no alarms and no surprises please..
-
‘Phantom Squatting’: An Emerging AI-Driven Supply Chain Threat
‘Phantom Squatting’: An Emerging AI-Driven Supply Chain Threat LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect attack vector. Elizabeth Montalbano Go to gbhackers.com
-
Safe Events Start With Threat Intel and Digital Security
Safe Events Start With Threat Intel and Digital Security Planning ahead to defend against cyber threats is the work that keeps events uneventful. Olga Polishchuk Go to gbhackers.com
-
The Gentlemen Ransomware Targets Large Corporations and Critical Infrastructure Worldwide
The Gentlemen Ransomware Targets Large Corporations and Critical Infrastructure Worldwide The Gentlemen ransomware group has emerged in 2026 as a highly adaptive and technically sophisticated ransomware-as-a-service (RaaS) operation targeting large corporations and critical infrastructure… Delivered by PolitePaul service Go to gbhackers.com
-
RedLine Infostealer Thread Reveals Hidden Maritime Phishing and BEC Infrastructure
RedLine Infostealer Thread Reveals Hidden Maritime Phishing and BEC Infrastructure A routine threat-feed alert for a RedLine Stealer command-and-control (C2) IP morphed into a full-scale pivot investigation that exposed a tailored maritime spear‑phishing and… Delivered by PolitePaul service Go to gbhackers.com
-
Fluentd Security Flaws Enable Remote Code Execution, SSRF, DoS, and Credential Exposure
Fluentd Security Flaws Enable Remote Code Execution, SSRF, DoS, and Credential Exposure Fluentd, a widely used open-source data collector for unified logging, has reported several high-impact vulnerabilities that could enable attackers to achieve remote code execution… Delivered by PolitePaul service Go to gbhackers.com
-
New RustDuck Botnet Targets IoT Devices and Servers With Weak Passwords and RCE Exploits
New RustDuck Botnet Targets IoT Devices and Servers With Weak Passwords and RCE Exploits A sophisticated new botnet family dubbed RustDuck emerged in early 2026, leveraging a two-stage Loader and Core architecture to compromise IoT devices, routers, and… Delivered by PolitePaul service Go to gbhackers.com
-
Glitch SPY RAT Abuses Android Accessibility Service for Full Device Control
Glitch SPY RAT Abuses Android Accessibility Service for Full Device Control An emerging Android remote-access trojan platform, tracked as Glitch SPY, that leverages a fraudulent Polish apartment-rental website to trick victims into sideloading a malicious… Delivered by PolitePaul service Go to gbhackers.com
-
Amazon fined $2.25M for withholding evidence from fraud victims
Amazon fined $2.25M for withholding evidence from fraud victims The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims’ access to transaction records. […] Sergiu Gatlan Go to bleepingcomputer
-
Adobe patches seven max severity ColdFusion, Campaign flaws
Adobe patches seven max severity ColdFusion, Campaign flaws Adobe has released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic marketing automation platform. […] Sergiu Gatlan Go to bleepingcomputer
-
Anthropic to restore Claude Fable access on Wednesday
Anthropic to restore Claude Fable access on Wednesday Anthropic has confirmed that the Department of Commerce has lifted export controls on Claude’s two most powerful models, Fable 5 and Mythos 5. […] Mayank Parmar Go to bleepingcomputer
-
Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price
Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price Anthropic is now rolling out Sonnet 5, and it’s almost as good as the Opus range, but it is designed to be cheaper than the company’s flagship model. […] Mayank Parmar Go to bleepingcomputer
-
New BioShocking attack manipulates AI browser into data theft
New BioShocking attack manipulates AI browser into data theft A new prompt injection attack dubbed “BioShocking” could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails. […] Bill Toulas Go to bleepingcomputer
-
Chrome Update Fixes 382 Vulnerabilities, Including 15 Critical Ones – Update Now!
Chrome Update Fixes 382 Vulnerabilities, Including 15 Critical Ones – Update Now! Chrome 151’s latest stable-channel update delivers patches for 382 security vulnerabilities, including 15 critical bugs that can be weaponized for remote code execution and full browser compromise if left unpatched. Google is rolling this update out for Windows, macOS, Linux, and Chrome for…
-
Multiple Apache Tomcat Vulnerabilities Allow Attackers to Bypass Authentication
Multiple Apache Tomcat Vulnerabilities Allow Attackers to Bypass Authentication The Apache Software Foundation has disclosed two vulnerabilities affecting Apache Tomcat that could allow attackers to bypass authentication and security constraints protecting web applications. The flaws, tracked as CVE-2026-55957 and CVE-2026-55956, impact multiple major versions of the widely deployed servlet container, prompting urgent upgrade recommendations across…
-
U.S. Lifts Export Controls on Claude Fable 5 and Mythos 5
U.S. Lifts Export Controls on Claude Fable 5 and Mythos 5 The U.S. Department of Commerce has formally withdrawn export control restrictions on Anthropic’s Claude Fable 5 and Mythos 5 AI models, ending an 18-day standoff that had blocked global access to the company’s most advanced systems. In a letter dated June 30, 2026, Commerce…
-
Anthropic’s Claude Code Reportedly Uses Hidden Code to Detect Chinese Users
Anthropic’s Claude Code Reportedly Uses Hidden Code to Detect Chinese Users A Reddit disclosure has ignited a serious debate about developer trust and covert surveillance, alleging that Anthropic embedded undisclosed detection logic inside its Claude Code CLI tool, specifically targeting users in China or those routing traffic through Chinese AI lab proxies. A Reddit user…
-
Microsoft Teams’ New Feature Blocks Bots from Joining Meetings
Microsoft Teams’ New Feature Blocks Bots from Joining Meetings Microsoft has rolled out a new bot protection capability in Microsoft Teams that gives IT administrators and meeting organizers greater control over external bots attempting to join meetings, a move designed to address growing privacy and security concerns around AI-powered meeting tools. As AI note-taking bots…
-
This month in security with Tony Anscombe – June 2026 edition
This month in security with Tony Anscombe – June 2026 edition Three-day patching deadlines, exposed fuel-tank systems, scams costing billions of dollars, and social media bans for children all gave Tony plenty to unpack in June 2026 Go to eset
-
Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts
Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts Cybersecurity researchers have warned of a “massive, ongoing, automated password spray attack” aimed at Microsoft’s Azure command-line interface (CLI), compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address range (2a0a:d683::/32) controlled by internet infrastructure provider…
-
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery ClickFix, the trick that fools people into running malware by hand, has quietly grown a back office. New research shows the malicious commands behind its fake “prove you’re human” pages are now handed out by API-driven servers that give each visitor the same malware in…
-
Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service
Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-service (DoS) condition. The vulnerabilities are listed below…
-
Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data
Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data New Microsoft research shows how attackers can hijack AI agents that act on a user’s behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider. The trick is that the agent never breaks a…
-
RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS
RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline. Researchers at QiAnXin’s XLab have tracked it since February 2026, and say…
-
The Realities of AI Video Surveillance
The Realities of AI Video Surveillance The Financial Times has a good article on how AI is changing the capabilities of video surveillance, with information from both Israel/Iran and Russia. I wrote about this sort of thing a few years ago, how AI enables mass spying in the way that computers and networks enabled mass…
-
Scammers race to cash in on Venezuelan earthquake disaster
Scammers race to cash in on Venezuelan earthquake disaster Scammers wasted no time exploiting Venezuela’s devastating earthquake, with researchers uncovering 212 newly-registered relief-themed domains in just five days. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
USB drives carrying China-linked malware infected Japanese military networks for nearly a year
USB drives carrying China-linked malware infected Japanese military networks for nearly a year Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
China-Linked Group Targets Southeast Asia Critical Systems
China-Linked Group Targets Southeast Asia Critical Systems The group compromised at least 10 regional organizations, including two state-owned entities, and deployed a new backdoor. Robert Lemos Go to gbhackers.com
-
Weekly Update 510: Live From Mallorca with Scott Helme
Weekly Update 510: Live From Mallorca with Scott Helme How’s the view?! Back to business, it’s now 8 years ago that Scott and I thought it would be a cool idea to build Why no HTTPS? We used the site to shame companies for not implementing their transport later security property, and to make it…
-
Fake Bug Report Hijacks AI Coding Agents at Scale
Fake Bug Report Hijacks AI Coding Agents at Scale “Agentjacking” is the latest demonstration of how easily attackers can exploit an AI agent’s inability to differentiate between content and instructions. Jai Vijayan Go to gbhackers.com
-
Attackers Hijack Exposed AI Endpoints to Power Offensive Ops
Attackers Hijack Exposed AI Endpoints to Power Offensive Ops Attackers don’t need any special authentication to reach a target endpoint — they just need to know where it is. Alexander Culafi Go to gbhackers.com
-
Why Identity Security Is Your Cyber Career Entry Point
Why Identity Security Is Your Cyber Career Entry Point As AI reshapes cybersecurity workflows, John Paul Cunningham, CISO at SIlverfort, says the technology is creating opportunities rather than eliminating jobs — and there are more ways than ever to break into the essential field. Kristina Beek Go to gbhackers.com
-
Phishers Gain Persistence at EU, Asia Hospitality Orgs
Phishers Gain Persistence at EU, Asia Hospitality Orgs Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse. Elizabeth Montalbano Go to gbhackers.com
-
AI-Generated Workflows Are a Silent Security Disaster
AI-Generated Workflows Are a Silent Security Disaster Teams are dealing with a truly dangerous problem — automation that works, but that no one understands. Yelena Mujibur Sheikh Go to gbhackers.com
-
NIST Enrichment Reductions Impact CVE Coverage, Accuracy
NIST Enrichment Reductions Impact CVE Coverage, Accuracy The National Institute of Standards and Technology (NIST) scaled back on the number of CVEs it selects for in-depth analysis, but the move has produced mixed results, according to researchers. Rob Wright Go to gbhackers.com
-
Kali Linux 2026.2 Release With new Hacking Tool and With Updated Desktop Environments
Kali Linux 2026.2 Release With new Hacking Tool and With Updated Desktop Environments Kali Linux 2026.2 arrives on schedule in the final week of Q2 with a pragmatic blend of desktop environment refreshes, infrastructure hardening, and practical… Delivered by PolitePaul service Go to gbhackers.com
-
Boss Scam Uses DLL Sideloading to Hijack WhatsApp Web and Defraud Enterprises
Boss Scam Uses DLL Sideloading to Hijack WhatsApp Web and Defraud Enterprises The new “Boss Scam” is a sharp escalation in CEO fraud: attackers now combine impersonation, Windows DLL sideloading, and WhatsApp Web session theft to… Delivered by PolitePaul service Go to gbhackers.com
-
Japan Hotel Industry Targeted With TONResolver RAT and Guest Complaint Phishing Emails
Japan Hotel Industry Targeted With TONResolver RAT and Guest Complaint Phishing Emails Japan’s hotel sector is the latest target of a sophisticated phishing and remote-access trojan (RAT) campaign that leverages guest-complaint lures and an unusual resilience… Delivered by PolitePaul service Go to gbhackers.com
-
Mustang Panda Targets India’s Government and Energy Sectors With ZOHOMURK and MINIRECON
Mustang Panda Targets India’s Government and Energy Sectors With ZOHOMURK and MINIRECON Two concurrent espionage campaigns by Mustang Panda targeting Indian government and energy-sector organisations, deploying a novel malware suite that includes SHARDLOADER, MINIRECON and ZOHOMURK…. Delivered by PolitePaul service Go to gbhackers.com
-
Malicious Chromium Extension Spoofs Perplexity AI to Hijack Browser Searches
Malicious Chromium Extension Spoofs Perplexity AI to Hijack Browser Searches A malicious Chromium extension that impersonated the Perplexity AI brand to intercept browser searches and capture keystrokes before delivering users to legitimate search results…. Delivered by PolitePaul service Go to gbhackers.com
-
Kali Linux 2026.2 released with 9 new tools, NetHunter updates
Kali Linux 2026.2 released with 9 new tools, NetHunter updates Kali Linux 2026.2, the second release of the year, is now available for download, featuring 9 new tools and numerous Kali NetHunter improvements. […] Sergiu Gatlan Go to bleepingcomputer
-
Blackfield ransomware asks Nidec Corporation for $2 million ransom
Blackfield ransomware asks Nidec Corporation for $2 million ransom The Blackfield ransomware gang is asking for a $2 million ransom from Nidec Corporation, a large Japanese manufacturer of electronic components for automotive and computing applications. […] Bill Toulas Go to bleepingcomputer
-
CISA: Windows BlueHammer flaw now exploited by ransomware gangs
CISA: Windows BlueHammer flaw now exploited by ransomware gangs CISA confirmed on Monday that ransomware gangs are now exploiting a Microsoft Defender privilege escalation vulnerability, dubbed BlueHammer, that has previously been abused in zero-day attacks. […] Sergiu Gatlan Go to bleepingcomputer
-
Nissan discloses employee data breach linked to Oracle zero-day attacks
Nissan discloses employee data breach linked to Oracle zero-day attacks Nissan is warning that it suffered a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability in data theft attacks previously linked to the ShinyHunters extortion group. […] Lawrence Abrams Go to bleepingcomputer
-
NAIC says public data stolen in ShinyHunters’ PeopleSoft breach
NAIC says public data stolen in ShinyHunters’ PeopleSoft breach The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems by exploiting a zero-day vulnerability in an Oracle PeopleSoft server. […] Bill Toulas Go to bleepingcomputer
-
Kali Linux 2026.2 Released With 9 New Tools and VM Boot Tweaking
Kali Linux 2026.2 Released With 9 New Tools and VM Boot Tweaking Kali Linux team officially released Kali Linux 2026.2 right on schedule at the close of Q2 2026, delivering a compelling mix of desktop environment upgrades, infrastructure modernization, VM performance enhancements, and nine brand-new tools for penetration testers and security researchers. This release bumps…
-
Nissan Confirms Data Breach Following Oracle PeopleSoft 0-Day Attacks
Nissan Confirms Data Breach Following Oracle PeopleSoft 0-Day Attacks Nissan Americas has officially confirmed a data breach affecting current and former employees across four countries after threat actors exploited a critical zero-day vulnerability in Oracle PeopleSoft software, a campaign attributed to the ShinyHunters extortion group. The attack stems from CVE-2026-35273, a CVSS 9.8-rated unauthenticated Server-Side…
-
WhatsApp Launches New Username Feature to Communicate Without Exposing Phone Numbers
WhatsApp Launches New Username Feature to Communicate Without Exposing Phone Numbers WhatsApp introduces a new privacy update that lets users connect using unique handles, eliminating the need to share phone numbers with strangers or new group members. Earlier, we detailed that WhatsApp is preparing to roll out a long-anticipated username feature. Now WhatsApp has officially…
-
EvilTokens Phishing Breaches Finance Firms Using “Ghost” Code Across U.S. and European Businesses
EvilTokens Phishing Breaches Finance Firms Using “Ghost” Code Across U.S. and European Businesses EvilTokens can keep serious account-takeover activity out of your SOC’s view by relying on “ghost” code that only surfaces after the browser decrypts it. Because of this, analysis that looks only at the static URL can overlook the part of the attack that…
-
New Claude Code Attack Allows Attackers to Take Full Control of Developers’ Systems
New Claude Code Attack Allows Attackers to Take Full Control of Developers’ Systems Researchers at Mozilla’s Zero Day Investigative Network (0DIN) have demonstrated a proof-of-concept attack that shows how a completely clean-looking GitHub repository can trick AI-powered coding agents like Claude Code into silently opening a reverse shell on a developer’s machine, without a single…
-
Inside the inbox: Why cybercriminals want to break into your email account
Inside the inbox: Why cybercriminals want to break into your email account Your inbox is an identity system all of its own: whoever owns it may own a lot more Go to eset
-
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to…
-
Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input
Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results. Microsoft…
-
WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private
WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional feature is designed to help users connect with someone on the service through…
-
Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks
Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks The China-aligned espionage group Mustang Panda is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel. Acronis Threat Research Unit found active compromises inside Indian government networks, including machines used by senior…
-
⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More
⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open. The noise is not all noise, either. Forums are talking, researchers are…
-
Factoring RSA Keys with Many Zeros
Factoring RSA Keys with Many Zeros Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massive number…
-
Robot Police Officers
Robot Police Officers We’ve taken one small step towards robot police officers: a drone capable of disarming a suspect: In a June 22 video posted on the Sacramento County Sheriff’s Office’s Instagram page, an officer wearing goggles can be seen operating a drone to retrieve a knife from an armed suspect hiding inside a cluttered…
-
‘Djinn’ Stealer Targets Cloud, AI Credentials
‘Djinn’ Stealer Targets Cloud, AI Credentials The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems. Jai Vijayan Go to gbhackers.com
-
Vulnerabilities Expose Private Data in Indian Government Systems
Vulnerabilities Expose Private Data in Indian Government Systems One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal. Nate Nelson Go to gbhackers.com
-
Can Clothes Make You Invisible to Facial Recognition?
Can Clothes Make You Invisible to Facial Recognition? Does life feel Orwellian sometimes? One researcher has a solution for you: graphic tees that confuse the neural networks in surveillance cameras. Nate Nelson Go to gbhackers.com
-
Iran, Russia, China Target Water Systems for Sabotage
Iran, Russia, China Target Water Systems for Sabotage Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware. Alexander Culafi Go to gbhackers.com
-
Amazon Q VS Extension Flaw Leads to Cloud Credential Theft
Amazon Q VS Extension Flaw Leads to Cloud Credential Theft Adversaries could plant a malicious repository that can execute arbitrary code and steal cloud credentials by exploiting the vulnerability, which showcases growing MCP risk. Elizabeth Montalbano Go to gbhackers.com
-
Critical Hoppscotch Vulnerability Lets Attackers Overwrite JWT_SECRET and Forge Admin Tokens
Critical Hoppscotch Vulnerability Lets Attackers Overwrite JWT_SECRET and Forge Admin Tokens A critical security vulnerability, identified as CVE-2026-50160, has been discovered in the self-hosted Hoppscotch backend. This vulnerability allows unauthenticated attackers to overwrite sensitive configuration… Delivered by PolitePaul service Go to gbhackers.com
-
ClawHavoc Attack Hits ClawHub With 1,184 Malicious Skills and 247,000 Installations
ClawHavoc Attack Hits ClawHub With 1,184 Malicious Skills and 247,000 Installations The AI-agent ecosystem experienced its largest supply-chain compromise to date when ClawHavoc detonated across ClawHub, the official skill marketplace for OpenClaw. Our full AIG-powered… Delivered by PolitePaul service Go to gbhackers.com
-
Langflow RCE Vulnerability Exploited to Deploy Monero Cryptominer on Exposed AI Servers
Langflow RCE Vulnerability Exploited to Deploy Monero Cryptominer on Exposed AI Servers Threat actors are actively exploiting CVE-2026-33017, a critical unauthenticated remote code execution (RCE) vulnerability in Langflow, to compromise internet-exposed AI application servers and silently… Delivered by PolitePaul service Go to gbhackers.com
-
New Windows Injection Technique Hijacks Win32k Callback Dispatch to Execute Shellcode
New Windows Injection Technique Hijacks Win32k Callback Dispatch to Execute Shellcode A newly documented injection technique abuses the kernel-to-user callback dispatch path used by the Windows graphical subsystem (win32k.sys) to achieve remote code execution while… Delivered by PolitePaul service Go to gbhackers.com
-
Critical Dell Wyse Management Suite Vulnerabilities Let Attackers Execute Remote Code
Critical Dell Wyse Management Suite Vulnerabilities Let Attackers Execute Remote Code Dell Technologies has disclosed several critical vulnerabilities in its Wyse Management Suite (WMS) that could enable remote attackers to execute arbitrary code and fully… Delivered by PolitePaul service Go to gbhackers.com
-
Data breach exposes up to 14.2 million email logins at six ISPs
Data breach exposes up to 14.2 million email logins at six ISPs Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country. […] Bill Toulas Go to bleepingcomputer
-
China’s New Zhipu AI Reportedly Matches Claude Mythos in Vulnerability Detection
China’s New Zhipu AI Reportedly Matches Claude Mythos in Vulnerability Detection Zhipu AI’s open-weight GLM-5.2 model is reportedly performing on par with Anthropic’s restricted Claude Mythos in specific cybersecurity and software vulnerability detection tasks, a development that is intensifying concerns inside the U.S. government about the effectiveness of its AI export control strategy. Zhipu AI…
-
RedAmon AI Tool that Chains Reconnaissance, Exploitation, and Post-exploitation
RedAmon AI Tool that Chains Reconnaissance, Exploitation, and Post-exploitation A new open-source offensive security platform called RedAmon is redefining automated penetration testing by chaining reconnaissance, exploitation, post-exploitation, AI-driven triage, and automated code remediation all into a single end-to-end pipeline that culminates in a GitHub pull request with the fix already written. RedAmon is a modular,…
-
OpenAI Released GPT-5.6 Sol With Limited Access and Strong Cyberattack Protections
OpenAI Released GPT-5.6 Sol With Limited Access and Strong Cyberattack Protections OpenAI has officially begun a limited preview of the GPT‑5.6 model series Sol, Terra, and Luna, positioning its flagship Sol as the company’s most capable and security-hardened AI model to date, available initially only to a small group of trusted partners at the formal…
-
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. “This attack avoids the most common npm execution paths through lifecycle scripts,…
-
ISC Stormcast For Monday, June 29th, 2026 https://isc.sans.edu/podcastdetail/9986, (Mon, Jun 29th)
ISC Stormcast For Monday, June 29th, 2026 https://isc.sans.edu/podcastdetail/9986, (Mon, Jun 29th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
YARA-X 1.18.0 and 1.19.0 Release, (Sun, Jun 28th)
YARA-X 1.18.0 and 1.19.0 Release, (Sun, Jun 28th) YARA-X’s 1.18.0 release brings 3 improvements and 2 bugfixes. One of the improvements is a new command-line option, –cpu-limit, allowing one to limit the amount of CPU YARA requires. YARA-X’s 1.19.0 release brings 4 improvements and 2 bugfixes. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm…
-
Clean GitHub repo tricks AI coding agents into running malware
Clean GitHub repo tricks AI coding agents into running malware An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious payload that remains invisible to security scanners, AI agents, and human reviewers. […] Bill Toulas Go to bleepingcomputer
-
Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials
Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in Ukraine, Europe,…
-
OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards
OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards OpenAI on Friday released three versions of GPT-5.6, called Sol, Terra, and Luna, as a limited preview to a small number of companies as part of an ongoing engagement with the U.S. government. While Sol is the latest flagship model and the most powerful,…
-
Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk
Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks. Bree Fowler Go to gbhackers.com
-
Claude Mythos 5 Redeployed to Help U.S. Organizations Strengthen Cyber Defense
Claude Mythos 5 Redeployed to Help U.S. Organizations Strengthen Cyber Defense Anthropic has officially restored access to its Claude Mythos 5 artificial intelligence model for a select group of U.S. organizations tasked with defending critical… Delivered by PolitePaul service Go to gbhackers.com
-
Critical Linux Kernel Flaw Allows Unprivileged Users to Gain Full Root Access
Critical Linux Kernel Flaw Allows Unprivileged Users to Gain Full Root Access A newly disclosed flaw in the Linux kernel’s traffic-control subsystem, now assigned CVE-2026-46331 and referred to as “Pedit COW,” has been found to grant… Delivered by PolitePaul service Go to gbhackers.com
-
Cloud Bucket Hijacking Lets Attackers Silently Exfiltrate AWS, Google Cloud Data
Cloud Bucket Hijacking Lets Attackers Silently Exfiltrate AWS, Google Cloud Data A critical cloud storage attack technique that exploits a fundamental architectural vulnerability shared across all major cloud service providers. The technique, dubbed cloud bucket hijacking,… Delivered by PolitePaul service Go to gbhackers.com
-
Linux Kernel DirtyClone Vulnerability Lets Local Attackers Gain Root Privileges
Linux Kernel DirtyClone Vulnerability Lets Local Attackers Gain Root Privileges A critical Local Privilege Escalation flaw has been uncovered within the Linux kernel, allowing unprivileged local users to seamlessly gain root access by manipulating… Delivered by PolitePaul service Go to gbhackers.com
-
Amazon Q Developer Vulnerability Allows Code Execution via Malicious Repositories
Amazon Q Developer Vulnerability Allows Code Execution via Malicious Repositories A critical security flaw discovered in the Amazon Q Developer Extension for Visual Studio Code (VS Code) left developers vulnerable to arbitrary code execution… Delivered by PolitePaul service Go to gbhackers.com
-
FBI: Russian hackers now target Signal backup recovery keys
FBI: Russian hackers now target Signal backup recovery keys The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Signal Backup Recovery Keys, allowing attackers to access victims’ historical messages. […] Lawrence Abrams Go to bleepingcomputer
-
CISA sets urgent deadline to fix Cisco flaw exploited in attacks
CISA sets urgent deadline to fix Cisco flaw exploited in attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited. […] Bill Toulas Go to bleepingcomputer
-
Polymarket customers lose $3 million in supply-chain attack
Polymarket customers lose $3 million in supply-chain attack Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform’s frontend following a breach at a third-party vendor. […] Bill Toulas Go to bleepingcomputer
-
Cybersecurity firms targeted by fraudulent OpenAI organization invites
Cybersecurity firms targeted by fraudulent OpenAI organization invites Threat actors are creating OpenAI tenants that impersonate legitimate companies and inviting employees to join them, in what appears to be a ploy to trick targets into submitting sensitive company information in chats and projects. […] Lawrence Abrams Go to bleepingcomputer
-
Your First GRC Agent: A Red Teamer’s Walkthrough
Your First GRC Agent: A Red Teamer’s Walkthrough AI won’t replace GRC analysts, but it can eliminate much of the repetitive work they do. Anecdotes walks through building an agent that continuously monitors controls, identifies evidence gaps, and opens remediation tasks. […] Sponsored by Anecdotes Go to bleepingcomputer
-
Anthropic Confirms Claude Mythos 5 Redeployment for US Critical Infrastructure Organizations
Anthropic Confirms Claude Mythos 5 Redeployment for US Critical Infrastructure Organizations Anthropic has confirmed that Claude Mythos 5, its most powerful AI cybersecurity model, will be redeployed to a select set of U.S. organizations responsible for operating and defending critical infrastructure, following a government-led review process that began on June 12, 2026. Claude Mythos first…
-
New Bucket Hijacking Attack Allows Hackers to Reroute Cloud Data Streams to External Storage
New Bucket Hijacking Attack Allows Hackers to Reroute Cloud Data Streams to External Storage A critical cloud storage attack technique dubbed “bucket hijacking” a method that enables threat actors to silently redirect an organization’s active cloud data streams, including audit logs and telemetry, into attacker-controlled external storage buckets across major cloud platforms. The technique has…
-
New DirtyClone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets
New DirtyClone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets A new Linux kernel local privilege escalation vulnerability, dubbed “DirtyClone” (CVE-2026-43503), that allows unprivileged local users to gain full root access by manipulating cloned network packets through the XFRM/IPsec subsystem, all without leaving a trace in kernel logs or audit records. DirtyClone…
-
Amazon Q Vulnerability Let Attackers Execute Code and Access Sensitive Cloud Environments
Amazon Q Vulnerability Let Attackers Execute Code and Access Sensitive Cloud Environments A high-severity vulnerability in the Amazon Q Developer Extension for Visual Studio Code (VS Code), Amazon’s AI-powered coding assistant. Tracked as CVE-2026-12957 and CVE-2026-12958 and disclosed by Wiz Research, the flaws allowed attackers to achieve arbitrary code execution and cloud credential theft simply…
-
New Linux pedit COW Exploit Allows Attackers to Gain System Root Access
New Linux pedit COW Exploit Allows Attackers to Gain System Root Access A newly disclosed Linux kernel vulnerability combining a Copy-on-Write (COW) page-cache corruption flaw with the net/sched subsystem’s act_pedit component is enabling unprivileged local attackers to escalate privileges to full root access on several major Linux distributions. The exploit, dubbed packet_edit_meme, has been verified…
-
SMB cyber readiness: the road to resilience starts here
SMB cyber readiness: the road to resilience starts here Your business may be small, but its attack surface is anything but. Readiness is the first step to resilience. Go to eset
-
FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys
FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step: they now coax targets into handing over their Signal Backup Recovery Key. Hand it over once, and the attacker can restore the account’s backup, read…
-
New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts. Kaspersky, which is tracking the activity under the moniker StrikeShark, said the campaign has targeted a…
-
Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign
Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks aimed at government entities and critical infrastructure in Southeast Asia. The activity, particularly aimed at state-owned enterprises in the energy and government sectors,…
-
New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries A flaw in the Linux kernel’s traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed “pedit COW,” is an out-of-bounds write in the packet-editing action (act_pedit) that corrupts shared page-cache memory. A public, working exploit appeared within a day…
-
Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer’s cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it. Tracked…
-
The Chinese Control the Majority of Argentina’s Squid Fleet
The Chinese Control the Majority of Argentina’s Squid Fleet Chinese companies control nearly two-thirds of Argentina’s own squid fleet. Bruce Schneier Go to bruce schneier