no alarms and no surprises please..
-
Claude Fable 5 Doesn’t Change the Mythos Security Story
Claude Fable 5 Doesn’t Change the Mythos Security Story Stay cool: Mythos 5 is an upgrade over Mythos Preview while Fable 5 is Mythos “made safe for general use,” Anthropic explained. Alexander Culafi Go to gbhackers.com
-
Hackers Use Typosquatted npm Packages to Target Web3 Projects and Crypto Wallet Operators
Hackers Use Typosquatted npm Packages to Target Web3 Projects and Crypto Wallet Operators Hackers have been using typosquatting npm packages to weaponize the trust Web3 teams place in open-source dependencies, turning routine installs into a path for… Delivered by PolitePaul service Go to gbhackers.com
-
Attackers Can Exploit Microsoft Outlook and Word Flaws to Run Malicious Code
Attackers Can Exploit Microsoft Outlook and Word Flaws to Run Malicious Code Microsoft has disclosed a set of critical remote code execution (RCE) vulnerabilities affecting Outlook and Word that could allow attackers to execute arbitrary code… Delivered by PolitePaul service Go to gbhackers.com
-
Palo Alto PAN-OS Flaw Lets Attackers Run Arbitrary Commands With Root Privileges
Palo Alto PAN-OS Flaw Lets Attackers Run Arbitrary Commands With Root Privileges Palo Alto Networks has released patches for three new PAN-OS vulnerabilities that could allow authenticated administrators or users to execute arbitrary commands with root… Delivered by PolitePaul service Go to gbhackers.com
-
OnyxC2 Stealer Uses Cloudflare-Fronted C2 to Exfiltrate Browser Data and Credentials
OnyxC2 Stealer Uses Cloudflare-Fronted C2 to Exfiltrate Browser Data and Credentials A new commercial-grade information stealer, marketed as OnyxC2, surfaced on cybercrime forums in early 2026 and demonstrates how commodity malware is increasingly packaged as… Delivered by PolitePaul service Go to gbhackers.com
-
Tchap Messenger Hack Exposes Data of Over 73,000 French Government Employees
Tchap Messenger Hack Exposes Data of Over 73,000 French Government Employees A suspected cyberattack targeting Tchap, the secure messaging platform used by French government agencies, has reportedly exposed sensitive data belonging to more than 73,000… Delivered by PolitePaul service Go to gbhackers.com
-
CISA orders feds to patch actively exploited Ivanti flaw by Sunday
CISA orders feds to patch actively exploited Ivanti flaw by Sunday The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. […] Sergiu Gatlan Go to bleepingcomputer
-
Over 73,000 French govt employees affected in Tchap messenger breach
Over 73,000 French govt employees affected in Tchap messenger breach The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. […] Sergiu Gatlan Go to bleepingcomputer
-
Japanese energy firm loses drive with data of 10.9 million clients
Japanese energy firm loses drive with data of 10.9 million clients Kyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. […] Bill Toulas Go to bleepingcomputer
-
Maine breach portal abused to publish fake data breach disclosures
Maine breach portal abused to publish fake data breach disclosures In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine’s official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims. […] Bill Toulas Go to bleepingcomputer
-
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. […] Lawrence Abrams Go to bleepingcomputer
-
Microsoft Outlook and Word Vulnerabilities Allow Attackers to Execute Malicious Code
Microsoft Outlook and Word Vulnerabilities Allow Attackers to Execute Malicious Code Microsoft released critical fixes for three closely related remote code execution (RCE) vulnerabilities in Microsoft Outlook and Word that stem from low‑level memory‑safety flaws in the Word rendering engine and its integration with Outlook Classic. These bugs, tracked as CVE‑2026‑45456, CVE‑2026‑45458, and CVE‑2026‑47635, are…
-
Palo Alto PAN-OS Vulnerability Allows Attackers to Execute Arbitrary Commands as Root User
Palo Alto PAN-OS Vulnerability Allows Attackers to Execute Arbitrary Commands as Root User Palo Alto Networks fixed a new command injection vulnerability in PAN‑OS (CVE-2026-0273) that allows authenticated administrators to execute arbitrary commands as root via the CLI or web management interface. Two related medium‑severity issues in the same advisory window cover CLI privilege escalation…
-
Google Patches 28 Chrome Vulnerabilities that Allow Attackers to Execute Malicious Code
Google Patches 28 Chrome Vulnerabilities that Allow Attackers to Execute Malicious Code Google has released a new Chrome security update addressing 28 vulnerabilities, including several critical flaws that could allow attackers to execute malicious code on affected systems. The latest Stable channel update upgrades Chrome to version 149.0.7827.114/.115 on Windows and macOS, and to 149.0.7827.114…
-
Microsoft Teams for Android Vulnerability Allows Attackers to Disclose Sensitive Data
Microsoft Teams for Android Vulnerability Allows Attackers to Disclose Sensitive Data Microsoft has disclosed a significant security vulnerability in Microsoft Teams for Android that could allow an authenticated attacker to expose sensitive information over a network. The flaw, tracked as CVE-2026-42835, was officially released on June 9, 2026, and has been rated Important in severity.…
-
Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters
Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters Mandiant and Google Threat Intelligence Group (GTIG) have issued a critical warning after identifying an active compromise-and-extortion campaign targeting Oracle PeopleSoft infrastructure, attributed to the notorious threat actor UNC6240, also known as ShinyHunters. The campaign exploited CVE-2026-35273, a critical unauthenticated remote code execution (RCE) vulnerability…
-
OceanLotus: From external espionage to domestic targeting
OceanLotus: From external espionage to domestic targeting A shift in operational pattern of the infamous Vietnam-aligned APT group Go to eset
-
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google’s Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between…
-
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and location pins…
-
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender. “This was an accidental discovery, it took a total of 4 hours to find this,” the researcher…
-
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and…
-
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason is simple. Cybersecurity is full of work that deserves recognition and rarely gets it. Products that…
-
Enhanced License Plate Tracking
Enhanced License Plate Tracking The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers (ALPRs) that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique identifiers of mobile phones, wearables, and other Bluetooth-enabled devices in those…
-
Phishing Attack Volume Down 20%, but Risk Still Rising
Phishing Attack Volume Down 20%, but Risk Still Rising Hackers are valuing quality over quantity, using AI to upgrade their phishing attacks rather than multiplying them. Nate Nelson Go to gbhackers.com
-
Segmentation Works for OT If Operators Are Paying Attention
Segmentation Works for OT If Operators Are Paying Attention Operational technology security remains as difficult as ever, with even the best practice recommendation falling short. Arielle Waldman Go to gbhackers.com
-
Weaponized DMG Files Deliver macOS Infostealer Malware
Weaponized DMG Files Deliver macOS Infostealer Malware A recent surge in macOS-targeted campaigns shows threat actors favoring weaponized disk images (.dmg) as the primary delivery mechanism for infostealer malware. Attackers are… Delivered by PolitePaul service Go to gbhackers.com
-
BLUERABBIT Backdoor Encrypts Files, Wipes Windows Systems
BLUERABBIT Backdoor Encrypts Files, Wipes Windows Systems A new Golang-based backdoor dubbed BLUERABBIT has been observed performing combined data theft, file encryption and destructive disk wiping against Windows hosts. First seen in… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Use Residential Proxies Networks to Evade Detection
Hackers Use Residential Proxies Networks to Evade Detection The impact of residential proxies across our customer base by compiling billions of DNS resolutions and the associated network telemetry. The Kimwolf Botnet inside our enterprise customer… Delivered by PolitePaul service Go to gbhackers.com
-
Cybercriminals Exploit Chinese Guarantee Markets to Sell Stolen Credentials
Cybercriminals Exploit Chinese Guarantee Markets to Sell Stolen Credentials Chinese-language “guarantee” marketplaces hosted mainly on Telegram have become a core conduit for buying, selling, and laundering stolen credentials and a wide range of… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader
Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader Two closely related espionage campaigns targeting Cambodian government organizations that abuse a legitimate VMware-signed binary to sideload a custom loader dubbed NIGHTFORGE, which in… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft fixes BitLocker recovery bug on Windows Server 2025
Microsoft fixes BitLocker recovery bug on Windows Server 2025 Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. […] Sergiu Gatlan Go to bleepingcomputer
-
Nottingham University data breach affects over 450,000 students
Nottingham University data breach affects over 450,000 students The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. […] Sergiu Gatlan Go to bleepingcomputer
-
Max severity Ivanti Sentry vulnerability now exploited in attacks
Max severity Ivanti Sentry vulnerability now exploited in attacks Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. […] Sergiu Gatlan Go to bleepingcomputer
-
Path traversal flaw in AI dev platform Langflow exploited in attacks
Path traversal flaw in AI dev platform Langflow exploited in attacks Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. […] Bill Toulas Go to bleepingcomputer
-
The ‘Miasma’ worm source code briefly leaked on GitHub
The ‘Miasma’ worm source code briefly leaked on GitHub The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. […] Bill Toulas Go to bleepingcomputer
-
China-Linked JDY Botnet Uses 1,500+ SOHO and IoT Devices for Rapid Vulnerability Exploitation
China-Linked JDY Botnet Uses 1,500+ SOHO and IoT Devices for Rapid Vulnerability Exploitation A China-linked network of compromised routers and smart devices has grown into one of the most capable reconnaissance tools tied to a nation-state threat group. Researchers have identified a major resurgence of a botnet known as JDY, which now controls more than…
-
Microsoft Exchange Server 0-Day Vulnerability Exploited in Attacks Using Weaponized Email
Microsoft Exchange Server 0-Day Vulnerability Exploited in Attacks Using Weaponized Email Microsoft has confirmed active exploitation of a new zero‑day spoofing flaw in on‑premises Exchange Server, tracked as CVE‑2026‑42897. The flaw allows attackers to execute arbitrary JavaScript in Outlook Web Access (OWA) simply by sending a weaponized email that a victim opens in a browser.…
-
Ivanti Endpoint Manager Mobile Vulnerability Enables Remote Code Execution Attacks
Ivanti Endpoint Manager Mobile Vulnerability Enables Remote Code Execution Attacks A high-severity vulnerability, CVE-2026-6973, in Ivanti Endpoint Manager Mobile (EPMM) could allow authenticated attackers to achieve remote code execution by injecting malicious Apache configuration directives. The flaw, assigned a CVSS score of 7.2, is classified as a configuration control vulnerability (CWE-15) and affects multiple versions…
-
Anthropic’s Claude Fable 5 Jailbroken to Generate Stack Exploits
Anthropic’s Claude Fable 5 Jailbroken to Generate Stack Exploits Anthropic launched Claude Fable 5 on June 9, 2026, as the first publicly available model in its new Mythos class, its most capable AI to date, excelling in software engineering, knowledge work, and vision benchmarks. Researcher “Pliny the Liberator” defeats Claude Fable 5’s safety classifiers using…
-
Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency
Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency Hackers are turning everyday software searches into a trap. A sophisticated cryptojacking campaign is actively targeting users who search for popular PC utilities online, luring them into downloading malware-laced files that secretly mine cryptocurrency using their own GPU. The attackers have built a network…
-
SMB cyber-readiness: What makes or breaks it
SMB cyber-readiness: What makes or breaks it A company that’s expecting a cyberattack but hasn’t actively prepared for it risks making the hardest decisions at the worst possible moment Go to eset
-
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks GitHub has announced what it said are “breaking changes” coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the “npm install” command…
-
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance Cybersecurity researchers have warned of a “resurgence and expansion” of JDY, a covert network associated with China-nexus state-sponsored threat actors. “The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlled, high-performance scanner used to…
-
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI.…
-
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow…
-
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The list of vulnerabilities is as follows – CVE-2026-20245 (CVSS score: 7.8) – An improper encoding…
-
NSO Group Hacking WhatsApp Despite Court Order
NSO Group Hacking WhatsApp Despite Court Order WhatsApp has caught the NSO Group phishing its users, in violation of a court order. Bruce Schneier Go to bruce schneier
-
ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th)
ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)
How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th) Back in 2023, I wrote a diary[1] discussing how commonly X-Frame-Options and CSP headers containing the frame-ancestors directive were used on 1 million most popular domains on the internet (based on the Tranco list[2]), and how they were…
-
Why schools remain one of cybercriminals’ favourite targets
Why schools remain one of cybercriminals’ favourite targets Schools on both sides of the Atlantic have been revealed in recent days to have been hit by hackers, reminding all of us that ransomware gangs see educational instituions as targets all year round. Read more in my article on the Hot for Security blog. Graham Cluley…
-
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success North Korea’s gross domestic product (GDP) has grown, in part because of the cybercrime gains of groups linked to the nation, which target business and financial firms. Robert Lemos Go to gbhackers.com
-
Weekly Update 507
Weekly Update 507 1,000 breaches is one hell of a milestone. It’s not just the process of getting data, verifying it, loading it, sending notifications etc, it’s all the other stuff that goes into keeping the whole thing afloat. Legal docs. Trademarks. Accounting. Agreements. The most mind-numbingly boring stuff you can imagine happening in the…
-
CISA Rewrites Federal Patching Requirements for AI Threat Era
CISA Rewrites Federal Patching Requirements for AI Threat Era The new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred. Jai Vijayan Go to gbhackers.com
-
Bug Bounty Research Triggers ServiceNow Security Alert
Bug Bounty Research Triggers ServiceNow Security Alert Bug bounty research inadvertently led organizations to believe they were being breached through their ServiceNow instances. Alexander Culafi Go to gbhackers.com
-
Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet
Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft. Elizabeth Montalbano Go to gbhackers.com
-
The Invisible Battlefield: How Cyber War Is Reshaping Everyday Life
The Invisible Battlefield: How Cyber War Is Reshaping Everyday Life Former National Cyber Director Chris Inglis warns that cyber attacks threaten hospitals, utilities and essential services. Chris Inglis Go to gbhackers.com
-
CISA Issues Alert on Actively Exploited Google Chromium Zero-Day Flaw
CISA Issues Alert on Actively Exploited Google Chromium Zero-Day Flaw CISA has issued a new warning about an actively exploited zero-day vulnerability in Google Chromium that could allow attackers to execute arbitrary code through… Delivered by PolitePaul service Go to gbhackers.com
-
Tax Phishing Emails Deliver In-Memory Malware to Windows Systems
Tax Phishing Emails Deliver In-Memory Malware to Windows Systems Cybercriminals are leveraging tax-themed phishing emails to deploy sophisticated in-memory malware on Windows systems, bypassing traditional disk-based detection mechanisms. The attack cascade begins when… Delivered by PolitePaul service Go to gbhackers.com
-
Malicious npm Package ‘dbmux’ Targets Developers
Malicious npm Package ‘dbmux’ Targets Developers Malware was discovered in the npm package dbmux. Any computer with this package installed or running should be considered fully compromised. The GitHub Advisory (GHSA-62wx-5f55-w8g2)… Delivered by PolitePaul service Go to gbhackers.com
-
Windows BitLocker 0-Day Flaw Enables Security Feature Bypass Attacks
Windows BitLocker 0-Day Flaw Enables Security Feature Bypass Attacks Microsoft has disclosed a newly identified zero-day vulnerability in Windows BitLocker that could allow attackers to bypass one of the operating system’s core disk… Delivered by PolitePaul service Go to gbhackers.com
-
Windows Defender Zero-Day “RoguePlanet” Lets Attackers Gain SYSTEM Privileges
Windows Defender Zero-Day “RoguePlanet” Lets Attackers Gain SYSTEM Privileges A newly disclosed zero-day vulnerability dubbed “RoguePlanet” is affecting Microsoft Defender, allowing attackers to escalate privileges and obtain full SYSTEM-level access on vulnerable Windows… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives. […] Sergiu Gatlan Go to bleepingcomputer
-
Ivanti: Max severity Sentry flaw allows code execution as root
Ivanti: Max severity Sentry flaw allows code execution as root Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. […] Sergiu Gatlan Go to bleepingcomputer
-
Anthropic rolls out Claude Fable 5, but it’s available for a limited time
Anthropic rolls out Claude Fable 5, but it’s available for a limited time Anthropic has begun rolling out a new model called “Fable,” which is based on the same underlying model as Mythos, its most powerful AI model class. […] Mayank Parmar Go to bleepingcomputer
-
Microsoft Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
Microsoft Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges A security researcher has released a new Microsoft Defender zero-day exploit named “RoguePlanet” just hours after Microsoft fixed two previously disclosed flaws during June 2026 Patch Tuesday. […] Lawrence Abrams Go to bleepingcomputer
-
ServiceNow discloses security incident exposing customer data
ServiceNow discloses security incident exposing customer data ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances. […] Lawrence Abrams Go to bleepingcomputer
-
Hackers Deploy MLTBackdoor Malware via Multi-Stage ClickFix Infection Chain
Hackers Deploy MLTBackdoor Malware via Multi-Stage ClickFix Infection Chain A newly discovered backdoor malware called MLTBackdoor is making waves in the cybersecurity community after being spotted in a carefully designed, multi-stage attack chain. Identified in May 2026, this threat stands out for its advanced ability to hide from security tools while quietly establishing a deep…
-
Hackers Abuse TikTok and Instagram Reels to Spread Malware via Fake Free Software Tutorials
Hackers Abuse TikTok and Instagram Reels to Spread Malware via Fake Free Software Tutorials Cybercriminals are now turning to short-form video platforms as a new attack surface, using fake software tutorials on TikTok and Instagram Reels to push malware onto unsuspecting users. The tactic is simple but remarkably effective: create polished, convincing videos that promise…
-
Windows BitLocker 0-Day Vulnerability Allows Attackers to Bypass Security Feature
Windows BitLocker 0-Day Vulnerability Allows Attackers to Bypass Security Feature Microsoft disclosed a new Windows BitLocker Security Feature Bypass vulnerability, tracked as CVE-2026-50507, on June 9, 2026, as part of its June Patch Tuesday security release. The flaw, rooted in a protection mechanism failure, allows an unauthorized attacker with physical access to bypass BitLocker Device Encryption…
-
Anthropic Released Claude Fable 5, the First Model in Mythos Class
Anthropic Released Claude Fable 5, the First Model in Mythos Class Anthropic has released Claude Fable 5, the first publicly available model in its new Mythos capability tier, a class powerful enough that the company says it ships with cybersecurity safeguards baked in from day one. Fable 5 sits above the Claude Opus line and…
-
New Windows Defender 0-Day Exploit “RoguePlanet” Grants SYSTEM Access to Attackers
New Windows Defender 0-Day Exploit “RoguePlanet” Grants SYSTEM Access to Attackers A researcher known as Nightmare Eclipse (also tracked as Chaotic Eclipse or Dead Eclipse) has publicly released a new proof-of-concept (PoC) exploit named RoguePlanet, targeting a previously undisclosed race condition vulnerability in Microsoft Windows Defender. When successfully executed, the exploit spawns a command shell…
-
Cybercriminals: the ‘auditors’ you never hired
Cybercriminals: the ‘auditors’ you never hired Every organisation gets audited. The question is who does the auditing. Go to eset
-
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet. “The exploit is a race condition, so it’s a hit or miss,” the researcher, who published the exploit under…
-
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could result in remote code execution (RCE) and denial-of-service (DoS) attacks. “In affected environments, a single malicious protobuf schema, descriptor,…
-
Meta to Use Off-Site Business Data for Feed and AI Personalization
Meta to Use Off-Site Business Data for Feed and AI Personalization Meta on Tuesday announced that it will use information shared by other businesses to personalize users’ feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads. “Businesses often share information about people’s activity on their sites with us to…
-
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. “A vulnerability allowing…
-
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. “Our priority is to protect customers and…
-
GPS As a Key Distribution Platform
GPS As a Key Distribution Platform This is interesting: The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, turning each satellite into a hidden “numbers station,” according to Steven Murdoch… That means every device that uses GPS has been receiving hidden government information…
-
ISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966, (Wed, Jun 10th)
ISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966, (Wed, Jun 10th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Microsoft June 2026 Patch Tuesday, (Tue, Jun 9th)
Microsoft June 2026 Patch Tuesday, (Tue, Jun 9th) Microsoft today released patches for 204 vulnerabilities. 38 of these vulnerabilities are considered critical, and three have been disclosed before today. Six of the vulnerabilities affect Microsoft cloud solutions and do not require any user action. In addition, Microsoft incorporated 360 different vulnerabilities affecting Chromium into its…
-
Blame AI: Patch Tuesday Hits Record 206 CVEs
Blame AI: Patch Tuesday Hits Record 206 CVEs Voluminous patch updates could soon be the norm, as artificial intelligence accelerates the speed and scale of vulnerability discovery. Jai Vijayan Go to gbhackers.com
-
Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address
Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address “Ghost-Sender” uses Exchange Online or on-premises in hybrid mode with a third-party mail server or spam filter to achieve this level of spoofing. Alexander Culafi Go to gbhackers.com
-
Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories
Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories The attacks stemmed from a GitHub account that was also compromised in a previous Miasmi attack on Microsoft last month. Rob Wright Go to gbhackers.com
-
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine. Elizabeth Montalbano Go to gbhackers.com
-
Ghost-Sender Flaw Exposes Exchange Online Users to Sender Spoofing Attacks
Ghost-Sender Flaw Exposes Exchange Online Users to Sender Spoofing Attacks A newly disclosed “Ghost-Sender” flaw is exposing Microsoft Exchange Online environments to large-scale email spoofing attacks, allowing threat actors to bypass standard email authentication… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Entra Agent ID Logs Expose Suspicious Assistive Agent Activity
Microsoft Entra Agent ID Logs Expose Suspicious Assistive Agent Activity Microsoft Entra Agent ID logs have exposed a subtle but consequential threat vector: assistive agents using the OAuth On-Behalf-Of (OBO) flow to act with… Delivered by PolitePaul service Go to gbhackers.com
-
Linux Kernel Flaw Allows Local Attackers to Gain Root Privileges
Linux Kernel Flaw Allows Local Attackers to Gain Root Privileges A newly disclosed Linux kernel vulnerability tracked as CVE-2026-23111 allows local attackers to escalate privileges to root by exploiting a use-after-free flaw in the… Delivered by PolitePaul service Go to gbhackers.com
-
Top 10 Best Zero Trust Network Access (ZTNA) Solutions 2026
Top 10 Best Zero Trust Network Access (ZTNA) Solutions 2026 In 2026, the traditional network perimeter is obsolete. With the widespread adoption of remote and hybrid work models, multi-cloud environments, and a proliferation of… Delivered by PolitePaul service Go to gbhackers.com
-
WhatsApp Blocks Pegasus Spyware Campaign Linked to NSO Group
WhatsApp Blocks Pegasus Spyware Campaign Linked to NSO Group WhatsApp has disrupted a new spyware campaign linked to the NSO Group, the controversial surveillance vendor behind Pegasus, while simultaneously seeking legal action against… Delivered by PolitePaul service Go to gbhackers.com
-
CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day
CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. […] Sergiu Gatlan Go to bleepingcomputer
-
Google patches new Chrome zero-day flaw exploited in the wild
Google patches new Chrome zero-day flaw exploited in the wild Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. […] Sergiu Gatlan Go to bleepingcomputer
-
NFCShare Android malware spreads via fake banking app updates on GitHub
NFCShare Android malware spreads via fake banking app updates on GitHub New variants of the NFCShare Android malware are being distributed as fake updates for legitimate banking apps hosted on GitHub. […] Bill Toulas Go to bleepingcomputer
-
SoFi confirms third-party data breach at Hong Kong subsidiary
SoFi confirms third-party data breach at Hong Kong subsidiary SoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information. […] Lawrence Abrams Go to bleepingcomputer
-
New Apple feature automatically changes your compromised passwords
New Apple feature automatically changes your compromised passwords At WWDC 26, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. This works in Safari, and it’s rolling out with iOS 27. […] Mayank Parmar Go to bleepingcomputer
-
Hackers Exploiting LiteLLM RCE Vulnerability in the Wild to Run Arbitrary Commands
Hackers Exploiting LiteLLM RCE Vulnerability in the Wild to Run Arbitrary Commands Threat actors are actively exploiting a critical chained vulnerability in LiteLLM, a popular open-source AI gateway proxy, allowing unauthenticated remote code execution (RCE) on vulnerable deployments. Researchers at Horizon3.ai confirmed that combining two CVEs creates a CVSS 10.0 Critical attack path requiring zero…
-
SAP Security Patch Day – Critical Vulnerabilities in SAP NetWeaver Patched
SAP Security Patch Day – Critical Vulnerabilities in SAP NetWeaver Patched SAP’s June 2026 Security Patch Day, observed on Tuesday, June 9, delivered 15 new security notes addressing a broad range of vulnerabilities across core SAP products, including four critical-severity flaws that demand immediate enterprise attention. SAP strongly urges all customers to visit the SAP…
-
Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials
Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials Cybercriminals have found a clever new trick: turning the world’s most popular AI tools into traps. By disguising phishing attacks with the branding of platforms like ChatGPT, Claude, and DeepSeek, threat actors are luring users into handing over login credentials, credit…