no alarms and no surprises please..
-
Stressors, AI Forcing Changes to Cybersecurity Teams
Stressors, AI Forcing Changes to Cybersecurity Teams As threats proliferate and AI complicates cybersecurity, CISOs say the job is getting harder, but more companies still want cybersecurity expertise, if even on a part-time basis. Robert Lemos Go to gbhackers.com
-
UEFI DBX Update Guidance Targets Vulnerable Vendor-Signed Boot Applications
UEFI DBX Update Guidance Targets Vulnerable Vendor-Signed Boot Applications A recently disclosed vulnerability inc, which affects UEFI applications signed by multiple vendors, has prompted urgent recommendations to update the UEFI Forbidden Signature Database… Delivered by PolitePaul service Go to gbhackers.com
-
SmartApeSG Hackers Abuse Okendo Reviews Widget in E-Commerce Supply Chain Attack
SmartApeSG Hackers Abuse Okendo Reviews Widget in E-Commerce Supply Chain Attack A supply-chain style compromise in the Okendo Reviews widget that enabled the SmartApeSG threat actor to deliver staged JavaScript loaders across a wide e-commerce… Delivered by PolitePaul service Go to gbhackers.com
-
HazyBeacon Abuses AWS Lambda Function URLs for Stealthy Command-and-Control Operations
HazyBeacon Abuses AWS Lambda Function URLs for Stealthy Command-and-Control Operations HazyBeacon is a stealthy cloud-native malware campaign identified as CL-STA-1020. It is exploiting Amazon Web Services (AWS) Lambda Function URLs to create covert command-and-control… Delivered by PolitePaul service Go to gbhackers.com
-
CISA Issues Alert on Critical Splunk Enterprise Bug Under Active Exploitation
CISA Issues Alert on Critical Splunk Enterprise Bug Under Active Exploitation CISA has issued an urgent alert regarding a critical vulnerability in Splunk Enterprise, tracked as CVE-2026-20253, which is now listed in the Known Exploited… Delivered by PolitePaul service Go to gbhackers.com
-
Node.js Releases Security Updates for 12 Vulnerabilities, Two Rated High Severity
Node.js Releases Security Updates for 12 Vulnerabilities, Two Rated High Severity Node.js has announced critical security updates that address 12 vulnerabilities across its supported release lines. Among these, two high-severity flaws could lead to denial-of-service… Delivered by PolitePaul service Go to gbhackers.com
-
NY man charged after harassing college student with AI-generated nudes
NY man charged after harassing college student with AI-generated nudes A New York man faces cyberstalking charges after allegedly sharing AI-generated nude images and fabricated racist messages using fake social media profiles to harass a Georgia college student. […] Sergiu Gatlan Go to bleepingcomputer
-
CISA warns Fortinet users to secure devices after FortiBleed leak
CISA warns Fortinet users to secure devices after FortiBleed leak The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Fortinet customers to secure their devices after nearly 74,000 firewall and VPN credentials were exposed in a data leak dubbed “FortiBleed.” […] Sergiu Gatlan Go to bleepingcomputer
-
Gentlemen ransomware uses multiple EDR killers to disable defenses
Gentlemen ransomware uses multiple EDR killers to disable defenses The Gentlemen ransomware-as-a-service (RaaS) is actively developing and maintaining a suite of endpoint detection and response (EDR) killers to help affiliates evade detection in attacks. […] Bill Toulas Go to bleepingcomputer
-
Nintendo confirms data stolen in WebMD subsidiary cyberattack
Nintendo confirms data stolen in WebMD subsidiary cyberattack Nintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used internally, but its systems were not compromised. […] Bill Toulas Go to bleepingcomputer
-
USB worm spreads crypto-stealing malware via Windows shortcut files
USB worm spreads crypto-stealing malware via Windows shortcut files Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication. […] Bill Toulas Go to bleepingcomputer
-
China-Linked Showboat Malware Uses Linux Persistence to Target Telecom Companies
China-Linked Showboat Malware Uses Linux Persistence to Target Telecom Companies A sophisticated China-linked malware framework has been quietly targeting telecom companies across the Middle East for nearly four years. Showboat is a Linux-based tool that stayed completely hidden from antivirus systems until April 2026, raising serious concerns about the security of critical communications infrastructure worldwide.…
-
CISA Warns of Splunk Enterprise Critical Function Vulnerability Actively Exploited in Attacks
CISA Warns of Splunk Enterprise Critical Function Vulnerability Actively Exploited in Attacks CISA has issued a high-priority alert warning organizations about a critical vulnerability in Splunk Enterprise that is actively being exploited in the wild. The flaw, tracked as CVE-2026-20253, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling immediate risk to enterprise…
-
Node.js Fixes 12 Vulnerabilities, Including 2 High-Severity Authentication Bypasses
Node.js Fixes 12 Vulnerabilities, Including 2 High-Severity Authentication Bypasses Node.js has released a new round of security updates addressing 12 vulnerabilities across its supported release lines, including two high-severity flaws that could lead to authentication bypass and denial-of-service (DoS) attacks. The updates impact Node.js versions 22.x, 24.x, and 26.x, with patched releases now available as…
-
Hackers Use Weaponized Windows Shortcuts to Spread Crypto Clipper Across USB Drives
Hackers Use Weaponized Windows Shortcuts to Spread Crypto Clipper Across USB Drives A newly discovered cryptocurrency clipper malware has been quietly stealing digital assets from victims since February 2026, spreading through a trick that most users would never suspect: weaponized Windows shortcut files on USB drives. The malware is not just a simple thief. It…
-
AI-Powered Public Surveillance and Biometric Data Collection Expand Government Monitoring
AI-Powered Public Surveillance and Biometric Data Collection Expand Government Monitoring Governments are expanding their digital reach in ways unimaginable just a decade ago. A growing wave of AI-powered surveillance, biometric data collection, and commercial spyware is reshaping how states monitor citizens and visitors. The scale of this shift is drawing urgent attention from security professionals…
-
Killing me gently: Inside Gentlemen’s EDR killer framework
Killing me gently: Inside Gentlemen’s EDR killer framework ESET Research shares the results of a months-long investigation into the suite of EDR killers maintained by the RaaS gang Gentlemen Go to eset
-
Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone
Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting the Airoha…
-
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below – CVE-2026-42530 (CVSS v4 score: 9.2) – A use-after-free vulnerability in the…
-
Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network
Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network If an autonomous AI agent interacts with your company’s core intellectual property today, can your security team instantly name the person who authorized it? For most enterprises, the answer is a simple no. The rush to adopt internal AI tools has left a…
-
ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories
ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories The internet did not break this week. It got used exactly as designed, which is worse. Searches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks ran in memory and left almost nothing behind.…
-
Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2 Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026 with clipboard-intercepting malware with self-spreading capabilities and using the Tor anonymity network to hide communication. “The clipper in this campaign relies on Windows Script Host…
-
Embedding Forbidden Text in Spyware to Discourage AI Analysis
Embedding Forbidden Text in Spyware to Discourage AI Analysis At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it is inside…
-
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut,…
-
Novo Nordisk Breach Exposes Software Development Pipeline Risk
Novo Nordisk Breach Exposes Software Development Pipeline Risk A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem. Jai Vijayan Go to gbhackers.com
-
Operation Escaneo Signals Shift in LatAm Threat Landscape
Operation Escaneo Signals Shift in LatAm Threat Landscape The threat group’s curious business model may combine opportunistic monetization alongside intel collection, without much coordination between the two. Alexander Culafi Go to gbhackers.com
-
FIFA Bug Exposed World Cup Streams to Remote Takeover
FIFA Bug Exposed World Cup Streams to Remote Takeover A hacker could have “Rickrolled” the World Cup — or worse — thanks to FIFA’s unenforced Entra access controls. Nate Nelson Go to gbhackers.com
-
Salesforce Data Thefts Continue via Klue App Compromise
Salesforce Data Thefts Continue via Klue App Compromise Klue’s Battlecards is now the third integrated application that has been compromised to steal customers’ Salesforce data, and victims include Huntress, the cybersecurity vendor. Rob Wright Go to gbhackers.com
-
Get Out of Security Debt by Tackling the Exposure Problem
Get Out of Security Debt by Tackling the Exposure Problem Teams digging out of security debt need to answer only two simple questions: Which vulnerabilities in our systems are exposed, and how long should they stay that way? Chris Wysopal Go to gbhackers.com
-
Hackers Could Abuse SQL Server 2025 AI Features to Steal Sensitive Data
Hackers Could Abuse SQL Server 2025 AI Features to Steal Sensitive Data A new security analysis has revealed that Microsoft SQL Server 2025’s native AI capabilities can be repurposed by attackers to stealthily exfiltrate sensitive data… Delivered by PolitePaul service Go to gbhackers.com
-
Windows 11 June Patch Triggers Microsoft Office Startup Issues
Windows 11 June Patch Triggers Microsoft Office Startup Issues Microsoft’s June 2026 cumulative update for Windows 11 (KB5095051, OS Build 28000.2269) introduces an unexpected application compatibility issue that may disrupt enterprise workflows, as… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Exploit WordPress SMTP Plugin With 100,000+ Installs to Steal Sensitive Data
Hackers Exploit WordPress SMTP Plugin With 100,000+ Installs to Steal Sensitive Data Threat actors are actively exploiting a critical security flaw in the widely used Gravity SMTP WordPress plugin to extract sensitive configuration data, including API… Delivered by PolitePaul service Go to gbhackers.com
-
Splunk AI Toolkit Vulnerability Allows Arbitrary OS Command Execution
Splunk AI Toolkit Vulnerability Allows Arbitrary OS Command Execution Splunk has disclosed a critical security vulnerability in its AI Toolkit that could allow authenticated administrators to execute arbitrary operating system commands on affected… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft Confirms RoguePlanet Zero-Day Exploit Targeting Defender
Microsoft Confirms RoguePlanet Zero-Day Exploit Targeting Defender Microsoft has confirmed a newly disclosed zero-day vulnerability, tracked as CVE-2026-50656, affecting Microsoft Defender, following the public release of a proof-of-concept (PoC) exploit dubbed… Delivered by PolitePaul service Go to gbhackers.com
-
Leak confirms OpenAI is testing a ChatGPT for Science subscription
Leak confirms OpenAI is testing a ChatGPT for Science subscription OpenAI appears to be testing a new subscription and experience for science use cases, but it’s unclear if it’ll be available to everyone regardless of their background. […] Mayank Parmar Go to bleepingcomputer
-
Google to use UK and EU user IP addresses for ad personalization
Google to use UK and EU user IP addresses for ad personalization From August 3, 2026, Google will use IP addresses from UK, EEA and Switzerland users for ad measurement and personalization. It lands as the ICO weighs new consent rules, and years after Google itself called using such signals to identify devices “wrong.” […]…
-
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. A newly discovered data leak dubbed “FortiBleed” has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. […] Lawrence Abrams Go to bleepingcomputer
-
Why Account Takeovers Are Rising and How to Stop Them
Why Account Takeovers Are Rising and How to Stop Them Account takeovers are rising as attackers bypass traditional defenses through phishing, session hijacking, and MFA fatigue. Specops Software explores how device trust and continuous verification help reduce account takeover risk. […] Sponsored by Specops Software Go to bleepingcomputer
-
India’s Telegram ban hit the UAE too. Here’s how to get around it
India’s Telegram ban hit the UAE too. Here’s how to get around it India has banned Telegram until June 22 after the app was used to circulate leaked exam papers. CEO Pavel Durov accuses telecom Reliance of BGP hijacking that disrupted the app as far away as the UAE. Here’s what happened, and how to…
-
Microsoft Confirms Defender RoguePlanet 0-Day Exploit and Working to Release Patch
Microsoft Confirms Defender RoguePlanet 0-Day Exploit and Working to Release Patch Microsoft has officially acknowledged a critical zero-day vulnerability in Microsoft Defender, publicly dubbed “RoguePlanet,” and confirmed it is actively developing a security patch to address the flaw. Tracked as CVE-2026-50656, the vulnerability was formally published on June 16, 2026, by the Microsoft Security Response…
-
Google Cloud Vertex AI Allows Attacker to Hijack Victim’s Model and Poison it
Google Cloud Vertex AI Allows Attacker to Hijack Victim’s Model and Poison it A newly disclosed vulnerability in Google Cloud Vertex AI could have allowed attackers to hijack machine learning model uploads and execute malicious code in victim environments, according to research shared with Google under responsible disclosure. The issue affects the Vertex AI Python…
-
GitBait Phishing Campaign Abuses GitHub Pages to Attack Financial Institutions
GitBait Phishing Campaign Abuses GitHub Pages to Attack Financial Institutions A sophisticated phishing campaign called “GitBait” has been caught targeting Mexico’s financial sector with a level of precision rarely seen in credential-theft operations. The campaign abuses GitHub Pages, a widely trusted free hosting service, to deliver fake banking portals that look nearly identical to the…
-
Hackers Abuse Cloud Logging Services to Evade Detection and Defender’s Visibility
Hackers Abuse Cloud Logging Services to Evade Detection and Defender’s Visibility Threat actors are increasingly targeting cloud logging services to evade detection and maintain persistent visibility into compromised environments, according to recent research by Palo Alto Networks Unit 42. These services, designed as a critical security layer, are now being weaponized to create blind spots…
-
SpyCloud Report Finds Phishing Attacks Surge as Employee Data Is Exposed at 86% of Fortune 100 Companies
SpyCloud Report Finds Phishing Attacks Surge as Employee Data Is Exposed at 86% of Fortune 100 Companies Austin, TX, USA, June 17th, 2026, CyberNewswire New SpyCloud research highlights the expansion of phishing attacks as AI and phishing-as-a-service fuel enterprise targeting. SpyCloud, the leader in identity threat protection, today released its 2026 Phishing Pulse Report, revealing…
-
Protecting legacy OT systems against modern cyberthreats
Protecting legacy OT systems against modern cyberthreats Many manufacturing plants depend on OT systems that stay in service for many years. That long run can hide significant cybersecurity risks. Go to eset
-
EU Gets a Head Start in Developing 6G Network Security
EU Gets a Head Start in Developing 6G Network Security “Shield-6G” will combine AI threat detection, digital twins, honeypots, and more, to help carriers protect 6G networks against the threats of tomorrow. Nate Nelson Go to gbhackers.com
-
Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments
Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phishing page…
-
Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development Microsoft has formally disclosed that it’s working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a privilege escalation flaw. “Microsoft is aware…
-
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim’s…
-
Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization
Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization For security teams, the findings never stop, but confidence in knowing which ones matter is becoming harder to maintain. The problem is no longer visibility. It’s validation. Security teams must decide which findings warrant action while operating under constant pressure and incomplete information. Increasingly, the challenge…
-
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats Cybersecurity researchers have flagged a “coordinated malware campaign” on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys. “Every plugin poses as an AI coding assistant built on DeepSeek and other…
-
AI in the underground: Curiosity, claims, and concerns
AI in the underground: Curiosity, claims, and concerns Amid discussions about how artificial intelligence can facilitate cybercrime, some threat actors remain skeptical Categories: Threat Research Tags: AI, Dark Web, underground Go to sophos
-
AI Use by the US Government
AI Use by the US Government On 14 April, the Trump administration quietly acknowledged the widespread use of AI to automate government processes. The office of management and budget (OMB) disclosed a staggering 3,611 active or planned use cases for AI across the federal government. The list has ballooned by 70% from the one published…
-
ISC Stormcast For Thursday, June 18th, 2026 https://isc.sans.edu/podcastdetail/9978, (Thu, Jun 18th)
ISC Stormcast For Thursday, June 18th, 2026 https://isc.sans.edu/podcastdetail/9978, (Thu, Jun 18th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th)
The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th) [This is a Guest Diary by Adam Nason, an ISC intern as part of the SANS.edu BACS program] Brute force SSH attacks are an ever-present threat on the internet today. We examine probing behavior over the last…
-
The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary], (Wed, Jun 17th)
The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary], (Wed, Jun 17th) [This is a guest diary submitted by Varun Murdula] SUMMARY CASB block policies rely on inspecting TCP traffic. QUIC, the protocol powering HTTP/3, runs over UDP, a protocol most CASBs cannot inspect. The…
-
ISC Stormcast For Wednesday, June 17th, 2026 https://isc.sans.edu/podcastdetail/9976, (Wed, Jun 17th)
ISC Stormcast For Wednesday, June 17th, 2026 https://isc.sans.edu/podcastdetail/9976, (Wed, Jun 17th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
From a VHDX File to a Remcos RAT, (Tue, Jun 16th)
From a VHDX File to a Remcos RAT, (Tue, Jun 16th) Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094[1]). Once unzipped, it contains a VHDX file that discloses a malicious JavaScript after being mounted (which is automatic on modern Windows OSs): Two different techniques to hide the payload help to bypass most first-line…
-
Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed
Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed What if your AI coding assistant could be tricked into stealing your own company’s secrets – by reading a single booby-trapped bug report? No phishing email. No malware. No password ever stolen. Just an AI doing exactly what it was told. Meanwhile, someone themselves…
-
INC Ransomware Thrives by Mastering the Basics
INC Ransomware Thrives by Mastering the Basics And one of those basics is focusing on sectors where a ransomware disruption creates immediate pressure to pay up, like with healthcare. Alexander Culafi Go to gbhackers.com
-
Sweeping Credential-Harvesting Heist Compromises +30K Fortinet Devices
Sweeping Credential-Harvesting Heist Compromises +30K Fortinet Devices Attackers actively are targeting various sectors across nearly 200 countries and have already compiled a list of working credentials for tens of thousands of compromised devices Elizabeth Montalbano Go to gbhackers.com
-
Attackers Exploit Cloud Logging Platforms to Hide Malicious Activity
Attackers Exploit Cloud Logging Platforms to Hide Malicious Activity Attackers are increasingly targeting cloud logging platforms to evade detection and maintain persistent visibility into compromised environments. The report highlights how critical services such as… Delivered by PolitePaul service Go to gbhackers.com
-
SprySOCKS Windows Backdoor Uses Kernel Driver to Hide Processes, Files, and Network Traffic
SprySOCKS Windows Backdoor Uses Kernel Driver to Hide Processes, Files, and Network Traffic Windows variants of SprySOCKS, a backdoor long associated with FishMonger (aka Earth Lusca/TAG-22), expanding a toolset that was until now Linux-only. The two Windows… Delivered by PolitePaul service Go to gbhackers.com
-
7-Year-Old OpenBSD Security Flaw Exposes Systems to Full PAP Authentication Bypass
7-Year-Old OpenBSD Security Flaw Exposes Systems to Full PAP Authentication Bypass A significant authentication flaw has been discovered in the PPP stack of OpenBSD, allowing attackers to bypass the Password Authentication Protocol (PAP) validation and… Delivered by PolitePaul service Go to gbhackers.com
-
Steam Workshop Malware Campaign Uses Wallpaper Engine to Steal Accounts and Infect Gamers
Steam Workshop Malware Campaign Uses Wallpaper Engine to Steal Accounts and Infect Gamers A sophisticated malware campaign has been abusing Steam Workshop’s sharing model to distribute backdoors, infostealers and crypto miners hidden inside Wallpaper Engine packages, primarily… Delivered by PolitePaul service Go to gbhackers.com
-
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft working on Defender patch for RoguePlanet zero-day
Microsoft working on Defender patch for RoguePlanet zero-day Microsoft confirmed that it’s working on a security patch for a Defender zero-day vulnerability named “RoguePlanet,” disclosed one week ago. […] Sergiu Gatlan Go to bleepingcomputer
-
Kodak confirms data breach claimed by ShinyHunters extortion gang
Kodak confirms data breach claimed by ShinyHunters extortion gang Kodak has confirmed that it’s working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company’s data. […] Sergiu Gatlan Go to bleepingcomputer
-
Malicious JetBrains Marketplace plugins steal AI API keys from developers
Malicious JetBrains Marketplace plugins steal AI API keys from developers At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. […] Lawrence Abrams Go to bleepingcomputer
-
New Rokarolla Android malware targets 217 banking, crypto apps
New Rokarolla Android malware targets 217 banking, crypto apps A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands. […] Bill Toulas Go to bleepingcomputer
-
Steam Workshop abused to spread malware via Wallpaper Engine app
Steam Workshop abused to spread malware via Wallpaper Engine app Threat actors are abusing Steam Workshop, Valve’s community hub for downloading game-related content, to push various malware hidden in wallpaper packages. […] Bill Toulas Go to bleepingcomputer
-
AIRecon: AI-Powered Penetration Testing Tool with Kali Linux Sandbox
AIRecon: AI-Powered Penetration Testing Tool with Kali Linux Sandbox AIRecon is an autonomous penetration testing agent that runs entirely offline, combining a self-hosted Ollama LLM with a Kali Linux Docker sandbox to automate end-to-end security assessments without exposing any data to the cloud. Developed by researcher pikpikcu, it eliminates the prohibitive cost of commercial API-based…
-
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection A critical security vulnerability has been disclosed in LiteLLM, an increasingly popular proxy used for managing large language model (LLM) APIs. The flaw, tracked as CVE-2026-49468, allows attackers to bypass authentication mechanisms under specific conditions by exploiting improper handling of the Host header. The issue…
-
Critical Chrome Vulnerabilities Allow Attackers to Execute Arbitrary Code – Update Now!
Critical Chrome Vulnerabilities Allow Attackers to Execute Arbitrary Code – Update Now! Google has released a critical security update for its Chrome browser, addressing multiple high-severity vulnerabilities that could allow attackers to execute arbitrary code on affected systems. Users are strongly advised to update immediately as several flaws impact core browser components. The latest Chrome…
-
Hackers Use Rokarolla Android Malware to Disable Google Play Protect and Control Devices
Hackers Use Rokarolla Android Malware to Disable Google Play Protect and Control Devices A newly discovered Android banking trojan called Rokarolla is making waves in the cybersecurity world, and it is more dangerous than most threats we have seen lately. This malware is built to take full control of an infected device while staying completely…
-
Deno-Based RAT Uses Microsoft Teams Impersonation and Mailbombing to Target Employees
Deno-Based RAT Uses Microsoft Teams Impersonation and Mailbombing to Target Employees A new strain of malware has emerged that combines two well-known social engineering tactics into one effective attack chain. Researchers have uncovered a Remote Access Trojan built on Deno, an unconventional JavaScript runtime, being deployed against employees through email flooding and fake Microsoft Teams…
-
FishMonger’s arsenal upgraded: SprySOCKS for Windows
FishMonger’s arsenal upgraded: SprySOCKS for Windows ESET researchers have discovered SprySOCKS for Windows, FishMonger’s backdoor weaponizing a kernel driver for advanced stealthiness Go to eset
-
UK Social Media Ban for Minors Has Privacy Experts Worried
UK Social Media Ban for Minors Has Privacy Experts Worried The UK will ban adolescents under 16 years old from user-to-user social-media platforms, despite age-verification issues and privacy concerns. Robert Lemos Go to gbhackers.com
-
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-48907 (CVSS score: 10.0), is…
-
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim’s project hijack the victim’s machine learning model upload and run code inside Google’s serving infrastructure. Palo Alto Networks Unit 42, which found…
-
ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader, observed in April 2026, have targeted education and financial organizations.…
-
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds Security researchers at Zimperium’s zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends SMS, rewrites…
-
Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive
Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and platforms. Yet despite this abundance of information, many organizations continue to face…
-
June Patch Tuesday smashes past 500-CVE mark
June Patch Tuesday smashes past 500-CVE mark 209 patches + 388 advisories = welcome to summer 2026 Categories: Threat Research Tags: x-ops, Patch Tuesday, MICROSOFT PATCH TUESDAY Go to sophos
-
Flock Cameras Are Being Used for Stalking
Flock Cameras Are Being Used for Stalking There are over a dozen cases around the country where police officers are using the Flock surveillance camera system to obsessively and illegally stalk people. Alternate link. Bruce Schneier Go to bruce schneier
-
Fileless Phantom Stealer Targets Browser Credentials
Fileless Phantom Stealer Targets Browser Credentials In addition to executing entirely in memory, the malware’s infection chain incorporates other anti-analysis techniques designed to frustrate detection. Jai Vijayan Go to gbhackers.com
-
Security Community Slams US Ban on Exporting Mythos, Fable
Security Community Slams US Ban on Exporting Mythos, Fable An open letter signed by dozens of security experts asked the government to reverse export restrictions on Anthropic’s Claude Fable 5 and Mythos 5 models. Alexander Culafi Go to gbhackers.com
-
SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection
SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection FishMonger, a China-nexus threat group, has deployed an undocumented version of the Linux backdoor against government targets in Honduras, Taiwan, Thailand, and Pakistan. Rob Wright Go to gbhackers.com
-
Rokarolla Android Trojan Levels Up to Full Device Control, Persistence
Rokarolla Android Trojan Levels Up to Full Device Control, Persistence The emerging malware, spread via fake TikTok and Chrome downloads, demonstrates an evolution by combining banking fraud with extensive device surveillance and remote control. Elizabeth Montalbano Go to gbhackers.com
-
‘Lorem Ipsum’ Malware Pivots to ClickFix Delivery
‘Lorem Ipsum’ Malware Pivots to ClickFix Delivery New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and data extortion group Vice Society. Jai Vijayan Go to gbhackers.com
-
Hackers Abuse Compromised WordPress Sites to Deliver GULoader Through EtherHiding Chain
Hackers Abuse Compromised WordPress Sites to Deliver GULoader Through EtherHiding Chain In April 2026, incident responders traced a sophisticated intrusion that abused compromised WordPress sites to deliver GULoader via an EtherHiding → ClickFix → UNC-chain…. Delivered by PolitePaul service Go to gbhackers.com
-
Ghostwriter APT Uses Fake Gmail Login Panels to Steal Passwords and 2FA Codes
Ghostwriter APT Uses Fake Gmail Login Panels to Steal Passwords and 2FA Codes Ghostwriter (UNC1151) has escalated its long-standing phishing operations by deploying convincing fake Gmail login panels that harvest both passwords and two-factor authentication (2FA) codes,… Delivered by PolitePaul service Go to gbhackers.com
-
Hackers Abuse Microsoft OAuth Device Code Flow to Take Over Microsoft 365 Accounts
Hackers Abuse Microsoft OAuth Device Code Flow to Take Over Microsoft 365 Accounts An active campaign in which attackers are abusing Microsoft’s OAuth 2.0 Device Authorization Grant (device code) flow to take over Microsoft 365 accounts. Rather… Delivered by PolitePaul service Go to gbhackers.com
-
OptinMonster Plugin Vulnerability Exposes 1.2 Million WordPress Sites to Cyberattacks
OptinMonster Plugin Vulnerability Exposes 1.2 Million WordPress Sites to Cyberattacks A large-scale supply chain attack targeting the popular OptinMonster WordPress plugin has exposed more than 1.2 million websites to active compromise. The campaign also affects… Delivered by PolitePaul service Go to gbhackers.com
-
Rhysida and Interlock Ransomware Groups Linked to Initial Access Brokers and Crypter Ecosystem
Rhysida and Interlock Ransomware Groups Linked to Initial Access Brokers and Crypter Ecosystem Rhysida and Interlock sit inside the same ransomware supply chain, but their latest observed behavior shows a more nuanced relationship than simple code reuse…. Delivered by PolitePaul service Go to gbhackers.com
-
Critical Fortinet FortiSandbox flaws now exploited in attacks
Critical Fortinet FortiSandbox flaws now exploited in attacks Attackers are now exploiting several critical vulnerabilities in Fortinet’s FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. […] Sergiu Gatlan Go to bleepingcomputer
-
Windows version of SprySOCKS Linux malware used to attack govt orgs
Windows version of SprySOCKS Linux malware used to attack govt orgs Windows variants for the SprySOCKS Linux malware have been used in attacks targeting government organizations in at least four countries. […] Bill Toulas Go to bleepingcomputer
-
iRhythm discloses data breach, says hackers stole patient info
iRhythm discloses data breach, says hackers stole patient info Digital healthcare company iRhythm Holdings has disclosed a data breach after hackers stole patients’ personal and health information stored on third-party-hosted business applications. […] Sergiu Gatlan Go to bleepingcomputer
-
DOJ seizes CFAKE, SOCFAKE deepfake nude sites under TAKE IT DOWN Act
DOJ seizes CFAKE, SOCFAKE deepfake nude sites under TAKE IT DOWN Act The U.S. Department of Justice announced Friday that it has seized the CFAKE.com and SOCFAKE.com websites, which allegedly hosted nonconsensual AI-generated nude images and videos of women, in what appears to be the first publicly announced domain seizure under the TAKE IT DOWN…
-
SimpleHelp bug lets hackers create rogue remote support accounts
SimpleHelp bug lets hackers create rogue remote support accounts A vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) authentication protocol. […] Bill Toulas Go to bleepingcomputer