no alarms and no surprises please..
-
‘GitLost’ Flaw Leaks Private Data from GitHub’s Agentic Workflows
‘GitLost’ Flaw Leaks Private Data from GitHub’s Agentic Workflows The flaw allows an unauthenticated attacker to craft a GitHub Issue in an org’s public repository and then silently pull data from its private repos, too. Elizabeth Montalbano Go to gbhackers.com
-
Thousands of MCP Servers Found Vulnerable to File Access and Injection Attacks
Thousands of MCP Servers Found Vulnerable to File Access and Injection Attacks Thousands of Model Context Protocol (MCP) servers, widely used to connect large language models (LLMs) to external systems, have been found vulnerable to critical… Delivered by PolitePaul service Go to gbhackers.com
-
Windows 11 26H2 Enables Backup Policy to Restore User Apps and Settings
Windows 11 26H2 Enables Backup Policy to Restore User Apps and Settings Microsoft has confirmed a significant policy change in the upcoming Windows 11 version 26H2. This update introduces a new default behavior for Windows settings… Delivered by PolitePaul service Go to gbhackers.com
-
US Cyber Agency Uses Anthropic Mythos to Audit Government Code for Bugs
US Cyber Agency Uses Anthropic Mythos to Audit Government Code for Bugs The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has started using Anthropic’s advanced AI model, Mythos, to audit government software for vulnerabilities. This marks… Delivered by PolitePaul service Go to gbhackers.com
-
Kazuar Backdoor Uses DLL Side-Loading and PowerShell Loaders for Stealthy Execution
Kazuar Backdoor Uses DLL Side-Loading and PowerShell Loaders for Stealthy Execution Turla’s Kazuar backdoor has re-emerged as a technically sophisticated persistence and reconnaissance tool that combines DLL side-loading with PowerShell-based loaders to achieve stealthy execution… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Introduces Execution Containers to Secure AI Agents on Windows
Microsoft Introduces Execution Containers to Secure AI Agents on Windows Microsoft has introduced a new security architecture to safeguard autonomous AI agents on Windows, unveiling the Microsoft Execution Containers (MXC) SDK at Build 2026…. Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft to enable Windows settings backup by default for orgs
Microsoft to enable Windows settings backup by default for orgs Microsoft says the Windows settings backup and restore tool will be enabled by default on Microsoft Entra-joined or Microsoft Entra hybrid-joined enterprise systems after upgrading to Windows 11 26H2. […] Sergiu Gatlan Go to bleepingcomputer
-
BeyondTrust warns of critical flaws in remote access software
BeyondTrust warns of critical flaws in remote access software BeyondTrust warned customers to patch two critical security flaws in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow attackers to bypass authentication. […] Sergiu Gatlan Go to bleepingcomputer
-
Microsoft testing new Cloud Rebuild Windows 11 recovery feature
Microsoft testing new Cloud Rebuild Windows 11 recovery feature Microsoft has begun testing the Cloud Rebuild recovery feature in the latest Windows 11 Insider Preview builds released for users in the Experimental channel. […] Sergiu Gatlan Go to bleepingcomputer
-
Phishing poses as big-brand job interview to steal Google accounts
Phishing poses as big-brand job interview to steal Google accounts A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals. […] Ionut Ilascu Go to bleepingcomputer
-
Fake IT support calls on Microsoft Teams push EtherRAT malware
Fake IT support calls on Microsoft Teams push EtherRAT malware Threat actors are abusing Microsoft Teams voice calls by impersonating corporate IT support staff to trick employees into installing the EtherRAT malware, giving attackers initial access to corporate networks. […] Lawrence Abrams Go to bleepingcomputer
-
Cavern Manticore Abuses SysAid RMM and WinDirStat DLL Sideloading to Deploy C2 Framework
Cavern Manticore Abuses SysAid RMM and WinDirStat DLL Sideloading to Deploy C2 Framework A new Iranian-linked hacking group has been caught abusing everyday IT tools to slip malware onto Israeli networks. Researchers have named the group Cavern Manticore, and its latest campaign shows how creative attackers have become at hiding in plain sight. Instead of…
-
Tenda Authentication Backdoor Grants Attackers Full Administrative Access
Tenda Authentication Backdoor Grants Attackers Full Administrative Access A newly disclosed vulnerability in Tenda network devices exposes a critical authentication backdoor that allows attackers to gain full administrative access without valid credentials. The flaw affects multiple firmware versions across several Tenda router models, including the FH1201, W15E, AC10, AC5, and AC6 series. The issue, tracked…
-
16-Year-Old Linux KVM Vulnerability Allows Malicious Guest to Corrupt Host Kernel Memory
16-Year-Old Linux KVM Vulnerability Allows Malicious Guest to Corrupt Host Kernel Memory A newly disclosed Linux Kernel-based Virtual Machine (KVM) vulnerability, tracked as CVE-2026-53359 and dubbed “Januscape,” exposes a critical flaw that allows a malicious guest to corrupt host kernel memory, breaking the fundamental isolation guarantees of virtualization. The issue, which remained unnoticed for nearly…
-
Critical BeyondTrust Flaws Let Attackers Bypass Access Controls and Gain Unauthorized Access
Critical BeyondTrust Flaws Let Attackers Bypass Access Controls and Gain Unauthorized Access BeyondTrust has disclosed multiple critical and high-severity vulnerabilities affecting its Remote Support (RS) and Privileged Remote Access (PRA) solutions, potentially allowing attackers to bypass access controls and gain unauthorized access to sensitive systems. The issues are tracked under Advisory ID BT26-03 and carry…
-
Windows Device Identifier Feature Leads to Arrest of Scattered Spider Hacking Group Member
Windows Device Identifier Feature Leads to Arrest of Scattered Spider Hacking Group Member A persistent Microsoft device identifier was used to unravel the anonymity of an alleged Scattered Spider operator, according to a federal superseding complaint filed in the Northern District of Illinois. Peter Stokes, 19, a dual U.S.–Estonian citizen who allegedly used the handles…
-
BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA
BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below – CVE-2026-40138 (CVSS score: 9.2)…
-
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations An Iranian hacking group affiliated with Iran’s Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and government sectors, has been…
-
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems A use-after-free bug in Linux’s KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed ‘Januscape’ and tracked as CVE-2026-53359, the flaw sits in the shadow MMU…
-
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the “X-WEBAUTH-USER” header from any…
-
⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More
⚡ Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware and More A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became…
-
France to Stop Certifying Non-Quantum-Safe Encryption
France to Stop Certifying Non-Quantum-Safe Encryption France is accelerating its transition to post-quantum encryption: France’s cybersecurity agency ANSSI said on Tuesday it would stop certifying security products that lack quantum-resistant encryption, a move that will force government bodies and critical operators to shift away from older systems. Samih Souissi, ANSSI’s chief of staff, said at…
-
‘BusySnake’ Infostealer Slithers into Critical Infrastructure Networks
‘BusySnake’ Infostealer Slithers into Critical Infrastructure Networks A threat group researchers call “Armored Likho” has gained access to government agencies and electrical power entities in Russia, Brazil, and Kazakhstan. Jai Vijayan Go to gbhackers.com
-
CitrixBleed-ing Again? NetScaler Vulnerability Under Attack
CitrixBleed-ing Again? NetScaler Vulnerability Under Attack Attackers wasted little time targeting the latest memory disclosure flaw in Citrix’s NetScaler products, after researchers published a proof-of-concept exploit (PoC). Rob Wright Go to gbhackers.com
-
JadePuffer: The First Complete LLM-Driven Ransomware Attack
JadePuffer: The First Complete LLM-Driven Ransomware Attack An “agentic threat actor” successfully exploited a Langflow flaw to steal data from a production database server and encrypt other systems. Elizabeth Montalbano Go to gbhackers.com
-
SilverFox Campaign Turns ValleyRAT Into Multi-Stage Malware With Rootkit Capabilities
SilverFox Campaign Turns ValleyRAT Into Multi-Stage Malware With Rootkit Capabilities The SilverFox advanced persistent threat (APT) group has escalated its offensive toolkit by transforming ValleyRAT from a conventional remote access trojan into an eight-stage… Delivered by PolitePaul service Go to gbhackers.com
-
FIFA World Cup Phishing Scam Uses Fake Reward Pages to Steal Credit Card Data
FIFA World Cup Phishing Scam Uses Fake Reward Pages to Steal Credit Card Data A sophisticated email phishing campaign exploiting the global excitement around the 2026 FIFA World Cup is deceiving fans with counterfeit reward pages designed to… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Warns Windows 11 Enterprise Devices May Boot to Black Screen After Updates
Microsoft Warns Windows 11 Enterprise Devices May Boot to Black Screen After Updates Microsoft has issued a warning to enterprise administrators about a critical issue affecting Windows 11 systems. This problem may cause devices to boot to… Delivered by PolitePaul service Go to gbhackers.com
-
IBM WebSphere Application Server Hit by Critical XSS and Path Traversal Vulnerabilities
IBM WebSphere Application Server Hit by Critical XSS and Path Traversal Vulnerabilities IBM has disclosed several security vulnerabilities in its WebSphere Application Server that put enterprise environments at risk of cross-site scripting (XSS) and path-traversal attacks…. Delivered by PolitePaul service Go to gbhackers.com
-
PHP TLS Flaw Lets Remote Server Trigger DoS and Crash Entire FPM Process
PHP TLS Flaw Lets Remote Server Trigger DoS and Crash Entire FPM Process A newly disclosed high-severity vulnerability in PHP, tracked as CVE-2026-12184, poses a significant risk to web applications by allowing a remotely triggerable denial-of-service (DoS)… Delivered by PolitePaul service Go to gbhackers.com
-
Flipper Zero firmware development continues with community help
Flipper Zero firmware development continues with community help Flipper Devices says development of the Flipper Zero firmware will continue, albeit with a smaller internal team and greater reliance on community contributions. […] Bill Toulas Go to bleepingcomputer
-
Opera GX 0-Click Vulnerability Lets Attackers Exfiltrate User Data via Malicious Website
Opera GX 0-Click Vulnerability Lets Attackers Exfiltrate User Data via Malicious Website A newly disclosed vulnerability in Opera GX allowed attackers to silently exfiltrate sensitive user data with no interaction required, simply by luring victims to a malicious website. The issue, documented in recent research titled “One trigram at a time: XSLeak via Universal CSS…
-
New TrojPix Attack Lets Attackers Access Air-gapped Computers From 208 Meters
New TrojPix Attack Lets Attackers Access Air-gapped Computers From 208 Meters A novel electromagnetic (EM) covert-channel attack, dubbed TrojPix, can steal sensitive data from already-compromised air-gapped computers over distances of up to 208 meters, even through concrete walls, by exploiting only the pixels displayed on a victim’s screen. The technique was developed by a team…
-
Hackers Abuse OpenAI Org Invites to Harvest Sensitive Prompts and API Activity
Hackers Abuse OpenAI Org Invites to Harvest Sensitive Prompts and API Activity Hackers are actively abusing OpenAI’s organization invitation feature to launch a new form of “poisoned tenant” attack, allowing them to harvest sensitive prompts, API activity, and potentially corporate data from unsuspecting users. According to research disclosed by Push Security, attackers created a fake…
-
SSH Honeypots Miss Most Post-Login Attacks by Focusing on Interactive Shells
SSH Honeypots Miss Most Post-Login Attacks by Focusing on Interactive Shells SSH honeypots, widely used in cyber defense, may miss most real-world post-login attacker activity, according to new research that challenges long-standing assumptions in deception technology. A recent study titled “Ghost Without Shell: Measuring Non-Interactive SSH Attacks on Honeypots” by researchers from the Czech Technical…
-
Parrot 7.3 Released With Optimized Packages and Updated Tools
Parrot 7.3 Released With Optimized Packages and Updated Tools Parrot Security has released Parrot OS 7.3, introducing significant system-level optimizations, updated security tools, and a redesigned application management experience to improve performance and usability for security professionals. The update arrives just months after the previous release, with developers focusing less on expanding the toolset and…
-
SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing
SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing Scanners meant to catch malicious add-on “skills” for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Their strongest trick slipped past…
-
JadePuffer ransomware used AI agent to automate entire attack
JadePuffer ransomware used AI agent to automate entire attack Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. […] Bill Toulas Go to bleepingcomputer
-
Microsoft Releases OOBE Cumulative Update for Windows 11, Versions 24H2 and 25H2
Microsoft Releases OOBE Cumulative Update for Windows 11, Versions 24H2 and 25H2 Microsoft has rolled out KB5095189, a new cumulative update targeting the Out-of-Box Experience (OOBE) for Windows 11, versions 24H2 and 25H2. Released on June 23, 2026, this update refines the initial setup flow that users encounter when configuring a new or freshly reset…
-
U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case
U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd part: the group that…
-
North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as part of an ongoing activity referred to as PolinRider. “The campaign remains active,…
-
Parrot 7.3 released With new menu system and smoother day-to-day use
Parrot 7.3 released With new menu system and smoother day-to-day use Parrot 7.3 arrives focused on refinement rather than a tool glut, rebuilding all editions to deliver perceptible gains on modern hardware and a smoother… Delivered by PolitePaul service Go to gbhackers.com
-
Armored Likho APT Deploys BusySnake Stealer Against Government and Power Sector Targets
Armored Likho APT Deploys BusySnake Stealer Against Government and Power Sector Targets A focused phishing campaign operated by a previously unreported APT we’ve named Armored Likho (also tracked under the provisional alias Eagle Werewolf). The group… Delivered by PolitePaul service Go to gbhackers.com
-
Avalon Malware Uses Legal Document Lure to Deliver CrownX Ransomware Capabilities
Avalon Malware Uses Legal Document Lure to Deliver CrownX Ransomware Capabilities A previously undocumented malware framework, tracked as Avalon, that uses a spoofed legal-document lure and a multi-stage, fileless-oriented chain to deliver a ransomware component… Delivered by PolitePaul service Go to gbhackers.com
-
TimbreStealer Malware Targets Mexico Companies With Advanced Evasion Techniques
TimbreStealer Malware Targets Mexico Companies With Advanced Evasion Techniques A new campaign linked to the TimbreStealer information stealer that specifically targets Mexican companies, employing layered evasion and sophisticated runtime tricks to frustrate detection… Delivered by PolitePaul service Go to gbhackers.com
-
Verified X Sponsored Ad Spreads Mac Malware While ConsentFix Hijacks Microsoft 365 Accounts
Verified X Sponsored Ad Spreads Mac Malware While ConsentFix Hijacks Microsoft 365 Accounts A Mac-targeting ClickFix campaign amplified through a verified X sponsored ad, and a novel browser-based hijack technique called ConsentFix that exfiltrates Microsoft 365 session… Delivered by PolitePaul service Go to gbhackers.com
-
NetNut proxy network disrupted, 2 million infected devices cut off
NetNut proxy network disrupted, 2 million infected devices cut off A joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android devices, including smart TVs and streaming boxes. […] Ionut Ilascu Go to bleepingcomputer
-
ARToken PhaaS exposes EvilTokens’ Microsoft 365 phishing toolkit
ARToken PhaaS exposes EvilTokens’ Microsoft 365 phishing toolkit A new phishing-as-a-service (PhaaS) platform dubbed “ARToken” appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed to compromise Microsoft 365. […] Lawrence Abrams Go to bleepingcomputer
-
PamStealer Mimics Maccy Clipboard Manager Silently Harvests Data and Clipboard Contents
PamStealer Mimics Maccy Clipboard Manager Silently Harvests Data and Clipboard Contents PamStealer is a newly identified macOS infostealer that disguises itself as the popular open-source clipboard manager “Maccy” while silently harvesting sensitive user data. Discovered by Jamf Threat Labs, the malware uses a stealthy two-stage infection chain designed to evade detection and blend into normal…
-
Multiple FatFs Vulnerabilities Expose Millions of Embedded Devices to Cyber Risks
Multiple FatFs Vulnerabilities Expose Millions of Embedded Devices to Cyber Risks Security researchers at runZero have disclosed seven new CVEs affecting FatFs, the ubiquitous lightweight FAT/exFAT filesystem driver used across embedded and IoT ecosystems. The vulnerabilities range from CVSS Medium to High, with no Critical-rated findings, but their reach is significant: FatFs underpins platforms including…
-
New “Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers and Android Devices
New “Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers and Android Devices A newly disclosed Linux kernel flaw dubbed “Bad Epoll” (CVE-2026-46242) allows an unprivileged local user to escalate to root on Linux servers, desktops, and Android devices by exploiting a race condition and a use-after-free (UAF) in the kernel’s epoll subsystem. Bad…
-
Indian Govt Bans Apps Being Misused to Stop E-Rickshaws Remotely
Indian Govt Bans Apps Being Misused to Stop E-Rickshaws Remotely The Indian government has directed Google and Apple to take down three mobile applications, BAT-BMS, Lossigy, and Epoch-i-ion, after they were allegedly misused to remotely disable e-rickshaws and other battery-operated three-wheelers mid-journey, putting passenger safety at risk. Authorities have also warned that any additional apps…
-
Top 10 Best Post-Quantum Cryptographic Solutions in 2026
Top 10 Best Post-Quantum Cryptographic Solutions in 2026 Quantum computing has crossed the line from research curiosity to board-level risk. Once a cryptographically relevant quantum computer arrives — an event security planners call “Q-Day” — the public-key cryptography that protects banking, government, healthcare, and the entire internet (RSA, ECC, Diffie-Hellman) collapses in hours. Worse, the…
-
Cyber readiness for SMBs: Getting the basics right
Cyber readiness for SMBs: Getting the basics right AI is changing cybercrime, but SMB cyber readiness still largely depends on closing the familiar gaps Go to eset
-
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws matter because FatFs is nearly everywhere. It ships inside the firmware that runs…
-
New “Bad Epoll” Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android
New “Bad Epoll” Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll sits in…
-
New Avalon Malware Framework Packs CrownX Ransomware Capabilities
New Avalon Malware Framework Packs CrownX Ransomware Capabilities Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that’s distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls. Avalon combines credential collection, lateral movement, remote access, recovery disruption, and ransomware execution, bringing together diverse functions under one Go…
-
North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFrog, the packages “rollup-packages-polyfill-core” and “rollup-runtime-polyfill-core” mimic the legitimate “rollup-plugin-polyfill-node” project,…
-
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. “Armored Likho blends financially motivated campaigns targeting private individuals with targeted cyber espionage aimed at organizations,” Kaspersky…
-
Flock Cameras Can Surveil Cars Without License Plates
Flock Cameras Can Surveil Cars Without License Plates This is from a 2024 company presentation: Officers can also tap into data showing a car’s decals, bumper stickers, back and top racks—along with temporary and unique state tags. Flock calls it a “Vehicle Fingerprint” and it’s touted as a way for law enforcement officials to get…
-
Swimming Pools, Pee, and Trying to Delete Your Data From the Internet
Swimming Pools, Pee, and Trying to Delete Your Data From the Internet I can’t recall if someone else originally came up with this saying or if I said it in some off-the-cuff comment and it just propagated, but since it’s often attributed back to me, I’ll relay it here regardless: Trying to delete yourself from…
-
Chinese LLMs Broaden the Gap Between Attackers & Defenders
Chinese LLMs Broaden the Gap Between Attackers & Defenders Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried? Robert Lemos Go to gbhackers.com
-
Alibaba Reportedly Bans Claude Code Over Alleged Backdoor Risk in AI Coding Tool
Alibaba Reportedly Bans Claude Code Over Alleged Backdoor Risk in AI Coding Tool Alibaba is reportedly preparing to ban the use of Anthropic’s Claude Code across its internal environments starting July 10. This decision comes in light… Delivered by PolitePaul service Go to gbhackers.com
-
Fake Google and Cloudflare Verification Pages Spread StealC, HijackLoader, and NetSupport Malware
Fake Google and Cloudflare Verification Pages Spread StealC, HijackLoader, and NetSupport Malware Threat actors are currently exploiting sophisticated ClickFix social engineering campaigns that mimic Google and Cloudflare verification systems to distribute several high-impact malware families, including… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Exchange SSRF Vulnerability Lets Low-Privileged Attackers Read Arbitrary Files
Microsoft Exchange SSRF Vulnerability Lets Low-Privileged Attackers Read Arbitrary Files A newly disclosed vulnerability in Microsoft Exchange, identified as CVE-2026-45504 (CVSS score: 8.8), exposes a critical server-side request forgery (SSRF) flaw. This issue allows… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Use Fake API Documentation to Trick AI Agents Into Sending Crypto Payments
Hackers Use Fake API Documentation to Trick AI Agents Into Sending Crypto Payments Hackers are now weaponizing documentation and site metadata to mislead autonomous AI agents into executing cryptocurrency payments. The attack leverages indirect prompt injection (IPI): malicious… Delivered by PolitePaul service Go to gbhackers.com
-
Anthropic Unveils Cyber Jailbreak Severity Framework for Claude Fable 5 Safeguards
Anthropic Unveils Cyber Jailbreak Severity Framework for Claude Fable 5 Safeguards Anthropic has provided detailed technical insights into the cybersecurity safeguards of its redeployed Claude Fable 5 model. Alongside this, they have introduced a proposed… Delivered by PolitePaul service Go to gbhackers.com
-
Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says
Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says Anthropic says Claude Fable 5 won’t be accessible via Claude subscriptions after July 7, but it’s not a permanent change, and the company expects the model to return outside the usage-based plan soon. […] Mayank Parmar Go to bleepingcomputer
-
Claude Fable relaunch disappoints users with nerfed performance
Claude Fable relaunch disappoints users with nerfed performance Claude Fable, the company’s most powerful model, is now available to all users, but early impressions are disappointing, as it appears to be nowhere near the original release. […] Mayank Parmar Go to bleepingcomputer
-
Google loses final appeal to overturn €4.1 billion EU fine
Google loses final appeal to overturn €4.1 billion EU fine Court of Justice of the European Union (CJEU) has dismissed Google’s final appeal against a €4.1 billion ($4.7 billion) antitrust fine over the company’s use of Android to promote its Chrome browser and search service. […] Bill Toulas Go to bleepingcomputer
-
ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. […] Sponsored by Huntress Labs Go to bleepingcomputer
-
Microsoft fixes bug that removed Copilot buttons in Outlook
Microsoft fixes bug that removed Copilot buttons in Outlook Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic) license. […] Sergiu Gatlan Go to bleepingcomputer
-
Multiple WatchGuard Firebox OS Vulnerabilities Enable Arbitrary Code Execution Attacks
Multiple WatchGuard Firebox OS Vulnerabilities Enable Arbitrary Code Execution Attacks Multiple high‑severity vulnerabilities in WatchGuard Firebox devices running Fireware OS could let authenticated attackers execute arbitrary code and take full control of affected appliances. WatchGuard has disclosed three high‑impact vulnerabilities in Fireware OS affecting Firebox firewall appliances, all scored 8.6 under CVSS v4.0 and already…
-
North Korea-Linked Hackers Hide JavaScript Loaders in Open Source Repositories
North Korea-Linked Hackers Hide JavaScript Loaders in Open Source Repositories A new wave of supply chain attacks is spreading across the open source world, and this time the target is developers themselves. Security researchers have uncovered a campaign called PolinRider that hides malicious JavaScript loaders inside trusted code repositories, waiting for unsuspecting developers to run…
-
Microsoft Exchange SSRF Vulnerability Details Released Along With Public PoC Exploit
Microsoft Exchange SSRF Vulnerability Details Released Along With Public PoC Exploit Security researchers from HawkTrace have disclosed technical details of a high-severity server-side request forgery (SSRF) vulnerability in Microsoft Exchange, tracked as CVE-2026-45504. The flaw, which carries a CVSS score of 8.8, allows authenticated, low-privileged users to read arbitrary files from vulnerable Exchange servers, raising…
-
Hacker Used Claude AI to Score Free Tickets to Nearly Every US Music Show
Hacker Used Claude AI to Score Free Tickets to Nearly Every US Music Show A critical unauthenticated SQL injection vulnerability in Front Gate Tickets (FGT), a Live Nation/Ticketmaster subsidiary that powers ticketing for major US festivals including EDC, Bonnaroo, and Outside Lands, allowed full administrative takeover of the platform with help from Anthropic’s Claude AI…
-
Anthropic Details Claude Fable 5 Cybersecurity Safeguards and Jailbreak Framework
Anthropic Details Claude Fable 5 Cybersecurity Safeguards and Jailbreak Framework Anthropic has published detailed technical documentation on the cybersecurity safeguards protecting Claude Fable 5, following the model’s global redeployment. The disclosure covers both the AI’s safety classifier system and a draft framework for grading jailbreak severity, developed in partnership with Glasswing. Fable 5’s safety classifiers…
-
Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices
Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people’s traffic. Working with the FBI, Lumen, and others, Google’s Threat Intelligence Group (GTIG) said this week it had reduced the network’s pool of usable devices by…
-
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. “Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential…
-
ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories
ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one…
-
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that’s designed to gain surreptitious access to a victim’s email correspondence via the Google API. “In this campaign, the attackers focused their attention on corporate email communications hosted on…
-
Identity Lifecycle Management Wasn’t Built for AI Agents
Identity Lifecycle Management Wasn’t Built for AI Agents Identity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals proliferate across enterprise environments, the governance model built for humans develops structural blind spots that traditional IGA tools weren’t designed…
-
Vect and TeamPCP partner for ransomware campaigns
Vect and TeamPCP partner for ransomware campaigns Credentials harvested through supply chain compromises enable large‑scale ransomware deployment Categories: Threat Research Tags: Vect, TeamPCP, Ransomware Go to sophos
-
Cybersecurity Mission Creep in the US
Cybersecurity Mission Creep in the US Interesting paper: “Cybersecurity Mission Creep.” Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social media safety laws, to antitrust regulations, to alleged journalist misconduct, to anti-sex trafficking statutes become what…
-
FBI Seizes NetNut Proxy Platform, Popa Botnet
FBI Seizes NetNut Proxy Platform, Popa Botnet The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity published findings from multiple…
-
The Gentlemen ransomware: what you need to know
The Gentlemen ransomware: what you need to know Who Are The Gentlemen? Despite the impeccably polite name, there is nothing polite or refined about this particular gang of cybercriminals. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley
-
Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs
Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs Improved institutional safeguards and stricter regulations have pushed the burdens of protection and risk reduction on to Australian businesses. Nate Nelson Go to gbhackers.com
-
Apple Reverses Age-Old Patch Policy to Keep Up With AI
Apple Reverses Age-Old Patch Policy to Keep Up With AI Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit. Nate Nelson Go to gbhackers.com
-
FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs
FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs After gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug. Rob Wright Go to gbhackers.com
-
Ransomware Thugs Masquerade as Interpol to Entice Small Biz
Ransomware Thugs Masquerade as Interpol to Entice Small Biz The ransomware campaign relies on basic social engineering and stretches across multiple regions, including the US, Europe, Middle East, and elsewhere. Jai Vijayan Go to gbhackers.com
-
Anthropic’s AI Finds Bugs. IBM Bets $5B It Can Fix Them.
Anthropic’s AI Finds Bugs. IBM Bets $5B It Can Fix Them. IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic’s Mythos findings ignite debate over how to secure the open-source software supply chain. Jeffrey Schwartz Go to gbhackers.com
-
Hackers Use Geofenced Webpages to Deliver Ousaban Banking Trojan in Spain and Portugal
Hackers Use Geofenced Webpages to Deliver Ousaban Banking Trojan in Spain and Portugal A targeted phishing campaign delivering the Ousaban banking Trojan to users in Spain and Portugal, notable for its use of geofenced webpages, layered evasion… Delivered by PolitePaul service Go to gbhackers.com
-
JetBrains Patches Critical Hub Authentication Bypass and Account Takeover Vulnerabilities
JetBrains Patches Critical Hub Authentication Bypass and Account Takeover Vulnerabilities JetBrains has released patches for several critical vulnerabilities in JetBrains Hub that could allow for full authentication bypass, account takeover, and unauthorized privilege escalation… Delivered by PolitePaul service Go to gbhackers.com
-
ValleyRAT Uses RC4 Encryption, Donut Shellcode, and rundll32 Injection for Stealth
ValleyRAT Uses RC4 Encryption, Donut Shellcode, and rundll32 Injection for Stealth A recent surge in ValleyRAT activity that combines RC4-encrypted payloads, Donut-generated shellcode, and in-memory execution via suspended rundll32 processes to evade detection. First named… Delivered by PolitePaul service Go to gbhackers.com
-
Apple Hide My Email Vulnerability Lets Attackers Reveal Users’ Real Email Addresses
Apple Hide My Email Vulnerability Lets Attackers Reveal Users’ Real Email Addresses Apple’s Hide My Email privacy feature currently faces a significant flaw that may expose users’ real email addresses, compromising one of iCloud+’s core anonymity… Delivered by PolitePaul service Go to gbhackers.com
-
JADEPUFFER Agentic Ransomware Uses LLM to Automate Database Extortion
JADEPUFFER Agentic Ransomware Uses LLM to Automate Database Extortion The first instance of agentic ransomware: JADEPUFFER, an LLM-driven extortion operation that automated an end-to-end database-crippling campaign. The actor gained execution on an internet-facing… Delivered by PolitePaul service Go to gbhackers.com
-
Alleged Scattered Spider hacker extradited to the United States
Alleged Scattered Spider hacker extradited to the United States A dual United States and Estonian citizen has been extradited to the U.S. to face charges alleging he was a member of the Scattered Spider hacking collective. […] Sergiu Gatlan Go to bleepingcomputer
-
Medtronic notifies customers impacted by ShinyHunters data breach
Medtronic notifies customers impacted by ShinyHunters data breach Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. […] Bill Toulas Go to bleepingcomputer
-
FortiBleed credential-theft campaign linked to Lynx ransomware
FortiBleed credential-theft campaign linked to Lynx ransomware The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions. […] Lawrence Abrams Go to bleepingcomputer
-
Kubota says hackers had month-long access to network systems
Kubota says hackers had month-long access to network systems Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year. […] Bill Toulas Go to bleepingcomputer