serisec

Tag: cyber-security-news

  • Microsoft Outlook and Word Vulnerabilities Allow Attackers to Execute Malicious Code

    Microsoft Outlook and Word Vulnerabilities Allow Attackers to Execute Malicious Code Microsoft released critical fixes for three closely related remote code execution (RCE) vulnerabilities in Microsoft Outlook and Word that stem from low‑level memory‑safety flaws in the Word rendering engine and its integration with Outlook Classic. These bugs, tracked as CVE‑2026‑45456, CVE‑2026‑45458, and CVE‑2026‑47635, are…

  • Palo Alto PAN-OS Vulnerability Allows Attackers to Execute Arbitrary Commands as Root User

    Palo Alto PAN-OS Vulnerability Allows Attackers to Execute Arbitrary Commands as Root User Palo Alto Networks fixed a new command injection vulnerability in PAN‑OS (CVE-2026-0273) that allows authenticated administrators to execute arbitrary commands as root via the CLI or web management interface. Two related medium‑severity issues in the same advisory window cover CLI privilege escalation…

  • Google Patches 28 Chrome Vulnerabilities that Allow Attackers to Execute Malicious Code

    Google Patches 28 Chrome Vulnerabilities that Allow Attackers to Execute Malicious Code Google has released a new Chrome security update addressing 28 vulnerabilities, including several critical flaws that could allow attackers to execute malicious code on affected systems. The latest Stable channel update upgrades Chrome to version 149.0.7827.114/.115 on Windows and macOS, and to 149.0.7827.114…

  • Microsoft Teams for Android Vulnerability Allows Attackers to Disclose Sensitive Data

    Microsoft Teams for Android Vulnerability Allows Attackers to Disclose Sensitive Data Microsoft has disclosed a significant security vulnerability in Microsoft Teams for Android that could allow an authenticated attacker to expose sensitive information over a network. The flaw, tracked as CVE-2026-42835, was officially released on June 9, 2026, and has been rated Important in severity.…

  • Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters

    Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters Mandiant and Google Threat Intelligence Group (GTIG) have issued a critical warning after identifying an active compromise-and-extortion campaign targeting Oracle PeopleSoft infrastructure, attributed to the notorious threat actor UNC6240, also known as ShinyHunters. The campaign exploited CVE-2026-35273, a critical unauthenticated remote code execution (RCE) vulnerability…

  • China-Linked JDY Botnet Uses 1,500+ SOHO and IoT Devices for Rapid Vulnerability Exploitation

    China-Linked JDY Botnet Uses 1,500+ SOHO and IoT Devices for Rapid Vulnerability Exploitation A China-linked network of compromised routers and smart devices has grown into one of the most capable reconnaissance tools tied to a nation-state threat group. Researchers have identified a major resurgence of a botnet known as JDY, which now controls more than…

  • Microsoft Exchange Server 0-Day Vulnerability Exploited in Attacks Using Weaponized Email

    Microsoft Exchange Server 0-Day Vulnerability Exploited in Attacks Using Weaponized Email Microsoft has confirmed active exploitation of a new zero‑day spoofing flaw in on‑premises Exchange Server, tracked as CVE‑2026‑42897. The flaw allows attackers to execute arbitrary JavaScript in Outlook Web Access (OWA) simply by sending a weaponized email that a victim opens in a browser.…

  • Ivanti Endpoint Manager Mobile Vulnerability Enables Remote Code Execution Attacks

    Ivanti Endpoint Manager Mobile Vulnerability Enables Remote Code Execution Attacks A high-severity vulnerability, CVE-2026-6973, in Ivanti Endpoint Manager Mobile (EPMM) could allow authenticated attackers to achieve remote code execution by injecting malicious Apache configuration directives. The flaw, assigned a CVSS score of 7.2, is classified as a configuration control vulnerability (CWE-15) and affects multiple versions…

  • Anthropic’s Claude Fable 5 Jailbroken to Generate Stack Exploits

    Anthropic’s Claude Fable 5 Jailbroken to Generate Stack Exploits Anthropic launched Claude Fable 5 on June 9, 2026, as the first publicly available model in its new Mythos class, its most capable AI to date, excelling in software engineering, knowledge work, and vision benchmarks. Researcher “Pliny the Liberator” defeats Claude Fable 5’s safety classifiers using…

  • Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency

    Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency Hackers are turning everyday software searches into a trap. A sophisticated cryptojacking campaign is actively targeting users who search for popular PC utilities online, luring them into downloading malware-laced files that secretly mine cryptocurrency using their own GPU. The attackers have built a network…

  • Hackers Deploy MLTBackdoor Malware via Multi-Stage ClickFix Infection Chain

    Hackers Deploy MLTBackdoor Malware via Multi-Stage ClickFix Infection Chain A newly discovered backdoor malware called MLTBackdoor is making waves in the cybersecurity community after being spotted in a carefully designed, multi-stage attack chain. Identified in May 2026, this threat stands out for its advanced ability to hide from security tools while quietly establishing a deep…

  • Hackers Abuse TikTok and Instagram Reels to Spread Malware via Fake Free Software Tutorials

    Hackers Abuse TikTok and Instagram Reels to Spread Malware via Fake Free Software Tutorials Cybercriminals are now turning to short-form video platforms as a new attack surface, using fake software tutorials on TikTok and Instagram Reels to push malware onto unsuspecting users. The tactic is simple but remarkably effective: create polished, convincing videos that promise…

  • Windows BitLocker 0-Day Vulnerability Allows Attackers to Bypass Security Feature

    Windows BitLocker 0-Day Vulnerability Allows Attackers to Bypass Security Feature Microsoft disclosed a new Windows BitLocker Security Feature Bypass vulnerability, tracked as CVE-2026-50507, on June 9, 2026, as part of its June Patch Tuesday security release. The flaw, rooted in a protection mechanism failure, allows an unauthorized attacker with physical access to bypass BitLocker Device Encryption…

  • Anthropic Released Claude Fable 5, the First Model in Mythos Class

    Anthropic Released Claude Fable 5, the First Model in Mythos Class Anthropic has released Claude Fable 5, the first publicly available model in its new Mythos capability tier, a class powerful enough that the company says it ships with cybersecurity safeguards baked in from day one. Fable 5 sits above the Claude Opus line and…

  • New Windows Defender 0-Day Exploit “RoguePlanet” Grants SYSTEM Access to Attackers

    New Windows Defender 0-Day Exploit “RoguePlanet” Grants SYSTEM Access to Attackers A researcher known as Nightmare Eclipse (also tracked as Chaotic Eclipse or Dead Eclipse) has publicly released a new proof-of-concept (PoC) exploit named RoguePlanet, targeting a previously undisclosed race condition vulnerability in Microsoft Windows Defender. When successfully executed, the exploit spawns a command shell…

  • Hackers Exploiting LiteLLM RCE Vulnerability in the Wild to Run Arbitrary Commands

    Hackers Exploiting LiteLLM RCE Vulnerability in the Wild to Run Arbitrary Commands Threat actors are actively exploiting a critical chained vulnerability in LiteLLM, a popular open-source AI gateway proxy, allowing unauthenticated remote code execution (RCE) on vulnerable deployments. Researchers at Horizon3.ai confirmed that combining two CVEs creates a CVSS 10.0 Critical attack path requiring zero…

  • SAP Security Patch Day – Critical Vulnerabilities in SAP NetWeaver Patched

    SAP Security Patch Day – Critical Vulnerabilities in SAP NetWeaver Patched SAP’s June 2026 Security Patch Day, observed on Tuesday, June 9, delivered 15 new security notes addressing a broad range of vulnerabilities across core SAP products, including four critical-severity flaws that demand immediate enterprise attention. SAP strongly urges all customers to visit the SAP…

  • Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials

    Threat Actors Abuse ChatGPT, Claude, and DeepSeek Brands as Phishing Lures to Steal Credentials Cybercriminals have found a clever new trick: turning the world’s most popular AI tools into traps. By disguising phishing attacks with the branding of platforms like ChatGPT, Claude, and DeepSeek, threat actors are luring users into handing over login credentials, credit…

  • Apache HTTP Server 2.4.68 Released With Fix For Use-After-Free, DoS, XSS, and Buffer Overflow Flaws

    Apache HTTP Server 2.4.68 Released With Fix For Use-After-Free, DoS, XSS, and Buffer Overflow Flaws The Apache Software Foundation released Apache HTTP Server version 2.4.68 on June 8, 2026, addressing 13 security vulnerabilities spanning multiple modules. The patched flaws include use-after-free conditions, cross-site scripting, heap-based buffer overflows, denial-of-service, privilege escalation, and out-of-bounds read issues affecting…

  • 21 0-Day Vulnerabilities in FFmpeg Enables Remote Code Execution Attacks

    21 0-Day Vulnerabilities in FFmpeg Enables Remote Code Execution Attacks An autonomous security agent uncovered 21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. FFmpeg quietly powers media processing across browsers, streaming platforms, surveillance systems, and cloud…

  • Multiple VMware Stored XSS Vulnerabilities Allow Attackers to Inject Malicious Scripts

    Multiple VMware Stored XSS Vulnerabilities Allow Attackers to Inject Malicious Scripts Broadcom has disclosed three stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation Operations and several related products, warning that authenticated attackers could inject malicious scripts to perform administrative actions within the environment. Tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, the flaws were addressed in…

  • UniFi OS Server Critical RCE Chain Allows Root Access Without Credentials

    UniFi OS Server Critical RCE Chain Allows Root Access Without Credentials A critical vulnerability chain in the UniFi OS Server software has put thousands of organizations at serious risk. Researchers confirmed that an attacker can gain full root access to affected devices without a single credential, turning one unauthenticated request into a complete system takeover.…

  • Critical Redis RCE Vulnerability Enable Attackers to Gain Complete Control to Host Server

    Critical Redis RCE Vulnerability Enable Attackers to Gain Complete Control to Host Server In May 2026, Redis developers fixed a dangerous post-authentication remote code execution vulnerability, dubbed DarkReplica (CVE-2026-23631), that allowed attackers to gain full control of a Redis host. Redis provides powerful server-side Lua engines, allowing administrators to run custom logic directly in the…

  • Cybercriminals Exploit 2026 FIFA World Cup With Phishing, Fake Stores, and Ticket Scams

    Cybercriminals Exploit 2026 FIFA World Cup With Phishing, Fake Stores, and Ticket Scams The 2026 FIFA World Cup is not just a celebration of football. For cybercriminals, it is a business opportunity, and they have already gotten to work. Threat actors have been building fake FIFA stores, spinning up phishing pages, and launching purchase scams…

  • Microsoft Warns Claude Code GitHub Action Could Leak CI/CD Workflow Secrets

    Microsoft Warns Claude Code GitHub Action Could Leak CI/CD Workflow Secrets AI-powered coding tools are rapidly changing how developers build and ship software. But as these tools enter everyday development pipelines, they are also opening new doors for attackers. A recently uncovered vulnerability in a widely used AI coding assistant shows just how far that…

  • Instagram Fixes Password Reset Flaw That Exposes User Emails and Phone Numbers

    Instagram Fixes Password Reset Flaw That Exposes User Emails and Phone Numbers A critical logic bug in Instagram’s web-based password reset flow on June 6, 2026, exposed unredacted email addresses and phone numbers associated with user accounts, including those belonging to high-profile individuals such as Meta CEO Mark Zuckerberg and model Georgina Rodriguez. Instagram’s parent…

  • CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks

    CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel vulnerability, tracked as CVE-2022-0492, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. The issue, categorized as improper authentication, affects Linux…

  • New ChatGPT Lockdown Mode to Mitigate Prompt Injection and Data Exfiltration Attacks

    New ChatGPT Lockdown Mode to Mitigate Prompt Injection and Data Exfiltration Attacks OpenAI has released ChatGPT Lockdown Mode, a new security feature designed to limit outbound network access and reduce the risk of data exfiltration from prompt-injection attacks. The feature is now available to eligible personal accounts, self-serve ChatGPT Business users, and managed enterprise workspaces.…

  • Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies

    Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies Free apps available on Samsung, LG, Roku, and other major smart TV platforms have been quietly enrolling millions of living room devices into a commercial residential proxy network used to scrape web data for AI training all through a consent…

  • CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks

    CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in the wild. Tracked as CVE-2026-28318, the vulnerability affects SolarWinds Serv-U file transfer software and…

  • Top 5 Best Tools for Simulated DDoS Attacks in 2026

    Top 5 Best Tools for Simulated DDoS Attacks in 2026 Last year, a botnet hurled 31.4 Tbps of junk traffic at a single target—enough data to stream every Netflix movie at once. The record-shattering flood forced boards, regulators, and cloud teams to ask one question: are we sure our defenses work when the internet turns…

  • Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks

    Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks A newly disclosed critical vulnerability in the HuggingFace Transformers library, tracked as CVE-2026-4372, allows attackers to achieve remote code execution (RCE) through malicious model configuration files. The flaw exposes a significant supply chain risk in one of the most widely used machine learning frameworks, impacting…

  • OWASP CVE Lite CLI – New Tool to Scan for Vulnerabilities in Your Projects

    OWASP CVE Lite CLI – New Tool to Scan for Vulnerabilities in Your Projects CVE Lite CLI is a free, open-source vulnerability scanner officially recognized as an OWASP Incubator Project, designed to bring dependency security directly into developers’ terminals rather than leaving it buried in CI pipelines. Maintained by Sonu Kapoor and backed by the…

  • Anthropic’s Claude Services Down — claude.ai, Claude Code, and Cowork Affected [Updated]

    Anthropic’s Claude Services Down — claude.ai, Claude Code, and Cowork Affected [Updated] Anthropic’s Claude platform suffered a significant service disruption on June 5, 2026, with elevated error rates impacting multiple frontier AI models and key services, including claude.ai, Claude API, Claude Code, and Claude Cowork, raising concerns not just about infrastructure resilience but also about…

  • VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore

    VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore A new ransomware strain called VECT 2.0 is raising serious concerns among security professionals, and for a troubling reason — even if a victim pays the ransom, the attacker’s own decryptor may not fully restore their files. This is not a typical failure…

  • Cisco SD-WAN Vulnerability Exploited in the Wild to Execute Arbitrary Commands as Root User

    Cisco SD-WAN Vulnerability Exploited in the Wild to Execute Arbitrary Commands as Root User Cisco has disclosed a high-severity vulnerability in its Catalyst SD-WAN Manager that is actively being exploited in the wild, allowing attackers to execute arbitrary commands with root privileges. The issue, tracked as CVE-2026-20245, carries a CVSS score of 7.8 and stems…

  • Let’s Encrypt Unveils Merkle Tree Certificates to Secure the Web Against Quantum Threats

    Let’s Encrypt Unveils Merkle Tree Certificates to Secure the Web Against Quantum Threats Let’s Encrypt has announced its roadmap for post-quantum Web PKI, centering on a novel approach called Merkle Tree Certificates (MTCs), a design that delivers quantum-resistant authentication without bloating TLS handshakes or breaking the web’s performance expectations. Traditional X.509 certificate chains require significant…

  • Microsoft Edge Vulnerability Allows Remote Attackers to Execute Arbitrary Code

    Microsoft Edge Vulnerability Allows Remote Attackers to Execute Arbitrary Code Microsoft has released a security update addressing a critical vulnerability in Microsoft Edge that could allow remote attackers to execute arbitrary code on vulnerable systems. Tracked as CVE-2026-45495 and reported by Orange Tsai of DEVCORE, the flaw carries a CVSS v3 score of 7.5 and…

  • Dashlane Details How Hackers Managed to Download Encrypted Password Vaults

    Dashlane Details How Hackers Managed to Download Encrypted Password Vaults Dashlane has disclosed that threat actors successfully brute-forced two-factor authentication (2FA) protections to register unauthorized devices and download encrypted password vaults belonging to fewer than 20 personal plan users, with a completed investigation confirming no broader impact on its internal systems. Beginning Sunday, May 31,…

  • Acer Working to Patch Wave 7 Router 0-day Vulnerability

    Acer Working to Patch Wave 7 Router 0-day Vulnerability Acer is preparing a firmware update to address a critical zero-day vulnerability affecting its Wave 7 routers, following disclosure by independent security researcher Gergo Pap. The issue affects devices running firmware versions earlier than and poses a significant risk due to unauthenticated remote exploitation. According to…

  • Fake Claude Code Installer Via Google Sites Deliver Credential-Stealing Malware

    Fake Claude Code Installer Via Google Sites Deliver Credential-Stealing Malware Cybercriminals have found a new and clever way to exploit the growing popularity of AI developer tools. A recently identified campaign uses fake pages mimicking Claude Code and OpenAI Codex, hosted on trusted Google Sites infrastructure, to trick users into running commands that quietly steal…

  • Bots Surpass Humans in Global Web Traffic for the First Time in Internet History

    Bots Surpass Humans in Global Web Traffic for the First Time in Internet History For the first time ever, automated bots have officially overtaken human users in global internet traffic, and the shift is accelerating faster than even industry leaders predicted. Bots Surpass Humans in Web Traffic According to data from Cloudflare Radar, bots now…

  • Microsoft Unveils Always-On AI Agent Scout to Integrate With Teams, Outlook, and More

    Microsoft Unveils Always-On AI Agent Scout to Integrate With Teams, Outlook, and More Microsoft has officially introduced Microsoft Scout, its first-ever “Autopilot” AI agent, a persistent, always-on autonomous assistant designed to operate continuously across Microsoft 365 apps without waiting to be prompted. Unveiled at Microsoft Build 2026 on June 2, Scout represents a fundamental shift…

  • New Google Gemini Vulnerability Exploited via Prompt Injections from WhatsApp, Slack, and SMS

    New Google Gemini Vulnerability Exploited via Prompt Injections from WhatsApp, Slack, and SMS A new class of indirect prompt injection (IPI) attacks targets Google Gemini’s voice assistant, allowing attackers to silently hijack the AI through malicious payloads delivered via everyday messaging apps, including WhatsApp, Slack, Signal, SMS, Instagram, and Messenger. The research, led by Or…

  • HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora

    HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora A newly disclosed remote denial-of-service exploit dubbed “HTTP/2 Bomb” targets the default HTTP/2 configurations of the world’s most widely deployed web servers, nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora, enabling a single attacker on a home internet connection to…

  • 1-Click GitHub Token Vulnerability Lets Attackers Steal Users’ OAuth Tokens

    1-Click GitHub Token Vulnerability Lets Attackers Steal Users’ OAuth Tokens A critical security vulnerability in Visual Studio Code’s webview implementation allows attackers to steal GitHub OAuth tokens, including read/write access to private repositories, simply by tricking a victim into clicking a single malicious link. The bug was publicly disclosed on June 2, 2026, by security…

  • WordPress Malware Abuses Steam Community Profiles for C2 Operations

    WordPress Malware Abuses Steam Community Profiles for C2 Operations A newly discovered malware campaign targeting WordPress websites has raised serious concerns across the web security community. Attackers behind this campaign are using an unexpected method to communicate with infected sites, hiding command instructions inside Steam Community profile comments and turning a popular gaming platform into…

  • Threat Actor Uses Stolen Gemini API Keys to Automate Telegram Influence Campaign

    Threat Actor Uses Stolen Gemini API Keys to Automate Telegram Influence Campaign A single threat actor has been running a fake political persona on Telegram for five years, quietly building an audience of over 17,000 subscribers while using stolen AI credentials to power the entire operation. What looks like an American patriot channel is actually…

  • Attackers Abuse AWS, Google Cloud, Cloudflare, and Microsoft Services to Hide Malicious Traffic

    Attackers Abuse AWS, Google Cloud, Cloudflare, and Microsoft Services to Hide Malicious Traffic Cybercriminals are increasingly weaponizing trusted cloud infrastructure, including Amazon Web Services, Google Cloud, Microsoft Azure, Cloudflare, and GitHub, to camouflage malicious traffic, evade detection, and sustain long-lived Command and Control (C2) operations. A recent threat intelligence investigation using ANY.RUN’s Threat Intelligence (TI)…

  • Nimbus Manticore APT Abuses Fake Recruitment Portal to Deliver Custom Malware

    Nimbus Manticore APT Abuses Fake Recruitment Portal to Deliver Custom Malware A state-linked hacking group has been caught running a carefully crafted fake recruitment operation to push custom malware onto unsuspecting victims. The group, known as Nimbus Manticore and also tracked as UNC1549 and Smoke Sandstorm, has a long history of targeting professionals in the…

  • Android 0-Day Vulnerability Exploited in Attacks to Gain Complete Device Control

    Android 0-Day Vulnerability Exploited in Attacks to Gain Complete Device Control A critical Android zero-day vulnerability is being actively exploited in targeted attacks, allowing threat actors to gain near-complete control over affected devices without any user interaction. The flaw, tracked as CVE-2025-48595, was highlighted in the June 2026 Android Security Bulletin, where Google confirmed limited…

  • Critical StrongDM Vulnerability Allows Attackers to Steal and Reuse Authentication

    Critical StrongDM Vulnerability Allows Attackers to Steal and Reuse Authentication A critical authentication flaw in StrongDM’s desktop application has been identified that allows attackers to hijack user sessions by reusing locally stored authentication material, potentially exposing sensitive enterprise infrastructure. The issue, tracked as CVE-2026-4387, was discovered by SpecterOps during a security assessment and has been…

  • Dashlane Password Manager User Accounts Locked Following Brute-Force Attacks

    Dashlane Password Manager User Accounts Locked Following Brute-Force Attacks Dashlane has disclosed a security incident involving a large-scale brute-force attack targeting user accounts, beginning on May 31, 2026. According to the company, an external threat actor attempted to bypass two-factor authentication (2FA) protections by repeatedly guessing authentication codes to register unauthorized devices on victims’ accounts.…

  • Gamaredon APT Hides Malware in Windows Features and Abuses Cloud Platforms for C2

    Gamaredon APT Hides Malware in Windows Features and Abuses Cloud Platforms for C2 Gamaredon, a Russian state-backed espionage group, is deploying a new VBScript worm that hides inside native Windows features while using popular cloud services as covert command-and-control (C2) channels in an ongoing campaign against Ukrainian targets. The operation showcases a modular toolset built…

  • Microsoft Tightens Entra ID Password Resets With New Authentication Change

    Microsoft Tightens Entra ID Password Resets With New Authentication Change Microsoft has announced a significant security update to its Entra ID Self-Service Password Reset (SSPR) feature, introducing stricter authentication requirements designed to reduce identity-based attacks. The update mandates the use of explicitly registered authentication methods, removing reliance on directory-stored contact information that has not been…

  • Famous Chollima Hackers Target PHP Developers Using Compromised Packagist Package

    Famous Chollima Hackers Target PHP Developers Using Compromised Packagist Package A well-known North Korean threat actor has been caught hiding malware inside a legitimate PHP package available through Packagist, the main package repository for PHP projects. The attack takes direct aim at software developers, disguising a dangerous payload as a routine configuration file. This kind…

  • Hackers Attacking Signal Users to Steal Backups in New Wave of Attacks

    Hackers Attacking Signal Users to Steal Backups in New Wave of Attacks A new wave of phishing attacks is targeting users of Signal, the encrypted messaging app trusted by journalists, activists, and privacy-conscious individuals worldwide. Hackers are impersonating Signal’s support team and tricking users into handing over their backup recovery keys, which can unlock entire…

  • Microsoft Clarifies It Won’t Sue Security Researchers Amid Nightmare-Eclipse Controversy

    Microsoft Clarifies It Won’t Sue Security Researchers Amid Nightmare-Eclipse Controversy Microsoft has clarified its stance, reducing perceived legal threats and reaffirming its commitment to coordinated vulnerability disclosure, following significant backlash from the security research community. In a carefully worded statement released in late May 2026, Microsoft’s Security Response Center (MSRC) moved to defuse a growing crisis over…

  • Instagram Meta AI Vulnerability Allegedly Enables Password Reset for Accounts

    Instagram Meta AI Vulnerability Allegedly Enables Password Reset for Accounts A critical flaw in Meta’s AI-powered account recovery tool on Instagram allowed attackers to hijack high-value accounts by tricking the chatbot into forwarding password reset codes with no verification required. Security researchers ZachXBT and Dark Web Informer were among the first to publicly expose the…

  • Microsoft Releases KB5089573 for Windows 11 to Fix Patch Tuesday Install Issues

    Microsoft Releases KB5089573 for Windows 11 to Fix Patch Tuesday Install Issues Microsoft has rolled out a new cumulative update, KB5089573, for Windows 11 versions 25H2 and 24H2, targeting a critical installation failure that affected users following the May 2026 Patch Tuesday release. The update brings OS builds to 26200.8524 and 26100.8524, respectively, resolving a…

  • GitLab Patches Multiple Duo AI, DoS, and Authorization Flaws in Community and Enterprise Edition

    GitLab Patches Multiple Duo AI, DoS, and Authorization Flaws in Community and Enterprise Edition GitLab has released emergency security updates for both Community Edition (CE) and Enterprise Edition (EE), addressing multiple Duo AI, denial‑of‑service, and authorization flaws in recent versions of the platform. On May 27, 2026, GitLab shipped versions 19.0.1, 18.11.4, and 18.10.7 as…

  • Pentest Swarm AI Tool With Live Access to nmap, sqlmap, Burp, Metasploit, and Others

    Pentest Swarm AI Tool With Live Access to nmap, sqlmap, Burp, Metasploit, and Others Pentest Swarm AI is the first open-source autonomous penetration testing platform built on a swarm intelligence architecture, not just multiple agents firing in a fixed sequence. Developed by Armur AI, it gives security professionals live, coordinated access to the full offensive…

  • Google Chrome’s Device-Bound Session Credentials Now GA to Block Account Takeovers

    Google Chrome’s Device-Bound Session Credentials Now GA to Block Account Takeovers Google has officially moved Device Bound Session Credentials (DBSC) to general availability in the Chrome browser on Windows, delivering a powerful defense against one of the most persistent threats in modern cybersecurity session cookie theft. Previously available in beta for Google Workspace users, DBSC…

  • GREYVIBE Hackers Leverage ChatGPT and Google Gemini to Fuel Cyberattacks

    GREYVIBE Hackers Leverage ChatGPT and Google Gemini to Fuel Cyberattacks GREYVIBE hackers are increasingly leveraging generative AI tools such as ChatGPT and Google Gemini to enhance cyberattack operations. The campaign, active since at least August 2025, primarily targets Ukraine and related entities across the government, military, and civilian sectors, highlighting a growing convergence between artificial…

  • Palo Alto Networks PAN-OS Authentication Vulnerability Bypass Exploited in the Wild

    Palo Alto Networks PAN-OS Authentication Vulnerability Bypass Exploited in the Wild Palo Alto Networks authentication bypass vulnerability, CVE-2026-0257, affecting PAN-OS and Prisma Access, is now being actively exploited in the wild, with CISA adding it to the Known Exploited Vulnerabilities (KEV) catalog on May 29, 2026. Palo Alto Networks published its security advisory on May…

  • Post-quantum cryptography is not the future. It is your current reality.  

    Post-quantum cryptography is not the future. It is your current reality.   For most of the last decade, post-quantum cryptography lived in a particular kind of conversation. It came up at security conferences. It appeared in NIST press releases. CISOs nodded politely when it surfaced in briefings, filed it under “things to deal with eventually,” and moved…

  • Ransomware Uses SYSTEM Scheduled Task to Encrypt Local Drives With Elevated Privileges

    Ransomware Uses SYSTEM Scheduled Task to Encrypt Local Drives With Elevated Privileges A newly analyzed ransomware strain called The Gentlemen is raising serious alarms across the cybersecurity community. Built in the Go programming language and obfuscated with a tool called Garble, it combines powerful per-file encryption with an aggressive ability to spread itself silently across…

  • Malicious RVTools Installer Abuses Sectigo Certificate to Bypass SmartScreen Warnings

    Malicious RVTools Installer Abuses Sectigo Certificate to Bypass SmartScreen Warnings A trusted tool for VMware administrators has been weaponized. Attackers built a fake version of RVTools, a widely used utility for managing virtual infrastructure, and disguised it with a real digital certificate to slip past Windows security warnings without raising a flag. RVTools is a…

  • Critical Samba Vulnerability Enables Remote Code Execution Attacks

    Critical Samba Vulnerability Enables Remote Code Execution Attacks A critical vulnerability in the Samba printing subsystem, tracked as CVE-2026-4480, has been disclosed, allowing unauthenticated attackers to achieve remote code execution (RCE) on affected systems. The flaw carries a maximum CVSS v3.1 score of 10.0, highlighting its severe impact and ease of exploitation. Samba, widely used…

  • Google Patches 151 Vulnerabilities in Chrome, Including 22 Critical Ones

    Google Patches 151 Vulnerabilities in Chrome, Including 22 Critical Ones Google has pushed a major Chrome Stable update that fixes 151 security flaws, including 22 critical vulnerabilities affecting core graphics, networking, media, and UI components across Windows, macOS, and Linux. The Stable channel has been updated to version 148.0.7778.216/217 for Windows, 148.0.7778.215/216 for macOS, and…

  • Google Employee Charged for Making $1.2 Million With Confidential Information

    Google Employee Charged for Making $1.2 Million With Confidential Information A Google software engineer has been charged in the United States for allegedly using confidential internal data to generate more than $1.2 million in profits through prediction market trading. The case highlights growing concerns around insider threats and misuse of privileged access in large technology…

  • VS Code Remote-SSH RCE Lets Attackers Pivot From Developer Machines to Cloud Servers

    VS Code Remote-SSH RCE Lets Attackers Pivot From Developer Machines to Cloud Servers A newly disclosed vulnerability in Visual Studio Code’s Remote-SSH extension exposes a critical post-compromise attack path that allows threat actors to pivot from infected developer machines into cloud and production environments. Given the extension’s widespread adoption across modern development workflows, the issue…

  • Veeam Backup & Replication Tool Vulnerability Enables Privilege Escalation Attacks

    Veeam Backup & Replication Tool Vulnerability Enables Privilege Escalation Attacks Veeam has addressed a high-severity vulnerability in its Backup & Replication platform that could enable attackers to escalate privileges and gain deeper access to enterprise systems. The issue impacts Veeam Backup & Replication version 13.0.1.2067 and all earlier version 13 builds, prompting urgent patching recommendations…

  • Microsoft Warns Public Release of Zero-Day Details Before Vendor Coordination

    Microsoft Warns Public Release of Zero-Day Details Before Vendor Coordination Microsoft has issued a strong warning after multiple zero-day vulnerabilities were publicly disclosed without prior coordination, raising concerns about increased risk to users and enterprise environments. The company stated that recent disclosures exposed critical security flaws before patches were available, giving threat actors a potential…

  • Critical Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code

    Critical Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code Notepad++, one of the most widely used open-source text editors for Windows, has released an urgent security update addressing three vulnerabilities, including two arbitrary code execution flaws that could allow attackers to silently run malicious programs on a victim’s machine. The Notepad++ development team released version…

  • Silent Ransom Group Targets Law Firms With IT Support Impersonation Attacks

    Silent Ransom Group Targets Law Firms With IT Support Impersonation Attacks A threat group known as the Silent Ransom Group is actively targeting US-based law firms using a bold and deceptive social engineering playbook. Rather than deploying ransomware in the traditional sense, this group goes straight for the data and then turns it into a…

  • SBI Warns of Scammers are Sending Fake Messages Claiming Your YONO App Will be Deactivated

    SBI Warns of Scammers are Sending Fake Messages Claiming Your YONO App Will be Deactivated A new wave of social engineering attacks is targeting millions of State Bank of India customers across the country. Fraudsters are sending fake messages warning users that their YONO banking app will be deactivated unless they update their Aadhaar number…

  • Apple’s New Anti-Snatching Feature Will Auto-Lock iPhones When Stolen From Your Hand

    Apple’s New Anti-Snatching Feature Will Auto-Lock iPhones When Stolen From Your Hand Apple is reportedly developing a new iPhone security feature designed to automatically lock the device the moment it detects a theft-in-progress, a significant upgrade to the company’s existing anti-theft protections that could close one of the most dangerous gaps in mobile security today.…

  • Developer-Targeting Glassworm Malware Abuses npm, PyPI, OpenVSX, and GitHub

    Developer-Targeting Glassworm Malware Abuses npm, PyPI, OpenVSX, and GitHub A dangerous malware campaign known as Glassworm has been spreading through the tools that software developers trust most every day. By abusing popular platforms like npm, PyPI, OpenVSX, and GitHub, the attackers have turned routine development workflows into entry points for data theft, credential harvesting, and…

  • Attackers Abuse Open RDP Ports to Gain Initial Access Into Business Networks

    Attackers Abuse Open RDP Ports to Gain Initial Access Into Business Networks There is a decades-old misconfiguration sitting quietly inside countless business networks, and attackers are still making full use of it. Remote Desktop Protocol, or RDP, allows users to connect to and control a computer remotely over a network. When its default port, 3389,…

  • New 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users

    New 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users A new 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users is raising serious concerns after multiple iPhone users reported their accounts being hijacked without any interaction, warnings, or visible linked devices. According to a recent forensic investigation by the Italian security firm Forenser, attackers…

  • GitLab Suspends Windows Exploit Researcher Nightmare-Eclipse After GitHub Ban

    GitLab Suspends Windows Exploit Researcher Nightmare-Eclipse After GitHub Ban The anonymous researcher known as Nightmare-Eclipse has been blocked from two major code-hosting platforms in less than a week, as their disruptive public zero-day campaign against Microsoft draws serious real-world consequences. GitLab moved to suspend the account of security researcher Nightmare-Eclipse on May 26, 2026, just…

  • Phishing Services Use RCS and iMessage to Bypass Traditional SMS Security Filters

    Phishing Services Use RCS and iMessage to Bypass Traditional SMS Security Filters A new wave of phishing operations is quietly changing the way cybercriminals steal financial data from everyday people. Rather than relying on traditional SMS messages that carriers can easily flag and block, threat actors are now using encrypted messaging channels like Rich Communication…

  • Payload Ransomware Uses ChaCha20 and Curve25519 ECDH to Encrypt Windows Files

    Payload Ransomware Uses ChaCha20 and Curve25519 ECDH to Encrypt Windows Files A dangerous new ransomware strain called Payload has been quietly building a global victim list since it first appeared in February 2026. The group launched its leak site with a high-profile target and has since expanded operations across Egypt, Mexico, Poland, and beyond. What…

  • PuTTY 0.84 Released With Fix for SSH KEX Crashes and Telnet Prompt Spoofing Flaw

    PuTTY 0.84 Released With Fix for SSH KEX Crashes and Telnet Prompt Spoofing Flaw PuTTY 0.84 has been released with fixes for multiple minor security flaws, including issues that could trigger SSH key exchange crashes and a Telnet prompt spoofing weakness. While these vulnerabilities are considered low severity, they highlight how even small flaws in…

  • New 7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code and Compromise Systems

    New 7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code and Compromise Systems A critical heap buffer overflow vulnerability has been disclosed in 7-Zip version 26.00, enabling attackers to achieve arbitrary code execution via a vtable hijack by exploiting a defect in the tool’s NTFS archive handler. Tracked as CVE-2026-48095 and assigned advisory GHSL-2026-140, the flaw resides…

  • Anthropic’s Restricted Claude Mythos Moves Toward Public Release via Claude Code and Security

    Anthropic’s Restricted Claude Mythos Moves Toward Public Release via Claude Code and Security Anthropic appears to be loosening its grip on Claude Mythos, the company’s most powerful and previously restricted AI model, with new signals pointing to a commercially versioned release under the name Mythos 1 (claude-mythos-1-preview), integrated directly into Claude Code and a revamped…

  • MiniUpdate RAT Uses Azure-Hosted C2 Domains for Targeted Espionage Campaigns

    MiniUpdate RAT Uses Azure-Hosted C2 Domains for Targeted Espionage Campaigns A new wave of targeted espionage attacks has put technology professionals across the United States, Israel, and the United Arab Emirates on high alert. The threat comes from an Iran-linked hacking group deploying two families of remote access trojans through cleverly disguised recruitment lures and…

  • WhatsApp Chat Histories Stored Unencrypted on macOS and iOS

    WhatsApp Chat Histories Stored Unencrypted on macOS and iOS Security researchers have revealed that WhatsApp chat histories may be stored unencrypted on both macOS and iOS devices, raising fresh concerns about local data protection and cross-application access within the Apple ecosystem. The issue, highlighted by iOS security researchers at Mysk, centers on how WhatsApp stores…

  • Authorities Seized 800 Servers of Hosting Company Used to Launch Cyberattacks

    Authorities Seized 800 Servers of Hosting Company Used to Launch Cyberattacks Dutch authorities have seized more than 800 servers and arrested two individuals as part of a major investigation into a hosting infrastructure allegedly used to support cyberattacks, disinformation campaigns, and sanctions evasion linked to Russia. The Fiscal Information and Investigation Service (FIOD) confirmed that…

  • CISA Warns of Drupal Core SQL Injection Vulnerability Exploited in Attacks

    CISA Warns of Drupal Core SQL Injection Vulnerability Exploited in Attacks CISA has issued an urgent alert regarding a critical SQL injection vulnerability in Drupal Core, tracked as CVE-2026-9082, which is now being actively exploited in real-world attacks. The flaw, classified under CWE-89, affects Drupal’s database abstraction API and could allow attackers to execute malicious…

  • GitHub Adds Staged Publishing to npm to Block Automated Supply Chain Attacks

    GitHub Adds Staged Publishing to npm to Block Automated Supply Chain Attacks GitHub has introduced a major security upgrade to the npm ecosystem with the general availability of staged publishing and new install-time controls, aimed at reducing automated supply chain attacks targeting open-source packages. The newly released staged publishing feature changes how npm packages are…

  • PyrsistenceSniper – Tool that Detects 117 Persistence Malware Techniques on Windows, Linux, and macOS

    PyrsistenceSniper – Tool that Detects 117 Persistence Malware Techniques on Windows, Linux, and macOS PyrsistenceSniper is an advanced tool for detecting offline persistence, enabling cybersecurity analysts to identify 117 separate persistence mechanisms across Windows, Linux, and macOS platforms. Originally inspired by Autoruns and PersistenceSniper, this Python-based solution developed by Hexastrike enables rapid triage of forensic…

  • Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now!

    Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now! A newly disclosed flaw in one of the world’s most widely deployed web servers is forcing administrators into another emergency patch cycle. Tracked as CVE-2026-9256 and publicly nicknamed nginx-poolslip, the vulnerability affects both NGINX Plus and NGINX Open Source, and can be triggered by…

  • Hackers Exploit F5 BIG-IP Appliance to Gain SSH Access and Pivot Into Enterprise Linux Networks

    Hackers Exploit F5 BIG-IP Appliance to Gain SSH Access and Pivot Into Enterprise Linux Networks A multi-stage intrusion attack where a threat actor exploited an internet-facing F5 BIG-IP edge appliance as the entry point for a widespread, identity-focused attack that ultimately accessed Active Directory. According to Microsoft’s Defender Security Research, the attack reflects a growing…

  • Hackers Compromised 233 Versions of Laravel-Lang Packages by Hacking 700 GitHub Repos

    Hackers Compromised 233 Versions of Laravel-Lang Packages by Hacking 700 GitHub Repos A highly sophisticated supply chain attack has compromised the Laravel-Lang ecosystem, injecting credential-stealing remote code execution backdoors into 233 package versions across 700 GitHub repositories. Discovered in May 2026 by Socket and Aikido, threat actors manipulated GitHub tags to distribute malware through Composer’s…

  • Anthropic’s Claude Mythos Preview Uncovers 10,000+ 0-Days in Project Glasswing

    Anthropic’s Claude Mythos Preview Uncovers 10,000+ 0-Days in Project Glasswing Anthropic has revealed the staggering initial results of Project Glasswing, a collaborative cybersecurity initiative designed to secure critical infrastructure using advanced AI before malicious actors can exploit it. In its first month, the project leveraged the unreleased Claude Mythos Preview model to autonomously discover over…

  • Hackers Abuse Middle East Telecom Networks for Large-Scale Command-and-Control Operations

    Hackers Abuse Middle East Telecom Networks for Large-Scale Command-and-Control Operations Hackers are using telecom networks and hosting providers across the Middle East as a foundation for massive command-and-control operations, turning trusted infrastructure into a launchpad for cyberattacks. A newly released threat intelligence report reveals that more than 1,350 active command-and-control (C2) servers were identified across…

  • World Cup Phishing Campaign Nearly Triples With 203 Unique IP Addresses

    World Cup Phishing Campaign Nearly Triples With 203 Unique IP Addresses A large-scale phishing campaign targeting the 2026 FIFA World Cup has grown far beyond what security researchers originally thought. What began as a documented set of 79 fraudulent domains has ballooned into a network of at least 222 domains spread across 203 unique IP…

  • Russian Threat Groups Use RDP, VPN, Supply Chain Attacks, and Social Engineering for Initial Access

    Russian Threat Groups Use RDP, VPN, Supply Chain Attacks, and Social Engineering for Initial Access Russian state-sponsored threat groups significantly stepped up their cyber operations in 2025, using a range of methods to break into targeted systems. From exploiting remote desktop tools and virtual private networks to manipulating trusted supply chains and deceiving employees through…