serisec

no alarms and no surprises please..

  • Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet

    Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft. Elizabeth Montalbano Go to gbhackers.com

  • The Invisible Battlefield: How Cyber War Is Reshaping Everyday Life

    The Invisible Battlefield: How Cyber War Is Reshaping Everyday Life Former National Cyber Director Chris Inglis warns that cyber attacks threaten hospitals, utilities and essential services. Chris Inglis Go to gbhackers.com

  • CISA Issues Alert on Actively Exploited Google Chromium Zero-Day Flaw

    CISA Issues Alert on Actively Exploited Google Chromium Zero-Day Flaw CISA has issued a new warning about an actively exploited zero-day vulnerability in Google Chromium that could allow attackers to execute arbitrary code through… Delivered by PolitePaul service Go to gbhackers.com

  • Tax Phishing Emails Deliver In-Memory Malware to Windows Systems

    Tax Phishing Emails Deliver In-Memory Malware to Windows Systems Cybercriminals are leveraging tax-themed phishing emails to deploy sophisticated in-memory malware on Windows systems, bypassing traditional disk-based detection mechanisms. The attack cascade begins when… Delivered by PolitePaul service Go to gbhackers.com

  • Malicious npm Package ‘dbmux’ Targets Developers

    Malicious npm Package ‘dbmux’ Targets Developers Malware was discovered in the npm package dbmux. Any computer with this package installed or running should be considered fully compromised. The GitHub Advisory (GHSA-62wx-5f55-w8g2)… Delivered by PolitePaul service Go to gbhackers.com

  • Windows BitLocker 0-Day Flaw Enables Security Feature Bypass Attacks

    Windows BitLocker 0-Day Flaw Enables Security Feature Bypass Attacks Microsoft has disclosed a newly identified zero-day vulnerability in Windows BitLocker that could allow attackers to bypass one of the operating system’s core disk… Delivered by PolitePaul service Go to gbhackers.com

  • Windows Defender Zero-Day “RoguePlanet” Lets Attackers Gain SYSTEM Privileges

    Windows Defender Zero-Day “RoguePlanet” Lets Attackers Gain SYSTEM Privileges A newly disclosed zero-day vulnerability dubbed “RoguePlanet” is affecting Microsoft Defender, allowing attackers to escalate privileges and obtain full SYSTEM-level access on vulnerable Windows… Delivered by PolitePaul service Go to gbhackers.com

  • Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days

    Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives. […] Sergiu Gatlan Go to bleepingcomputer

  • Ivanti: Max severity Sentry flaw allows code execution as root

    Ivanti: Max severity Sentry flaw allows code execution as root Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. […] Sergiu Gatlan Go to bleepingcomputer

  • Anthropic rolls out Claude Fable 5, but it’s available for a limited time

    Anthropic rolls out Claude Fable 5, but it’s available for a limited time Anthropic has begun rolling out a new model called “Fable,” which is based on the same underlying model as Mythos, its most powerful AI model class. […] Mayank Parmar Go to bleepingcomputer

  • Microsoft Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges

    Microsoft Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges A security researcher has released a new Microsoft Defender zero-day exploit named “RoguePlanet” just hours after Microsoft fixed two previously disclosed flaws during June 2026 Patch Tuesday. […] Lawrence Abrams Go to bleepingcomputer

  • ServiceNow discloses security incident exposing customer data

    ServiceNow discloses security incident exposing customer data ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances. […] Lawrence Abrams Go to bleepingcomputer

  • Hackers Deploy MLTBackdoor Malware via Multi-Stage ClickFix Infection Chain

    Hackers Deploy MLTBackdoor Malware via Multi-Stage ClickFix Infection Chain A newly discovered backdoor malware called MLTBackdoor is making waves in the cybersecurity community after being spotted in a carefully designed, multi-stage attack chain. Identified in May 2026, this threat stands out for its advanced ability to hide from security tools while quietly establishing a deep…

  • Hackers Abuse TikTok and Instagram Reels to Spread Malware via Fake Free Software Tutorials

    Hackers Abuse TikTok and Instagram Reels to Spread Malware via Fake Free Software Tutorials Cybercriminals are now turning to short-form video platforms as a new attack surface, using fake software tutorials on TikTok and Instagram Reels to push malware onto unsuspecting users. The tactic is simple but remarkably effective: create polished, convincing videos that promise…

  • Windows BitLocker 0-Day Vulnerability Allows Attackers to Bypass Security Feature

    Windows BitLocker 0-Day Vulnerability Allows Attackers to Bypass Security Feature Microsoft disclosed a new Windows BitLocker Security Feature Bypass vulnerability, tracked as CVE-2026-50507, on June 9, 2026, as part of its June Patch Tuesday security release. The flaw, rooted in a protection mechanism failure, allows an unauthorized attacker with physical access to bypass BitLocker Device Encryption…

  • Anthropic Released Claude Fable 5, the First Model in Mythos Class

    Anthropic Released Claude Fable 5, the First Model in Mythos Class Anthropic has released Claude Fable 5, the first publicly available model in its new Mythos capability tier, a class powerful enough that the company says it ships with cybersecurity safeguards baked in from day one. Fable 5 sits above the Claude Opus line and…

  • New Windows Defender 0-Day Exploit “RoguePlanet” Grants SYSTEM Access to Attackers

    New Windows Defender 0-Day Exploit “RoguePlanet” Grants SYSTEM Access to Attackers A researcher known as Nightmare Eclipse (also tracked as Chaotic Eclipse or Dead Eclipse) has publicly released a new proof-of-concept (PoC) exploit named RoguePlanet, targeting a previously undisclosed race condition vulnerability in Microsoft Windows Defender. When successfully executed, the exploit spawns a command shell…

  • Cybercriminals: the ‘auditors’ you never hired

    Cybercriminals: the ‘auditors’ you never hired Every organisation gets audited. The question is who does the auditing. Go to eset

  • Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

    Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet. “The exploit is a race condition, so it’s a hit or miss,” the researcher, who published the exploit under…

  • Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

    Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could result in remote code execution (RCE) and denial-of-service (DoS) attacks. “In affected environments, a single malicious protobuf schema, descriptor,…

  • Meta to Use Off-Site Business Data for Feed and AI Personalization

    Meta to Use Off-Site Business Data for Feed and AI Personalization Meta on Tuesday announced that it will use information shared by other businesses to personalize users’ feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads. “Businesses often share information about people’s activity on their sites with us to…

  • Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code

    Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. “A vulnerability allowing…

  • Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues

    Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. “Our priority is to protect customers and…

  • GPS As a Key Distribution Platform

    GPS As a Key Distribution Platform This is interesting: The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, turning each satellite into a hidden “numbers station,” according to Steven Murdoch… That means every device that uses GPS has been receiving hidden government information…

  • ISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966, (Wed, Jun 10th)

    ISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966, (Wed, Jun 10th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu

  • Microsoft June 2026 Patch Tuesday, (Tue, Jun 9th)

    Microsoft June 2026 Patch Tuesday, (Tue, Jun 9th) Microsoft today released patches for 204 vulnerabilities. 38 of these vulnerabilities are considered critical, and three have been disclosed before today. Six of the vulnerabilities affect Microsoft cloud solutions and do not require any user action. In addition, Microsoft incorporated 360 different vulnerabilities affecting Chromium into its…

  • A Record-Breaking Patch Tuesday for June 2026

    A Record-Breaking Patch Tuesday for June 2026 Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company’s monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft’s most dire “critical” rating, and exploit code for at…

  • Blame AI: Patch Tuesday Hits Record 206 CVEs

    Blame AI: Patch Tuesday Hits Record 206 CVEs Voluminous patch updates could soon be the norm, as artificial intelligence accelerates the speed and scale of vulnerability discovery. Jai Vijayan Go to gbhackers.com

  • Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address

    Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address “Ghost-Sender” uses Exchange Online or on-premises in hybrid mode with a third-party mail server or spam filter to achieve this level of spoofing. Alexander Culafi Go to gbhackers.com

  • Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories

    Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories The attacks stemmed from a GitHub account that was also compromised in a previous Miasmi attack on Microsoft last month. Rob Wright Go to gbhackers.com

  • Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs

    Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine. Elizabeth Montalbano Go to gbhackers.com

  • Ghost-Sender Flaw Exposes Exchange Online Users to Sender Spoofing Attacks

    Ghost-Sender Flaw Exposes Exchange Online Users to Sender Spoofing Attacks A newly disclosed “Ghost-Sender” flaw is exposing Microsoft Exchange Online environments to large-scale email spoofing attacks, allowing threat actors to bypass standard email authentication… Delivered by PolitePaul service Go to gbhackers.com

  • Microsoft Entra Agent ID Logs Expose Suspicious Assistive Agent Activity

    Microsoft Entra Agent ID Logs Expose Suspicious Assistive Agent Activity Microsoft Entra Agent ID logs have exposed a subtle but consequential threat vector: assistive agents using the OAuth On-Behalf-Of (OBO) flow to act with… Delivered by PolitePaul service Go to gbhackers.com

  • Linux Kernel Flaw Allows Local Attackers to Gain Root Privileges

    Linux Kernel Flaw Allows Local Attackers to Gain Root Privileges A newly disclosed Linux kernel vulnerability tracked as CVE-2026-23111 allows local attackers to escalate privileges to root by exploiting a use-after-free flaw in the… Delivered by PolitePaul service Go to gbhackers.com

  • Top 10 Best Zero Trust Network Access (ZTNA) Solutions 2026

    Top 10 Best Zero Trust Network Access (ZTNA) Solutions 2026 In 2026, the traditional network perimeter is obsolete. With the widespread adoption of remote and hybrid work models, multi-cloud environments, and a proliferation of… Delivered by PolitePaul service Go to gbhackers.com

  • WhatsApp Blocks Pegasus Spyware Campaign Linked to NSO Group

    WhatsApp Blocks Pegasus Spyware Campaign Linked to NSO Group WhatsApp has disrupted a new spyware campaign linked to the NSO Group, the controversial surveillance vendor behind Pegasus, while simultaneously seeking legal action against… Delivered by PolitePaul service Go to gbhackers.com

  • CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day

    CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. […] Sergiu Gatlan Go to bleepingcomputer

  • Google patches new Chrome zero-day flaw exploited in the wild

    Google patches new Chrome zero-day flaw exploited in the wild Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. […] Sergiu Gatlan Go to bleepingcomputer

  • NFCShare Android malware spreads via fake banking app updates on GitHub

    NFCShare Android malware spreads via fake banking app updates on GitHub New variants of the NFCShare Android malware are being distributed as fake updates for legitimate banking apps hosted on GitHub. […] Bill Toulas Go to bleepingcomputer

  • SoFi confirms third-party data breach at Hong Kong subsidiary

    SoFi confirms third-party data breach at Hong Kong subsidiary SoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information. […] Lawrence Abrams Go to bleepingcomputer

  • New Apple feature automatically changes your compromised passwords

    New Apple feature automatically changes your compromised passwords At WWDC 26, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. This works in Safari, and it’s rolling out with iOS 27. […] Mayank Parmar Go to bleepingcomputer

  • Hackers Exploiting LiteLLM RCE Vulnerability in the Wild to Run Arbitrary Commands

    Hackers Exploiting LiteLLM RCE Vulnerability in the Wild to Run Arbitrary Commands Threat actors are actively exploiting a critical chained vulnerability in LiteLLM, a popular open-source AI gateway proxy, allowing unauthenticated remote code execution (RCE) on vulnerable deployments. Researchers at Horizon3.ai confirmed that combining two CVEs creates a CVSS 10.0 Critical attack path requiring zero…

  • SAP Security Patch Day – Critical Vulnerabilities in SAP NetWeaver Patched

    SAP Security Patch Day – Critical Vulnerabilities in SAP NetWeaver Patched SAP’s June 2026 Security Patch Day, observed on Tuesday, June 9, delivered 15 new security notes addressing a broad range of vulnerabilities across core SAP products, including four critical-severity flaws that demand immediate enterprise attention. SAP strongly urges all customers to visit the SAP…

  • Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials

    Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials Cybercriminals have found a clever new trick: turning the world’s most popular AI tools into traps. By disguising phishing attacks with the branding of platforms like ChatGPT, Claude, and DeepSeek, threat actors are luring users into handing over login credentials, credit…

  • Apache HTTP Server 2.4.68 Released With Fix For Use-After-Free, DoS, XSS, and Buffer Overflow Flaws

    Apache HTTP Server 2.4.68 Released With Fix For Use-After-Free, DoS, XSS, and Buffer Overflow Flaws The Apache Software Foundation released Apache HTTP Server version 2.4.68 on June 8, 2026, addressing 13 security vulnerabilities spanning multiple modules. The patched flaws include use-after-free conditions, cross-site scripting, heap-based buffer overflows, denial-of-service, privilege escalation, and out-of-bounds read issues affecting…

  • 21 0-Day Vulnerabilities in FFmpeg Enables Remote Code Execution Attacks

    21 0-Day Vulnerabilities in FFmpeg Enables Remote Code Execution Attacks An autonomous security agent uncovered 21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. FFmpeg quietly powers media processing across browsers, streaming platforms, surveillance systems, and cloud…

  • LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

    LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command injection vulnerability that could…

  • One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public

    One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel’s nf_tables packet-filtering code and was patched upstream on February…

  • Meta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt Order

    Meta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt Order Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group. In addition, the tech giant said it’s filing a federal court contempt order against the company for violating a permanent injunction that barred it from targeting WhatsApp…

  • Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups

    Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a…

  • AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload

    AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload Phishing has always been a numbers game. AI has turned it into a volume machine. Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another…

  • Critical Zcash Vulnerability Found and Fixed

    Critical Zcash Vulnerability Found and Fixed If you’re a user—owner?—of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind of issue. He found one fast enough to…

  • Anthropic’s Project Glasswing Update

    Anthropic’s Project Glasswing Update In April, Anthropic initated Project Glasswing. The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritically parroted Anthropic’s claims that it’s now common wisdom that Mythos is better at…

  • ISC Stormcast For Tuesday, June 9th, 2026 https://isc.sans.edu/podcastdetail/9964, (Tue, Jun 9th)

    ISC Stormcast For Tuesday, June 9th, 2026 https://isc.sans.edu/podcastdetail/9964, (Tue, Jun 9th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu

  • TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)

    TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th) This diary continues the Internet Storm Center’s tracking of the TeamPCP supply chain campaign, first documented in the SANS white paper When the Security Scanner Became the Weapon and most recently in the handler diary Activity Through 2026-05-24. Since that update, the story moved into two new places:…

  • Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks

    Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks The financially motivated group is combining vishing, IT impersonation, and in-person office intrusions to steal data and extort victims. Jai Vijayan Go to gbhackers.com

  • Check Point VPN Flaw Exploited Since Early May

    Check Point VPN Flaw Exploited Since Early May A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident. Alexander Culafi Go to gbhackers.com

  • Iran Signed a Ceasefire — Its Hackers Didn’t

    Iran Signed a Ceasefire — Its Hackers Didn’t An extension of the Geneva Conventions could impose restrictions on cyberwarfare under ceasefire conditions and close a major loophole in international conflict. Emil Sayegh Go to gbhackers.com

  • ‘Hades’ Campaign Against PyPI Puts New Spin on Shai-Hulud

    ‘Hades’ Campaign Against PyPI Puts New Spin on Shai-Hulud The latest attacks, which hit 37 PyPI wheels and 19 code packages, show a continued evolution of the persistent software supply chain threat. Elizabeth Montalbano Go to gbhackers.com

  • Internet Explorer WebBrowser Control Abuse Lets Attackers Convert Clicks Into RCE

    Internet Explorer WebBrowser Control Abuse Lets Attackers Convert Clicks Into RCE Internet Explorer’s legacy WebBrowser control can be abused to turn seemingly harmless user clicks into full remote code execution (RCE), even on systems that… Delivered by PolitePaul service Go to gbhackers.com

  • China-Linked OP-512 Targets IIS Servers With Unique Web Shell Framework

    China-Linked OP-512 Targets IIS Servers With Unique Web Shell Framework A suspected China-linked espionage cluster dubbed OP-512 after rapidly correlating many low-fidelity events into a single high-priority incident that human analysts then validated. OP-512… Delivered by PolitePaul service Go to gbhackers.com

  • Lucid Stealer Hits 18 Browsers, Crypto Wallets, and Discord Tokens

    Lucid Stealer Hits 18 Browsers, Crypto Wallets, and Discord Tokens A new, fully featured Lucid Stealer build that combines large-scale credential theft with hidden remote access. The sample, distributed through Telegram-linked underground channels, is… Delivered by PolitePaul service Go to gbhackers.com

  • Critical Redis Vulnerability Could Let Attackers Execute Code and Hijack Servers

    Critical Redis Vulnerability Could Let Attackers Execute Code and Hijack Servers A critical vulnerability in Redis, tracked as CVE-2026-23631 and dubbed “DarkReplica,” exposes authenticated deployments to remote code execution (RCE) through a complex use-after-free (UAF)… Delivered by PolitePaul service Go to gbhackers.com

  • Instagram Patches Account Recovery Flaw Leaking User Contact Information

    Instagram Patches Account Recovery Flaw Leaking User Contact Information A critical logic flaw in Instagram’s web-based account recovery workflow exposed unredacted user contact information, including full email addresses and phone numbers, before Meta… Delivered by PolitePaul service Go to gbhackers.com

  • Over 20,000 Instagram accounts stolen in Meta AI support hack

    Over 20,000 Instagram accounts stolen in Meta AI support hack Meta has revealed that 20,225 Instagram users had their accounts hijacked in a recent incident where attackers used Meta’s AI-powered support system to reset passwords. […] Sergiu Gatlan Go to bleepingcomputer

  • Hands on with Intelligent Terminal, an AI-powered Windows Terminal

    Hands on with Intelligent Terminal, an AI-powered Windows Terminal Microsoft has created an open-source fork of Windows Terminal called “Intelligent Terminal,” and it allows you to use AI directly inside Terminal without interfering with the regular session. […] Mayank Parmar Go to bleepingcomputer

  • C0XMO botnet spreads via DD-WRT router flaw, kills rival malware

    C0XMO botnet spreads via DD-WRT router flaw, kills rival malware A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with various CPU architectures. […] Bill Toulas Go to bleepingcomputer

  • Silent Ransom Group targets law firms with fake IT support calls

    Silent Ransom Group targets law firms with fake IT support calls The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant. […] Lawrence Abrams Go…

  • Multiple VMware Stored XSS Vulnerabilities Allow Attackers to Inject Malicious Scripts

    Multiple VMware Stored XSS Vulnerabilities Allow Attackers to Inject Malicious Scripts Broadcom has disclosed three stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation Operations and several related products, warning that authenticated attackers could inject malicious scripts to perform administrative actions within the environment. Tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, the flaws were addressed in…

  • UniFi OS Server Critical RCE Chain Allows Root Access Without Credentials

    UniFi OS Server Critical RCE Chain Allows Root Access Without Credentials A critical vulnerability chain in the UniFi OS Server software has put thousands of organizations at serious risk. Researchers confirmed that an attacker can gain full root access to affected devices without a single credential, turning one unauthenticated request into a complete system takeover.…

  • Critical Redis RCE Vulnerability Enable Attackers to Gain Complete Control to Host Server

    Critical Redis RCE Vulnerability Enable Attackers to Gain Complete Control to Host Server In May 2026, Redis developers fixed a dangerous post-authentication remote code execution vulnerability, dubbed DarkReplica (CVE-2026-23631), that allowed attackers to gain full control of a Redis host. Redis provides powerful server-side Lua engines, allowing administrators to run custom logic directly in the…

  • Cybercriminals Exploit 2026 FIFA World Cup With Phishing, Fake Stores, and Ticket Scams

    Cybercriminals Exploit 2026 FIFA World Cup With Phishing, Fake Stores, and Ticket Scams The 2026 FIFA World Cup is not just a celebration of football. For cybercriminals, it is a business opportunity, and they have already gotten to work. Threat actors have been building fake FIFA stores, spinning up phishing pages, and launching purchase scams…

  • Microsoft Warns Claude Code GitHub Action Could Leak CI/CD Workflow Secrets

    Microsoft Warns Claude Code GitHub Action Could Leak CI/CD Workflow Secrets AI-powered coding tools are rapidly changing how developers build and ship software. But as these tools enter everyday development pipelines, they are also opening new doors for attackers. A recently uncovered vulnerability in a widely used AI coding assistant shows just how far that…

  • ISC Stormcast For Monday, June 8th, 2026 https://isc.sans.edu/podcastdetail/9962, (Mon, Jun 8th)

    ISC Stormcast For Monday, June 8th, 2026 https://isc.sans.edu/podcastdetail/9962, (Mon, Jun 8th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu

  • The Evil MSI Background is Back!, (Fri, Jun 5th)

    The Evil MSI Background is Back!, (Fri, Jun 5th) A few months ago, I wrote a diary about a payload that was embedded into a JPEG picture. It was a MSI-branded background[1]. Yesterday, I spotted another one! It seems that the technic is getting more and more popular. This time, it started with a mail…

  • China-Linked Espionage Cluster Deploys Custom ASPX/ASHX Shells on IIS

    China-Linked Espionage Cluster Deploys Custom ASPX/ASHX Shells on IIS A previously disclosed China-linked threat cluster, tracked as OP-512, has been observed deploying a purpose-built web shell framework to compromise Internet Information Services (IIS)… Delivered by PolitePaul service Go to gbhackers.com

  • Critical Everest Forms Pro flaw exploited to take over WordPress sites

    Critical Everest Forms Pro flaw exploited to take over WordPress sites Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website. […] Bill Toulas Go to bleepingcomputer

  • Instagram Fixes Password Reset Flaw That Exposes User Emails and Phone Numbers

    Instagram Fixes Password Reset Flaw That Exposes User Emails and Phone Numbers A critical logic bug in Instagram’s web-based password reset flow on June 6, 2026, exposed unredacted email addresses and phone numbers associated with user accounts, including those belonging to high-profile individuals such as Meta CEO Mark Zuckerberg and model Georgina Rodriguez. Instagram’s parent…

  • CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks

    CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel vulnerability, tracked as CVE-2022-0492, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. The issue, categorized as improper authentication, affects Linux…

  • New ChatGPT Lockdown Mode to Mitigate Prompt Injection and Data Exfiltration Attacks

    New ChatGPT Lockdown Mode to Mitigate Prompt Injection and Data Exfiltration Attacks OpenAI has released ChatGPT Lockdown Mode, a new security feature designed to limit outbound network access and reduce the risk of data exfiltration from prompt-injection attacks. The feature is now available to eligible personal accounts, self-serve ChatGPT Business users, and managed enterprise workspaces.…

  • Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies

    Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies Free apps available on Samsung, LG, Roku, and other major smart TV platforms have been quietly enrolling millions of living room devices into a commercial residential proxy network used to scrape web data for AI training all through a consent…

  • New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

    New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection…

  • Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

    Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the AI industry.…

  • CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

    CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service…

  • AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

    AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped…

  • Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

    Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack Microsoft’s GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, per OpenSourceMalware. The development has GitHub…

  • Critical UniFi OS Auth Bypass Flaws Lead to Unauthenticated Root RCE

    Critical UniFi OS Auth Bypass Flaws Lead to Unauthenticated Root RCE Ubiquiti has addressed three critical vulnerabilities within the UniFi OS Server that attackers can chain together to achieve unauthenticated remote code execution (RCE) with… Delivered by PolitePaul service Go to gbhackers.com

  • CISA Alerts on Actively Exploited SolarWinds Serv-U Denial-of-Service Flaw

    CISA Alerts on Actively Exploited SolarWinds Serv-U Denial-of-Service Flaw The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability in SolarWinds Serv-U to its Known Exploited Vulnerabilities (KEV) catalog…. Delivered by PolitePaul service Go to gbhackers.com

  • Malspam Campaign Abuses DoubleClick to Deploy Stealthy .NET Loader

    Malspam Campaign Abuses DoubleClick to Deploy Stealthy .NET Loader A sophisticated new malspam campaign is actively exploiting Google’s DoubleClick ad-tracking infrastructure to bypass enterprise email security gateways. Discovered by researchers at Huntress, the… Delivered by PolitePaul service Go to gbhackers.com

  • UNC3753 Targets US Law Firms with Vishing, RMM Tools, and Physical Break-Ins

    UNC3753 Targets US Law Firms with Vishing, RMM Tools, and Physical Break-Ins Threat cluster UNC3753, widely tracked as Silent Ransom Group or Luna Moth, is actively targeting professional, legal, and financial services in the United States…. Delivered by PolitePaul service Go to gbhackers.com

  • Hackers Weaponize Trusted Tools to Deploy Notorious Malware

    Hackers Weaponize Trusted Tools to Deploy Notorious Malware Attackers are leaning harder on legitimate, preinstalled, or widely used system tools to deliver and operate notorious malware families, creating a stealthy, high-velocity threat… Delivered by PolitePaul service Go to gbhackers.com

  • Suspicious Polyfill login prompts pop up on Toshiba, Muji websites

    Suspicious Polyfill login prompts pop up on Toshiba, Muji websites Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could collect credentials. […] Bill Toulas Go to bleepingcomputer

  • CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers

    CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. […] Sergiu Gatlan Go to bleepingcomputer

  • Chinese APT deploys new malware to keep access to hacked networks

    Chinese APT deploys new malware to keep access to hacked networks A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. […] Bill Toulas Go to bleepingcomputer

  • Dark web Nemesis Market vendor gets 26 years for selling drugs

    Dark web Nemesis Market vendor gets 26 years for selling drugs A California man was sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine through Nemesis Market, one of the world’s largest dark web marketplaces. […] Sergiu Gatlan Go to bleepingcomputer

  • Over 900 US gas station tank gauge systems exposed to attacks

    Over 900 US gas station tank gauge systems exposed to attacks Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure sectors, have been found exposed online and are vulnerable to ongoing attacks. […] Sergiu Gatlan Go to bleepingcomputer

  • CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks

    CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in the wild. Tracked as CVE-2026-28318, the vulnerability affects SolarWinds Serv-U file transfer software and…

  • Top 5 Best Tools for Simulated DDoS Attacks in 2026

    Top 5 Best Tools for Simulated DDoS Attacks in 2026 Last year, a botnet hurled 31.4 Tbps of junk traffic at a single target—enough data to stream every Netflix movie at once. The record-shattering flood forced boards, regulators, and cloud teams to ask one question: are we sure our defenses work when the internet turns…

  • Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks

    Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks A newly disclosed critical vulnerability in the HuggingFace Transformers library, tracked as CVE-2026-4372, allows attackers to achieve remote code execution (RCE) through malicious model configuration files. The flaw exposes a significant supply chain risk in one of the most widely used machine learning frameworks, impacting…

  • OWASP CVE Lite CLI – New Tool to Scan for Vulnerabilities in Your Projects

    OWASP CVE Lite CLI – New Tool to Scan for Vulnerabilities in Your Projects CVE Lite CLI is a free, open-source vulnerability scanner officially recognized as an OWASP Incubator Project, designed to bring dependency security directly into developers’ terminals rather than leaving it buried in CI pipelines. Maintained by Sonu Kapoor and backed by the…