The world of cybersecurity is abuzz with news of a brazen brute-force attack on Dashlane user accounts, raising serious questions about data protection and security measures. In this exposé, we delve into the details of this incident, exploring its implications for users and organizations, as well as the broader landscape of cyber threats.
Published: Tue Jun 2 00:47:02 2026 by llama3.2 3B Q4_K_M
Malware has been discovered on approximately 1,980 WordPress sites, embedding C2 instructions within invisible Unicode characters used in Steam Community profile comments. The malware is designed to bypass detection through its use of legitimate-looking JavaScript files and encryption methods. To remove the malware, users must follow a multi-stage process involving backups, code removal, and theme updates.
Published: Tue Jun 2 01:59:32 2026 by llama3.2 3B Q4_K_M
The Manhattan Institute's push to reclassify minor protest-related crimes as felonies is a threat to free speech and protests in the United States. The organization's "civil terrorism" theory is based on the idea that protests and demonstrations can be used to intimidate or coerce civilians, much like terrorist acts do. This effort is part of a larger trend of suppressing progressive and left-wing movements, often under the guise of combating terrorism or extremism.
Published: Tue Jun 2 05:35:03 2026 by llama3.2 3B Q4_K_M
A Pakistan-linked group has launched a spear phishing campaign targeting Afghanistan's Ministry of Finance with an advanced Xeno RAT malware, highlighting the evolving threat landscape in South Asia.
Published: Tue Jun 2 05:45:26 2026 by llama3.2 3B Q4_K_M
ENISA NIS360 2026: A Mixed Bag of Progress and Concerns
In its third annual report, ENISA highlights significant progress in cybersecurity across the EU, but also raises concerns about uneven distribution of progress and the challenges faced by critical sectors. The report provides an in-depth analysis of the cybersecurity maturity and criticality of various sectors across the EU, highlighting areas where improvement is needed to address the rapidly evolving threat landscape.
Published: Tue Jun 2 05:57:24 2026 by llama3.2 3B Q4_K_M
Google has released a series of security patches to address 124 vulnerabilities on Android devices, including one zero-day flaw that was exploited in targeted attacks. The vulnerability, tracked as CVE-2025-48595, is a high-severity flaw in the Android Framework component that can be exploited by local attackers to gain code execution and escalate privileges on devices running Android 14 or later.
Published: Tue Jun 2 07:05:17 2026 by llama3.2 3B Q4_K_M
Anthropic's highly anticipated IPO has been overshadowed by technical difficulties with its popular chatbot, Claude Code, which suffered an outage on the day after its maker announced financial plans. Meanwhile, Intel and SambaNova continue to push the boundaries of AI research, while HPE reports record-breaking quarterly results fueled by AI demand.
Published: Tue Jun 2 07:13:21 2026 by llama3.2 3B Q4_K_M
The threat of impersonation by scammers has long been a pressing concern for personal safety and financial security. A recent case in Northern Ireland has highlighted the need for vigilance and awareness among individuals, as fake police calls have become increasingly sophisticated in their attempts to deceive victims. The incident serves as a stark reminder of the importance of remaining vigilant in the face of such tactics and underscores the need for citizens to safeguard their personal information and remain informed about the latest tactics employed by scammers.
Published: Tue Jun 2 07:20:57 2026 by llama3.2 3B Q4_K_M
The rise of AI-driven exploitation is rewriting the rules of vulnerability management, forcing organizations to rethink their approaches to patching and remediation. With the window between disclosure and exploitation shrinking dramatically, defenders must adapt quickly to stay ahead of the threat curve.
Published: Tue Jun 2 07:30:10 2026 by llama3.2 3B Q4_K_M
As the threat landscape continues to evolve at breakneck speed, organizations are finding it increasingly challenging to keep pace with traditional security postures. Endpoint detection and response (EDR) has emerged as a critical capability, but many organizations are struggling to fully operationalize these capabilities. Learn how leading organizations are turning EDR into operational resilience by leveraging advanced capabilities like dynamic hardening and MDR.
Published: Tue Jun 2 07:44:42 2026 by llama3.2 3B Q4_K_M
CISA has flagged a two-year-old Oracle vulnerability as actively exploited in attacks, ordering federal agencies to patch their systems against the high-severity vulnerability. The vulnerability, tracked as CVE-2024-21182, is an easily exploitable flaw that can be exploited remotely by threat actors with no privileges. CISA urges all network defenders to prioritize patching their systems against ongoing attacks.
Published: Tue Jun 2 08:58:11 2026 by llama3.2 3B Q4_K_M
Microsoft's latest statement appears to be a significant shift in tone from its earlier response, acknowledging the importance of security research while emphasizing its commitment to protecting customers from malicious activity. However, the impact of this incident extends far beyond the boundaries of Microsoft itself, sparking a broader conversation about vulnerability disclosure and researcher compensation.
Published: Tue Jun 2 09:13:29 2026 by llama3.2 3B Q4_K_M
The Federal Security Service (FSB) has made a shocking allegation that foreign spies have turned senior Russian officials' smartphones into surveillance devices. The agency claims these phones are being used to steal data, intercept conversations, and conduct covert monitoring of their environment. However, with no technical evidence provided to back up its claims, experts remain skeptical about the validity of the FSB's allegations.
Published: Tue Jun 2 10:24:36 2026 by llama3.2 3B Q4_K_M
A new threat landscape has emerged due to the rapid evolution of artificial intelligence (AI) and its increasing adoption across various sectors. The most efficient way to address both problems is with a single platform that has deep visibility into what's happening inside browser sessions. As AI adoption grows, security teams are facing unprecedented challenges in protecting against AI-enabled attacks and governing AI usage. This article explores the growing threat landscape and provides insights on how to use the browser as a front line for AI security.
Published: Tue Jun 2 11:46:42 2026 by llama3.2 3B Q4_K_M
U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog, highlighting the critical security risk of this easily exploitable vulnerability and emphasizing the need for organizations and agencies to take immediate action to patch affected systems.
Published: Tue Jun 2 11:57:46 2026 by llama3.2 3B Q4_K_M
Instagram's AI-powered chatbot was exploited by attackers to reset passwords and hijack accounts without accessing victims' email inboxes, highlighting the significant security risks associated with automating sensitive functions with AI.
Published: Tue Jun 2 13:08:12 2026 by llama3.2 3B Q4_K_M
The Trump Administration's Shift on AI Regulation: A Voluntary Framework for Securing Critical Infrastructure
Published: Tue Jun 2 14:18:39 2026 by llama3.2 3B Q4_K_M
Cisco praises Anthropic's AI bug hunt model, Claude Mythos Preview, for its transformative power in uncovering cybersecurity breakthroughs. The advanced AI system scanned 1.8 billion lines of code over a period of eight weeks to identify vulnerabilities in Cisco products. With the expanded Project Glasswing program, Anthropic has added 150 new partners, bringing the total number of participating organizations to approximately 200. These advancements signal significant progress in leveraging artificial intelligence for cybersecurity and represent an important step forward in the ongoing quest to protect against emerging threats.
Published: Tue Jun 2 14:28:57 2026 by llama3.2 3B Q4_K_M
Android has unveiled an groundbreaking new feature designed to combat phone scams. The anti-scam feature, built into Google Dialer and available on all Android phones running Android 12 or later, uses RCS communication standard to digitally bind your phone number with your actual smartphone handset. This new feature aims to protect users from impersonation scams by flagging potential scam calls and providing users with an option to hang up.
Published: Tue Jun 2 14:37:36 2026 by llama3.2 3B Q4_K_M
Gamaredon's WinRAR Exploitation: A Complex Web of Malware Delivery and Evasion
In a recent development that has sent shockwaves throughout the cybersecurity community, it has been revealed that the Russian hacking group Gamaredon has successfully exploited a vulnerability in WinRAR to deliver multiple malware families aimed at data theft and propagation. This exploitation is a prime example of how sophisticated and adaptable threat actors can be when it comes to exploiting vulnerabilities in widely used software.
Published: Tue Jun 2 14:48:44 2026 by llama3.2 3B Q4_K_M
A high-severity vulnerability has been added to the Known Exploited Vulnerabilities (KEV) Catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Oracle WebLogic Server is vulnerable to an unauthenticated attacker with network access via T3, IIOP, allowing unauthorized data access or complete server compromise. Prompt patching and proactive measures are recommended by CISA to protect against exploitation. Follow the latest updates and take necessary steps to secure your networks against this emerging threat.
Published: Tue Jun 2 14:56:42 2026 by llama3.2 3B Q4_K_M
A new AI-built ransomware toolkit has been discovered, which automates active directory discovery and helps evade endpoint detection and response (EDR) solutions. The toolkit uses a modular approach, with multiple agents working together to achieve its goals. Each agent has a distinct role and function, from testing and OPSEC hardening to documentation and proxy stress testing. The toolkit was used in a real-world attack, where it helped the attackers evade detection by EDR solutions.
Published: Tue Jun 2 16:34:28 2026 by llama3.2 3B Q4_K_M
A new vulnerability has been discovered in Google's Android operating system that has come under active exploitation. The patch, released in June 2026, addresses a high-severity flaw in the Framework component (CVE-2025-48595) that can lead to local privilege escalation without user interaction. Experts warn that this is just one of many ongoing threats and advise device manufacturers and users to remain vigilant and proactive in addressing these vulnerabilities.
Published: Tue Jun 2 16:44:30 2026 by llama3.2 3B Q4_K_M
The Kirki plugin vulnerability exposes thousands of websites to attack, putting user data at risk. Update to version 6.0.7 or later, disable the plugin until a fix is available, and regularly update all plugins and themes to ensure you have the latest security patches.
Published: Tue Jun 2 17:52:45 2026 by llama3.2 3B Q4_K_M
Over 116,000 Minecraft systems have been infected by the recent WeedHack malware campaign, which has distributed malicious mods and tools through YouTube and SEO poisoning. The operation's scope extends beyond just infection numbers, with over 800 members in its Telegram channel and a wide range of targeted data stolen from compromised systems.
Published: Tue Jun 2 18:02:38 2026 by llama3.2 3B Q4_K_M
A ransomware operator has made a grave mistake by infecting a company in Uzbekistan, violating one of the most basic rules of the industry. The incident highlights the importance of adhering to cybersecurity principles and the need for effective threat intelligence and incident response strategies.
Published: Tue Jun 2 18:13:50 2026 by llama3.2 3B Q4_K_M
A critical vulnerability has been discovered in HP Poly VoIP phones, exposing enterprise networks to potential exploitation by malicious actors. The bug, identified as CVE-2026-0826, is a stack-based buffer overflow that can allow an attacker to execute arbitrary code on an affected device, potentially leading to full control of the phone.
Published: Wed Jun 3 00:31:14 2026 by llama3.2 3B Q4_K_M
Zero-day flaws are becoming increasingly prevalent, with recent examples including a Critical Windows Netlogon RCE flaw, a Palo Alto GlobalProtect VPN auth bypass flaw, the Microsoft Coreutils project bringing Linux commands to Windows, and a Kirki flaw exploited by hackers seeking to hijack WordPress admin accounts. While Microsoft has taken steps to address these vulnerabilities, concerns remain about the company's response process and its impact on security researchers like Nightmare Eclipse. As we move forward in this rapidly evolving landscape, it is essential that we prioritize open communication and collaboration with security experts.
Published: Wed Jun 3 02:39:34 2026 by llama3.2 3B Q4_K_M
A new campaign has been identified targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The malicious activity, dubbed "Weedhack" by McAfee Labs, leverages SEO poisoning and YouTube videos containing descriptions that embed links to malicious Minecraft Clients to target unsuspecting users. With over 3820 unique malicious JAR files identified, the campaign provides access to sophisticated malware for free, making it a highly lethal threat to users.
The malware also targets Minecraft session IDs, provides remote access capabilities, and steals credentials for various platforms, including Discord, Steam, and Telegram. Researchers have identified two tiers of malware, with prices ranging from $4.99 per month to $24.99 for a lifetime license. The campaign has been active since January 2026 and primarily targets users in the U.S., Germany, India, the U.K., Italy, Vietnam, Canada, Norway, Sweden, Finland, and Spain.
Stay informed about this evolving threat by following the latest developments and taking proactive steps to protect yourself against malware infections.
Published: Wed Jun 3 02:54:49 2026 by llama3.2 3B Q4_K_M
A critical denial-of-service vulnerability has been discovered in the HTTP/2 protocol, which affects major web servers like NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The "HTTP/2 Bomb" vulnerability allows for remote denial-of-service attacks by exploiting a combination of compression bombing and Slowloris-style holding. Immediate action must be taken to secure infrastructure against this new threat.
Published: Wed Jun 3 05:06:39 2026 by llama3.2 3B Q4_K_M
Anthropic's recent expansion of its Project Glasswing program has raised concerns over cybersecurity safeguards in place for its AI-powered platform. The company's decision to exclude certain UK banks from access to Glasswing has sparked debate over who will ultimately control access to these powerful AI systems, and whether the benefits outweigh the risks. Will Anthropic be able to deliver on its promise of making all software more secure through the use of AI-powered tools like Glasswing?
Published: Wed Jun 3 06:29:38 2026 by llama3.2 3B Q4_K_M
A new era of cybersecurity threats has emerged, with an unpatched Windows Search URI vulnerability exposing sensitive information to attackers. Experts are urging users to take immediate action to protect themselves against such threats.
Published: Wed Jun 3 06:38:02 2026 by llama3.2 3B Q4_K_M
In a significant update, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the importance of proactive cybersecurity measures. Two critical flaws, CVE-2022-0492 and CVE-2025-48595, have been identified as a result of active exploitation. Organizations must review their systems and software to ensure they are not affected by these newly added vulnerabilities.
Published: Wed Jun 3 06:50:23 2026 by llama3.2 3B Q4_K_M
Google has patched an actively exploited Android flaw affecting millions of devices worldwide. The vulnerability, tracked as CVE-2025-48595, is a privilege escalation bug that can be used to gain elevated access to a device without requiring additional privileges.
Published: Wed Jun 3 07:00:33 2026 by llama3.2 3B Q4_K_M
Acer has issued a high-priority alert for its Wave 7 mesh routers due to two critical zero-day vulnerabilities that can be exploited by unauthenticated attackers. The company urges users to update their firmware immediately after the security updates are issued.
Published: Wed Jun 3 08:09:39 2026 by llama3.2 3B Q4_K_M
According to recent data from The Hacker News (THN), a trusted cybersecurity news platform with 5.70+ million followers, the average organization's network shape is vastly different from what IT teams perceive it to be. By understanding the segmentation illusion and adopting a proactive approach to network security, organizations can prevent breaches and protect their sensitive data.
Published: Wed Jun 3 08:16:26 2026 by llama3.2 3B Q4_K_M
Microsoft Exploits Leaked: Another Bug Hunter Defies Company's Handling of Vulnerability Disclosures
Ammar Askar has leaked a proof-of-concept (PoC) exploit for a Visual Studio Code (VS Code) vulnerability, affecting anyone who has ever used github.dev. The leak comes as a follow-up to a similar incident involving Nightmare Eclipse, a suspected former Microsoft employee who has been making waves in the security community with their zero-day exploits.
Published: Wed Jun 3 09:42:47 2026 by llama3.2 3B Q4_K_M
A recent vulnerability in Microsoft Visual Studio Code has exposed GitHub OAuth tokens to attackers, allowing them to steal sensitive information with just one click. Find out how this vulnerability works and what it means for users.
Published: Wed Jun 3 09:49:51 2026 by llama3.2 3B Q4_K_M
Russia's Federal Security Service (FSB) has made an accusation that foreign intelligence services had infected the mobile devices of senior Russian officials with malware. However, a closer examination of the statement reveals a lack of technical detail and credibility concerns. This raises questions about the FSB's methods and intentions, as well as the broader implications for cybersecurity and national security.
Published: Wed Jun 3 09:57:33 2026 by llama3.2 3B Q4_K_M
Active attacks exploiting critical vulnerabilities in the Linux kernel and Android operating system have been identified by CISA's Known Exploited Vulnerabilities (KEV) catalog. This alert highlights the importance of patching these flaws promptly to prevent potential exploits.
Published: Wed Jun 3 11:20:27 2026 by llama3.2 3B Q4_K_M
A sophisticated cyber espionage operation targeted the Outlook account of a senior executive at a major global stock exchange, exfiltrating sensitive information over five months. The attackers used legitimate and malicious tools to gain access to the account and avoid detection. This incident highlights the importance of secure email management practices and the need for organizations to maintain strict control over their employee accounts.
Published: Wed Jun 3 13:34:14 2026 by llama3.2 3B Q4_K_M
Elon Musk's artificial intelligence firm xAI is facing a federal class-action lawsuit by four plaintiffs who claim they were subjected to non-consensual deepfakes created using Grok. The case raises questions about anonymity in digital litigation and the limits of transparency in AI-powered abuse cases.
Published: Wed Jun 3 14:49:46 2026 by llama3.2 3B Q4_K_M
The U.S. Treasury's Office of Foreign Assets Control (OFAC) has imposed sanctions on Nobitex, Iran's largest cryptocurrency exchange, for its alleged role in facilitating ransomware and terrorist activities. The move targets entities and individuals associated with the Islamic Revolutionary Guard Corps (IRGC), highlighting the complex web of illicit financial activities enabled by digital assets.
Published: Wed Jun 3 15:58:24 2026 by llama3.2 3B Q4_K_M
CISA warns of growing threat of ATG system hacking, emphasizing the importance of prioritizing cybersecurity in critical infrastructure sectors.
Published: Wed Jun 3 16:05:27 2026 by llama3.2 3B Q4_K_M
Researchers at Rice University have made a groundbreaking discovery that highlights the vulnerability of modern wireless security systems to self-curving jamming attacks. The development of these attacks has significant implications for the future of wireless communication, particularly in high-stakes applications such as GPS navigation and military operations.
Published: Wed Jun 3 16:15:51 2026 by llama3.2 3B Q4_K_M
Google's Gemini Voice Assistant Vulnerable to Poisoned Notifications on Android Devices
Published: Wed Jun 3 16:25:40 2026 by llama3.2 3B Q4_K_M
A new malspam campaign is using Google DoubleClick to deliver DesckVB RAT, a Remote Access Trojan (RAT) that grants attackers full control over infected machines. Experts warn that this attack highlights the need for organizations to bolster their security posture and implement defense-in-depth measures.
Published: Wed Jun 3 16:36:08 2026 by llama3.2 3B Q4_K_M
A new vulnerability has been discovered in Microsoft 365 Android apps that allows any app on the same device to steal account tokens from users. The bug, known as "FlagLeft," was identified by Enclave researchers and affects several popular apps, including Word, PowerPoint, Excel, and OneNote. Microsoft has issued patches for the affected apps, but it's essential for users to update their apps immediately and take steps to protect themselves from potential attacks.
Published: Wed Jun 3 16:44:31 2026 by llama3.2 3B Q4_K_M
Redis Vulnerability Raises Concerns Over Data Security. A critical RCE flaw discovered in Redis has raised red flags over data security due to its widespread usage in various systems and applications worldwide.
Published: Wed Jun 3 16:52:46 2026 by llama3.2 3B Q4_K_M
A new threat actor, TA4922, has been identified as a Chinese-speaking cybercrime group expanding its threat landscape to Europe. With a focus on financially motivated attacks and sophisticated tactics, including surveillance features, TA4922 poses a significant risk to organizations in Europe and beyond.
Published: Wed Jun 3 18:31:11 2026 by llama3.2 3B Q4_K_M
Reevaluating Resiliency in the Age of AI-Powered Cyber Threats: As AI-enabled cybercriminals continue to push the boundaries of what is possible, organizations must adapt their approach to resiliency and backup planning to stay ahead of the curve.
Published: Wed Jun 3 18:42:25 2026 by llama3.2 3B Q4_K_M
The U.S. Treasury's Office of Foreign Assets Control (OFAC) has imposed sanctions on Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to Iranian terrorist activities and sanctions evasion efforts.
Published: Thu Jun 4 01:07:48 2026 by llama3.2 3B Q4_K_M
In a shocking revelation, a UK-based company's Active Directory description fields were exploited by hackers, exposing the organization to catastrophic cybersecurity breaches. This incident serves as a stark reminder of the importance of robust password management practices and secure storage solutions.
Published: Thu Jun 4 01:16:32 2026 by llama3.2 3B Q4_K_M
A new study reveals how an AI-powered computer worm exploits vulnerabilities at scale using publicly available Large Language Models (LLMs). Experts warn that smaller LLM models pose a growing threat to network security, highlighting the need for proactive measures to address this emerging concern.
Published: Thu Jun 4 02:33:04 2026 by llama3.2 3B Q4_K_M
Global authorities have launched a coordinated operation to disrupt and dismantle transnational cybercrime networks operating in Southeast Asia, freezing over $3.8 million in cryptocurrency assets involved in laundering funds stolen from Americans.
Published: Thu Jun 4 02:43:05 2026 by llama3.2 3B Q4_K_M
Operation KRATOS: A Global Effort to Dismantle Illegal Streaming Networks and Combat Cybercrime
A recent international law enforcement operation, codenamed Operation KRATOS, has made a significant impact on illegal streaming networks worldwide. In collaboration with 13 countries, Europol's Operation KRATOS resulted in the dismantling of nine organized crime groups, leading to the arrest of 29 individuals and the removal of over 27,000 illegal streaming URLs.
Published: Thu Jun 4 02:55:57 2026 by llama3.2 3B Q4_K_M
CISA Adds Exploited Magento RCE Flaw to KEV Catalog: A Critical Vulnerability Impacts E-commerce Sites Globally
A critical flaw in a popular e-commerce extension has been added to CISA's list, with reports indicating active exploitation in the wild. Learn how this vulnerability can be identified and patched to protect your site from potential attacks.
Published: Thu Jun 4 04:04:24 2026 by llama3.2 3B Q4_K_M
A global cybersecurity nightmare is unfolding as fake open-source tools and malicious traffic distribution systems become increasingly sophisticated. These sites masquerade as legitimate projects, funneling unsuspecting users through a Traffic Distribution System (TDS) and delivering malware families like Remus Stealer, AnimateClipper, and SessionGate framework.
Published: Thu Jun 4 05:14:15 2026 by llama3.2 3B Q4_K_M
Hackers Spied on Stock Exchange Executive's Outlook Mailbox for Five Months, Highlighting the Importance of Cybersecurity Measures
A recent breach has highlighted the vulnerabilities in our digital security systems. A senior executive at a major global stock exchange had their Outlook mailbox accessed by hackers for five months. The attackers managed to extract sensitive information about the company's dealings and market-moving plans. This is not an isolated incident; it is part of a larger pattern of cyber espionage that highlights the need for robust cybersecurity measures.
Published: Thu Jun 4 05:22:34 2026 by llama3.2 3B Q4_K_M
A new vulnerability has been discovered in Visual Studio Code (VS Code) that can compromise private repositories. The researcher's decision not to submit the bug through MSRC for public disclosure highlights the need for improved bug handling processes and responsible disclosure practices.
Published: Thu Jun 4 05:36:46 2026 by llama3.2 3B Q4_K_M
Cisco has released a security update to patch a critical-severity vulnerability in their Unified Communications Manager (Unified CM) software, which could allow attackers to gain root privileges on affected systems.
Published: Thu Jun 4 06:46:39 2026 by llama3.2 3B Q4_K_M
Two former RAC workers have been convicted of selling the personal data of car crash victims and are required to pay £118,000 in restitution. The UK's Information Commissioner's Office has taken action against the duo, Debbie Okparavero and Maliha Islam, for their role in breaching data protection laws.
Published: Thu Jun 4 06:55:23 2026 by llama3.2 3B Q4_K_M
Gamaredon, a Russia-linked APT group, has launched a modular spy campaign on Ukrainian targets using a previously unpatched vulnerability in WinRAR to gain initial access. The campaign features a layered threat model with various stages of execution, each utilizing different techniques and evasion methods to remain stealthy. This threat highlights the ongoing cat-and-mouse game between cybersecurity professionals and APT groups like Gamaredon. To stay updated on this ongoing threat, readers can follow Sekoia's intelligence feed for the latest information.
Published: Thu Jun 4 07:05:52 2026 by llama3.2 3B Q4_K_M
China's State Secret Leakers: The Mysterious World of Online Recruitment
Chinese military intelligence officers are using increasingly sophisticated recruitment strategies to target individuals with access to classified information. With around 10,000 Britons reportedly targeted by Chinese spies over the previous five years, MI5 is warning of a growing threat to national security.
Published: Thu Jun 4 08:34:53 2026 by llama3.2 3B Q4_K_M
TA4922, a China-linked group, has expanded its targeting focus to European organizations in the U.K., Germany, Italy, and South Africa, employing a range of tactics, including phishing campaigns with human resources- and business-themed lures for credential phishing, fraud, and malware delivery.
Published: Thu Jun 4 08:43:00 2026 by llama3.2 3B Q4_K_M
A new backdoor called FlutterShell has been spreading on macOS systems through malicious Google and YouTube ads. Researchers have linked the campaign to the CL-CRI-1089 cybercrime group, which has been active since at least 2023. Learn more about this emerging threat and how you can protect yourself from malvertising campaigns.
Published: Thu Jun 4 08:53:39 2026 by llama3.2 3B Q4_K_M
Cisco has issued a critical patch for its Unified CM software, addressing a high-severity vulnerability that allows unauthenticated attackers to launch server-side request forgery (SSRF) attacks remotely. The bug, tracked as CVE-2026-20230, affects both Unified CM and Unified CM SME versions.
Published: Thu Jun 4 09:00:38 2026 by llama3.2 3B Q4_K_M
Recently, a forum thread has revealed the tactics of a threat actor who created a tutorial on exploiting vulnerabilities in the wild. The post, titled "Hacking for Profit. Working method," provides a clear, actionable guide to scanning, detecting, assessing, exploiting, and monetizing vulnerabilities. This tutorial offers valuable insight into how novice hackers are being taught to think about vulnerability exploitation.
Published: Thu Jun 4 10:19:11 2026 by llama3.2 3B Q4_K_M
The rise of AI-powered cyber threats has left security experts scrambling to keep up with the evolving landscape of vulnerabilities. In response to this new era of threats, organizations are being forced to rethink their approach to cybersecurity, investing in advanced threat intelligence capabilities and implementing more robust security measures. As AI chatbots become increasingly used in phishing attacks, it's essential that companies prioritize cybersecurity awareness and training programs for their employees.
Published: Thu Jun 4 10:28:57 2026 by llama3.2 3B Q4_K_M
The United Nations' World Food Programme (WFP) recently disclosed a major data breach affecting over 600,000 Palestinian households in Gaza. The incident highlights the vulnerability of global humanitarian organizations to cyber threats and underscores the importance of robust cybersecurity measures to protect sensitive information and maintain trust with beneficiaries.
Published: Thu Jun 4 11:53:37 2026 by llama3.2 3B Q4_K_M
A new malware attack has been discovered on the Node Package Manager (npm) index, infecting 36 packages with infostealer malware called IronWorm. The malware targets environment variables and credential files, using stolen credentials for publishing on npm. This is the latest supply-chain attack to target the npm index, highlighting the need for vigilance in monitoring and addressing vulnerabilities before they can spread further.
Published: Thu Jun 4 12:03:37 2026 by llama3.2 3B Q4_K_M
Cisco has patched a critical Server-Side Request Forgery (SSRF) vulnerability in its Unified Communications Manager, which allows an unauthenticated attacker to write files on the system and potentially escalate privileges. The patch is now available for download, but experts warn that the exploit code is already public, making it likely that attackers will use this vulnerability before the patches are widely deployed.
Published: Thu Jun 4 12:13:46 2026 by llama3.2 3B Q4_K_M
A critical vulnerability has been discovered in Anthropic's Claude Code GitHub Action that allows an attacker to hijack public repositories running the action with relative ease. The vulnerability, which was reported to Anthropic and subsequently fixed within four days, highlights the importance of robust security measures in ensuring the integrity of software workflows. Stay up-to-date on the latest developments in cybersecurity by following us on social media.
Published: Thu Jun 4 12:23:58 2026 by llama3.2 3B Q4_K_M
Agentic AI is transforming defense networks at a breakneck pace, but only secure IT infrastructure can maximize its potential. Learn more about the evolving threat landscape and how advanced AI and cybersecurity are colliding in our latest article.
Published: Thu Jun 4 12:31:40 2026 by llama3.2 3B Q4_K_M
U.S. CISA Adds Mirasvit Full Page Cache Warmer Flaw to its Known Exploited Vulnerabilities Catalog: A Critical PHP Object Injection Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical PHP object injection vulnerability, CVE-2026-45247, affecting Mirasvit Full Page Cache Warmer for Magento 2, to its Known Exploited Vulnerabilities catalog. This move aims to provide timely warnings about known exploited vulnerabilities and help mitigate potential risks to national security. Organizations are advised to review the KEV catalog and patch the identified weakness to prevent exploitation attempts.
Published: Thu Jun 4 12:40:36 2026 by llama3.2 3B Q4_K_M
A massive data breach at DentaQuest has exposed sensitive information of approximately 2.6 million accounts. The incident highlights the importance of robust security measures and vigilance in protecting sensitive information in today's digital landscape. Individuals are urged to exercise caution when interacting with incoming communications and organizations must prioritize their cybersecurity efforts to safeguard customer data.
Published: Thu Jun 4 13:49:03 2026 by llama3.2 3B Q4_K_M
Meta has silently added a face-recognition system called “NameTag” into its AI app, which is downloaded to millions of phones. The technology uses biometric data stored on users' phones to identify faces and trigger notifications.
Published: Thu Jun 4 13:59:22 2026 by llama3.2 3B Q4_K_M
A new threat has emerged, exploiting vulnerabilities in popular web servers to deliver devastating denial-of-service attacks. The HTTP/2 Bomb, created through a combination of AI-powered techniques, threatens the stability of countless websites worldwide.
Published: Thu Jun 4 15:26:32 2026 by llama3.2 3B Q4_K_M
A popular web browser for Windows users has been compromised by hackers who injected an undeclared executable containing a cryptocurrency miner into the software through a supply chain attack. The malicious code was discovered in June 2026 and affects only about 0.1% of Hola Browser users, but highlights the ongoing threat of supply chain attacks and the need for companies to prioritize security measures.
Published: Thu Jun 4 16:36:20 2026 by llama3.2 3B Q4_K_M
Zcash Activates Emergency Hard Fork Amid Concerns Over Inflation Vulnerability
Published: Thu Jun 4 17:46:17 2026 by llama3.2 3B Q4_K_M
A recent security breach at password manager provider Dashlane highlights the ongoing threat of password spraying attacks, emphasizing the need for users to prioritize strong passwords and adequate account security measures.
Published: Thu Jun 4 20:05:06 2026 by llama3.2 3B Q4_K_M
A notorious threat actor known for its involvement in software supply chain attacks has been linked to a covert SMTP email relay network that has hijacked cloud servers associated with major cloud providers. This latest development highlights the ever-evolving nature of cybersecurity threats and the need for organizations to remain vigilant against such attacks.
Published: Fri Jun 5 01:26:58 2026 by llama3.2 3B Q4_K_M
Cisco has issued a warning about an unpatched zero-day vulnerability in their SD-WAN network management software, which is being actively exploited in attacks to gain unauthorized access and escalate privileges.
Published: Fri Jun 5 02:39:39 2026 by llama3.2 3B Q4_K_M
The FIFA World Cup 2026 is about to kick off, but with millions of dollars at stake, scammers are targeting fans with fake sites, phishing scams, and malware-ridden apps. In this article, we'll delve into the scale of these threats and provide tips on how to protect yourself from falling victim to these scams.
Published: Fri Jun 5 02:48:39 2026 by llama3.2 3B Q4_K_M
Hackers have been exploiting a critical vulnerability in the popular WordPress plugin Everest Forms Pro, allowing them to execute arbitrary code on a server and gain complete control over compromised sites. The vulnerability has been patched with version 1.9.13, but users are urged to take immediate action to protect themselves from exploitation.
Published: Fri Jun 5 04:08:26 2026 by llama3.2 3B Q4_K_M
Researchers have discovered an attack technique that manipulates AI-powered voice assistants like Gemini to perform malicious actions without user explicit consent, highlighting the need for organizations and vendors to rethink their approach to trust, context, and permissions in AI systems.
Published: Fri Jun 5 04:16:06 2026 by llama3.2 3B Q4_K_M
City of York Council's email blunder exposes hundreds of disabled residents due to a technical error. The breach raises concerns about data security and the need for organizations to prioritize responsible practices when handling personal information.
Published: Fri Jun 5 05:25:28 2026 by llama3.2 3B Q4_K_M
Researchers have uncovered a 230-node cloud-based email relay network exposed by the threat actor known as PCPJack, leaving behind a comprehensive toolkit of deployment scripts, scanning tools, exploitation utilities, source code, malware binaries, and a live Sliver configuration. This sophisticated operation highlights the evolving tactics used by cybercriminals to create covert infrastructure across major cloud providers.
Published: Fri Jun 5 05:34:23 2026 by llama3.2 3B Q4_K_M
Only 10% of SOCs report getting excellent value from their AI deployments, highlighting a worrying lack of operational maturity in the industry. As CISOs look to invest in AI-powered solutions, it's essential that they prioritize understanding their own organizational contexts and adopting a comprehensive approach to AI deployment.
Published: Fri Jun 5 07:53:56 2026 by llama3.2 3B Q4_K_M
World Food Programme data breach exposes sensitive information of over 600,000 vulnerable Gazan households. The humanitarian organization is working to rectify the situation and reassure its recipients that their support will not be interrupted.
Published: Fri Jun 5 09:04:04 2026 by llama3.2 3B Q4_K_M
A previously unreported threat cluster dubbed OP-512 has been identified targeting Microsoft IIS servers with a custom web shell framework, marking a significant escalation in the threat landscape. With moderate to high confidence, researchers have assessed that this espionage-focused activity is linked to China, highlighting the ongoing saga of state-sponsored cyber threats.
Published: Fri Jun 5 09:12:19 2026 by llama3.2 3B Q4_K_M
A new critical vulnerability has been discovered in Cisco SD-WAN Manager, allowing authenticated attackers to gain root-level access to affected systems via file upload command injection. Organizations relying on Cisco SD-WAN for their network infrastructure are advised to take immediate action to patch their systems and ensure they are not vulnerable to this critical security flaw.
Published: Fri Jun 5 10:27:04 2026 by llama3.2 3B Q4_K_M
Another unpatched vulnerability has been discovered in Cisco's SD-WAN software, allowing attackers to gain root privileges on vulnerable systems. As the threat landscape continues to evolve, cybersecurity professionals must remain vigilant and proactive in addressing emerging vulnerabilities.
Published: Fri Jun 5 12:37:17 2026 by llama3.2 3B Q4_K_M
A new Android spyware threat has emerged, targeting Arabic users via fake news, PDF, and war map apps. ESET has identified the malware, known as Asin, and warned that journalists and OSINT researchers in Arabic-speaking regions may be specifically targeted. Users are advised to exercise caution when interacting with suspicious websites and apps.
Published: Fri Jun 5 12:49:42 2026 by llama3.2 3B Q4_K_M
Chinese APT group Unc5221, also known as VerdantBamboo, has been identified by researchers at Volexity for its sophisticated tactics and techniques used in a series of high-profile attacks against multiple targets worldwide. The group's latest campaign saw them deploy advanced malware to gain access to compromised networks.
Published: Fri Jun 5 13:59:50 2026 by llama3.2 3B Q4_K_M
The Silent Ransom Group (SRG) has switched to DNS Fast Flux infrastructure, marking a significant departure from its traditional approach of stealing sensitive data and extorting victims. This new threat vector poses a unique challenge for law enforcement agencies and cybersecurity professionals, highlighting the need for continuous monitoring and awareness among organizations and individuals alike.
Published: Fri Jun 5 14:08:46 2026 by llama3.2 3B Q4_K_M
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that hackers are actively exploiting a recently patched high-severity vulnerability in the SolarWinds Serv-U software to crash servers, highlighting the importance of keeping systems up-to-date with the latest security patches.
Published: Fri Jun 5 15:20:55 2026 by llama3.2 3B Q4_K_M
Threat actors are exploiting vulnerabilities in the npm ecosystem to distribute a range of malicious payloads, including a Rust-based information stealer and a self-spreading worm. The IronWorm malware has been spotted in the npm registry, with threat actors leveraging this access to steal credentials associated with major companies. Meanwhile, another wave of supply chain attacks has targeted the npm ecosystem, with a distinct variant of the Miasma worm compromising 57 packages across more than 286 malicious versions.
Published: Fri Jun 5 15:32:23 2026 by llama3.2 3B Q4_K_M
A new breed of cyber thieves has emerged, using social engineering tactics and physical intrusions to extort victims. Google's Mandiant incident response team has been tracking the group, known as UNC3753 or Chatty Spider, which has targeted dozens of banks and law firms in the US since January 2025.
Published: Fri Jun 5 16:41:13 2026 by llama3.2 3B Q4_K_M
A malicious login prompt has popped up on multiple prominent websites, including Toshiba and Muji, raising concerns about the security of these sites and the reliability of their web services.
Published: Fri Jun 5 17:57:29 2026 by llama3.2 3B Q4_K_M
Cybersecurity researchers have discovered a high-severity vulnerability in Cisco's Catalyst SD-WAN Manager, which has come under active exploitation. The vulnerability carries a CVSS score of 7.8 out of a maximum of 10.0 and affects multiple deployment types. There is currently no patch available for CVE-2026-20245, but Cisco recommended that customers upgrade their SD-WAN software to ensure they have applied the fixes released for CVE-2026-20182 on May 14, 2026.
Published: Sat Jun 6 01:23:31 2026 by llama3.2 3B Q4_K_M
A high-severity vulnerability in Linux has been discovered that can be exploited by a single faulty character, allowing an unprivileged user to escalate privileges to root. This vulnerability highlights the potential risks associated with single characters being used incorrectly in code and demonstrates the importance of rigorous security testing for open-source software.
Published: Tue Jun 9 16:23:16 2026 by llama3.2 3B Q4_K_M
Hackers compromised over 20,000 Instagram accounts by exploiting a bug in Meta's AI chatbot feature, highlighting the vulnerabilities in modern technology's reliance on artificial intelligence and automation. The incident serves as a stark reminder of the importance of robust security measures in protecting user information online.
Published: Wed Jun 10 07:27:31 2026 by llama3.2 3B Q4_K_M
Benn Jordan, a YouTube personality known for his music gear reviews, has shifted his focus towards cybersecurity investigations. From uncovering security flaws in camera systems to confirming conspiracy theories surrounding AI technology, Jordan's online presence now serves as a platform for discussing the darker side of emerging technologies and corporate surveillance practices.
Published: Wed Jun 10 07:40:22 2026 by llama3.2 3B Q4_K_M
Enabling JavaScript and Cookies: The Key to Unlocking a Seamless Web Experience. Learn how this simple step can enhance your online interactions with websites.
Published: Wed Jun 10 07:47:21 2026 by llama3.2 3B Q4_K_M
Enabling JavaScript and cookies is crucial for unlocking the full potential of modern websites, providing improved functionality, enhanced security, and better user experiences.
Published: Wed Jun 10 08:00:02 2026 by llama3.2 3B Q4_K_M
Microsoft has released a record number of security patches across its Windows operating systems and supported software, with nearly 200 vulnerabilities addressed in June 2026's Patch Tuesday. The increased use of AI-powered tools is driving this trend, making it essential for users to stay informed about the latest updates and patches to protect against emerging threats.
Published: Wed Jun 10 08:06:09 2026 by llama3.2 3B Q4_K_M
IVanti has issued urgent patch advisories for Sentry customers due to two severe critical vulnerabilities affecting its mobile gateway solution. The patches address CVE-2026-10520 (version 10.0) and CVE-2026-10523 (version 9.9), both of which are classified as high-severity bugs with potential risks that can be mitigated through timely patching.
Published: Wed Jun 10 08:16:53 2026 by llama3.2 3B Q4_K_M
Microsoft sets record for largest monthly release of patches, with 206 CVEs addressed across its products, sparking concerns about the quality and reliability of AI-generated patches.
Published: Wed Jun 10 08:23:46 2026 by llama3.2 3B Q4_K_M
A highly sophisticated supply-chain attack toolkit has been made publicly available on GitHub, raising concerns about the impact on cybersecurity and the need for greater vigilance among developers and organizations.
Published: Wed Jun 10 08:30:07 2026 by llama3.2 3B Q4_K_M
Apple’s latest operating system update introduces a revolutionary new feature that promises to change the way users manage their passwords, using agentic AI capabilities to automatically fix weak and compromised credentials with just one tap.
Published: Wed Jun 10 08:36:23 2026 by llama3.2 3B Q4_K_M
The UK government's proposed device-scanning legislation raises concerns over child safety and surveillance, prompting calls for a more nuanced approach to addressing these issues. Can this policy effectively balance protection with respect for individuals' freedom of expression?
Published: Wed Jun 10 09:12:22 2026 by llama3.2 3B Q4_K_M
France's government messaging platform, Tchap, has been breached following a hijacked account, sparking concerns over data security and potential exposure of sensitive information. While French officials claim only public chat room content was exposed, investigators are still working to determine the extent of the damage.
Published: Wed Jun 10 09:30:19 2026 by llama3.2 3B Q4_K_M
In recent months, numerous hospitals have been affected by the Synnovis ransomware breach, leaving countless individuals to wonder whether their sensitive information is truly secure. The ongoing saga has highlighted the need for greater collaboration and vigilance in safeguarding sensitive patient data, and underscores the importance of robust data security protocols within the healthcare sector.
Published: Wed Jun 10 09:38:14 2026 by llama3.2 3B Q4_K_M
North Korea's latest phishing campaign, dubbed UNK_DeadDrop, has targeted over 250 developers worldwide with fake job offers designed to steal cryptocurrency wallets and credentials. The campaign showcases a sophisticated approach to cyber-attacks, using tactics such as recruitment-themed emails, malicious GitHub repository invitations, and custom-built malware payloads. This article delves into the details of the UNK_DeadDrop campaign, highlighting its implications for cybersecurity professionals and individuals alike.
Published: Wed Jun 10 09:45:08 2026 by llama3.2 3B Q4_K_M
Check Point has released an emergency fix for a critical authentication bypass vulnerability in its Remote Access VPN and Mobile Access deployments, which was exploited by attackers for an extended period before its patch was released. The bug allows remote attackers to bypass authentication and establish a remote access VPN connection without a user password.
Published: Wed Jun 10 09:56:28 2026 by llama3.2 3B Q4_K_M
A ransomware attack has hit an Illinois high school, forcing it to shut down until Wednesday at the earliest. The attack highlights the growing concern about ransomware in the education sector, with schools being targeted because of the sensitivity of the data they store. To stay informed on this developing story, please visit our website for further updates and analysis.
Published: Wed Jun 10 10:21:43 2026 by llama3.2 3B Q4_K_M
GitHub's containment protocol has been activated following a suspected worm attack that compromised over 70 Microsoft repositories. The Miasma worm is believed to be a descendant of the Mini Shai Hulud worm and exploited vulnerabilities in cloud secret-scouting tools, highlighting the ongoing threat landscape in open-source development.
Published: Wed Jun 10 10:30:31 2026 by llama3.2 3B Q4_K_M
NSO Group, a controversial Israeli spyware maker, has been accused of continuing to target WhatsApp users despite a permanent injunction ordering it to stop. Meta has now sought to hold the company in contempt of court, highlighting the ongoing need for increased vigilance in protecting global communications security from malicious actors.
Published: Wed Jun 10 10:39:20 2026 by llama3.2 3B Q4_K_M
Despite efforts to increase online safety, Oxford University has suffered its second data breach in recent months. A security vulnerability was exploited through the CareerConnect platform, exposing users' names, email addresses, and encrypted passwords.
Published: Wed Jun 10 10:50:07 2026 by llama3.2 3B Q4_K_M
Florida Man Wrongly Arrested for Attempting to Lure Child Using Face-Recognition Technology, ACLU Sues Police Departments Over Inaccurate Match
Published: Wed Jun 10 10:56:58 2026 by llama3.2 3B Q4_K_M
The 2026 FIFA World Cup is set to subject fans to an array of invasive surveillance technologies, including anti-drone tech, face recognition, and AI-powered camera-equipped robot dogs. As experts warn about the potential for human rights violations, advocates are calling for transparency and accountability from tournament organizers and law enforcement agencies.
Published: Wed Jun 10 11:29:22 2026 by llama3.2 3B Q4_K_M
The Unsettling Reality of License Plate Reader Cameras at the 2026 FIFA World Cup: The Unsettling Reality of License Plate Reader Cameras
Published: Wed Jun 10 11:43:34 2026 by llama3.2 3B Q4_K_M
Amnesty International has sounded the alarm regarding potential human rights violations associated with the 2026 FIFA World Cup, citing risks such as racial profiling, mass detentions, and violent arrests. The organization's report highlights concerns in Mexico, Canada, and the US, and calls for immediate action to address these risks.
Published: Wed Jun 10 11:50:39 2026 by llama3.2 3B Q4_K_M
Anthropic releases new AI models with advanced capabilities and built-in security measures to mitigate potential misuse for malicious purposes.
Published: Wed Jun 10 12:09:22 2026 by llama3.2 3B Q4_K_M
Meta Platforms has removed an unreleased face-recognition system from its latest version of the Meta AI app following a report by WIRED that exposed the feature's existence. The decision raises questions about data privacy and the use of facial recognition technology in public spaces, highlighting the need for stronger regulations and oversight.
Published: Wed Jun 10 12:23:52 2026 by llama3.2 3B Q4_K_M
The production of peptides in China has become a booming industry, fueled by cryptocurrency and driven by growing demand from social media platforms. However, this trend raises significant concerns about the safety and regulation of these substances, as well as their potential for abuse and misuse. As regulatory bodies grapple with these challenges, it is essential that we prioritize awareness, education, and responsible use to mitigate the risks associated with peptide production.
Published: Wed Jun 10 12:41:34 2026 by llama3.2 3B Q4_K_M
A sophisticated network of compromised devices has resurged, with over 1,500 devices being utilized for industrialized reconnaissance purposes by China-nexus state-sponsored threat actors. The JDY botnet has demonstrated significant adaptability and resilience in the face of cybersecurity efforts, making it essential to continue monitoring its activities and implementing measures to mitigate potential threats.
Published: Wed Jun 10 12:58:14 2026 by llama3.2 3B Q4_K_M
Ivanti, Fortinet, and SAP have released critical security updates to address multiple vulnerabilities that could result in arbitrary code execution and information disclosure. These updates are crucial for mitigating the risk associated with these vulnerabilities, as they could potentially be exploited by malicious actors.
Published: Wed Jun 10 13:06:57 2026 by llama3.2 3B Q4_K_M
A critical unpatched security flaw in Langflow has been exposed, allowing attackers to execute remote code on vulnerable systems. To mitigate this risk, organizations must update their Langflow instances with the latest patches and implement robust security controls.
Published: Wed Jun 10 13:15:24 2026 by llama3.2 3B Q4_K_M
CISA has added three new vulnerabilities to its KEV catalog amid active exploitation concerns, including a critical flaw in Cisco Catalyst SD-WAN Manager and an out-of-bounds read and write issue in Google Chrome V8. Arista EOS vulnerability is also addressed in the update. The updates aim to counter potential security breaches.
Published: Wed Jun 10 13:26:58 2026 by llama3.2 3B Q4_K_M
A recent study has highlighted the significant gaps in automated pentesting, particularly when it comes to detecting and responding to threats. Despite its widespread adoption, automated pentesting often fails to provide a comprehensive understanding of an organization's security posture, leaving a critical gap that needs to be addressed. This article will explore these limitations, provide insights into the latest research on this topic, and discuss practical strategies for teams to bridge this gap in order to enhance their overall cybersecurity posture.
Published: Wed Jun 10 13:35:24 2026 by llama3.2 3B Q4_K_M
Anthropic has released its latest AI-powered cybersecurity solution, Claude Fable 5, offering unparalleled capabilities in detecting and mitigating cyber threats. This innovative model represents a significant milestone in the evolution of AI-powered cybersecurity solutions.
Published: Wed Jun 10 13:49:07 2026 by llama3.2 3B Q4_K_M
ServiceNow has been hit with a critical security flaw that was exploited by unknown threat actors to gain unauthorized access to customer instances. The company has taken steps to inform its affected customers and remediate the issue through an upcoming update.
Published: Wed Jun 10 13:55:19 2026 by llama3.2 3B Q4_K_M
A new Microsoft Defender zero-day exploit has raised concerns over privilege escalation, with a proof-of-concept (PoC) exploit for RoguePlanet allowing attackers to gain SYSTEM-level privileges on Windows 11 and 10 machines. The vulnerability is part of a series of flaws uncovered by an anonymous security researcher, Chaotic Eclipse, who has been involved in a public feud with Microsoft over the disclosure process.
Published: Wed Jun 10 14:00:55 2026 by llama3.2 3B Q4_K_M
Cybersecurity researchers have uncovered a set of vulnerabilities, known as Proto6, in protobuf.js that could expose Node.js apps to RCE and DoS attacks. The identified vulnerabilities include six distinct flaws, including CVE-2026-44289 (CVSS score 7.5): DoS through unbounded protobuf recursion; CVE-2026-44290 (CVSS score 7.5): Process-wide DoS when loading schemas with unsafe option paths; and CVE-2026-44295 (CVSS score 8.7): Code injection in pbjs static output from crafted schema names. Users are advised to apply the latest patches to safeguard against potential threats.
Published: Wed Jun 10 14:07:53 2026 by llama3.2 3B Q4_K_M
Meta is leveraging external business data to further personalize users' experiences on their platform, expanding its scope beyond targeted advertisements while prioritizing user consent. The change aims to enhance feed and AI chatbot responses, with options for users to decide how their data is used.
Published: Wed Jun 10 14:13:36 2026 by llama3.2 3B Q4_K_M
A critical vulnerability has been discovered in Veeam Backup & Replication, allowing domain users to execute remote code on the server. The patch is now available, but it highlights the importance of keeping software up-to-date and applying patches promptly. By prioritizing vulnerability management, organizations can reduce their risk exposure and ensure data integrity.
Published: Wed Jun 10 14:20:17 2026 by llama3.2 3B Q4_K_M
Microsoft temporarily removed some GitHub repositories in response to a recent security incident that led to the compromise of 73 open-source projects. The compromised repositories contained an information stealer designed to inject malware into Linux systems, as part of a larger software supply chain campaign codenamed Miasma.
Published: Wed Jun 10 14:27:53 2026 by llama3.2 3B Q4_K_M
WinRAR Vulnerability Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine: A Sophisticated Attack Campaign That Highlights the Ongoing Threat Landscape in the Region.
Published: Wed Jun 10 14:34:19 2026 by llama3.2 3B Q4_K_M
Researchers from the University of Toronto have built a self-replicating AI worm that operates entirely on local, open-weight large language models, marking a significant milestone in malware evolution. Learn more about this game-changing breakthrough and how it's redefining cybersecurity.
Published: Wed Jun 10 14:43:56 2026 by llama3.2 3B Q4_K_M
Chrome V8 Zero-Day Vulnerability CVE-2026-11645: A High-Severity Flaw Exploited in the Wild, Patches Now Available. Learn more about this critical vulnerability, its impact, and how to protect yourself from potential threats.
Published: Wed Jun 10 14:51:38 2026 by llama3.2 3B Q4_K_M
The modern network security landscape is fraught with challenges, from the hidden operational layer that exists between tools and systems. This complex component can lead to delays, errors, and security vulnerabilities, making it essential for organizations to adopt intelligent workflows to stay ahead of the curve. By orchestrating how work moves across their environment, organizations can unlock a number of benefits, including standardization, automatic evidence logging, shared workflows, reduced operational burden, consistent execution, faster coordination, and improved security posture.
Published: Wed Jun 10 15:00:04 2026 by llama3.2 3B Q4_K_M
A new attack vector known as "FROST" has been discovered, which uses solid-state drives (SSDs) to track users' activities on websites and mobile applications. The technique exploits a storage feature present in every major desktop browser called OPFS, allowing malicious actors to identify the sites and apps being visited by the user without their knowledge or consent.
The attack vector relies on creating a file larger than the machine's RAM, forcing the browser cache to serve repeated reads from memory, thereby landing on the SSD. By analyzing these timing patterns, it is possible to identify the sites and apps being visited by the user.
FROST has been demonstrated on both macOS and Linux operating systems, achieving high accuracy rates in identifying the sites and apps being visited. The implications of FROST are far-reaching, highlighting the need for browser makers to reassess their approach to web app development and storage features like OPFS.
To mitigate FROST, browser makers could consider implementing measures such as capping OPFS size so the file fits in memory and generates no contention, throttling high-resolution timers while OPFS is in use, or putting a permission prompt in front of it. However, these fixes come with a cost in terms of speed or usability.
The real concern here is not just about FROST itself but also about the broader pattern of near-native access to hardware being provided by browsers. This pattern presents an opportunity for malicious actors to exploit vulnerabilities and track users' activities without their knowledge or consent.
Published: Wed Jun 10 15:06:46 2026 by llama3.2 3B Q4_K_M
Recently discovered malware campaign "Hades" has compromised 19 packages on the Python Package Index (PyPI) registry, exploiting a novel attack vector to steal sensitive information from developers and organizations worldwide.
Published: Wed Jun 10 15:15:13 2026 by llama3.2 3B Q4_K_M
The recent discovery of CVE-2026-42271 has sent shockwaves throughout the cybersecurity community, as it has been found that this flaw can be chained with another known vulnerability to create an unauthenticated remote code execution scenario. Organizations using the LiteLLM package must take immediate action to address this vulnerability and protect themselves against potential attacks.
Published: Wed Jun 10 15:24:48 2026 by llama3.2 3B Q4_K_M
A critical Linux kernel flaw has been identified, allowing an unprivileged local user to gain root-level access on systems that enable untrusted users or workloads to create namespaces. Follow these steps to secure your system against this exploit.
Published: Wed Jun 10 15:31:09 2026 by llama3.2 3B Q4_K_M
Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order
In a significant development, Meta has detected and blocked a new spear-phishing attack linked to the Israeli spyware vendor, NSO Group. The company has also filed a federal court contempt order against NSO Group for violating a permanent injunction that barred it from targeting WhatsApp and its users. This comes as a year after NSO Group was fined $168 million for exploiting WhatsApp servers to deploy Pegasus spyware targeting over 1,400 individuals globally. Follow us on The Hacker News for the latest cybersecurity news and updates.
Published: Wed Jun 10 15:37:45 2026 by llama3.2 3B Q4_K_M
Check Point warns of a critical vulnerability in IKEv1 VPN protocols that allows attackers to bypass user authentication and gain access to internal resources. Organizations using affected systems are advised to take immediate action to secure their networks.
Published: Wed Jun 10 15:47:55 2026 by llama3.2 3B Q4_K_M
AI-Driven Phishing Campaigns are Overwhelming Cybersecurity Operations Centers with High Alert Volumes. Experts emphasize the need for streamlined workflows prioritizing fast triage and decision-making to combat this growing menace.
Published: Wed Jun 10 15:54:16 2026 by llama3.2 3B Q4_K_M
The threat landscape has seen a significant escalation in recent weeks, with various high-profile attacks and vulnerabilities being reported across multiple platforms and industries. This article aims to provide an in-depth analysis of some of the most notable threats, highlighting their impact, tactics, techniques, and procedures (TTPs), as well as the measures that organizations can take to mitigate these risks.
Published: Wed Jun 10 16:09:10 2026 by llama3.2 3B Q4_K_M
As the open source software supply chain faces unprecedented challenges, experts warn that urgent action is needed to address vulnerabilities and ensure the long-term security of critical infrastructure. Read more about the Hardest Fork and its implications for developers, maintainers, and governments alike.
Published: Wed Jun 10 16:16:00 2026 by llama3.2 3B Q4_K_M
A sophisticated China-nexus cyber espionage group known as VerdantBamboo has been observed deploying a BSD variant of the known backdoor BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD, to target Linux systems. The threat actor, which overlaps with hacking groups known as Clay Typhoon (Microsoft), UNC5221 (Google), and Warp Panda (CrowdStrike), has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo. This article delves into the sophisticated tactics and techniques employed by this threat actor, including its use of living-off-the-land techniques and malware deployment on systems that traditionally do not or cannot run EDR software.
Published: Wed Jun 10 16:23:36 2026 by llama3.2 3B Q4_K_M
UNC3753, a sophisticated cybercrime operation, has been linked to dozens of organizations across various industries in the United States between January and May 2026. The group's tactics, which include voice phishing (vishing) and social engineering deception techniques, have allowed them to gain remote access into corporate environments and steal sensitive data. This article provides an in-depth look at the UNC3753 operation and its tactics, highlighting the importance of robust security measures and a sophisticated understanding of human psychology in preventing such attacks.
Published: Wed Jun 10 16:39:42 2026 by llama3.2 3B Q4_K_M
Microsoft has introduced a 2-hour delay for Visual Studio Code (VS Code) extension updates in an effort to protect against software supply chain attacks. This move follows recent security measures introduced by other companies such as RubyGems, Bun, pnpm, npm, and Yarn. By enforcing minimum age thresholds before installing new package versions, these defensive controls minimize the window during which malware spreads. Microsoft's efforts are part of a broader effort to strengthen software supply chain security in response to the growing threat posed by software supply chain attacks.
Published: Wed Jun 10 16:46:17 2026 by llama3.2 3B Q4_K_M
OpenAI has implemented a new feature known as Lockdown Mode for ChatGPT personal accounts to mitigate data exfiltration risks. This advanced security setting limits various tools and capabilities while providing enhanced protection against prompt injection attacks, underscoring OpenAI's commitment to safeguarding sensitive information.
Published: Wed Jun 10 16:51:46 2026 by llama3.2 3B Q4_K_M
Unwittingly, millions of smart TV users have become unwitting participants in AI-driven data harvesting schemes through free apps embedded with the Bright Data SDK. Learn how to protect yourself from this kind of exploitation.
Published: Wed Jun 10 16:59:12 2026 by llama3.2 3B Q4_K_M
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability impacting SolarWinds Serv-U software to its KEV catalog, citing evidence of active exploitation. The vulnerability, a denial-of-service bug with a CVSS score of 7.5, can cause the service to crash under certain conditions, resulting in a DoS condition. Organizations reliant on SolarWinds Serv-U must take immediate action to address this vulnerability and adhere to recommended mitigations to prevent potential attacks.
Published: Wed Jun 10 17:05:55 2026 by llama3.2 3B Q4_K_M
A new era of vulnerability discovery has emerged, driven by the rapidly advancing capabilities of AI-powered tools. As seen in the recent case of FFmpeg's 21 zero-days discovered by an autonomous agent, it is becoming increasingly clear that this trend is set to continue and shape the future of cybersecurity.
Published: Wed Jun 10 17:16:32 2026 by llama3.2 3B Q4_K_M
The Miasma worm has compromised 73 Microsoft GitHub repositories, highlighting the vulnerability of open-source ecosystems in software delivery. This self-replicating supply chain attack campaign exploits the trust model that GitHub and other platforms are built on, making it a sophisticated threat that requires immediate attention from organizations and cybersecurity professionals alike.
Published: Wed Jun 10 17:27:55 2026 by llama3.2 3B Q4_K_M
Russian APTs continue to exploit a patch in WinRAR despite numerous efforts to fix it. Researchers have identified two groups actively using the vulnerability CVE-2025-8088 to deploy malware.
Published: Wed Jun 10 17:34:06 2026 by llama3.2 3B Q4_K_M
U.S. CISA adds three new vulnerabilities to its Known Exploited Vulnerabilities catalog, highlighting the ongoing threat landscape in cybersecurity. The additions include a vulnerability in Arista EOS, an out-of-bounds memory access flaw in Google Chromium V8, and a privilege escalation flaw in Cisco Catalyst SD-WAN Manager. Federal agencies are urged to address these vulnerabilities by June 23, 2026, as part of their obligations under Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities.
Published: Wed Jun 10 17:43:09 2026 by llama3.2 3B Q4_K_M
A new zero-day vulnerability has been discovered by Chaotic Eclipse, targeting fully patched Windows systems. The RoguePlanet Microsoft Defender zero-day flaw relies on a race condition that can provide attackers with SYSTEM-level privileges. While Microsoft has criticized the researcher for irresponsible disclosure, the implications of this vulnerability are significant and highlight the importance of responsible vulnerability reporting.
Published: Wed Jun 10 17:50:23 2026 by llama3.2 3B Q4_K_M
Researchers at the University of Toronto have developed an autonomous malware that can adapt its attack strategy to any online device using open-source artificial intelligence models. This new type of malware poses a significant threat to traditional cybersecurity strategies, highlighting the need for fundamental security practices such as patch management and multi-factor authentication.
Published: Wed Jun 10 17:56:44 2026 by llama3.2 3B Q4_K_M
France's government messaging app, Tchap, was breached after a single account was compromised, exposing sensitive information and data from public channels. The breach highlights the vulnerability of government messaging apps to social engineering attacks and underscores the importance of robust security measures.
Published: Wed Jun 10 18:02:20 2026 by llama3.2 3B Q4_K_M
In a record-breaking move, Microsoft has released 208 security patches, marking one of the largest monthly releases of CVEs in recent history. This staggering number surpasses the previous record held by Microsoft itself, with a total of 571 CVEs addressed across its various products and services. The latest patch release from Microsoft includes several high-priority fixes, including one actively exploited zero-day vulnerability and multiple critical RCE flaws. To stay ahead of emerging threats, cybersecurity professionals must prioritize applying these patches as soon as possible.
Published: Wed Jun 10 18:09:39 2026 by llama3.2 3B Q4_K_M
A critical vulnerability has been discovered in Veeam's Backup & Replication software, allowing low-privilege domain users to take control of backup servers. The patch for this vulnerability has been released, and experts urge all customers to upgrade to the latest version as soon as possible.
Published: Wed Jun 10 18:15:42 2026 by llama3.2 3B Q4_K_M
In a recent breach, 73 Microsoft GitHub repositories were compromised by the Miasma worm, highlighting vulnerabilities in supply chain security frameworks. The attack used AI coding tools and resulted in the theft of cloud credentials, emphasizing the need for proactive measures to protect against such threats.
Published: Wed Jun 10 18:21:30 2026 by llama3.2 3B Q4_K_M
Google has released an emergency update to address a new zero-day vulnerability in its Chrome browser, marking the fifth actively exploited Chrome zero-day of 2026. The fix aims to prevent denial-of-service conditions, privilege escalation, or remote code execution (RCE) and follows other recent updates addressing four previously identified vulnerabilities.
Published: Wed Jun 10 18:26:38 2026 by llama3.2 3B Q4_K_M
U.S. CISA adds two new vulnerabilities, CVE-2026-42271 and CVE-2026-50751, to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the importance of staying informed on the latest security threats and patches. Follow us for more news on cybersecurity threats and solutions.
Published: Wed Jun 10 18:36:26 2026 by llama3.2 3B Q4_K_M
Nearly 1 million passports and photo IDs were left unprotected on public internet servers, posing a significant risk to personal data and identity theft. The revelation has sparked calls for improved data security measures.
Published: Wed Jun 10 20:53:23 2026 by llama3.2 3B Q4_K_M
The request parameters presented in this article offer a fascinating glimpse into the complexities of JavaScript and cookies, two technologies that have revolutionized the way we interact with the internet. Through meticulous analysis and expert insight, this article provides a comprehensive understanding of their role in data extraction.
Published: Wed Jun 10 21:03:20 2026 by llama3.2 3B Q4_K_M
This article discusses the implications of enabling JavaScript and cookies on websites, highlighting their importance in ensuring proper functionality and security.
Published: Wed Jun 10 21:07:24 2026 by llama3.2 3B Q4_K_M
Enabling JavaScript and cookies provides a crucial foundation for effective data extraction by facilitating dynamic interaction with websites, overcoming common challenges in the process, and ultimately leading to more efficient and successful data collection.
Published: Wed Jun 10 21:11:24 2026 by llama3.2 3B Q4_K_M
The Gentlemen ransomware group has been linked to at least 332 published victims since its inception in mid-2025, with Alexander Andreevich Yapaev identified as the administrator and primary operator behind the operation.
Published: Wed Jun 10 21:27:16 2026 by llama3.2 3B Q4_K_M
Chinese agents caught rebuilding botnets and stirring the pot on AI datacenter debate, using American AI to gather information and manipulate public opinion, raising concerns about national security.
Published: Wed Jun 10 21:39:05 2026 by llama3.2 3B Q4_K_M
A rogue bug hunter, known as Nightmare Eclipse, has been releasing zero-day vulnerabilities that have caught Microsoft off guard. With a deep grudge against the tech giant, Nightmare Eclipse claims to be an ex-Microsoft employee and is using their knowledge of Windows to expose security flaws in the company's products.
Published: Wed Jun 10 21:48:51 2026 by llama3.2 3B Q4_K_M
GitHub has recently announced its decision to pull the pin on npm's auto-run scripts as part of an effort to improve the security of the npm ecosystem. The new updates will ensure that scripts run only when explicitly permitted, reducing the attack surface and protecting against malicious packages like the notorious Shai-Hulud worm.
Published: Wed Jun 10 21:56:54 2026 by llama3.2 3B Q4_K_M
CISA Issues Directive to US Agencies: Fix Security Bugs in as Little as 3 Days Due to AI Threats. The directive is aimed at addressing the growing threat of artificial intelligence (AI) vulnerability and exploit development capabilities, which have been identified as a major concern for national security.
Published: Wed Jun 10 22:08:45 2026 by llama3.2 3B Q4_K_M
Trump's Surveillance Authority Lapse: The Uncertain Fate of Section 702
Published: Wed Jun 10 22:19:43 2026 by llama3.2 3B Q4_K_M
A large corporation's catastrophic decision to store every employee's login credentials in a single Excel file highlights the importance of secure password management practices and serves as a stark reminder of the potential consequences of negligence. By prioritizing security measures that prevent such breaches, organizations can better protect themselves against the ever-evolving landscape of cyber threats.
Published: Thu Jun 11 02:32:33 2026 by llama3.2 3B Q4_K_M
GitHub has announced plans to implement significant changes to its npm package manager as part of an effort to mitigate software supply chain attacks. The proposed changes aim to address vulnerabilities that have been exploited by attackers to compromise the integrity of Node.js projects, and will require explicit user approval before executing scripts automatically during the installation process. With these enhancements, GitHub seeks to create a safer and more secure ecosystem for developers working with Node.js projects.
Published: Thu Jun 11 02:37:37 2026 by llama3.2 3B Q4_K_M
A pause or interlude prompts the user to reevaluate their situation, potentially involving technical complexities or security measures.
Published: Thu Jun 11 03:42:49 2026 by llama3.2 3B Q4_K_M
The JDY botnet is a sophisticated reconnaissance network tied to Chinese state-sponsored hacking groups including Volt Typhoon. The botnet comprises over 1,500 small office and home office (SOHO) and Internet of Things (IoT) devices, operating as a centrally controlled, high-performance scanner used to discover, fingerprint, and continuously map exposed services at scale. The malware affects a wider array of devices, feeding structured reconnaissance data into a larger scanning ecosystem for subsequent triage, target identification, and exploitation. The botnet's resurgence post-takedown poses significant concerns for military networks and organizations worldwide.
Published: Thu Jun 11 03:50:25 2026 by llama3.2 3B Q4_K_M
OceanLotus, a 15-year-old Advanced Persistent Threat (APT) group known for its sophisticated cyber espionage tactics, has recently launched a malicious campaign targeting domestic entities and stock investors in Vietnam. The latest attacks, attributed to OceanLotus, have been linked to the SPECTRALVIPER backdoor and involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026. This article delves into the details of OceanLotus's latest malicious campaign, exploring its tactics, techniques, and procedures (TTPs), as well as providing insights into the potential risks and implications for organizations in Vietnam.
Published: Thu Jun 11 06:02:49 2026 by llama3.2 3B Q4_K_M
Fortinet patches a critical FortiSandbox flaw that could allow remote attackers to execute commands via crafted HTTP requests, emphasizing the importance of timely software updates in preventing cybersecurity breaches.
Published: Thu Jun 11 06:08:03 2026 by llama3.2 3B Q4_K_M
Encrypted Spaces: A System for Private Collaboration Apps That Prioritizes User Privacy and Security, Offering a New Standard for End-to-End Encrypted Collaboration Platforms.
Published: Thu Jun 11 07:31:49 2026 by llama3.2 3B Q4_K_M
The traditional approach to managing vulnerabilities is collapsing in the face of AI-powered attacks. As defenders struggle to keep up with the pace of vulnerability management, BAS and autonomous defense tools are emerging as key solutions for staying ahead of the threat landscape. Learn more about how these new approaches are redefining the security landscape.
Published: Thu Jun 11 07:48:41 2026 by llama3.2 3B Q4_K_M
A critical BitLocker bypass vulnerability has been discovered by researcher Chaotic Eclipse, allowing attackers to gain SYSTEM privileges on Windows systems in just four hours of research. As the latest disclosure in a string of zero-day vulnerabilities, GreatXML highlights the importance of staying up-to-date with security patches and demonstrates the ongoing cat-and-mouse game between researchers and vendors over vulnerability reporting practices.
Published: Thu Jun 11 07:54:31 2026 by llama3.2 3B Q4_K_M
Get the latest news and updates from The Hacker News by following us on social media or subscribing to our newsletter. Discover the 2026 Cybersecurity Stars Awards winners across an impressive 95 categories, including AI security, cryptography, and more, in this comprehensive guide to cybersecurity excellence.
Published: Thu Jun 11 09:03:27 2026 by llama3.2 3B Q4_K_M
The threat landscape is evolving rapidly, with new threats emerging every day. Hackers are leveraging artificial intelligence to create sophisticated malware and supply chain attacks that can compromise even the most secure systems. In this article, we explored the latest ThreatsDay Bulletin highlights and discussed the implications of these threats for organizations. Whether you're a seasoned cybersecurity expert or just starting out, it's essential to stay informed about the latest threats and take steps to protect your organization from AI-powered malware and supply chain attacks.
Published: Thu Jun 11 09:15:06 2026 by llama3.2 3B Q4_K_M
OnyxC2 Malware-as-a-Service: A Sophisticated Threat to Enterprise Security
A new MaaS solution has been discovered that offers enterprise-grade data theft capabilities, making it an attractive option for threat actors. OnyxC2 targets over 210 applications and uses DLL sideloading and encrypted payloads to evade detection. With its persistent access capabilities, this malware can continue to collect credentials and sensitive information even after a single phishing click.
Published: Thu Jun 11 10:38:59 2026 by llama3.2 3B Q4_K_M
Learn more about the recent instructions to enable JavaScript and cookies to continue using online services, and how this affects your digital privacy and security.
Published: Thu Jun 11 11:43:56 2026 by llama3.2 3B Q4_K_M
Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks
Alert Fatigue Is Becoming a Security Threat of Its Own
CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk
OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month
Hackers Exploit Langflow Vulnerability for Remote Code Execution
Siemens Says Desigo CC Files Flagged as Malware by Security Engines
FBI Seizes 13 Websites That Officials Say Were Used by China to Target and Recruit US Workers
Splunk, Palo Alto Networks Patch Severe Vulnerabilities
‘GreatXML’ Zero-Day Exploit Bypasses BitLocker
University of Nottingham Confirms Breach After Hackers Leak Data
CISA Issues New Directive Improving How Federal Agencies Prioritize the Mitigation of Cyber Vulnerabilities
CISA Announces Winners of the 2026 President’s Cup Cybersecurity Competition
CISA Urges Stronger Security for Automatic Tank Gauge Systems
CISA Announces Revised Town Hall Schedule to Engage with Stakeholders on Cyber Incident Reporting for Critical Infrastructure
CISA Enhances Known Exploited Vulnerabilities Catalog to Include New Nomination Form
CISA Unveils New Initiative to Fortify America’s Critical Infrastructure
CISA, US and International Partners Release Guide to Secure Adoption of Agentic AI
CISA and U.S. Government Partners Unveil Guide to Accelerate Zero Trust Adoption in Operational Technology
CISA, National Cyber Security Centre (NCSC) UK, and Global Partners Issue Advisory on Chinese Government-Linked Covert Cyber Networks
CISA Warns of FIRESTARTER Malware Targeting Cisco ASA including Firepower and Secure Firewall Products
CISA Offers Vital Resources as Venues Prepare for Key 2026 Events
Patch Smarter, Not Harder
NCSWIC releases additional content in its NCSWIC Video Series
CISA Highlights Vital Resources to Help Event Attendees Stay Safe
Preparing for the World Stage
Securing the American Experience
The End is Just the Beginning of Better Security: Enhanced Vulnerability Management with OpenEoX
Super Bowl LX: Strengthening Preparation, Building Resilience, Fostering Partnerships
NCSWIC releases the “‘What is a PACE Plan” video
CISA Urges Critical Infrastructure to Be Air Aware
Yarbo Android/iOS Mobile Application and Cloud Infrastructure
Naxclow IoT Platform
Brickcom Cameras
CISA Adds Three Known Exploited Vulnerabilities to Catalog
Siemens KACO Blueplanet Inverters
Schneider Electric EcoStruxure Panel Server
Schneider Electric Modicon Network Managed Switches
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
Hitachi Energy ITT600 Explorer
NAVTOR NavBox
B&R PPT30 Operating System
Hitachi Energy RTU500
Hitachi Energy MACH HiDraw
CISA Adds One Known Exploited Vulnerability to Catalog
CISA and Partners Urge Hardening Automatic Tank Gauge Systems
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
MacGregor Voyage Data Recorder (VDR) G4e
KMW CCTV Security Cameras
XCharge C6
Supply Chain Compromises Impact Nx Console and GitHub Repositories
CP Plus 8 Ch. Network Video Recorder
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
ABB Busch-Welcome 2 Wire Door Opener Actuator
Schneider Electric EcoStruxure Machine Expert HVAC
ABB EIBPORT
Fourth Frontier Frontier X Mobile Application, Frontier X2
CISA Adds Three Known Exploited Vulnerabilities to Catalog
[webapps] OpenEMR 7.0.2 - Arbitrary File Read
[webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection
[webapps] Drupal Core 10.5.5 - Error-Based SQL Injection
[webapps] WordPress OrderConvo 14 - Path Traversal
[remote] Notepad++ 8.9.6 - Arbitrary Code Execution
[webapps] YAMCS yamcs-core 5.12.7 - No Rate Limiting
[webapps] YAMCS yamcs-core 5.12.7 - User Enumeration
[webapps] YAMCS yamcs-core 5.12.7 - LDAP Injection
[remote] Microsoft - NTLMv2 Hash Capture
[webapps] MikroORM 7.0.13 - SQL Injection
[webapps] Prodigy Commerce 3.3.0 - Local File Inclusion
[webapps] Langflow 1.3.0 - Remote Code Execution
[webapps] Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
[local] ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
[local] ZTE Routers - Unauthenticated Denial of Service
[local] ZTE ZXHN H188A V6 - Authentication Bypass
[local] ZTE H298A / H108N - Unauthenticated Credential Exposure
[local] Linux Kernel - Local Privilege Escalation
[webapps] MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
[remote] Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
[webapps] CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
[remote] strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow
[dos] strongSwan 5.9.13 - DoS
[local] Linux Kernel - Local Privilege Escalation
[webapps] Casdoor 3.54.1 - Arbitrary File Write via Path Traversal
[webapps] EspoCRM 9.3.3 - SSRF
[webapps] scramble - Remote Code Execution
[hardware] MeiG Smart FORGE_SLT711 - OS Command Injection
[local] Realtek rtl819x - Local Privilege
[webapps] OpenCATS 0.9.7.4 - SQL Injection
[webapps] Grav CMS 2.0.0-beta.2 - Remote Code Execution
[webapps] Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service
[hardware] D-Link DSL2600U - 'rom-0' Admin Password Disclosure
[webapps] Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover
[webapps] cPanel - CRLF Injection
[local] Linux Kernel 6.8 - Local Privilege Escalation
[webapps] Cockpit 359 - RCE
[webapps] BookStack 25.12.1 - Denial of Service
[local] Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path
[webapps] solaredge - (CSRF-OOB-Injection)
[webapps] FUXA 1.2.9 - RCE
[local] Windows Snipping Tool - NTLMv2 Hash Hijack
[local] Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing
[local] Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution
[webapps] WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI
[webapps] Apache HertzBeat 1.8.0 - Remote Code Execution
[webapps] ePati Antikor NGFW 2.0.1301 - Authentication Bypass
[webapps] PJPROJECT 2.16 - Heap Bufferoverflow
[webapps] Ninja Forms Uploads - Unauthenticated PHP File Upload
[webapps] glances 4.5.2 - command injection
SEC Consult SA-20260608-0 :: Privilege Escalation via Binary Planting in Genetec-provided RabbitMQ in multiple Genetec products
[SYSS-2026-004] SAP NetWeaver SAML XML Signature Wrapping
[REVIVE-SA-2026-002] Revive Adserver Vulnerabilities
CyberDanube Security Research 20260528-0 | Multiple Vulnerabilities in Multiple Vulnerabilities in Mennekes Amtron Series
bmcweb (OpenBMC web server): four vulnerabilities two unfixed, GHSA without a CVE
Re: Dovecot Security Advisory OXDC-2026-0002
SSRF in Anthropic mcp-server-fetch and Microsoft playwright-mcp publicly disclosed via GitHub issues
[SECURITY ADVISORY] CVE-2021-21735 - ZTE ZXHN H168N V3.5 Unauthenticated Admin Credential Leak
[SECURITY ADVISORY] CVE-2026-34474 - ZTE H298A/H108N Unauthenticated Admin Credential Exposure
[SECURITY ADVISORY] CVE-2026-34472 - ZTE ZXHN H188A V6 Authentication Bypass via Pre-Login Wizard
[SECURITY ADVISORY] CVE-2026-34473 - Unauthenticated DoS in 17+ ZTE Router Models (140K+ Devices)
Multiple vulnerabilities in Sparx Pro Cloud Server and Enterprise Architect
APPLE-SA-05-13-2026-1 Safari 26.5
APPLE-SA-05-11-2026-11 visionOS 26.5
APPLE-SA-05-11-2026-10 watchOS 26.5
Re: How to request CVE numbers?
Re: How to request CVE numbers?
Re: CVE-2026-45257: FreeBSD kTLS-RX in-place AES-GCM decrypt over sendfile(2) EXTPG mbufs to page-cache write / local root
CVE-2026-45257: FreeBSD kTLS-RX in-place AES-GCM decrypt over sendfile(2) EXTPG mbufs to page-cache write / local root
CVE-2026-50639: Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections
CVE-2026-50638: Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections
CVE-2026-50637: Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections
ITScape: Guest-to-Host Escape in KVM/arm64 (CVE-2026-46316)
Re: Local privilege escalation in Lix and Nix
Re: Fwd: Node.js security updates for all active release lines, June 2026
CVE-2026-50223: Apache OFBiz: DataResource Low-Privileged Authenticated FreeMarker Template Injection Leads to Remote Code Execution
CVE-2026-47342: Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
Fwd: Node.js security updates for all active release lines, June 2026
CVE-2026-25700: Apache Answer: AdminToken not invalidated after admin deactivation
Re: How to request CVE numbers?