no alarms and no surprises please..
-
Anthropic’s AI Finds Bugs. IBM Bets $5B It Can Fix Them.
Anthropic’s AI Finds Bugs. IBM Bets $5B It Can Fix Them. IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic’s Mythos findings ignite debate over how to secure the open-source software supply chain. Jeffrey Schwartz Go to gbhackers.com
-
Hackers Use Geofenced Webpages to Deliver Ousaban Banking Trojan in Spain and Portugal
Hackers Use Geofenced Webpages to Deliver Ousaban Banking Trojan in Spain and Portugal A targeted phishing campaign delivering the Ousaban banking Trojan to users in Spain and Portugal, notable for its use of geofenced webpages, layered evasion… Delivered by PolitePaul service Go to gbhackers.com
-
JetBrains Patches Critical Hub Authentication Bypass and Account Takeover Vulnerabilities
JetBrains Patches Critical Hub Authentication Bypass and Account Takeover Vulnerabilities JetBrains has released patches for several critical vulnerabilities in JetBrains Hub that could allow for full authentication bypass, account takeover, and unauthorized privilege escalation… Delivered by PolitePaul service Go to gbhackers.com
-
ValleyRAT Uses RC4 Encryption, Donut Shellcode, and rundll32 Injection for Stealth
ValleyRAT Uses RC4 Encryption, Donut Shellcode, and rundll32 Injection for Stealth A recent surge in ValleyRAT activity that combines RC4-encrypted payloads, Donut-generated shellcode, and in-memory execution via suspended rundll32 processes to evade detection. First named… Delivered by PolitePaul service Go to gbhackers.com
-
Apple Hide My Email Vulnerability Lets Attackers Reveal Users’ Real Email Addresses
Apple Hide My Email Vulnerability Lets Attackers Reveal Users’ Real Email Addresses Apple’s Hide My Email privacy feature currently faces a significant flaw that may expose users’ real email addresses, compromising one of iCloud+’s core anonymity… Delivered by PolitePaul service Go to gbhackers.com
-
JADEPUFFER Agentic Ransomware Uses LLM to Automate Database Extortion
JADEPUFFER Agentic Ransomware Uses LLM to Automate Database Extortion The first instance of agentic ransomware: JADEPUFFER, an LLM-driven extortion operation that automated an end-to-end database-crippling campaign. The actor gained execution on an internet-facing… Delivered by PolitePaul service Go to gbhackers.com
-
Alleged Scattered Spider hacker extradited to the United States
Alleged Scattered Spider hacker extradited to the United States A dual United States and Estonian citizen has been extradited to the U.S. to face charges alleging he was a member of the Scattered Spider hacking collective. […] Sergiu Gatlan Go to bleepingcomputer
-
Medtronic notifies customers impacted by ShinyHunters data breach
Medtronic notifies customers impacted by ShinyHunters data breach Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. […] Bill Toulas Go to bleepingcomputer
-
FortiBleed credential-theft campaign linked to Lynx ransomware
FortiBleed credential-theft campaign linked to Lynx ransomware The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions. […] Lawrence Abrams Go to bleepingcomputer
-
Kubota says hackers had month-long access to network systems
Kubota says hackers had month-long access to network systems Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year. […] Bill Toulas Go to bleepingcomputer
-
New ChocoPoC malware targets researchers via trojanized PoC exploits
New ChocoPoC malware targets researchers via trojanized PoC exploits Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a campaign believed to target cybersecurity researchers. […] Bill Toulas Go to bleepingcomputer
-
CISA Warns of Microsoft SharePoint Server Code Execution Vulnerability Exploited in Attacks
CISA Warns of Microsoft SharePoint Server Code Execution Vulnerability Exploited in Attacks CISA has added a newly disclosed Microsoft SharePoint Server vulnerability, tracked as CVE-2026-45659, to its Known Exploited Vulnerabilities (KEV) Catalog, warning that the flaw is actively being exploited in real-world attacks. The vulnerability is a deserialization of untrusted data issue (CWE-502) that allows…
-
Browser-Only Ransomware Abuses Chrome File System Access API to Encrypt Android Photos
Browser-Only Ransomware Abuses Chrome File System Access API to Encrypt Android Photos A new ransomware technique can now run entirely inside a web browser, with no app installation or root access required. It targets Android photo directories by abusing a legitimate Chrome feature meant for photo editing. The attack begins with something as simple as…
-
Multiple ClamAV Vulnerabilities Allow Remote Attacker to Cause a DoS Condition
Multiple ClamAV Vulnerabilities Allow Remote Attacker to Cause a DoS Condition Multiple high-severity vulnerabilities in Cisco’s ClamAV engine allow remote attackers to crash the antivirus scanning process, causing a denial-of-service (DoS) on affected Cisco Secure Endpoint Connector deployments. The flaws affect Windows, Linux, and macOS, with the highest impact on Windows, where they are rated…
-
Medtronic Confirms Data Breach – Hackers Gained Access to Corporate IT Systems
Medtronic Confirms Data Breach – Hackers Gained Access to Corporate IT Systems Medical technology giant Medtronic Inc. has disclosed a cybersecurity incident involving unauthorized access to its corporate IT systems, potentially affecting sensitive personal and health-related information of patients using Medtronic medical devices. Medtronic detected unusual activity in certain corporate IT systems on April 15,…
-
WinRAR 7.23 Fixes Heap Overflow Vulnerability that Leads to Application Crashes
WinRAR 7.23 Fixes Heap Overflow Vulnerability that Leads to Application Crashes WinRAR 7.23 addresses a newly disclosed heap overflow vulnerability in the RAR5 recovery volume processing code, tracked as CVE-2026-14191. Closing a memory-corruption flaw that could be triggered by malicious recovery volume (.rev) data and potentially lead to application crashes or further exploitation. WinRAR 7.23…
-
SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution…
-
Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters
Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component’s internal network port. Synacktiv, which found the bug, says it can…
-
19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges
19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1. Peter Stokes, 19, a dual U.S. and Estonian citizen, appeared in a…
-
SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT
SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT Unknown threat actors are leveraging the ScreenConnect remote access tool as a way to deploy and execute AsyncRAT. Kaspersky said the activity is part of a “massive, multi-domain, multi-language” campaign that distributes malicious installer archives hosted on spoofed websites. These installers masquerade as popular software like OBS…
-
VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer
VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEIL#DROP by Securonix. It’s suspected that the initial payloads are distributed either via spear-phishing or…
-
Papa Johns Surveillance-Based Advertising
Papa Johns Surveillance-Based Advertising Papa Johns is spying on people’s buying activities to predict when they are low on food: The pizza chain recently tapped NBCUniversal, Instacart and the dentsu-owned media agency Carat for help reaching consumers when they’re low on groceries—and thus more likely to be swayed by a mouth-watering ad. The idea is…
-
ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd)
ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Why Ask Credentials If There Are Secret Codes?, (Wed, Jul 1st)
Why Ask Credentials If There Are Secret Codes?, (Wed, Jul 1st) This morning, an interesting phishing email hit my mailbox. It targets Metamask[1], a cryptocurrency wallet, available as a browser extension and a mobile app, that lets users store, send, and receive crypto money. It’s pretty popular, so a juicy target for criminals. In February,…
-
ISC Stormcast For Wednesday, July 1st, 2026 https://isc.sans.edu/podcastdetail/9990, (Wed, Jul 1st)
ISC Stormcast For Wednesday, July 1st, 2026 https://isc.sans.edu/podcastdetail/9990, (Wed, Jul 1st) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
June 2026 Apple Updates, (Tue, Jun 30th)
June 2026 Apple Updates, (Tue, Jun 30th) Apple released updates for iOS/iPadOS, macOS, and Safari on Monday. There have been no updates for other Apple operating systems (visionOS, watchOS, tvOS). Usually, Apple updates all products at the same time. Most of the vulnerabilities affect the web browser (WebKit, libxslt, WebRTC, and Web Extension). Only four…
-
ISC Stormcast For Tuesday, June 30th, 2026 https://isc.sans.edu/podcastdetail/9988, (Tue, Jun 30th)
ISC Stormcast For Tuesday, June 30th, 2026 https://isc.sans.edu/podcastdetail/9988, (Tue, Jun 30th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Smashing Security podcast #474: Polymarket can predict the future. So how did it miss this hack?
Smashing Security podcast #474: Polymarket can predict the future. So how did it miss this hack? Polymarket has built an entire business on predicting the future. So how did it manage to spectacularly fail to predict its own hack? Plus, the Google engineer with a million-dollar secret, and the curious case of the airport hairdryer.…
-
Crafty Phishing Campaigns Auto-Adapt to Victim’s Device, OS
Crafty Phishing Campaigns Auto-Adapt to Victim’s Device, OS Attackers fingerprint victims through user-agent data to deliver OS-specific payloads, increasing compromise rates and campaign profitability. Alexander Culafi Go to gbhackers.com
-
And the Winner in Dominant Malware Delivery? ClickFix
And the Winner in Dominant Malware Delivery? ClickFix Researchers say the highly effective social engineering technique is no longer the exception for malware attacks — it’s now the rule. Rob Wright Go to gbhackers.com
-
‘Phantom Squatting’: An Emerging AI-Driven Supply Chain Threat
‘Phantom Squatting’: An Emerging AI-Driven Supply Chain Threat LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect attack vector. Elizabeth Montalbano Go to gbhackers.com
-
Safe Events Start With Threat Intel and Digital Security
Safe Events Start With Threat Intel and Digital Security Planning ahead to defend against cyber threats is the work that keeps events uneventful. Olga Polishchuk Go to gbhackers.com
-
The Gentlemen Ransomware Targets Large Corporations and Critical Infrastructure Worldwide
The Gentlemen Ransomware Targets Large Corporations and Critical Infrastructure Worldwide The Gentlemen ransomware group has emerged in 2026 as a highly adaptive and technically sophisticated ransomware-as-a-service (RaaS) operation targeting large corporations and critical infrastructure… Delivered by PolitePaul service Go to gbhackers.com
-
RedLine Infostealer Thread Reveals Hidden Maritime Phishing and BEC Infrastructure
RedLine Infostealer Thread Reveals Hidden Maritime Phishing and BEC Infrastructure A routine threat-feed alert for a RedLine Stealer command-and-control (C2) IP morphed into a full-scale pivot investigation that exposed a tailored maritime spear‑phishing and… Delivered by PolitePaul service Go to gbhackers.com
-
Fluentd Security Flaws Enable Remote Code Execution, SSRF, DoS, and Credential Exposure
Fluentd Security Flaws Enable Remote Code Execution, SSRF, DoS, and Credential Exposure Fluentd, a widely used open-source data collector for unified logging, has reported several high-impact vulnerabilities that could enable attackers to achieve remote code execution… Delivered by PolitePaul service Go to gbhackers.com
-
New RustDuck Botnet Targets IoT Devices and Servers With Weak Passwords and RCE Exploits
New RustDuck Botnet Targets IoT Devices and Servers With Weak Passwords and RCE Exploits A sophisticated new botnet family dubbed RustDuck emerged in early 2026, leveraging a two-stage Loader and Core architecture to compromise IoT devices, routers, and… Delivered by PolitePaul service Go to gbhackers.com
-
Glitch SPY RAT Abuses Android Accessibility Service for Full Device Control
Glitch SPY RAT Abuses Android Accessibility Service for Full Device Control An emerging Android remote-access trojan platform, tracked as Glitch SPY, that leverages a fraudulent Polish apartment-rental website to trick victims into sideloading a malicious… Delivered by PolitePaul service Go to gbhackers.com
-
Amazon fined $2.25M for withholding evidence from fraud victims
Amazon fined $2.25M for withholding evidence from fraud victims The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims’ access to transaction records. […] Sergiu Gatlan Go to bleepingcomputer
-
Adobe patches seven max severity ColdFusion, Campaign flaws
Adobe patches seven max severity ColdFusion, Campaign flaws Adobe has released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic marketing automation platform. […] Sergiu Gatlan Go to bleepingcomputer
-
Anthropic to restore Claude Fable access on Wednesday
Anthropic to restore Claude Fable access on Wednesday Anthropic has confirmed that the Department of Commerce has lifted export controls on Claude’s two most powerful models, Fable 5 and Mythos 5. […] Mayank Parmar Go to bleepingcomputer
-
Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price
Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price Anthropic is now rolling out Sonnet 5, and it’s almost as good as the Opus range, but it is designed to be cheaper than the company’s flagship model. […] Mayank Parmar Go to bleepingcomputer
-
New BioShocking attack manipulates AI browser into data theft
New BioShocking attack manipulates AI browser into data theft A new prompt injection attack dubbed “BioShocking” could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails. […] Bill Toulas Go to bleepingcomputer
-
Chrome Update Fixes 382 Vulnerabilities, Including 15 Critical Ones – Update Now!
Chrome Update Fixes 382 Vulnerabilities, Including 15 Critical Ones – Update Now! Chrome 151’s latest stable-channel update delivers patches for 382 security vulnerabilities, including 15 critical bugs that can be weaponized for remote code execution and full browser compromise if left unpatched. Google is rolling this update out for Windows, macOS, Linux, and Chrome for…
-
Multiple Apache Tomcat Vulnerabilities Allow Attackers to Bypass Authentication
Multiple Apache Tomcat Vulnerabilities Allow Attackers to Bypass Authentication The Apache Software Foundation has disclosed two vulnerabilities affecting Apache Tomcat that could allow attackers to bypass authentication and security constraints protecting web applications. The flaws, tracked as CVE-2026-55957 and CVE-2026-55956, impact multiple major versions of the widely deployed servlet container, prompting urgent upgrade recommendations across…
-
U.S. Lifts Export Controls on Claude Fable 5 and Mythos 5
U.S. Lifts Export Controls on Claude Fable 5 and Mythos 5 The U.S. Department of Commerce has formally withdrawn export control restrictions on Anthropic’s Claude Fable 5 and Mythos 5 AI models, ending an 18-day standoff that had blocked global access to the company’s most advanced systems. In a letter dated June 30, 2026, Commerce…
-
Anthropic’s Claude Code Reportedly Uses Hidden Code to Detect Chinese Users
Anthropic’s Claude Code Reportedly Uses Hidden Code to Detect Chinese Users A Reddit disclosure has ignited a serious debate about developer trust and covert surveillance, alleging that Anthropic embedded undisclosed detection logic inside its Claude Code CLI tool, specifically targeting users in China or those routing traffic through Chinese AI lab proxies. A Reddit user…
-
Microsoft Teams’ New Feature Blocks Bots from Joining Meetings
Microsoft Teams’ New Feature Blocks Bots from Joining Meetings Microsoft has rolled out a new bot protection capability in Microsoft Teams that gives IT administrators and meeting organizers greater control over external bots attempting to join meetings, a move designed to address growing privacy and security concerns around AI-powered meeting tools. As AI note-taking bots…
-
This month in security with Tony Anscombe – June 2026 edition
This month in security with Tony Anscombe – June 2026 edition Three-day patching deadlines, exposed fuel-tank systems, scams costing billions of dollars, and social media bans for children all gave Tony plenty to unpack in June 2026 Go to eset
-
Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts
Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts Cybersecurity researchers have warned of a “massive, ongoing, automated password spray attack” aimed at Microsoft’s Azure command-line interface (CLI), compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address range (2a0a:d683::/32) controlled by internet infrastructure provider…
-
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery
Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery ClickFix, the trick that fools people into running malware by hand, has quietly grown a back office. New research shows the malicious commands behind its fake “prove you’re human” pages are now handed out by API-driven servers that give each visitor the same malware in…
-
Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service
Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-service (DoS) condition. The vulnerabilities are listed below…
-
Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data
Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data New Microsoft research shows how attackers can hijack AI agents that act on a user’s behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider. The trick is that the agent never breaks a…
-
RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS
RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline. Researchers at QiAnXin’s XLab have tracked it since February 2026, and say…
-
The Realities of AI Video Surveillance
The Realities of AI Video Surveillance The Financial Times has a good article on how AI is changing the capabilities of video surveillance, with information from both Israel/Iran and Russia. I wrote about this sort of thing a few years ago, how AI enables mass spying in the way that computers and networks enabled mass…
-
Scammers race to cash in on Venezuelan earthquake disaster
Scammers race to cash in on Venezuelan earthquake disaster Scammers wasted no time exploiting Venezuela’s devastating earthquake, with researchers uncovering 212 newly-registered relief-themed domains in just five days. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
USB drives carrying China-linked malware infected Japanese military networks for nearly a year
USB drives carrying China-linked malware infected Japanese military networks for nearly a year Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
China-Linked Group Targets Southeast Asia Critical Systems
China-Linked Group Targets Southeast Asia Critical Systems The group compromised at least 10 regional organizations, including two state-owned entities, and deployed a new backdoor. Robert Lemos Go to gbhackers.com
-
Weekly Update 510: Live From Mallorca with Scott Helme
Weekly Update 510: Live From Mallorca with Scott Helme How’s the view?! Back to business, it’s now 8 years ago that Scott and I thought it would be a cool idea to build Why no HTTPS? We used the site to shame companies for not implementing their transport later security property, and to make it…
-
Fake Bug Report Hijacks AI Coding Agents at Scale
Fake Bug Report Hijacks AI Coding Agents at Scale “Agentjacking” is the latest demonstration of how easily attackers can exploit an AI agent’s inability to differentiate between content and instructions. Jai Vijayan Go to gbhackers.com
-
Attackers Hijack Exposed AI Endpoints to Power Offensive Ops
Attackers Hijack Exposed AI Endpoints to Power Offensive Ops Attackers don’t need any special authentication to reach a target endpoint — they just need to know where it is. Alexander Culafi Go to gbhackers.com
-
Why Identity Security Is Your Cyber Career Entry Point
Why Identity Security Is Your Cyber Career Entry Point As AI reshapes cybersecurity workflows, John Paul Cunningham, CISO at SIlverfort, says the technology is creating opportunities rather than eliminating jobs — and there are more ways than ever to break into the essential field. Kristina Beek Go to gbhackers.com
-
Phishers Gain Persistence at EU, Asia Hospitality Orgs
Phishers Gain Persistence at EU, Asia Hospitality Orgs Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse. Elizabeth Montalbano Go to gbhackers.com
-
AI-Generated Workflows Are a Silent Security Disaster
AI-Generated Workflows Are a Silent Security Disaster Teams are dealing with a truly dangerous problem — automation that works, but that no one understands. Yelena Mujibur Sheikh Go to gbhackers.com
-
NIST Enrichment Reductions Impact CVE Coverage, Accuracy
NIST Enrichment Reductions Impact CVE Coverage, Accuracy The National Institute of Standards and Technology (NIST) scaled back on the number of CVEs it selects for in-depth analysis, but the move has produced mixed results, according to researchers. Rob Wright Go to gbhackers.com
-
Kali Linux 2026.2 Release With new Hacking Tool and With Updated Desktop Environments
Kali Linux 2026.2 Release With new Hacking Tool and With Updated Desktop Environments Kali Linux 2026.2 arrives on schedule in the final week of Q2 with a pragmatic blend of desktop environment refreshes, infrastructure hardening, and practical… Delivered by PolitePaul service Go to gbhackers.com
-
Boss Scam Uses DLL Sideloading to Hijack WhatsApp Web and Defraud Enterprises
Boss Scam Uses DLL Sideloading to Hijack WhatsApp Web and Defraud Enterprises The new “Boss Scam” is a sharp escalation in CEO fraud: attackers now combine impersonation, Windows DLL sideloading, and WhatsApp Web session theft to… Delivered by PolitePaul service Go to gbhackers.com
-
Japan Hotel Industry Targeted With TONResolver RAT and Guest Complaint Phishing Emails
Japan Hotel Industry Targeted With TONResolver RAT and Guest Complaint Phishing Emails Japan’s hotel sector is the latest target of a sophisticated phishing and remote-access trojan (RAT) campaign that leverages guest-complaint lures and an unusual resilience… Delivered by PolitePaul service Go to gbhackers.com
-
Mustang Panda Targets India’s Government and Energy Sectors With ZOHOMURK and MINIRECON
Mustang Panda Targets India’s Government and Energy Sectors With ZOHOMURK and MINIRECON Two concurrent espionage campaigns by Mustang Panda targeting Indian government and energy-sector organisations, deploying a novel malware suite that includes SHARDLOADER, MINIRECON and ZOHOMURK…. Delivered by PolitePaul service Go to gbhackers.com
-
Malicious Chromium Extension Spoofs Perplexity AI to Hijack Browser Searches
Malicious Chromium Extension Spoofs Perplexity AI to Hijack Browser Searches A malicious Chromium extension that impersonated the Perplexity AI brand to intercept browser searches and capture keystrokes before delivering users to legitimate search results…. Delivered by PolitePaul service Go to gbhackers.com
-
Kali Linux 2026.2 released with 9 new tools, NetHunter updates
Kali Linux 2026.2 released with 9 new tools, NetHunter updates Kali Linux 2026.2, the second release of the year, is now available for download, featuring 9 new tools and numerous Kali NetHunter improvements. […] Sergiu Gatlan Go to bleepingcomputer
-
Blackfield ransomware asks Nidec Corporation for $2 million ransom
Blackfield ransomware asks Nidec Corporation for $2 million ransom The Blackfield ransomware gang is asking for a $2 million ransom from Nidec Corporation, a large Japanese manufacturer of electronic components for automotive and computing applications. […] Bill Toulas Go to bleepingcomputer
-
CISA: Windows BlueHammer flaw now exploited by ransomware gangs
CISA: Windows BlueHammer flaw now exploited by ransomware gangs CISA confirmed on Monday that ransomware gangs are now exploiting a Microsoft Defender privilege escalation vulnerability, dubbed BlueHammer, that has previously been abused in zero-day attacks. […] Sergiu Gatlan Go to bleepingcomputer
-
Nissan discloses employee data breach linked to Oracle zero-day attacks
Nissan discloses employee data breach linked to Oracle zero-day attacks Nissan is warning that it suffered a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability in data theft attacks previously linked to the ShinyHunters extortion group. […] Lawrence Abrams Go to bleepingcomputer
-
NAIC says public data stolen in ShinyHunters’ PeopleSoft breach
NAIC says public data stolen in ShinyHunters’ PeopleSoft breach The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems by exploiting a zero-day vulnerability in an Oracle PeopleSoft server. […] Bill Toulas Go to bleepingcomputer
-
Kali Linux 2026.2 Released With 9 New Tools and VM Boot Tweaking
Kali Linux 2026.2 Released With 9 New Tools and VM Boot Tweaking Kali Linux team officially released Kali Linux 2026.2 right on schedule at the close of Q2 2026, delivering a compelling mix of desktop environment upgrades, infrastructure modernization, VM performance enhancements, and nine brand-new tools for penetration testers and security researchers. This release bumps…
-
Nissan Confirms Data Breach Following Oracle PeopleSoft 0-Day Attacks
Nissan Confirms Data Breach Following Oracle PeopleSoft 0-Day Attacks Nissan Americas has officially confirmed a data breach affecting current and former employees across four countries after threat actors exploited a critical zero-day vulnerability in Oracle PeopleSoft software, a campaign attributed to the ShinyHunters extortion group. The attack stems from CVE-2026-35273, a CVSS 9.8-rated unauthenticated Server-Side…
-
WhatsApp Launches New Username Feature to Communicate Without Exposing Phone Numbers
WhatsApp Launches New Username Feature to Communicate Without Exposing Phone Numbers WhatsApp introduces a new privacy update that lets users connect using unique handles, eliminating the need to share phone numbers with strangers or new group members. Earlier, we detailed that WhatsApp is preparing to roll out a long-anticipated username feature. Now WhatsApp has officially…
-
EvilTokens Phishing Breaches Finance Firms Using “Ghost” Code Across U.S. and European Businesses
EvilTokens Phishing Breaches Finance Firms Using “Ghost” Code Across U.S. and European Businesses EvilTokens can keep serious account-takeover activity out of your SOC’s view by relying on “ghost” code that only surfaces after the browser decrypts it. Because of this, analysis that looks only at the static URL can overlook the part of the attack that…
-
New Claude Code Attack Allows Attackers to Take Full Control of Developers’ Systems
New Claude Code Attack Allows Attackers to Take Full Control of Developers’ Systems Researchers at Mozilla’s Zero Day Investigative Network (0DIN) have demonstrated a proof-of-concept attack that shows how a completely clean-looking GitHub repository can trick AI-powered coding agents like Claude Code into silently opening a reverse shell on a developer’s machine, without a single…
-
Inside the inbox: Why cybercriminals want to break into your email account
Inside the inbox: Why cybercriminals want to break into your email account Your inbox is an identity system all of its own: whoever owns it may own a lot more Go to eset
-
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to…
-
Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input
Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results. Microsoft…
-
WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private
WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional feature is designed to help users connect with someone on the service through…
-
Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks
Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks The China-aligned espionage group Mustang Panda is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel. Acronis Threat Research Unit found active compromises inside Indian government networks, including machines used by senior…
-
⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More
⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open. The noise is not all noise, either. Forums are talking, researchers are…
-
Factoring RSA Keys with Many Zeros
Factoring RSA Keys with Many Zeros Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massive number…
-
Robot Police Officers
Robot Police Officers We’ve taken one small step towards robot police officers: a drone capable of disarming a suspect: In a June 22 video posted on the Sacramento County Sheriff’s Office’s Instagram page, an officer wearing goggles can be seen operating a drone to retrieve a knife from an armed suspect hiding inside a cluttered…
-
‘Djinn’ Stealer Targets Cloud, AI Credentials
‘Djinn’ Stealer Targets Cloud, AI Credentials The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems. Jai Vijayan Go to gbhackers.com
-
Vulnerabilities Expose Private Data in Indian Government Systems
Vulnerabilities Expose Private Data in Indian Government Systems One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal. Nate Nelson Go to gbhackers.com
-
Can Clothes Make You Invisible to Facial Recognition?
Can Clothes Make You Invisible to Facial Recognition? Does life feel Orwellian sometimes? One researcher has a solution for you: graphic tees that confuse the neural networks in surveillance cameras. Nate Nelson Go to gbhackers.com
-
Iran, Russia, China Target Water Systems for Sabotage
Iran, Russia, China Target Water Systems for Sabotage Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware. Alexander Culafi Go to gbhackers.com
-
Amazon Q VS Extension Flaw Leads to Cloud Credential Theft
Amazon Q VS Extension Flaw Leads to Cloud Credential Theft Adversaries could plant a malicious repository that can execute arbitrary code and steal cloud credentials by exploiting the vulnerability, which showcases growing MCP risk. Elizabeth Montalbano Go to gbhackers.com
-
Critical Hoppscotch Vulnerability Lets Attackers Overwrite JWT_SECRET and Forge Admin Tokens
Critical Hoppscotch Vulnerability Lets Attackers Overwrite JWT_SECRET and Forge Admin Tokens A critical security vulnerability, identified as CVE-2026-50160, has been discovered in the self-hosted Hoppscotch backend. This vulnerability allows unauthenticated attackers to overwrite sensitive configuration… Delivered by PolitePaul service Go to gbhackers.com
-
ClawHavoc Attack Hits ClawHub With 1,184 Malicious Skills and 247,000 Installations
ClawHavoc Attack Hits ClawHub With 1,184 Malicious Skills and 247,000 Installations The AI-agent ecosystem experienced its largest supply-chain compromise to date when ClawHavoc detonated across ClawHub, the official skill marketplace for OpenClaw. Our full AIG-powered… Delivered by PolitePaul service Go to gbhackers.com
-
Langflow RCE Vulnerability Exploited to Deploy Monero Cryptominer on Exposed AI Servers
Langflow RCE Vulnerability Exploited to Deploy Monero Cryptominer on Exposed AI Servers Threat actors are actively exploiting CVE-2026-33017, a critical unauthenticated remote code execution (RCE) vulnerability in Langflow, to compromise internet-exposed AI application servers and silently… Delivered by PolitePaul service Go to gbhackers.com
-
New Windows Injection Technique Hijacks Win32k Callback Dispatch to Execute Shellcode
New Windows Injection Technique Hijacks Win32k Callback Dispatch to Execute Shellcode A newly documented injection technique abuses the kernel-to-user callback dispatch path used by the Windows graphical subsystem (win32k.sys) to achieve remote code execution while… Delivered by PolitePaul service Go to gbhackers.com
-
Critical Dell Wyse Management Suite Vulnerabilities Let Attackers Execute Remote Code
Critical Dell Wyse Management Suite Vulnerabilities Let Attackers Execute Remote Code Dell Technologies has disclosed several critical vulnerabilities in its Wyse Management Suite (WMS) that could enable remote attackers to execute arbitrary code and fully… Delivered by PolitePaul service Go to gbhackers.com
-
Data breach exposes up to 14.2 million email logins at six ISPs
Data breach exposes up to 14.2 million email logins at six ISPs Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country. […] Bill Toulas Go to bleepingcomputer
-
China’s New Zhipu AI Reportedly Matches Claude Mythos in Vulnerability Detection
China’s New Zhipu AI Reportedly Matches Claude Mythos in Vulnerability Detection Zhipu AI’s open-weight GLM-5.2 model is reportedly performing on par with Anthropic’s restricted Claude Mythos in specific cybersecurity and software vulnerability detection tasks, a development that is intensifying concerns inside the U.S. government about the effectiveness of its AI export control strategy. Zhipu AI…
-
RedAmon AI Tool that Chains Reconnaissance, Exploitation, and Post-exploitation
RedAmon AI Tool that Chains Reconnaissance, Exploitation, and Post-exploitation A new open-source offensive security platform called RedAmon is redefining automated penetration testing by chaining reconnaissance, exploitation, post-exploitation, AI-driven triage, and automated code remediation all into a single end-to-end pipeline that culminates in a GitHub pull request with the fix already written. RedAmon is a modular,…