no alarms and no surprises please..
-
Local Police Collusion Hampers Crackdown on Asian Scam Centers
Local Police Collusion Hampers Crackdown on Asian Scam Centers With tens of billions of dollars flowing into regional economies from cybercrime, scam centers continue to flourish, despite international and law-enforcement efforts. Robert Lemos Go to gbhackers.com
-
Gemini 3.5 Flash Now Supports Agentic Computer Use for Enterprise Automation Tasks
Gemini 3.5 Flash Now Supports Agentic Computer Use for Enterprise Automation Tasks Google has announced a significant enhancement to its AI platform with the release of Gemini 3.5 Flash, which now includes native support for agentic… Delivered by PolitePaul service Go to gbhackers.com
-
Shai-Hulud Hades Payload Hits 20 Leo/RStreams npm Packages in Fresh Supply Chain Attack
Shai-Hulud Hades Payload Hits 20 Leo/RStreams npm Packages in Fresh Supply Chain Attack A fresh supply-chain wave by the Shai-Hulud/Hades family that infected 20 npm packages in the Leo/RStreams ecosystem, an AWS-native event streaming SDK widely used… Delivered by PolitePaul service Go to gbhackers.com
-
Langflow RCE Flaw Lets Attackers Execute Arbitrary Python Code Without Authentication
Langflow RCE Flaw Lets Attackers Execute Arbitrary Python Code Without Authentication A critical unauthenticated remote code execution (RCE) vulnerability in Langflow, tracked as CVE-2026-33017, is being actively exploited in the wild within hours of its… Delivered by PolitePaul service Go to gbhackers.com
-
Curl 8.21.0 Released With 18 Security Fixes
Curl 8.21.0 Released With 18 Security Fixes The curl project has announced the release of version 8.21.0, marking its 275th release and including a significant security update. This version addresses 18… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Abuse Cloudflare-Hosted AWS Phishing Domains to Steal Console Logins
Hackers Abuse Cloudflare-Hosted AWS Phishing Domains to Steal Console Logins A concise but sophisticated phishing campaign that targeted AWS console users by abusing Cloudflare-hosted domains to deliver adversary-in-the-middle (AiTM) credential theft. Each domain served… Delivered by PolitePaul service Go to gbhackers.com
-
Europe Evolves Into Ransomware’s Favorite Region
Europe Evolves Into Ransomware’s Favorite Region After a global lull, ransomware gangs are setting sights on a rich new arena: attacking EU organizations and their suppliers. Nate Nelson Go to gbhackers.com
-
Google releases new privacy controls for activity history, personalization
Google releases new privacy controls for activity history, personalization Google is rolling out new privacy controls for Search services and Google Play, giving you more control over saved history and personalized recommendations. […] Mayank Parmar Go to bleepingcomputer
-
DraftKings hacker ‘Snoopy’ sentenced to 18 months in prison
DraftKings hacker ‘Snoopy’ sentenced to 18 months in prison A 21-year-old using the alias “Snoopy” was sentenced to 18 months in prison for his role in hacking DraftKings accounts in the November 2022 cyberattack. […] Bill Toulas Go to bleepingcomputer
-
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access New details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to create rogue root accounts on targeted devices. […] Lawrence Abrams Go to bleepingcomputer
-
Malicious Edge extension abuses Native Messaging as bridge to malware
Malicious Edge extension abuses Native Messaging as bridge to malware A malicious Microsoft Edge extension dubbed ‘Edgecution’ has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. […] Bill Toulas Go to bleepingcomputer
-
CISA warns of max severity Ubiquiti flaws exploited in attacks
CISA warns of max severity Ubiquiti flaws exploited in attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers. […] Bill Toulas Go to bleepingcomputer
-
OpenClaw Skill Marketplace Exposes AI Agents to Supply Chain Malware and Financial Fraud
OpenClaw Skill Marketplace Exposes AI Agents to Supply Chain Malware and Financial Fraud A wave of malicious skills targeting the OpenClaw AI agent marketplace has exposed a dangerous new frontier in software supply chain security. Attackers are using the ClawHub skill marketplace to push harmful code into AI agent environments, stealing data and running financial…
-
Hackers Use Cisco AnyConnect and Google Update Lures to Drop SharkLoader Malware
Hackers Use Cisco AnyConnect and Google Update Lures to Drop SharkLoader Malware A newly discovered malware family is making its way onto systems worldwide by hiding inside fake software installers that look completely legitimate. Researchers have identified a campaign where attackers disguise their malicious tools as trusted programs like Cisco AnyConnect and Google Update, tricking…
-
Chrome 149 Security Update — Patch for Critical Flaws that Enable Code Execution Attacks
Chrome 149 Security Update — Patch for Critical Flaws that Enable Code Execution Attacks Google has released a critical security update for its Chrome browser, pushing the Stable channel to version 149.0.7827.196/197 for Windows and Mac, and 149.0.7827.196 for Linux. The update addresses 18 security vulnerabilities, including four rated Critical and fourteen rated High severity,…
-
Anthropic Accuses Alibaba of ‘Illicitly’ Accessing Its Claude AI Models in Largest Known Distillation Attack
Anthropic Accuses Alibaba of ‘Illicitly’ Accessing Its Claude AI Models in Largest Known Distillation Attack Anthropic has formally accused Chinese tech and e-commerce giant Alibaba of orchestrating a massive, unauthorized extraction campaign targeting its Claude AI model, marking what the company describes as the largest known distillation attack in its history. In a letter dated…
-
Mistic Backdoor Blends With Microsoft Endpoint Security Tooling to Evade Detection
Mistic Backdoor Blends With Microsoft Endpoint Security Tooling to Evade Detection A new and stealthy backdoor named Mistic has been quietly targeting corporate networks since April 2026, disguising itself using the names and appearance of legitimate Microsoft endpoint security components. This clever camouflage helps it avoid detection, allowing attackers to maintain a persistent, low-profile foothold…
-
ESET takes part in Operation Endgame to disrupt Amadey and Stealc
ESET takes part in Operation Endgame to disrupt Amadey and Stealc ESET researchers assisted in the global disruption of the Amadey botnet and Stealc infostealer, providing technical analysis, infrastructure tracking, and affiliate-level insights Go to eset
-
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated,…
-
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026. The vulnerability in question is CVE-2025-67038…
-
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. “The main common goal was to disrupt the ‘assembly lines’ cybercriminals use to launch ransomware, financial…
-
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The “critical exploitable pattern” has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositories at dozens of…
-
Dawn of the Apex Agentic Adversary
Dawn of the Apex Agentic Adversary We are standing at the end of an era we never thought to mourn: the era of human-speed threats. For years, cybersecurity moved to a rhythm organizations could follow. A researcher found a bug, a CVE was cataloged, a vendor navigated a patch cycle, and weeks or even months…
-
Embedding Forbidden Text in Spyware to Discourage AI Analysis
Embedding Forbidden Text in Spyware to Discourage AI Analysis At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it is inside…
-
Smashing Security podcast #473: How a hacker could have Rickrolled the entire World Cup
Smashing Security podcast #473: How a hacker could have Rickrolled the entire World Cup A polite caller from your bank says there is a problem with your account. Don’t worry – they’ll send someone round to help. They’ll even take your cards away to keep them safe. The scam has run rampant, until Dutch police…
-
Weekly Update 509
Weekly Update 509 I know enough about home cinema audiovisual to know there’s a lot I don’t know. It’s conscious incompetence, if you like, which is different to the unconscious incompetence most people have on the topic. That’s not to sound derogatory (it’s spelled out that way in the competence model), rather it recognises that…
-
Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure
Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure Researchers believe rogue peering was used to connect to the victim’s SD-WAN devices to gain admin privileges and root-level access. Jai Vijayan Go to gbhackers.com
-
2026 FIFA World Cup Faces Surge in Cyber Threats
2026 FIFA World Cup Faces Surge in Cyber Threats Persistent cybercrime, social engineering, and infrastructure threats continue to plague the FIFA 2026 World Cup across the US, Canada, and Mexico. Alexander Culafi Go to gbhackers.com
-
Do CISOs Need a Code of Ethics?
Do CISOs Need a Code of Ethics? Kickbacks, no-show jobs, “dirty” VCs, and shelf ware — industry expert Robert “RSnake” Hansen explains why he thinks its time for a CISO code of ethics to ensure cybersecurity bosses aren’t engaged in self-dealing that could risk enterprise, and even national, security. Dark Reading Editorial Team Go to…
-
More Malicious OpenClaw Skills Threaten AI Supply Chain
More Malicious OpenClaw Skills Threaten AI Supply Chain OpenClaw removed five packages from ClawHub, its skills marketplace, that bypassed security checks even though they included infostealers and other threats. Elizabeth Montalbano Go to gbhackers.com
-
Apple’s MacOS Gap Lets Users Disable Security Tools
Apple’s MacOS Gap Lets Users Disable Security Tools Attackers can exploit the issue to disable security and integrated browser tools without needing administrator privileges or kernel exploits. Jai Vijayan Go to gbhackers.com
-
PoC Released for Microsoft Exchange Server EWS InstallApp SSRF Vulnerability
PoC Released for Microsoft Exchange Server EWS InstallApp SSRF Vulnerability A proof-of-concept exploit has been released for CVE-2026-45502, a server-side request forgery (SSRF) vulnerability in the Microsoft Exchange Server’s Exchange Web Services (EWS) InstallApp… Delivered by PolitePaul service Go to gbhackers.com
-
Webmin Stored XSS Vulnerability Lets Attackers Exploit Root Users
Webmin Stored XSS Vulnerability Lets Attackers Exploit Root Users A newly disclosed stored cross-site scripting (XSS) vulnerability in Webmin has raised significant security concerns, as it allows attackers with limited privileges to target… Delivered by PolitePaul service Go to gbhackers.com
-
Fable 5 AI Model Builds Bootable Windows Kernel in Rust in Just 38 Minutes
Fable 5 AI Model Builds Bootable Windows Kernel in Rust in Just 38 Minutes A newly released AI model, Claude Fable 5, has made a significant advancement in autonomous systems programming by generating a bootable Windows NT-style kernel… Delivered by PolitePaul service Go to gbhackers.com
-
Cisco Unified Communications Manager Flaw Exposes Systems to SSRF Attacks and Root Access
Cisco Unified Communications Manager Flaw Exposes Systems to SSRF Attacks and Root Access Cisco has disclosed a critical server-side request forgery (SSRF) vulnerability affecting its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Abuse Indian Tax Notice Lures to Deliver PE Loader and libsvcs.dll Payload
Hackers Abuse Indian Tax Notice Lures to Deliver PE Loader and libsvcs.dll Payload A targeted malware distribution campaign that abuses a counterfeit Indian Income Tax Department assessment notice to deliver a multi-stage Remote Access Trojan (RAT)-style payload…. Delivered by PolitePaul service Go to gbhackers.com
-
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks A high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being exploited in attacks. […] Lawrence Abrams Go to bleepingcomputer
-
Tata Electronics confirms cyberattack as hackers leak data
Tata Electronics confirms cyberattack as hackers leak data Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure. […] Bill Toulas Go to bleepingcomputer
-
Windows 11 KB5095093 update rolls out new Point-in-Time restore feature
Windows 11 KB5095093 update rolls out new Point-in-Time restore feature Microsoft has released the KB5095093 preview cumulative update for Windows 11 24H2 and 25H2, which fixes numerous bugs and begins rolling out new features, including the new Point-in-Time restore feature. […] Lawrence Abrams Go to bleepingcomputer
-
Healthtech firm Xolis suffers data breach impacting 1.4 million people
Healthtech firm Xolis suffers data breach impacting 1.4 million people Healthcare technology company Xsolis says that sensitive data belonging to nearly 1.4 million individuals was compromised in a phishing attack that gave attackers access to its network. […] Bill Toulas Go to bleepingcomputer
-
New macOS ClickFix attack silently mounts DMGs to push infostealer
New macOS ClickFix attack silently mounts DMGs to push infostealer A new macOS ClickFix campaign is using Terminal commands to silently download, mount, and launch info-stealing malware from malicious disk image (DMG) files. […] Lawrence Abrams Go to bleepingcomputer
-
Malicious AI Agent Skill Bypasses Security Scans and Seized Full Control of Over 26,000 Agents
Malicious AI Agent Skill Bypasses Security Scans and Seized Full Control of Over 26,000 Agents A malicious AI “skill” created as part of a controlled security experiment has exposed critical weaknesses in modern AI agent ecosystems, successfully bypassing security scanners and compromising more than 26,000 agents across individual and enterprise environments. According to researcher Niv…
-
Claude Fable 5 Wrote Windows Kernel Code in Rust in 38 Minutes
Claude Fable 5 Wrote Windows Kernel Code in Rust in 38 Minutes Anthropic’s Claude Fable 5 generated a complete, bootable NT-compatible Windows kernel written in Rust called ntoskrnl-rs from an empty directory in just 38 minutes of active model work, raising profound questions about AI-authored trust and the future of critical infrastructure security. Documented by…
-
GTA 6 Scam Websites Use AI-Generated Images and Fake Download Buttons to Lure Gamers
GTA 6 Scam Websites Use AI-Generated Images and Fake Download Buttons to Lure Gamers A fresh wave of scam websites is targeting gamers worldwide, using the massive hype around Grand Theft Auto VI to trick people into handing over their money. These fake pages promise something millions of players desperately want: early access to GTA…
-
FortiBleed Attack Hit 430,000+ FortiGate Firewalls, Stealing 110M+ Credentials
FortiBleed Attack Hit 430,000+ FortiGate Firewalls, Stealing 110M+ Credentials A large-scale, ongoing credential-harvesting campaign dubbed “FortiBleed” has silently compromised more than 430,000 FortiGate firewalls globally, siphoning over 110 million credentials directly from live network traffic since at least February 2026. The campaign came to light after security researcher Volodymyr “Bob” Diachenko discovered an exposed directory…
-
How Attackers Exploit Privileged Access and How to Lock Them Out
How Attackers Exploit Privileged Access and How to Lock Them Out Every major breach you read about has a quiet middle chapter that rarely makes the headline. The headline is the ransom note or the leaked customer database. The middle chapter the part that actually decided the outcome is almost always the same: an attacker found a privileged credential, used it…
-
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally. The campaign, active since February 2026, involves collecting credential lists, searching for exposed services, brute-forcing accessible…
-
Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it safe. The…
-
Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration
Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography. Key establishment must move by December 31, 2030; digital signatures by December 31, 2031. EO 14409 leaves national security systems on a…
-
GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns GitHub is moving to strengthen software supply chain security by updating “actions/checkout” to block pwn request attacks that exploit the risky use of the “pull_request_target workflow” trigger to run malicious code with the workflow’s full privileges. Effective June 18, 2026, the latest version of “actions/checkout,”…
-
Agentic AI: The Weapon That No Longer Needs a Warrior
Agentic AI: The Weapon That No Longer Needs a Warrior Every weapon begins as an extension of the hand that holds it. The spear lengthened the reach of the arm. The bow sent the point flying without the throw. The rifle placed a man’s death a quarter mile beyond his sight, and the aircraft carried…
-
Anthropic’s Fable 5 Model Jailbroken Within Days
Anthropic’s Fable 5 Model Jailbroken Within Days Fable 5 is the supposed safe version of Anthropic’s Mythos Preview, with guardrails to ensure that it can’t be used to create cyberattacks. Well, that restriction was bypassed within days. Bruce Schneier Go to bruce schneier
-
ISC Stormcast For Wednesday, June 24th, 2026 https://isc.sans.edu/podcastdetail/9984, (Wed, Jun 24th)
ISC Stormcast For Wednesday, June 24th, 2026 https://isc.sans.edu/podcastdetail/9984, (Wed, Jun 24th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Scattered Spider Hackers Plead Guilty on Day 1 of Trial
Scattered Spider Hackers Plead Guilty on Day 1 of Trial Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific…
-
Hacker hijacks Brazil’s national alert system, sending “misanthropy” to millions of phones
Hacker hijacks Brazil’s national alert system, sending “misanthropy” to millions of phones Emergency alert systems work because people believe them. Every time one of these systems issues a false alert – whether through negligence or a deliberate attack – trust erodes. Read more in my article on the Hot for Security blog. Graham Cluley Go…
-
Scope of Salesforce Attacks Expands as Icarus Leaks Data
Scope of Salesforce Attacks Expands as Icarus Leaks Data More victims have emerged after attackers breached application vendor Klue and used its OAuth tokens to steal customers’ Salesforce data. Rob Wright Go to gbhackers.com
-
‘Cordyceps’: Mushrooming Malicious Pull Requests Threaten Developer Workflows
‘Cordyceps’: Mushrooming Malicious Pull Requests Threaten Developer Workflows The CI/CD workflow weakness affects Microsoft’s Azure Sentinel, Google’s AI Agent Development Kit, Apache’s Doris analytics database, Cloudflare’s Workers SDK, and Python Software Foundation’s Black. Alexander Culafi Go to gbhackers.com
-
SocGholish Takedown Highlights Malicious TDS Threats
SocGholish Takedown Highlights Malicious TDS Threats SocGholish uses traffic distribution systems (TDSs) to provide initial access into victims’ networks for cybercrime groups such as the notorious Evil Corp. Rob Wright Go to gbhackers.com
-
FortiBleed Attackers Turn Firewalls Into Credentials Stealers as Heist Persists
FortiBleed Attackers Turn Firewalls Into Credentials Stealers as Heist Persists The threat actors engineered a Golang-based sniffer to target 430,000 FortiGate firewalls and identify 110 million credentials in the ongoing global campaign. Elizabeth Montalbano Go to gbhackers.com
-
DifyTap Bugs Let Attackers ‘Wiretap’ AI Chat Histories
DifyTap Bugs Let Attackers ‘Wiretap’ AI Chat Histories Four vulnerabilities allow attackers to exploit Dify, a platform for AI application building and management, to silently access and exfiltrate sensitive data. Alexander Culafi Go to gbhackers.com
-
Tata Electronics Data Breach Exposes 200,000+ Files Linked to Apple and Tesla, Hackers Claim
Tata Electronics Data Breach Exposes 200,000+ Files Linked to Apple and Tesla, Hackers Claim Tata Electronics has reported a cybersecurity incident following claims from a ransomware-linked threat group that it has exfiltrated and published over 200,000 files related… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Uncovers Parallel Threat Activity From Two Cyberattackers in Single Intrusion
Microsoft Uncovers Parallel Threat Activity From Two Cyberattackers in Single Intrusion Microsoft’s latest incident write-up shows that a single intrusion can mask two parallel threat activity streams, one tied to Storm-2603 and another to an… Delivered by PolitePaul service Go to gbhackers.com
-
Critical libssh2 Vulnerability Lets Remote Attackers Execute Code via Crafted SSH Packets
Critical libssh2 Vulnerability Lets Remote Attackers Execute Code via Crafted SSH Packets A critical security vulnerability has been identified in libssh2, a widely used client-side SSH library. This flaw allows remote attackers to execute code by… Delivered by PolitePaul service Go to gbhackers.com
-
Cybercriminals Abuse TDS Infrastructure to Bypass Firewalls and Hide Malicious Destinations
Cybercriminals Abuse TDS Infrastructure to Bypass Firewalls and Hide Malicious Destinations Cybercriminals are increasingly abusing traffic distribution systems (TDSs) to evade defenses, conceal malicious destinations, and funnel victims into phishing, fraud, and malware campaigns. Once… Delivered by PolitePaul service Go to gbhackers.com
-
Critical FFmpeg Vulnerability Lets Hackers Execute Remote Code via Malicious Media Files
Critical FFmpeg Vulnerability Lets Hackers Execute Remote Code via Malicious Media Files A critical memory corruption vulnerability in FFmpeg has been disclosed, allowing for remote code execution through specially crafted media files. This flaw, tracked as… Delivered by PolitePaul service Go to gbhackers.com
-
WhatsApp phishing attack uses fake business docs to hack PCs
WhatsApp phishing attack uses fake business docs to hack PCs An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access. […] Bill Toulas Go to bleepingcomputer
-
JaredFromSubway MEV bot hacked in $15 million crypto theft
JaredFromSubway MEV bot hacked in $15 million crypto theft The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities. […] Bill Toulas Go to bleepingcomputer
-
FFmpeg fixes PixelSmash flaw in widely used video decoder
FFmpeg fixes PixelSmash flaw in widely used video decoder A newly disclosed FFmpeg flaw dubbed ‘PixelSmash’ could be exploited for remote code execution on Jellyfin servers under certain conditions, and can also trigger a denial-of-service condition in applications like Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio. […] Bill Toulas Go to bleepingcomputer
-
FortiBleed campaign used custom FortiGate sniffer to steal credentials
FortiBleed campaign used custom FortiGate sniffer to steal credentials Security firm SOCRadar says the large-scale FortiBleed campaign targeting Fortinet FortiGate devices used custom sniffers to harvest authentication secrets from compromised firewalls and steal credentials. […] Lawrence Abrams Go to bleepingcomputer
-
Microsoft says Windows 11 26H2 is coming soon, details upgrade process
Microsoft says Windows 11 26H2 is coming soon, details upgrade process Microsoft has confirmed that Windows 11 version 26H2 will be the next feature update and that devices running Windows 11 24H2 and 25H2 will be able to upgrade using a small enablement package. […] Lawrence Abrams Go to bleepingcomputer
-
Researcher Earns $148,337 for Google Cloud Production RCE Vulnerability
Researcher Earns $148,337 for Google Cloud Production RCE Vulnerability A researcher has earned a total of 148,337 USD from Google for uncovering a set of flaws in Google Cloud’s Application Integration service that escalated into remote code execution (RCE) in Google Cloud production. The core bug is now tracked as CVE‑2026‑2031. The researcher Arvin Shivram…
-
Tata Electronics Data Breach Exposes Confidential Apple and Tesla Documents
Tata Electronics Data Breach Exposes Confidential Apple and Tesla Documents Indian electronics manufacturing giant Tata Electronics confirmed a “cybersecurity incident” on Monday after ransomware group World Leaks published over 200,000 files totaling more than 630 gigabytes on the dark web, allegedly containing proprietary and confidential documents belonging to Apple and Tesla. World Leaks, a ransomware…
-
New Phishing Attack Abuses Outlook and Microsoft 365 Groups Features to Attack Users
New Phishing Attack Abuses Outlook and Microsoft 365 Groups Features to Attack Users Phishing attacks have grown more sophisticated, and attackers are no longer relying on clunky fake emails or obvious scam messages. A newly identified campaign shows how threat actors are turning everyday Microsoft 365 tools into weapons, hiding their attacks inside the very…
-
Critical libssh2 Vulnerability Allows Attackers to Execute Remote Code Via Malicious SSH packets
Critical libssh2 Vulnerability Allows Attackers to Execute Remote Code Via Malicious SSH packets A critical security vulnerability has been identified in the widely used libssh2 library, allowing remote attackers to execute arbitrary code through specially crafted SSH packets. The flaw, tracked as CVE-2026-55200, carries a CVSS score of 9.2 and is classified under CWE-680 (Integer…
-
Critical FFmpeg Vulnerability Allows Attackers to Weaponize Media Files
Critical FFmpeg Vulnerability Allows Attackers to Weaponize Media Files A critical vulnerability has been disclosed in FFmpeg’s MagicYUV decoder that allows attackers to weaponize seemingly harmless media files and, in some scenarios, achieve remote code execution (RCE). The flaw, tracked as CVE-2026-8461 and dubbed “PixelSmash,” is a heap out-of-bounds write in FFmpeg’s libavcodec component, with…
-
WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate Remote Monitoring and Management (RMM) software. Per findings from Kaspersky, the active campaign is targeting users of WhatsApp Desktop and WhatsApp…
-
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws OpenAI on Monday said it’s releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative the artificial intelligence (AI) company announced last month. Calling GPT‑5.5‑Cyber its “strongest model yet for finding and helping patch software vulnerabilities,” OpenAI said…
-
ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack
ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code. “Attackers compromised the vendor’s build and distribution pipeline, injecting backdoor code into Pro plugin releases distributed through official…
-
Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence (AI) conversions from other customers’ applications without requiring authentication. The vulnerabilities have…
-
29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP Requests
29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP Requests A heap over-read in the Squid web proxy can leak another user’s cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still…
-
Professional Athletes and Wearables
Professional Athletes and Wearables I haven’t thought about the privacy issues surrounding professional athletes and wearables. Wearables present serious privacy issues for “Average Joe” consumers, who are entrusting tech companies to safely store and protect their biometric data. Imagine the stakes for a professional athlete, whose entire livelihood could be affected by a single biometric…
-
CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration., (Tue, Jun 23rd)
CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration., (Tue, Jun 23rd) The vulnerability In August 2024 SonicWall published advisory SNWLID-2024-0015 for CVE-2024-40766. It is an improper access control vulnerability in SonicOS. CVSS 9.3. It affects the management interface and the SSLVPN service on Gen 5, Gen 6 and Gen 7 firewalls. Each generation…
-
ISC Stormcast For Tuesday, June 23rd, 2026 https://isc.sans.edu/podcastdetail/9982, (Tue, Jun 23rd)
ISC Stormcast For Tuesday, June 23rd, 2026 https://isc.sans.edu/podcastdetail/9982, (Tue, Jun 23rd) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Webshells Remain Popular, (Mon, Jun 22nd)
Webshells Remain Popular, (Mon, Jun 22nd) Webshells have been popular for a long time. We already covered this topic across multiple diaries[1][2]. I spent some time to track them[3] and slighly paid less attention to them but today I found another one. It seems to be a new player (pushed on Github two months ago). …
-
ISC Stormcast For Monday, June 22nd, 2026 https://isc.sans.edu/podcastdetail/9980, (Mon, Jun 22nd)
ISC Stormcast For Monday, June 22nd, 2026 https://isc.sans.edu/podcastdetail/9980, (Mon, Jun 22nd) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address, (Fri, Jun 19th)
eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address, (Fri, Jun 19th) I detected an interesting phishing email this morning. It targets a major Belgian bank: The phishing in itself is a classic one, not relevant but the malicious link is interesting: hxxp://[::ffff:5511:74be]/kWC5PHA1 The technique used by the attacker is to bypass simple security controls trying to…
-
Crypto Heist Fueled by Elaborate Fake Reputation-Boosting Campaign
Crypto Heist Fueled by Elaborate Fake Reputation-Boosting Campaign Attackers are using multiple online channels — including GitHub, YouTube, and VirusTotal — to build an illusion of trust to spread a cross-platform clipboard hijacker. Elizabeth Montalbano Go to gbhackers.com
-
282 iOS Apps Found Leaking LLM API Credentials in Network Traffic
282 iOS Apps Found Leaking LLM API Credentials in Network Traffic Researchers have uncovered a systemic LLM credential exposure problem in the iOS ecosystem, with 282 AI‑powered apps leaking exploitable API credentials and backend access… Delivered by PolitePaul service Go to gbhackers.com
-
LACUNA Chain Ghost Frames Technique Bypasses EDR Call-Stack Detection
LACUNA Chain Ghost Frames Technique Bypasses EDR Call-Stack Detection The LACUNA Chain’s “Ghost Frames” technique introduces a new method for manipulating call stacks that effectively bypasses modern Endpoint Detection and Response (EDR) systems,… Delivered by PolitePaul service Go to gbhackers.com
-
Attackers Can Poison AI Research Agents Using Reddit and Wikipedia Content
Attackers Can Poison AI Research Agents Using Reddit and Wikipedia Content Attackers can now manipulate AI “deep-research” agents by discreetly editing Reddit threads and Wikipedia pages. They can insert as little as a 13-word snippet,… Delivered by PolitePaul service Go to gbhackers.com
-
AryStinger Botnet Uses Intranet Scanning and Traffic Tunneling to Hide Attacker Activity
AryStinger Botnet Uses Intranet Scanning and Traffic Tunneling to Hide Attacker Activity A newly analyzed botnet family, AryStinger, weaponizes long‑neglected routers and NAS appliances to build a stealthy reconnaissance and relay infrastructure that helps attackers obscure… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Confirms Windows 11 26H2 Upgrade via Enablement Package for Faster Deployment
Microsoft Confirms Windows 11 26H2 Upgrade via Enablement Package for Faster Deployment Microsoft has announced that the upcoming Windows 11 version 26H2 will be delivered using an enablement package model. This approach aligns with their goal… Delivered by PolitePaul service Go to gbhackers.com
-
AryStinger botnet infected thousands of D-Link routers worldwide
AryStinger botnet infected thousands of D-Link routers worldwide A previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into proxies for malicious traffic. […] Bill Toulas Go to bleepingcomputer
-
Chinese Cyber Contractors Use Malware, Botnets, and Stolen Data to Enable State Operations
Chinese Cyber Contractors Use Malware, Botnets, and Stolen Data to Enable State Operations China’s cyber operations have evolved far beyond what most people imagine when they picture a state-sponsored hacker. Instead of lone government agents breaking into servers, the country now runs an intricate web of private companies, contractors, and data brokers that collectively carry…
-
North Korean Hackers Abuse Mastra npm Supply Chain to Target Developers and CI/CD Pipelines
North Korean Hackers Abuse Mastra npm Supply Chain to Target Developers and CI/CD Pipelines North Korean hackers have turned a widely used developer tool into a weapon, quietly poisoning more than 140 software packages that developers across the world rely on every day. The campaign is sophisticated, stealthy, and far-reaching, raising urgent questions about the…
-
13-Word Reddit Comment Can Poison ChatGPT and Gemini AI Search Results
13-Word Reddit Comment Can Poison ChatGPT and Gemini AI Search Results A newly published academic paper has revealed a critical vulnerability in AI-powered deep-research systems, including those underpinning commercial tools like OpenAI’s Deep Research and Google’s Gemini Deep Research, that allows a single short Reddit comment to manipulate the reports these agents generate for thousands…
-
Hackers Impersonate Node.js Installer in Google Ads to Deploy Infostealer Malware
Hackers Impersonate Node.js Installer in Google Ads to Deploy Infostealer Malware Hackers are using fake Google Ads to push a brand-new malware loader that disguises itself as the popular Node.js installer. The campaign has been actively targeting Windows users in the United States, silently dropping a dangerous infostealer onto their machines after just a single…
-
Hackers Compromised 10,000+ GitHub Repositories to Inject Malicious Script
Hackers Compromised 10,000+ GitHub Repositories to Inject Malicious Script A large-scale malware campaign has been uncovered on GitHub after a researcher identified more than 10,000 repositories distributing Trojan-laced archives, raising concerns about abuse of the platform’s trust model and limitations in automated detection. The investigation began when the researcher noticed a cloned version of their…
-
INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific
INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific A new report from INTERPOL has revealed a “dramatic increase” in cybercrime in Asia and the South Pacific, fueled by rapid digitalization, internet penetration, new technologies, organized criminal networks, and a disparity in cybersecurity maturity. According to INTERPOL’s 2025/2026 Asia and South Pacific Cyberthreat…
-
New Prinz Eugen ransomware prioritizes recent files for encryption
New Prinz Eugen ransomware prioritizes recent files for encryption A new ransomware operation named ‘Prinz Eugen’ prioritizes recently modified files for encryption and leaves no ransom note on the system. […] Bill Toulas Go to bleepingcomputer