to ban the use of Anthropic’s Claude Code across its internal environments starting July 10. This decision comes in light… Delivered by PolitePaul service Go to gbhackers.com
-
Fake Google and Cloudflare Verification Pages Spread StealC, HijackLoader, and NetSupport Malware
Fake Google and Cloudflare Verification Pages Spread StealC, HijackLoader, and NetSupport Malware Threat actors are currently exploiting sophisticated ClickFix social engineering campaigns that mimic Google and Cloudflare verification systems to distribute several high-impact malware families, including… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Exchange SSRF Vulnerability Lets Low-Privileged Attackers Read Arbitrary Files
Microsoft Exchange SSRF Vulnerability Lets Low-Privileged Attackers Read Arbitrary Files A newly disclosed vulnerability in Microsoft Exchange, identified as CVE-2026-45504 (CVSS score: 8.8), exposes a critical server-side request forgery (SSRF) flaw. This issue allows… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Use Fake API Documentation to Trick AI Agents Into Sending Crypto Payments
Hackers Use Fake API Documentation to Trick AI Agents Into Sending Crypto Payments Hackers are now weaponizing documentation and site metadata to mislead autonomous AI agents into executing cryptocurrency payments. The attack leverages indirect prompt injection (IPI): malicious… Delivered by PolitePaul service Go to gbhackers.com
-
Anthropic Unveils Cyber Jailbreak Severity Framework for Claude Fable 5 Safeguards
Anthropic Unveils Cyber Jailbreak Severity Framework for Claude Fable 5 Safeguards Anthropic has provided detailed technical insights into the cybersecurity safeguards of its redeployed Claude Fable 5 model. Alongside this, they have introduced a proposed… Delivered by PolitePaul service Go to gbhackers.com
-
Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says
Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says Anthropic says Claude Fable 5 won’t be accessible via Claude subscriptions after July 7, but it’s not a permanent change, and the company expects the model to return outside the usage-based plan soon. […] Mayank Parmar Go to bleepingcomputer
-
Claude Fable relaunch disappoints users with nerfed performance
Claude Fable relaunch disappoints users with nerfed performance Claude Fable, the company’s most powerful model, is now available to all users, but early impressions are disappointing, as it appears to be nowhere near the original release. […] Mayank Parmar Go to bleepingcomputer
-
Google loses final appeal to overturn €4.1 billion EU fine
Google loses final appeal to overturn €4.1 billion EU fine Court of Justice of the European Union (CJEU) has dismissed Google’s final appeal against a €4.1 billion ($4.7 billion) antitrust fine over the company’s use of Android to promote its Chrome browser and search service. […] Bill Toulas Go to bleepingcomputer
-
ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. […] Sponsored by Huntress Labs Go to bleepingcomputer
-
Microsoft fixes bug that removed Copilot buttons in Outlook
Microsoft fixes bug that removed Copilot buttons in Outlook Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic) license. […] Sergiu Gatlan Go to bleepingcomputer
-
Multiple WatchGuard Firebox OS Vulnerabilities Enable Arbitrary Code Execution Attacks
Multiple WatchGuard Firebox OS Vulnerabilities Enable Arbitrary Code Execution Attacks Multiple high‑severity vulnerabilities in WatchGuard Firebox devices running Fireware OS could let authenticated attackers execute arbitrary code and take full control of affected appliances. WatchGuard has disclosed three high‑impact vulnerabilities in Fireware OS affecting Firebox firewall appliances, all scored 8.6 under CVSS v4.0 and already…
-
North Korea-Linked Hackers Hide JavaScript Loaders in Open Source Repositories
North Korea-Linked Hackers Hide JavaScript Loaders in Open Source Repositories A new wave of supply chain attacks is spreading across the open source world, and this time the target is developers themselves. Security researchers have uncovered a campaign called PolinRider that hides malicious JavaScript loaders inside trusted code repositories, waiting for unsuspecting developers to run…
-
Microsoft Exchange SSRF Vulnerability Details Released Along With Public PoC Exploit
Microsoft Exchange SSRF Vulnerability Details Released Along With Public PoC Exploit Security researchers from HawkTrace have disclosed technical details of a high-severity server-side request forgery (SSRF) vulnerability in Microsoft Exchange, tracked as CVE-2026-45504. The flaw, which carries a CVSS score of 8.8, allows authenticated, low-privileged users to read arbitrary files from vulnerable Exchange servers, raising…
-
Hacker Used Claude AI to Score Free Tickets to Nearly Every US Music Show
Hacker Used Claude AI to Score Free Tickets to Nearly Every US Music Show A critical unauthenticated SQL injection vulnerability in Front Gate Tickets (FGT), a Live Nation/Ticketmaster subsidiary that powers ticketing for major US festivals including EDC, Bonnaroo, and Outside Lands, allowed full administrative takeover of the platform with help from Anthropic’s Claude AI…
-
Anthropic Details Claude Fable 5 Cybersecurity Safeguards and Jailbreak Framework
Anthropic Details Claude Fable 5 Cybersecurity Safeguards and Jailbreak Framework Anthropic has published detailed technical documentation on the cybersecurity safeguards protecting Claude Fable 5, following the model’s global redeployment. The disclosure covers both the AI’s safety classifier system and a draft framework for grading jailbreak severity, developed in partnership with Glasswing. Fable 5’s safety classifiers…
-
Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices
Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people’s traffic. Working with the FBI, Lumen, and others, Google’s Threat Intelligence Group (GTIG) said this week it had reduced the network’s pool of usable devices by…
-
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. “Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential…
-
ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories
ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one…
-
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that’s designed to gain surreptitious access to a victim’s email correspondence via the Google API. “In this campaign, the attackers focused their attention on corporate email communications hosted on…
-
Identity Lifecycle Management Wasn’t Built for AI Agents
Identity Lifecycle Management Wasn’t Built for AI Agents Identity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals proliferate across enterprise environments, the governance model built for humans develops structural blind spots that traditional IGA tools weren’t designed…
-
Vect and TeamPCP partner for ransomware campaigns
Vect and TeamPCP partner for ransomware campaigns Credentials harvested through supply chain compromises enable large‑scale ransomware deployment Categories: Threat Research Tags: Vect, TeamPCP, Ransomware Go to sophos
-
Cybersecurity Mission Creep in the US
Cybersecurity Mission Creep in the US Interesting paper: “Cybersecurity Mission Creep.” Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social media safety laws, to antitrust regulations, to alleged journalist misconduct, to anti-sex trafficking statutes become what…
-
FBI Seizes NetNut Proxy Platform, Popa Botnet
FBI Seizes NetNut Proxy Platform, Popa Botnet The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity published findings from multiple…
-
The Gentlemen ransomware: what you need to know
The Gentlemen ransomware: what you need to know Who Are The Gentlemen? Despite the impeccably polite name, there is nothing polite or refined about this particular gang of cybercriminals. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs
Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs Improved institutional safeguards and stricter regulations have pushed the burdens of protection and risk reduction on to Australian businesses. Nate Nelson Go to gbhackers.com
-
Apple Reverses Age-Old Patch Policy to Keep Up With AI
Apple Reverses Age-Old Patch Policy to Keep Up With AI Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit. Nate Nelson Go to gbhackers.com
-
FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs
FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs After gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug. Rob Wright Go to gbhackers.com
-
Ransomware Thugs Masquerade as Interpol to Entice Small Biz
Ransomware Thugs Masquerade as Interpol to Entice Small Biz The ransomware campaign relies on basic social engineering and stretches across multiple regions, including the US, Europe, Middle East, and elsewhere. Jai Vijayan Go to gbhackers.com
-
Anthropic’s AI Finds Bugs. IBM Bets $5B It Can Fix Them.
Anthropic’s AI Finds Bugs. IBM Bets $5B It Can Fix Them. IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic’s Mythos findings ignite debate over how to secure the open-source software supply chain. Jeffrey Schwartz Go to gbhackers.com
-
Hackers Use Geofenced Webpages to Deliver Ousaban Banking Trojan in Spain and Portugal
Hackers Use Geofenced Webpages to Deliver Ousaban Banking Trojan in Spain and Portugal A targeted phishing campaign delivering the Ousaban banking Trojan to users in Spain and Portugal, notable for its use of geofenced webpages, layered evasion… Delivered by PolitePaul service Go to gbhackers.com
-
JetBrains Patches Critical Hub Authentication Bypass and Account Takeover Vulnerabilities
JetBrains Patches Critical Hub Authentication Bypass and Account Takeover Vulnerabilities JetBrains has released patches for several critical vulnerabilities in JetBrains Hub that could allow for full authentication bypass, account takeover, and unauthorized privilege escalation… Delivered by PolitePaul service Go to gbhackers.com
-
ValleyRAT Uses RC4 Encryption, Donut Shellcode, and rundll32 Injection for Stealth
ValleyRAT Uses RC4 Encryption, Donut Shellcode, and rundll32 Injection for Stealth A recent surge in ValleyRAT activity that combines RC4-encrypted payloads, Donut-generated shellcode, and in-memory execution via suspended rundll32 processes to evade detection. First named… Delivered by PolitePaul service Go to gbhackers.com
-
Apple Hide My Email Vulnerability Lets Attackers Reveal Users’ Real Email Addresses
Apple Hide My Email Vulnerability Lets Attackers Reveal Users’ Real Email Addresses Apple’s Hide My Email privacy feature currently faces a significant flaw that may expose users’ real email addresses, compromising one of iCloud+’s core anonymity… Delivered by PolitePaul service Go to gbhackers.com
-
JADEPUFFER Agentic Ransomware Uses LLM to Automate Database Extortion
JADEPUFFER Agentic Ransomware Uses LLM to Automate Database Extortion The first instance of agentic ransomware: JADEPUFFER, an LLM-driven extortion operation that automated an end-to-end database-crippling campaign. The actor gained execution on an internet-facing… Delivered by PolitePaul service Go to gbhackers.com
-
Alleged Scattered Spider hacker extradited to the United States
Alleged Scattered Spider hacker extradited to the United States A dual United States and Estonian citizen has been extradited to the U.S. to face charges alleging he was a member of the Scattered Spider hacking collective. […] Sergiu Gatlan Go to bleepingcomputer
-
Medtronic notifies customers impacted by ShinyHunters data breach
Medtronic notifies customers impacted by ShinyHunters data breach Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. […] Bill Toulas Go to bleepingcomputer
-
FortiBleed credential-theft campaign linked to Lynx ransomware
FortiBleed credential-theft campaign linked to Lynx ransomware The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions. […] Lawrence Abrams Go to bleepingcomputer
-
Kubota says hackers had month-long access to network systems
Kubota says hackers had month-long access to network systems Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year. […] Bill Toulas Go to bleepingcomputer
-
New ChocoPoC malware targets researchers via trojanized PoC exploits
New ChocoPoC malware targets researchers via trojanized PoC exploits Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a campaign believed to target cybersecurity researchers. […] Bill Toulas Go to bleepingcomputer
-
CISA Warns of Microsoft SharePoint Server Code Execution Vulnerability Exploited in Attacks
CISA Warns of Microsoft SharePoint Server Code Execution Vulnerability Exploited in Attacks CISA has added a newly disclosed Microsoft SharePoint Server vulnerability, tracked as CVE-2026-45659, to its Known Exploited Vulnerabilities (KEV) Catalog, warning that the flaw is actively being exploited in real-world attacks. The vulnerability is a deserialization of untrusted data issue (CWE-502) that allows…
-
Browser-Only Ransomware Abuses Chrome File System Access API to Encrypt Android Photos
Browser-Only Ransomware Abuses Chrome File System Access API to Encrypt Android Photos A new ransomware technique can now run entirely inside a web browser, with no app installation or root access required. It targets Android photo directories by abusing a legitimate Chrome feature meant for photo editing. The attack begins with something as simple as…
-
Multiple ClamAV Vulnerabilities Allow Remote Attacker to Cause a DoS Condition
Multiple ClamAV Vulnerabilities Allow Remote Attacker to Cause a DoS Condition Multiple high-severity vulnerabilities in Cisco’s ClamAV engine allow remote attackers to crash the antivirus scanning process, causing a denial-of-service (DoS) on affected Cisco Secure Endpoint Connector deployments. The flaws affect Windows, Linux, and macOS, with the highest impact on Windows, where they are rated…
-
Medtronic Confirms Data Breach – Hackers Gained Access to Corporate IT Systems
Medtronic Confirms Data Breach – Hackers Gained Access to Corporate IT Systems Medical technology giant Medtronic Inc. has disclosed a cybersecurity incident involving unauthorized access to its corporate IT systems, potentially affecting sensitive personal and health-related information of patients using Medtronic medical devices. Medtronic detected unusual activity in certain corporate IT systems on April 15,…
-
WinRAR 7.23 Fixes Heap Overflow Vulnerability that Leads to Application Crashes
WinRAR 7.23 Fixes Heap Overflow Vulnerability that Leads to Application Crashes WinRAR 7.23 addresses a newly disclosed heap overflow vulnerability in the RAR5 recovery volume processing code, tracked as CVE-2026-14191. Closing a memory-corruption flaw that could be triggered by malicious recovery volume (.rev) data and potentially lead to application crashes or further exploitation. WinRAR 7.23…
-
SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution…
-
Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters
Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component’s internal network port. Synacktiv, which found the bug, says it can…
-
19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges
19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1. Peter Stokes, 19, a dual U.S. and Estonian citizen, appeared in a…
-
SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT
SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT Unknown threat actors are leveraging the ScreenConnect remote access tool as a way to deploy and execute AsyncRAT. Kaspersky said the activity is part of a “massive, multi-domain, multi-language” campaign that distributes malicious installer archives hosted on spoofed websites. These installers masquerade as popular software like OBS…
-
VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer
VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEIL#DROP by Securonix. It’s suspected that the initial payloads are distributed either via spear-phishing or…
-
Papa Johns Surveillance-Based Advertising
Papa Johns Surveillance-Based Advertising Papa Johns is spying on people’s buying activities to predict when they are low on food: The pizza chain recently tapped NBCUniversal, Instacart and the dentsu-owned media agency Carat for help reaching consumers when they’re low on groceries—and thus more likely to be swayed by a mouth-watering ad. The idea is…
-
ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd)
ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Why Ask Credentials If There Are Secret Codes?, (Wed, Jul 1st)
Why Ask Credentials If There Are Secret Codes?, (Wed, Jul 1st) This morning, an interesting phishing email hit my mailbox. It targets Metamask[1], a cryptocurrency wallet, available as a browser extension and a mobile app, that lets users store, send, and receive crypto money. It’s pretty popular, so a juicy target for criminals. In February,…
-
ISC Stormcast For Wednesday, July 1st, 2026 https://isc.sans.edu/podcastdetail/9990, (Wed, Jul 1st)
ISC Stormcast For Wednesday, July 1st, 2026 https://isc.sans.edu/podcastdetail/9990, (Wed, Jul 1st) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
June 2026 Apple Updates, (Tue, Jun 30th)
June 2026 Apple Updates, (Tue, Jun 30th) Apple released updates for iOS/iPadOS, macOS, and Safari on Monday. There have been no updates for other Apple operating systems (visionOS, watchOS, tvOS). Usually, Apple updates all products at the same time. Most of the vulnerabilities affect the web browser (WebKit, libxslt, WebRTC, and Web Extension). Only four…
-
ISC Stormcast For Tuesday, June 30th, 2026 https://isc.sans.edu/podcastdetail/9988, (Tue, Jun 30th)
ISC Stormcast For Tuesday, June 30th, 2026 https://isc.sans.edu/podcastdetail/9988, (Tue, Jun 30th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Smashing Security podcast #474: Polymarket can predict the future. So how did it miss this hack?
Smashing Security podcast #474: Polymarket can predict the future. So how did it miss this hack? Polymarket has built an entire business on predicting the future. So how did it manage to spectacularly fail to predict its own hack? Plus, the Google engineer with a million-dollar secret, and the curious case of the airport hairdryer.…
-
Crafty Phishing Campaigns Auto-Adapt to Victim’s Device, OS
Crafty Phishing Campaigns Auto-Adapt to Victim’s Device, OS Attackers fingerprint victims through user-agent data to deliver OS-specific payloads, increasing compromise rates and campaign profitability. Alexander Culafi Go to gbhackers.com
-
And the Winner in Dominant Malware Delivery? ClickFix
And the Winner in Dominant Malware Delivery? ClickFix Researchers say the highly effective social engineering technique is no longer the exception for malware attacks — it’s now the rule. Rob Wright Go to gbhackers.com
-
‘Phantom Squatting’: An Emerging AI-Driven Supply Chain Threat
‘Phantom Squatting’: An Emerging AI-Driven Supply Chain Threat LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect attack vector. Elizabeth Montalbano Go to gbhackers.com
-
Safe Events Start With Threat Intel and Digital Security
Safe Events Start With Threat Intel and Digital Security Planning ahead to defend against cyber threats is the work that keeps events uneventful. Olga Polishchuk Go to gbhackers.com
-
The Gentlemen Ransomware Targets Large Corporations and Critical Infrastructure Worldwide
The Gentlemen Ransomware Targets Large Corporations and Critical Infrastructure Worldwide The Gentlemen ransomware group has emerged in 2026 as a highly adaptive and technically sophisticated ransomware-as-a-service (RaaS) operation targeting large corporations and critical infrastructure… Delivered by PolitePaul service Go to gbhackers.com
-
RedLine Infostealer Thread Reveals Hidden Maritime Phishing and BEC Infrastructure
RedLine Infostealer Thread Reveals Hidden Maritime Phishing and BEC Infrastructure A routine threat-feed alert for a RedLine Stealer command-and-control (C2) IP morphed into a full-scale pivot investigation that exposed a tailored maritime spear‑phishing and… Delivered by PolitePaul service Go to gbhackers.com
-
Fluentd Security Flaws Enable Remote Code Execution, SSRF, DoS, and Credential Exposure
Fluentd Security Flaws Enable Remote Code Execution, SSRF, DoS, and Credential Exposure Fluentd, a widely used open-source data collector for unified logging, has reported several high-impact vulnerabilities that could enable attackers to achieve remote code execution… Delivered by PolitePaul service Go to gbhackers.com
-
New RustDuck Botnet Targets IoT Devices and Servers With Weak Passwords and RCE Exploits
New RustDuck Botnet Targets IoT Devices and Servers With Weak Passwords and RCE Exploits A sophisticated new botnet family dubbed RustDuck emerged in early 2026, leveraging a two-stage Loader and Core architecture to compromise IoT devices, routers, and… Delivered by PolitePaul service Go to gbhackers.com
-
Glitch SPY RAT Abuses Android Accessibility Service for Full Device Control
Glitch SPY RAT Abuses Android Accessibility Service for Full Device Control An emerging Android remote-access trojan platform, tracked as Glitch SPY, that leverages a fraudulent Polish apartment-rental website to trick victims into sideloading a malicious… Delivered by PolitePaul service Go to gbhackers.com
-
Amazon fined $2.25M for withholding evidence from fraud victims
Amazon fined $2.25M for withholding evidence from fraud victims The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims’ access to transaction records. […] Sergiu Gatlan Go to bleepingcomputer
-
Adobe patches seven max severity ColdFusion, Campaign flaws
Adobe patches seven max severity ColdFusion, Campaign flaws Adobe has released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic marketing automation platform. […] Sergiu Gatlan Go to bleepingcomputer
-
Anthropic to restore Claude Fable access on Wednesday
Anthropic to restore Claude Fable access on Wednesday Anthropic has confirmed that the Department of Commerce has lifted export controls on Claude’s two most powerful models, Fable 5 and Mythos 5. […] Mayank Parmar Go to bleepingcomputer
-
Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price
Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price Anthropic is now rolling out Sonnet 5, and it’s almost as good as the Opus range, but it is designed to be cheaper than the company’s flagship model. […] Mayank Parmar Go to bleepingcomputer
-
New BioShocking attack manipulates AI browser into data theft
New BioShocking attack manipulates AI browser into data theft A new prompt injection attack dubbed “BioShocking” could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails. […] Bill Toulas Go to bleepingcomputer
-
Chrome Update Fixes 382 Vulnerabilities, Including 15 Critical Ones – Update Now!
Chrome Update Fixes 382 Vulnerabilities, Including 15 Critical Ones – Update Now! Chrome 151’s latest stable-channel update delivers patches for 382 security vulnerabilities, including 15 critical bugs that can be weaponized for remote code execution and full browser compromise if left unpatched. Google is rolling this update out for Windows, macOS, Linux, and Chrome for…
-
Multiple Apache Tomcat Vulnerabilities Allow Attackers to Bypass Authentication
Multiple Apache Tomcat Vulnerabilities Allow Attackers to Bypass Authentication The Apache Software Foundation has disclosed two vulnerabilities affecting Apache Tomcat that could allow attackers to bypass authentication and security constraints protecting web applications. The flaws, tracked as CVE-2026-55957 and CVE-2026-55956, impact multiple major versions of the widely deployed servlet container, prompting urgent upgrade recommendations across…
-
U.S. Lifts Export Controls on Claude Fable 5 and Mythos 5
U.S. Lifts Export Controls on Claude Fable 5 and Mythos 5 The U.S. Department of Commerce has formally withdrawn export control restrictions on Anthropic’s Claude Fable 5 and Mythos 5 AI models, ending an 18-day standoff that had blocked global access to the company’s most advanced systems. In a letter dated June 30, 2026, Commerce…
-
Anthropic’s Claude Code Reportedly Uses Hidden Code to Detect Chinese Users
Anthropic’s Claude Code Reportedly Uses Hidden Code to Detect Chinese Users A Reddit disclosure has ignited a serious debate about developer trust and covert surveillance, alleging that Anthropic embedded undisclosed detection logic inside its Claude Code CLI tool, specifically targeting users in China or those routing traffic through Chinese AI lab proxies. A Reddit user…
-
Microsoft Teams’ New Feature Blocks Bots from Joining Meetings
Microsoft Teams’ New Feature Blocks Bots from Joining Meetings Microsoft has rolled out a new bot protection capability in Microsoft Teams that gives IT administrators and meeting organizers greater control over external bots attempting to join meetings, a move designed to address growing privacy and security concerns around AI-powered meeting tools. As AI note-taking bots…
-
This month in security with Tony Anscombe – June 2026 edition
This month in security with Tony Anscombe – June 2026 edition Three-day patching deadlines, exposed fuel-tank systems, scams costing billions of dollars, and social media bans for children all gave Tony plenty to unpack in June 2026 Go to eset
-
Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts
Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts Cybersecurity researchers have warned of a “massive, ongoing, automated password spray attack” aimed at Microsoft’s Azure command-line interface (CLI), compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address range (2a0a:d683::/32) controlled by internet infrastructure provider…
-
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery ClickFix, the trick that fools people into running malware by hand, has quietly grown a back office. New research shows the malicious commands behind its fake “prove you’re human” pages are now handed out by API-driven servers that give each visitor the same malware in…
-
Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service
Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-service (DoS) condition. The vulnerabilities are listed below…