no alarms and no surprises please..
-
Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk
Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks. Bree Fowler Go to gbhackers.com
-
Claude Mythos 5 Redeployed to Help U.S. Organizations Strengthen Cyber Defense
Claude Mythos 5 Redeployed to Help U.S. Organizations Strengthen Cyber Defense Anthropic has officially restored access to its Claude Mythos 5 artificial intelligence model for a select group of U.S. organizations tasked with defending critical… Delivered by PolitePaul service Go to gbhackers.com
-
Critical Linux Kernel Flaw Allows Unprivileged Users to Gain Full Root Access
Critical Linux Kernel Flaw Allows Unprivileged Users to Gain Full Root Access A newly disclosed flaw in the Linux kernel’s traffic-control subsystem, now assigned CVE-2026-46331 and referred to as “Pedit COW,” has been found to grant… Delivered by PolitePaul service Go to gbhackers.com
-
Cloud Bucket Hijacking Lets Attackers Silently Exfiltrate AWS, Google Cloud Data
Cloud Bucket Hijacking Lets Attackers Silently Exfiltrate AWS, Google Cloud Data A critical cloud storage attack technique that exploits a fundamental architectural vulnerability shared across all major cloud service providers. The technique, dubbed cloud bucket hijacking,… Delivered by PolitePaul service Go to gbhackers.com
-
Linux Kernel DirtyClone Vulnerability Lets Local Attackers Gain Root Privileges
Linux Kernel DirtyClone Vulnerability Lets Local Attackers Gain Root Privileges A critical Local Privilege Escalation flaw has been uncovered within the Linux kernel, allowing unprivileged local users to seamlessly gain root access by manipulating… Delivered by PolitePaul service Go to gbhackers.com
-
Amazon Q Developer Vulnerability Allows Code Execution via Malicious Repositories
Amazon Q Developer Vulnerability Allows Code Execution via Malicious Repositories A critical security flaw discovered in the Amazon Q Developer Extension for Visual Studio Code (VS Code) left developers vulnerable to arbitrary code execution… Delivered by PolitePaul service Go to gbhackers.com
-
FBI: Russian hackers now target Signal backup recovery keys
FBI: Russian hackers now target Signal backup recovery keys The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Signal Backup Recovery Keys, allowing attackers to access victims’ historical messages. […] Lawrence Abrams Go to bleepingcomputer
-
CISA sets urgent deadline to fix Cisco flaw exploited in attacks
CISA sets urgent deadline to fix Cisco flaw exploited in attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited. […] Bill Toulas Go to bleepingcomputer
-
Polymarket customers lose $3 million in supply-chain attack
Polymarket customers lose $3 million in supply-chain attack Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform’s frontend following a breach at a third-party vendor. […] Bill Toulas Go to bleepingcomputer
-
Cybersecurity firms targeted by fraudulent OpenAI organization invites
Cybersecurity firms targeted by fraudulent OpenAI organization invites Threat actors are creating OpenAI tenants that impersonate legitimate companies and inviting employees to join them, in what appears to be a ploy to trick targets into submitting sensitive company information in chats and projects. […] Lawrence Abrams Go to bleepingcomputer
-
Your First GRC Agent: A Red Teamer’s Walkthrough
Your First GRC Agent: A Red Teamer’s Walkthrough AI won’t replace GRC analysts, but it can eliminate much of the repetitive work they do. Anecdotes walks through building an agent that continuously monitors controls, identifies evidence gaps, and opens remediation tasks. […] Sponsored by Anecdotes Go to bleepingcomputer
-
Anthropic Confirms Claude Mythos 5 Redeployment for US Critical Infrastructure Organizations
Anthropic Confirms Claude Mythos 5 Redeployment for US Critical Infrastructure Organizations Anthropic has confirmed that Claude Mythos 5, its most powerful AI cybersecurity model, will be redeployed to a select set of U.S. organizations responsible for operating and defending critical infrastructure, following a government-led review process that began on June 12, 2026. Claude Mythos first…
-
New Bucket Hijacking Attack Allows Hackers to Reroute Cloud Data Streams to External Storage
New Bucket Hijacking Attack Allows Hackers to Reroute Cloud Data Streams to External Storage A critical cloud storage attack technique dubbed “bucket hijacking” a method that enables threat actors to silently redirect an organization’s active cloud data streams, including audit logs and telemetry, into attacker-controlled external storage buckets across major cloud platforms. The technique has…
-
New DirtyClone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets
New DirtyClone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets A new Linux kernel local privilege escalation vulnerability, dubbed “DirtyClone” (CVE-2026-43503), that allows unprivileged local users to gain full root access by manipulating cloned network packets through the XFRM/IPsec subsystem, all without leaving a trace in kernel logs or audit records. DirtyClone…
-
Amazon Q Vulnerability Let Attackers Execute Code and Access Sensitive Cloud Environments
Amazon Q Vulnerability Let Attackers Execute Code and Access Sensitive Cloud Environments A high-severity vulnerability in the Amazon Q Developer Extension for Visual Studio Code (VS Code), Amazon’s AI-powered coding assistant. Tracked as CVE-2026-12957 and CVE-2026-12958 and disclosed by Wiz Research, the flaws allowed attackers to achieve arbitrary code execution and cloud credential theft simply…
-
New Linux pedit COW Exploit Allows Attackers to Gain System Root Access
New Linux pedit COW Exploit Allows Attackers to Gain System Root Access A newly disclosed Linux kernel vulnerability combining a Copy-on-Write (COW) page-cache corruption flaw with the net/sched subsystem’s act_pedit component is enabling unprivileged local attackers to escalate privileges to full root access on several major Linux distributions. The exploit, dubbed packet_edit_meme, has been verified…
-
SMB cyber readiness: the road to resilience starts here
SMB cyber readiness: the road to resilience starts here Your business may be small, but its attack surface is anything but. Readiness is the first step to resilience. Go to eset
-
FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys
FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step: they now coax targets into handing over their Signal Backup Recovery Key. Hand it over once, and the attacker can restore the account’s backup, read…
-
New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts. Kaspersky, which is tracking the activity under the moniker StrikeShark, said the campaign has targeted a…
-
Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign
Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks aimed at government entities and critical infrastructure in Southeast Asia. The activity, particularly aimed at state-owned enterprises in the energy and government sectors,…
-
New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries A flaw in the Linux kernel’s traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed “pedit COW,” is an out-of-bounds write in the packet-editing action (act_pedit) that corrupts shared page-cache memory. A public, working exploit appeared within a day…
-
Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer’s cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it. Tracked…
-
The Chinese Control the Majority of Argentina’s Squid Fleet
The Chinese Control the Majority of Argentina’s Squid Fleet Chinese companies control nearly two-thirds of Argentina’s own squid fleet. Bruce Schneier Go to bruce schneier
-
Meta Is Testing Facial Recognition for Police and Military
Meta Is Testing Facial Recognition for Police and Military We know that ICE wants to deploy eyeglasses with facial recognition that can identify people in real time. Turns out Meta is prototyping the feature with a Pentagon supplier. (Alternate news story.) Bruce Schneier Go to bruce schneier
-
One Million Passports Leaked Online
One Million Passports Leaked Online A database of almost a million passports from around the world was leaked online. Note what happened. A high-value credential—a passport—was used in an ancillary low-value authentication system: ID verification for cannabis dispensaries. And it’s the low-value system that got hacked, putting the high-value credential at risk. Bruce Schneier Go…
-
AI Decline? Confidence in Autonomous Penetration Testing Falls
AI Decline? Confidence in Autonomous Penetration Testing Falls Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology. Robert Lemos Go to gbhackers.com
-
Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions
Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions Cisco joins a growing list of security platform providers who are betting that securing the agentic workforce means turning identity into the primary control plane. Jeffrey Schwartz Go to gbhackers.com
-
AI Won’t Wipe-Out Entry-Level Cybersecurity Jobs
AI Won’t Wipe-Out Entry-Level Cybersecurity Jobs Instead of eliminating jobs for early-career cyber pros, AI is creating new opportunities for candidates with strong human decision-making skills. Jon France Go to gbhackers.com
-
Meeting Trump’s 2030 Quantum Deadline Will be Expensive, Complex
Meeting Trump’s 2030 Quantum Deadline Will be Expensive, Complex Getting accurate visibility into IT and OT systems will be compounded by multivendor environments, misaligned update life cycles, and interoperability gaps. Alexander Culafi Go to gbhackers.com
-
Thanks for Crushing the Submissions Inbox. We’re Trying to Keep Up
Thanks for Crushing the Submissions Inbox. We’re Trying to Keep Up It might be taking a bit longer than usual to respond to your submissions — here’s why. Becky Bracken Go to gbhackers.com
-
Hackers Exploit WinRAR CVE-2025-8088 to Plant Startup Shortcut and Run PowerShell Loader
Hackers Exploit WinRAR CVE-2025-8088 to Plant Startup Shortcut and Run PowerShell Loader Hackers have weaponized a WinRAR path-traversal flaw tracked as CVE-2025-8088 to silently plant a Startup shortcut and run a multi-stage PowerShell loader that maps… Delivered by PolitePaul service Go to gbhackers.com
-
Scammers Abuse Shopify to Send Fake Invoices and Steal Credentials via Fake Support Calls
Scammers Abuse Shopify to Send Fake Invoices and Steal Credentials via Fake Support Calls Scammers are increasingly exploiting Shopify’s ecosystem and its Shop order-tracking app to deliver fraudulent invoices directly into users’ purchase histories, marking a shift from… Delivered by PolitePaul service Go to gbhackers.com
-
Russian Authorities Used Cellebrite UFED to Break Into Human Rights Activist’s iPhone
Russian Authorities Used Cellebrite UFED to Break Into Human Rights Activist’s iPhone Russian authorities leveraged Cellebrite’s Universal Forensic Extraction Device (UFED) to gain access to a detained human rights activist’s iPhone, according to a detailed forensic… Delivered by PolitePaul service Go to gbhackers.com
-
KuinaExtractor Stealer Targets Browser Data, Crypto Wallets, Roblox, Steam, and Discord
KuinaExtractor Stealer Targets Browser Data, Crypto Wallets, Roblox, Steam, and Discord A previously undocumented Rust-based infostealer they call KuinaExtractor, a family that has evolved from a capable early prototype into a hardened, stealth-focused threat now… Delivered by PolitePaul service Go to gbhackers.com
-
WhatsApp Adds Security Warning Before Users Start Chat With Unknown Numbers
WhatsApp Adds Security Warning Before Users Start Chat With Unknown Numbers WhatsApp has introduced a new proactive security feature that warns users before they start conversations with unknown phone numbers. This update, currently being rolled… Delivered by PolitePaul service Go to gbhackers.com
-
Anthropic is testing desktop-like Claude Cowork for mobile
Anthropic is testing desktop-like Claude Cowork for mobile Anthropic appears to be testing Claude Cowork support on mobile, allowing you to manage long-running Claude tasks from your phone. […] Mayank Parmar Go to bleepingcomputer
-
Poland busts SIM-swapping gang tied to millions in crypto theft
Poland busts SIM-swapping gang tied to millions in crypto theft Authorities in Poland have arrested four members of an organized cybercrime group accused of breaching telecommunications partners and hijacking email accounts to carry out SIM-swapping attacks. […] Bill Toulas Go to bleepingcomputer
-
Order-tracking app Shop abused to push callback phishing attacks
Order-tracking app Shop abused to push callback phishing attacks Threat actors are increasingly abusing Shop, the order-tracking app from Shopify, by adding fake purchase receipts in users’ order histories to trick them into providing sensitive data or installing remote access software. […] Bill Toulas Go to bleepingcomputer
-
Microsoft quietly extends free Windows 10 ESU support to October 2027
Microsoft quietly extends free Windows 10 ESU support to October 2027 Microsoft has quietly extended its free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year, allowing enrolled devices to continue receiving security updates until October 12, 2027. […] Lawrence Abrams Go to bleepingcomputer
-
New macOS malware embeds fake errors to confuse AI analysis tools
New macOS malware embeds fake errors to confuse AI analysis tools A newly discovered macOS malware dubbed “Gaslight” is designed to confuse AI-assisted malware analysis tools by hiding prompt injection strings and fake debugging data within the executable. […] Lawrence Abrams Go to bleepingcomputer
-
CL-STA-1062 Hackers Use TinyRCT Backdoor to Target Southeast Asian Governments
CL-STA-1062 Hackers Use TinyRCT Backdoor to Target Southeast Asian Governments A Chinese-speaking threat group known as CL-STA-1062 has been running a quiet but aggressive campaign against government agencies and critical energy infrastructure across Southeast Asia. The attackers, active since at least March 2022, spent much of 2025 targeting state-owned enterprises with a toolkit that blends…
-
Miasma Malware Uses binding.gyp and Bun to Execute Hidden Payloads in npm Packages
Miasma Malware Uses binding.gyp and Bun to Execute Hidden Payloads in npm Packages Supply chain attackers are getting more creative, and the latest threat is proof of that. A malware campaign known as Miasma has been caught hiding inside widely used npm packages, using a clever mix of tools and techniques to stay hidden while…
-
Minecraft Malware Loader Uses RSA-Signed Smart Contract Updates for Persistent C2
Minecraft Malware Loader Uses RSA-Signed Smart Contract Updates for Persistent C2 A new and highly sophisticated malware loader has been found hiding inside what appears to be a harmless Minecraft mod. Researchers have uncovered a campaign that blends blockchain technology and social engineering to steal player credentials and deliver additional malicious payloads. The damage is…
-
CISA Warns of Cisco Unified CM Vulnerability Exploited in Attacks
CISA Warns of Cisco Unified CM Vulnerability Exploited in Attacks CISA has added a critical server-side request forgery (SSRF) vulnerability affecting Cisco Unified Communications Manager (Unified CM) to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies and organizations to apply patches immediately amid active exploitation in the wild. The flaw, tracked as CVE-2026-20230, enables…
-
Microsoft Extends Windows 10 Security Updates for Users Up to October 2027
Microsoft Extends Windows 10 Security Updates for Users Up to October 2027 Microsoft has quietly expanded its Windows 10 Extended Security Updates (ESU) program, allowing consumers to receive critical security patches through October 12, 2027, an additional year beyond the program’s originally planned expiration date of October 12, 2026. Windows 10 officially reached its end…
-
Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances
Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances ESET Research analyzes Gamaredon’s new toolset and the group’s growing reliance on legitimate online services to hide its C&C infrastructure and exfiltrate stolen data Go to eset
-
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), has more than 10 million installs and carries a Featured badge…
-
ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories
ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories It’s dumb out there again. This week has the usual smell of prod on fire and nobody wanting to admit who left the door open — old creds still working, trusted apps doing sketchy crap, browser tricks jumping the fence,…
-
Surviving the Mythos Era: Richard Bejtlich on the Case for NDR
Surviving the Mythos Era: Richard Bejtlich on the Case for NDR Despite the abundance of telemetry at analysts’ disposal, many security operations teams struggle to answer a few basic questions during incident investigation: What happened? What evidence do we have? How do we know we’re seeing it all, in context? Answering these questions requires teams…
-
New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis
New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst’s artificial intelligence (AI) tools and trick it into aborting or refusing an analysis of the artifact. The malware has been…
-
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026. According to Symantec and Carbon Black’s Threat Hunter Team, the backdoor, also tracked…
-
AI and Liability
AI and Liability Earlier this month, a German court ruled that Google is liable for its AI search summaries. Rejecting defenses like “users can check for themselves,” and that they generally know “that information generated with AI should not be blindly trusted,” the court held that the AI’s summaries are reflections of the company and…
-
Interesting Paper Exploring Prompt Injection
Interesting Paper Exploring Prompt Injection This is a fascinating explotation of how LLMs fall for prompt injection attacks. It turns out that they learn to recognize the style of text in different role/instruction blocks, and not just the tags. Their conclusion: Role tags were a formatting trick that became the security architecture and the cognitive…
-
What do Ports Hear When Nobody’s Listening? An Assessment of Automated Cybercrime [Guest Diary], (Wed, Jun 24th)
What do Ports Hear When Nobody’s Listening? An Assessment of Automated Cybercrime [Guest Diary], (Wed, Jun 24th) [This is a Guest Diary by Nicole Phillips, an ISC intern as part of the SANS.edu BACS program] “I was just sitting here enjoying the company. Plants got a lot to say, if you take the time to…
-
Linux Process Name Masquerading, (Wed, Jun 24th)
Linux Process Name Masquerading, (Wed, Jun 24th) In a previous diary, I talked about stack strings[1] with a practical example of them. Since my SEC670 class, I’m even more interested in malware obfuscation techniques. I had a look at process names. When you list running processes on a computer, can you trust what you see? If you’re…
-
In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw
In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified CM SME deployments. Jai Vijayan Go to gbhackers.com
-
Russian APT ‘Gamaredon’ Upgrades Its Arsenal, Requiring New Defenses
Russian APT ‘Gamaredon’ Upgrades Its Arsenal, Requiring New Defenses The FSB state-sponsored operation has gotten a lot better at loading its malware and hiding its servers. Nate Nelson Go to gbhackers.com
-
EdTech Attackers Shift From Schools to Their Software Suppliers
EdTech Attackers Shift From Schools to Their Software Suppliers Educational institutions, the edtech companies they rely on, and, more concerningly, the challenges they pose for schools are the focus of the latest Reporters’ Notebook video series. Arielle Waldman Go to gbhackers.com
-
Local Police Collusion Hampers Crackdown on Asian Scam Centers
Local Police Collusion Hampers Crackdown on Asian Scam Centers With tens of billions of dollars flowing into regional economies from cybercrime, scam centers continue to flourish, despite international and law-enforcement efforts. Robert Lemos Go to gbhackers.com
-
Gemini 3.5 Flash Now Supports Agentic Computer Use for Enterprise Automation Tasks
Gemini 3.5 Flash Now Supports Agentic Computer Use for Enterprise Automation Tasks Google has announced a significant enhancement to its AI platform with the release of Gemini 3.5 Flash, which now includes native support for agentic… Delivered by PolitePaul service Go to gbhackers.com
-
Shai-Hulud Hades Payload Hits 20 Leo/RStreams npm Packages in Fresh Supply Chain Attack
Shai-Hulud Hades Payload Hits 20 Leo/RStreams npm Packages in Fresh Supply Chain Attack A fresh supply-chain wave by the Shai-Hulud/Hades family that infected 20 npm packages in the Leo/RStreams ecosystem, an AWS-native event streaming SDK widely used… Delivered by PolitePaul service Go to gbhackers.com
-
Langflow RCE Flaw Lets Attackers Execute Arbitrary Python Code Without Authentication
Langflow RCE Flaw Lets Attackers Execute Arbitrary Python Code Without Authentication A critical unauthenticated remote code execution (RCE) vulnerability in Langflow, tracked as CVE-2026-33017, is being actively exploited in the wild within hours of its… Delivered by PolitePaul service Go to gbhackers.com
-
Curl 8.21.0 Released With 18 Security Fixes
Curl 8.21.0 Released With 18 Security Fixes The curl project has announced the release of version 8.21.0, marking its 275th release and including a significant security update. This version addresses 18… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Abuse Cloudflare-Hosted AWS Phishing Domains to Steal Console Logins
Hackers Abuse Cloudflare-Hosted AWS Phishing Domains to Steal Console Logins A concise but sophisticated phishing campaign that targeted AWS console users by abusing Cloudflare-hosted domains to deliver adversary-in-the-middle (AiTM) credential theft. Each domain served… Delivered by PolitePaul service Go to gbhackers.com
-
Europe Evolves Into Ransomware’s Favorite Region
Europe Evolves Into Ransomware’s Favorite Region After a global lull, ransomware gangs are setting sights on a rich new arena: attacking EU organizations and their suppliers. Nate Nelson Go to gbhackers.com
-
Google releases new privacy controls for activity history, personalization
Google releases new privacy controls for activity history, personalization Google is rolling out new privacy controls for Search services and Google Play, giving you more control over saved history and personalized recommendations. […] Mayank Parmar Go to bleepingcomputer
-
DraftKings hacker ‘Snoopy’ sentenced to 18 months in prison
DraftKings hacker ‘Snoopy’ sentenced to 18 months in prison A 21-year-old using the alias “Snoopy” was sentenced to 18 months in prison for his role in hacking DraftKings accounts in the November 2022 cyberattack. […] Bill Toulas Go to bleepingcomputer
-
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access New details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to create rogue root accounts on targeted devices. […] Lawrence Abrams Go to bleepingcomputer
-
Malicious Edge extension abuses Native Messaging as bridge to malware
Malicious Edge extension abuses Native Messaging as bridge to malware A malicious Microsoft Edge extension dubbed ‘Edgecution’ has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. […] Bill Toulas Go to bleepingcomputer
-
CISA warns of max severity Ubiquiti flaws exploited in attacks
CISA warns of max severity Ubiquiti flaws exploited in attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers. […] Bill Toulas Go to bleepingcomputer
-
OpenClaw Skill Marketplace Exposes AI Agents to Supply Chain Malware and Financial Fraud
OpenClaw Skill Marketplace Exposes AI Agents to Supply Chain Malware and Financial Fraud A wave of malicious skills targeting the OpenClaw AI agent marketplace has exposed a dangerous new frontier in software supply chain security. Attackers are using the ClawHub skill marketplace to push harmful code into AI agent environments, stealing data and running financial…
-
Hackers Use Cisco AnyConnect and Google Update Lures to Drop SharkLoader Malware
Hackers Use Cisco AnyConnect and Google Update Lures to Drop SharkLoader Malware A newly discovered malware family is making its way onto systems worldwide by hiding inside fake software installers that look completely legitimate. Researchers have identified a campaign where attackers disguise their malicious tools as trusted programs like Cisco AnyConnect and Google Update, tricking…
-
Chrome 149 Security Update — Patch for Critical Flaws that Enable Code Execution Attacks
Chrome 149 Security Update — Patch for Critical Flaws that Enable Code Execution Attacks Google has released a critical security update for its Chrome browser, pushing the Stable channel to version 149.0.7827.196/197 for Windows and Mac, and 149.0.7827.196 for Linux. The update addresses 18 security vulnerabilities, including four rated Critical and fourteen rated High severity,…
-
Anthropic Accuses Alibaba of ‘Illicitly’ Accessing Its Claude AI Models in Largest Known Distillation Attack
Anthropic Accuses Alibaba of ‘Illicitly’ Accessing Its Claude AI Models in Largest Known Distillation Attack Anthropic has formally accused Chinese tech and e-commerce giant Alibaba of orchestrating a massive, unauthorized extraction campaign targeting its Claude AI model, marking what the company describes as the largest known distillation attack in its history. In a letter dated…
-
Mistic Backdoor Blends With Microsoft Endpoint Security Tooling to Evade Detection
Mistic Backdoor Blends With Microsoft Endpoint Security Tooling to Evade Detection A new and stealthy backdoor named Mistic has been quietly targeting corporate networks since April 2026, disguising itself using the names and appearance of legitimate Microsoft endpoint security components. This clever camouflage helps it avoid detection, allowing attackers to maintain a persistent, low-profile foothold…
-
ESET takes part in Operation Endgame to disrupt Amadey and Stealc
ESET takes part in Operation Endgame to disrupt Amadey and Stealc ESET researchers assisted in the global disruption of the Amadey botnet and Stealc infostealer, providing technical analysis, infrastructure tracking, and affiliate-level insights Go to eset
-
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated,…
-
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026. The vulnerability in question is CVE-2025-67038…
-
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. “The main common goal was to disrupt the ‘assembly lines’ cybercriminals use to launch ransomware, financial…
-
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The “critical exploitable pattern” has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositories at dozens of…
-
Dawn of the Apex Agentic Adversary
Dawn of the Apex Agentic Adversary We are standing at the end of an era we never thought to mourn: the era of human-speed threats. For years, cybersecurity moved to a rhythm organizations could follow. A researcher found a bug, a CVE was cataloged, a vendor navigated a patch cycle, and weeks or even months…
-
Embedding Forbidden Text in Spyware to Discourage AI Analysis
Embedding Forbidden Text in Spyware to Discourage AI Analysis At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it is inside…
-
Smashing Security podcast #473: How a hacker could have Rickrolled the entire World Cup
Smashing Security podcast #473: How a hacker could have Rickrolled the entire World Cup A polite caller from your bank says there is a problem with your account. Don’t worry – they’ll send someone round to help. They’ll even take your cards away to keep them safe. The scam has run rampant, until Dutch police…
-
Weekly Update 509
Weekly Update 509 I know enough about home cinema audiovisual to know there’s a lot I don’t know. It’s conscious incompetence, if you like, which is different to the unconscious incompetence most people have on the topic. That’s not to sound derogatory (it’s spelled out that way in the competence model), rather it recognises that…
-
Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure
Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure Researchers believe rogue peering was used to connect to the victim’s SD-WAN devices to gain admin privileges and root-level access. Jai Vijayan Go to gbhackers.com
-
2026 FIFA World Cup Faces Surge in Cyber Threats
2026 FIFA World Cup Faces Surge in Cyber Threats Persistent cybercrime, social engineering, and infrastructure threats continue to plague the FIFA 2026 World Cup across the US, Canada, and Mexico. Alexander Culafi Go to gbhackers.com
-
Do CISOs Need a Code of Ethics?
Do CISOs Need a Code of Ethics? Kickbacks, no-show jobs, “dirty” VCs, and shelf ware — industry expert Robert “RSnake” Hansen explains why he thinks its time for a CISO code of ethics to ensure cybersecurity bosses aren’t engaged in self-dealing that could risk enterprise, and even national, security. Dark Reading Editorial Team Go to…
-
More Malicious OpenClaw Skills Threaten AI Supply Chain
More Malicious OpenClaw Skills Threaten AI Supply Chain OpenClaw removed five packages from ClawHub, its skills marketplace, that bypassed security checks even though they included infostealers and other threats. Elizabeth Montalbano Go to gbhackers.com
-
Apple’s MacOS Gap Lets Users Disable Security Tools
Apple’s MacOS Gap Lets Users Disable Security Tools Attackers can exploit the issue to disable security and integrated browser tools without needing administrator privileges or kernel exploits. Jai Vijayan Go to gbhackers.com
-
PoC Released for Microsoft Exchange Server EWS InstallApp SSRF Vulnerability
PoC Released for Microsoft Exchange Server EWS InstallApp SSRF Vulnerability A proof-of-concept exploit has been released for CVE-2026-45502, a server-side request forgery (SSRF) vulnerability in the Microsoft Exchange Server’s Exchange Web Services (EWS) InstallApp… Delivered by PolitePaul service Go to gbhackers.com
-
Webmin Stored XSS Vulnerability Lets Attackers Exploit Root Users
Webmin Stored XSS Vulnerability Lets Attackers Exploit Root Users A newly disclosed stored cross-site scripting (XSS) vulnerability in Webmin has raised significant security concerns, as it allows attackers with limited privileges to target… Delivered by PolitePaul service Go to gbhackers.com
-
Fable 5 AI Model Builds Bootable Windows Kernel in Rust in Just 38 Minutes
Fable 5 AI Model Builds Bootable Windows Kernel in Rust in Just 38 Minutes A newly released AI model, Claude Fable 5, has made a significant advancement in autonomous systems programming by generating a bootable Windows NT-style kernel… Delivered by PolitePaul service Go to gbhackers.com
-
Cisco Unified Communications Manager Flaw Exposes Systems to SSRF Attacks and Root Access
Cisco Unified Communications Manager Flaw Exposes Systems to SSRF Attacks and Root Access Cisco has disclosed a critical server-side request forgery (SSRF) vulnerability affecting its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Abuse Indian Tax Notice Lures to Deliver PE Loader and libsvcs.dll Payload
Hackers Abuse Indian Tax Notice Lures to Deliver PE Loader and libsvcs.dll Payload A targeted malware distribution campaign that abuses a counterfeit Indian Income Tax Department assessment notice to deliver a multi-stage Remote Access Trojan (RAT)-style payload…. Delivered by PolitePaul service Go to gbhackers.com
-
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks A high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being exploited in attacks. […] Lawrence Abrams Go to bleepingcomputer
-
Tata Electronics confirms cyberattack as hackers leak data
Tata Electronics confirms cyberattack as hackers leak data Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure. […] Bill Toulas Go to bleepingcomputer
-
Windows 11 KB5095093 update rolls out new Point-in-Time restore feature
Windows 11 KB5095093 update rolls out new Point-in-Time restore feature Microsoft has released the KB5095093 preview cumulative update for Windows 11 24H2 and 25H2, which fixes numerous bugs and begins rolling out new features, including the new Point-in-Time restore feature. […] Lawrence Abrams Go to bleepingcomputer
-
Healthtech firm Xolis suffers data breach impacting 1.4 million people
Healthtech firm Xolis suffers data breach impacting 1.4 million people Healthcare technology company Xsolis says that sensitive data belonging to nearly 1.4 million individuals was compromised in a phishing attack that gave attackers access to its network. […] Bill Toulas Go to bleepingcomputer
-
New macOS ClickFix attack silently mounts DMGs to push infostealer
New macOS ClickFix attack silently mounts DMGs to push infostealer A new macOS ClickFix campaign is using Terminal commands to silently download, mount, and launch info-stealing malware from malicious disk image (DMG) files. […] Lawrence Abrams Go to bleepingcomputer
-
Malicious AI Agent Skill Bypasses Security Scans and Seized Full Control of Over 26,000 Agents
Malicious AI Agent Skill Bypasses Security Scans and Seized Full Control of Over 26,000 Agents A malicious AI “skill” created as part of a controlled security experiment has exposed critical weaknesses in modern AI agent ecosystems, successfully bypassing security scanners and compromising more than 26,000 agents across individual and enterprise environments. According to researcher Niv…