2026 January(387) February(431) March(447) April(451) May(495) June(375) July(0) August(0) September(0) October(0) November(0) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 27.6.26 | Google Threat Intelligence Group (GTIG) has conducted an in-depth analysis of a .NET backdoor, tracked as STOCKSTAY, that has been continually developed and deployed by the Russia-linked threat actor Turla (aka SUMMIT, Secret Blizzard, VENOMOUS BEAR, UAC-0194) since at least December 2022. | Malware blog | GTI | |
| 27.6.26 | Mythos Finds Vulnerabilities. But Can Anyone Patch Fast Enough? | Security teams are scrambling to reprioritize their security plans based on the revelation of Anthropic’s Mythos model, and its ability to rapidly discover security vulnerabilities. T | Vulnerebility blog | Eclypsium |
| 27.6.26 | CISA BOD 26-04: What it Means and How Eclypsium Can Help | The new CISA BOD 26-04 shifts the focus from simply patching vulnerabilities to actively identifying and replacing internet-facing edge devices that are at or beyond vendor support. | Vulnerebility blog | Eclypsium |
| 27.6.26 | Operation DragonReturn: China-Nexus Cyber Espionage Campaign Targeting Govt. of India/MoF Tax Infrastructure via Multi-Stage DcRAT Deployment | Authors: Dixit Panchal & Soumen Burma Table of Contents: Introduction: Key Targets: Infection Chain: Initial Findings about Campaign: Initial Mail: Email Attachment: Lure: Official GoI, Income Tax Document: Technical Analysis: Infrastructural Artefacts & Threat actor Attributions. Campaign Timeline. Conclusion:... | Cyber blog | Cyble |
| 27.6.26 | Operation Endgame Targets SocGholish: What It Means for Defenders | Last year, Silent Push published research into SocGholish and its operator, TA569, highlighting how the group evolved from a “fake browser update” threat into one of the most sophisticated malware delivery and initial access operations active today. | BigBrother blog | SILENTPUSH |
| 27.6.26 | Fake invoices are moving from inboxes to shopping apps | Scammers are using order-tracking apps to place fake receipts where users expect to see real purchases, then pushing them to call fake support numbers. | Cyber blog | GENDIGITAL |
| 27.6.26 | Backdoor.Mistic: New Backdoor May be Linked to Ransomware Access Broker | Stealthy new backdoor used in cybercrime intrusions since April 2026 may be associated with Woodgnat (aka KongTuke), an initial access broker whose ModeloRAT toolkit has fed Qilin and other ransomware operations. | Malware blog | SECURITY.COM |
| 27.6.26 | StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them | On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that formed the backbone of the StealC and Amadey infrastructure. | Malware blog | Microsoft blog |
| 27.6.26 | One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud ‘Patriot Bait’ Campaign | A solo Russian-speaking threat actor ran a 5-year Telegram channel and, starting September 2025, used AI to automate its content, credential theft, and a cryptocurrency fraud scheme targeting American audiences. | AI blog | Trend Micro |
| 27.6.26 | From Langflow to Monero: Inside CVE-2026-33017 Cryptominer | We tracked a cryptocurrency-mining campaign exploiting CVE-2026-33017, which revealed how threat actors are now scanning exposed AI application infrastructure for their next foothold. | Cryptocurrency blog | Trend Micro |
| 27.6.26 | CVE-2025-7544: Attackers Weaponize Tenda AC1206 Router Vulnerability to Deploy Mirai-Related Malware | The SonicWall Capture Labs threat research team has identified active exploitation attempts targeting CVE-2025-7544, a critical stack-based buffer overflow vulnerability affecting Tenda AC1206 routers running firmware version 15.03.06.23. | Vulnerebility blog | SonicWall |
| 27.6.26 | CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure | Throughout 2025, we observed a cluster of activity targeting government entities and critical infrastructure in Southeast Asia. Specifically, the activity targeted state-owned enterprises in the energy and government sectors. | APT blog | Palo Alto |
| 27.6.26 | OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat | OpenClaw is an AI agent that executes third-party skills from ClawHub, its dedicated marketplace. Skills are markdown-driven packages with broad local system access, making ClawHub a critical link in the agentic software supply chain. s | AI blog | Palo Alto |
| 27.6.26 | Threat Brief: Mitigating Large-Scale Credential Attacks | Unit 42 is aware of a large-scale password spraying and credential theft campaign (“FortiBleed”) against Fortinet devices. We observed attempts targeting MSSQL devices as well, and have seen reports of Sophos devices also being targeted. | Attack blog | Palo Alto |
| 27.6.26 | Introduction to COM usage by Windows threats | Component Object Model (COM) is a fundamental Windows technology used by legitimate applications for object activation, inter-process communication, automation and language-independent component reuse. Those same qualities make it useful to threat actors. | Security blog | CISCO TALOS |
| 27.6.26 | Beyond IOCs: AI-enabled threat intelligence | In this week’s newsletter, Martin considers how AI will help threat intelligence by creating an easily queryable data source of intelligence reports. | AI blog | CISCO TALOS |
| 27.6.26 | SMB cyber readiness: the road to resilience starts here | Security blog | Eset | |
| 27.6.26 | Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances | Hacking blog | Eset | |
| 27.6.26 | ESET takes part in Operation Endgame to disrupt Amadey and Stealc | ESET researchers assisted in the global disruption of the Amadey botnet and Stealc infostealer, providing technical analysis, infrastructure tracking, and affiliate-level insights | Malware blog | Eset |
| 27.6.26 | FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys | The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a | Social | The Hacker News |
| 27.6.26 | New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks | A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks | Virus | The Hacker News |
| 26.6.26 | Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign | A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks aimed at government entities and critical infrastructure in Southeast Asia. | APT | The Hacker News |
| 26.6.26 | New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries | A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331 , | Vulnerebility | The Hacker News |
| 26.6.26 | Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs | A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it. | Hack | The Hacker News |
| 26.6.26 | CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data | Exploit | The Hacker News |
| 26.6.26 | New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets | DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit | Vulnerebility | The Hacker News |
| 26.6.26 | Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack | Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades | Virus | The Hacker News |
| 26.6.26 | Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant | An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using | Phishing | The Hacker News |
| 26.6.26 | Russia Used Cellebrite on Jailed Activist's iPhone Months After Sales Cutoff | Russian authorities used Cellebrite's UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite said it would stop selling its tools and services to Russia and Belarus. | BigBrothers | The Hacker News |
| 26.6.26 | Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks | The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called | BigBrothers | The Hacker News |
| 25.6.26 | Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager | In early 2026, Mandiant identified a threat actor targeting SD-WAN infrastructure at a service provider. After gaining initial access, the threat actor exploited a zero-day vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN to escalate privileges from a compromised administrative account to root-level access. | Exploit blog | GTI |
| 25.6.26 | Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability | An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According | Hack | The Hacker News |
| 25.6.26 | New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis | A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst's artificial intelligence (AI) tools and trick it into aborting or refusing an analysis of the artifact. The malware has been codenamed Gaslight owing to this deceptive behavior. | Virus | The Hacker News |
| 25.6.26 | New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns | A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations | Virus | The Hacker News |
| 25.6.26 | Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access | An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two | Exploit | The Hacker News |
| 25.6.26 | CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting | Exploit | The Hacker News |
| 25.6.26 | Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered | A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, | Virus | The Hacker News |
| 24.6.26 | Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks | Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. | Hack | The Hacker News |
| 24.6.26 | DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering | The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked to Prince Group . | Spam | The Hacker News |
| 24.6.26 | Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root | Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and | Exploit | The Hacker News |
| 24.6.26 | FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation | A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation | APT | The Hacker News |
| 24.6.26 | Fak AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents | Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it safe. | AI | The Hacker News |
| 24.6.26 | Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration | President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography. Key establishment must move by December 31, 2030; digital signatures by December 31, 2031. | BigBrothers | The Hacker News |
| 24.6.26 | GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns | GitHub is moving to strengthen software supply chain security by updating " actions/checkout " to block pwn request attacks that exploit | Exploit | The Hacker News |
| 23.6.26 | Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT | Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access | Virus | The Hacker News |
| 23.6.26 | WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool | Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation | Social | The Hacker News |
| 23.6.26 | CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration. | In August 2024 SonicWall published advisory SNWLID-2024-0015 for CVE-2024-40766. It is an improper access control vulnerability in SonicOS. CVSS 9.3. | Vulnerebility | SANS |
| 23.6.26 | Webshells Remain Popular | Webshells have been popular for a long time. We already covered this topic across multiple diaries. I spent some time to track them and slighly paid less attention to them but today I found another one. It seems to be a new player (pushed on Github two months ago). | Hack | SANS |
| 23.6.26 | OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws | OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak | AI | The Hacker News |
| 23.6.26 | A VBScript campaign distributed through WhatsApp deploying RMM software | In June 2026, we observed a malware campaign distributing malicious VBScript files through direct messages in WhatsApp. The campaign affected users across multiple countries and territories, including Malaysia, Brazil, India, Mexico, Singapore, UK, Spain, Taiwan, Australia, Russia and Vietnam, with the highest number of victims observed in Malaysia. At the time of writing this article, the campaign is still active. | Virus | SECURELIST |
| 22.6.26 | ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack | Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with | Virus | The Hacker News |
| 22.6.26 | Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants | Cybersecurity researchers have disclosed details of four vulnerabilities in Dify , an open-source agentic workflow platform with more than 146,000 | Vulnerebility | The Hacker News |
| 22.6.26 | 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests | A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to | Vulnerebility | The Hacker News |
| 22.6.26 | New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer | Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware | Virus | The Hacker News |
| 22.6.26 | Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries | Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major | OS | The Hacker News |
| 22.6.26 | Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices | Canada's spy service got a judge's permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and | BotNet | The Hacker News |
| 22.6.26 | AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network | A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices | BotNet | The Hacker News |
| 22.6.26 | INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific | A new report from INTERPOL has revealed a "dramatic increase" in cybercrime in Asia and the South Pacific, fueled by rapid digitalization, | CyberCrime | The Hacker News |
| 22.6.26 | AryStinger botnet infected thousands of D-Link routers worldwide | A previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into proxies for malicious traffic. | BotNet | BleepingComputer |
| 21.6.26 | Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk | Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform’s built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia. | Virus | SECURELIST |
| 21.6.26 | New Prinz Eugen ransomware prioritizes recent files for encryption | A new ransomware operation named 'Prinz Eugen' prioritizes recently modified files for encryption and leaves no ransom note on the system. | Ransom | BleepingComputer |
| 21.6.26 | Microsoft links Mastra AI supply chain attack to North Korean hackers | Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. | AI | BleepingComputer |
| 21.6.26 | Klue OAuth breach victim list grows as Icarus hackers claim attack | Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers' Salesforce environments, as the new "Icarus" extortion group publicly claims the attack. | Hack | BleepingComputer |
| 21.6.26 | Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin | Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. | Exploit | BleepingComputer |
| 21.6.26 | Texas govt data breach exposes over 3 million driver’s licenses | The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its license system vendor that exposed personal information for more than three million individuals. | Incindent | BleepingComputer |
| 21.6.26 | Every AI Agent Is an Identity. Most Organizations Don't Treat Them That Way | AI agents can access data, trigger workflows, deploy code, and interact with critical business systems, often with little oversight. Token Security breaks down why AI agents are becoming a new identity and governance challenge. | AI | BleepingComputer |
| 21.6.26 | Microsoft: June 2026 Windows updates break Recycle Bin prompts | Microsoft has confirmed a confusing Windows bug that causes different filenames to appear in the confirmation dialog when deleting a file from the Recycle Bin. | OS | BleepingComputer |
| 21.6.26 | CISA: Splunk Enterprise flaw actively exploited, patch by Sunday | CISA has urged U.S. federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks. | Exploit | BleepingComputer |
| 21.6.26 | NY man charged after harassing college student with AI-generated nudes | A New York man faces cyberstalking charges after allegedly sharing AI-generated nude images and fabricated racist messages using fake social media profiles to harass a Georgia college student. | AI | BleepingComputer |
| 21.6.26 | CISA warns Fortinet users to secure devices after FortiBleed leak | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Fortinet customers to secure their devices after nearly 74,000 firewall and VPN credentials were exposed in a data leak dubbed "FortiBleed." | Hack | BleepingComputer |
| 21.6.26 | Gentlemen ransomware uses multiple EDR killers to disable defenses | The Gentlemen ransomware-as-a-service (RaaS) is actively developing and maintaining a suite of endpoint detection and response (EDR) killers to help affiliates evade detection in attacks. | Ransom | BleepingComputer |
| 21.6.26 | Nintendo confirms data stolen in WebMD subsidiary cyberattack | Nintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used internally, but its systems were not compromised. | Incindent | BleepingComputer |
| 21.6.26 | USB worm spreads crypto-stealing malware via Windows shortcut files | Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication. | Cryptocurrency | BleepingComputer |
| 21.6.26 | Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks | Market intelligence platform Klue suffered a OAuth breach that enabled the "Icarus" threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign. | Incindent | BleepingComputer |
| 21.6.26 | Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp | International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish botnet and the Evil Corp Russian cybercrime group. | CyberCrime | BleepingComputer |
| 21.6.26 | eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address | I detected an interesting phishing email this morning. It targets a major Belgian bank: | Phishing | SANS |
| 21.6.26 | The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary] | Brute force SSH attacks are an ever-present threat on the internet today. We examine probing behavior over the last three months to identify coordinated and opportunistic | Hack | SANS |
| 21.6.26 | The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary] | CASB block policies rely on inspecting TCP traffic. QUIC, the protocol powering HTTP/3, runs over UDP, a protocol most CASBs cannot inspect. | Cyber | SANS |
| 21.6.26 | From a VHDX File to a Remcos RAT | Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094 | Virus | SANS |
| 21.6.26 | Evil MSI Background: BASE64 Statistical Analysis | I like it when a fellow handler posts a diary entry about images with malicious content. Last one is Xavier: "The Evil MSI Background is Back!". | Cyber | SANS |
| 21.6.26 | ShapedPlugin update flow hacked to infect WordPress sites | Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the vendor's official update system. | Hack | BleepingComputer |
| 21.6.26 | FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. | A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. | Hack | BleepingComputer |
| 21.6.26 | Apple fixes Beats Studio Buds flaw that let hackers spy on conversations | Apple has released security updates to patch a high-severity flaw affecting the Beats Studio Buds wireless earbuds that could allow attackers in Bluetooth range to spy on users' conversations. | OS | BleepingComputer |
| 21.6.26 | Telegram admits it couldn't police exam-leak channels, India tells court | India's government has told the Delhi High Court that Telegram was warned about two weeks before it was blocked, and that the platform admitted it could not proactively detect the channels selling leaked exam papers. Telegram says it cooperated and the ban is unlawful. | Social | BleepingComputer |
| 21.6.26 | F5 issues out-of-band patches for critical NGINX vulnerabilities | Cybersecurity company F5 has released out-of-band security updates to address multiple NGINX web server vulnerabilities, including two critical-severity flaws that could allow attackers to execute code on vulnerable systems. | Vulnerebility | BleepingComputer |
| 21.6.26 | Microsoft fixes Windows Server 2016 security update failures | Microsoft has fixed a known issue causing the June 2026 security updates to fail on Windows Server 2016 systems that weren't up to date. | OS | BleepingComputer |
| 21.6.26 | Leak confirms OpenAI is testing a ChatGPT for Science subscription | OpenAI appears to be testing a new subscription and experience for science use cases, but it's unclear if it'll be available to everyone regardless of their background. | AI | BleepingComputer |
| 21.6.26 | Google to use UK and EU user IP addresses for ad personalization | From August 3, 2026, Google will use IP addresses from UK, EEA and Switzerland users for ad measurement and personalization. It lands as the ICO weighs new consent rules, and years after Google itself called using such signals to identify devices "wrong." | BigBrothers | BleepingComputer |
| 21.6.26 | Why Account Takeovers Are Rising and How to Stop Them | Account takeovers are rising as attackers bypass traditional defenses through phishing, session hijacking, and MFA fatigue. Specops Software explores how device trust and continuous verification help reduce account takeover risk. | Hack | BleepingComputer |
| 21.6.26 | India's Telegram ban hit the UAE too. Here's how to get around it | India has banned Telegram until June 22 after the app was used to circulate leaked exam papers. CEO Pavel Durov accuses telecom Reliance of BGP hijacking that disrupted the app as far away as the UAE. Here's what happened, and how to get around the block with an MTProto proxy. | Social | BleepingComputer |
| 21.6.26 | Microsoft confirms Office apps launch issues after June updates | Microsoft is investigating a new issue preventing third-party applications from launching Microsoft Office applications or opening documents on up-to-date Windows systems. | OS | BleepingComputer |
| 21.6.26 | CISA orders feds to patch max severity Joomla plugin flaw by Friday | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild. | Vulnerebility | BleepingComputer |
| 21.6.26 | Microsoft working on Defender patch for RoguePlanet zero-day | Microsoft confirmed that it's working on a security patch for a Defender zero-day vulnerability named "RoguePlanet," disclosed one week ago. | Vulnerebility | BleepingComputer |
| 21.6.26 | Kodak confirms data breach claimed by ShinyHunters extortion gang | Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data. | Incindent | BleepingComputer |
| 21.6.26 | Malicious JetBrains Marketplace plugins steal AI API keys from developers | At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. | Virus | BleepingComputer |
| 21.6.26 | New Rokarolla Android malware targets 217 banking, crypto apps | A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands. | Virus | BleepingComputer |
| 21.6.26 | Steam Workshop abused to spread malware via Wallpaper Engine app | Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages. | Virus | BleepingComputer |
| 21.6.26 | UK to require ID or face scan before you can make social media accounts | Opening a new social media account in the UK will soon mean proving you're over 16 with an ID upload or a facial age scan, under a government ban on under-16s taking effect in spring 2027. Security experts warn the age checks are easy to circumvent and create new data-breach risks. | BigBrothers | BleepingComputer |
| 20.6.26 | GhostTree Attack Abused Recursive Windows Junctions to Hide Malware | GhostTree uses recursive NTFS junctions to generate vast numbers of valid Windows file paths. Varonis explains how the technique could cause Microsoft Defender folder scans to never complete, leaving malware undetected. | Attack | BleepingComputer |
| 20.6.26 | FTC warns of record $3.5 billion losses to imposter scams in 2025 | The U.S. Federal Trade Commission (FTC) warned that Americans lost $3.5 billion to imposter scams in 2025, with reported losses nearly tripling since 2020. | Spam | BleepingComputer |
| 20.6.26 | CISA warns of another cPanel plugin flaw exploited in attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an actively exploited vulnerability (CVE-2026-54420) in the LiteSpeed cPanel user-end plugin. | Exploit | BleepingComputer |
| 20.6.26 | Ransomware gang abuses Microsoft Teams relays to hide malicious traffic | DragonForce ransomware used a custom malware named 'Backdoor.Turn' to hide command-and-control traffic inside Microsoft Teams relay infrastructure. | Ransom | BleepingComputer |
| 20.6.26 | Critical Fortinet FortiSandbox flaws now exploited in attacks | Attackers are now exploiting several critical vulnerabilities in Fortinet's FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. | Exploit | BleepingComputer |
| 20.6.26 | Windows version of SprySOCKS Linux malware used to attack govt orgs | Windows variants for the SprySOCKS Linux malware have been used in attacks targeting government organizations in at least four countries. | Virus | BleepingComputer |
| 20.6.26 | iRhythm discloses data breach, says hackers stole patient info | Digital healthcare company iRhythm Holdings has disclosed a data breach after hackers stole patients' personal and health information stored on third-party-hosted business applications. | Incindent | BleepingComputer |
| 20.6.26 | DOJ seizes CFAKE, SOCFAKE deepfake nude sites under TAKE IT DOWN Act | The U.S. Department of Justice announced Friday that it has seized the CFAKE.com and SOCFAKE.com websites, which allegedly hosted nonconsensual AI-generated nude images and videos of women, in what appears to be the first publicly announced domain seizure under the TAKE IT DOWN Act. | CyberCrime | BleepingComputer |
| 20.6.26 | SimpleHelp bug lets hackers create rogue remote support accounts | A vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) authentication protocol. | Hack | BleepingComputer |
| 20.6.26 | OptinMonster WordPress plugin hacked in CDN supply-chain attack | WordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive-s content distribution network (CDN). | Hack | BleepingComputer |
| 20.6.26 | Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks | Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges. | Vulnerebility | BleepingComputer |
| 20.6.26 | Council of Europe investigates ShinyHunters data breach claims | The Council of Europe, the continent's oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the weekend. | Incindent | BleepingComputer |
| 20.6.26 | FBI: Fraudsters use couriers to steal money in crypto scams | The U.S. Federal Bureau of Investigation (FBI) warned that criminals are using couriers to collect money from victims of cryptocurrency investment scams, also known as pig butchering or romance baiting. | Spam | BleepingComputer |
| 20.6.26 | Chinese hackers breach REDCap servers, steal medical research | A China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and steal sensitive data from a medical institution in North America. | APT | BleepingComputer |
| 20.6.26 | New attack turned Microsoft 365 Copilot into 1-click data theft tool | A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL. | Hack | BleepingComputer |
| 20.6.26 | Infinite Campus data breach affects 137,000 school staff accounts | The ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. | Incindent | BleepingComputer |
| 20.6.26 | Webinar: How behavioral AI stops phishing and account takeovers | Modern phishing, BEC, and account takeover attacks increasingly bypass traditional email defenses and create operational strain for security teams. This webinar explores how behavioral AI can help automate detection, investigation, and remediation to reduce alert fatigue and accelerate response times. | AI | BleepingComputer |
| 20.6.26 | FBI disrupts massive AI-powered phishing service using a million URLs | In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords. | AI | BleepingComputer |
| 20.6.26 | Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys | Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a | Exploit | The Hacker News |
| 20.6.26 | Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain | Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8 , that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips. That code is burned into the | Exploit | The Hacker News |
| 20.6.26 | The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes | The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response | Ransom | The Hacker News |
| 20.6.26 | AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution | Microsoft researchers have detailed an exploit chain, named AutoJack , that turns an AI browsing agent into a delivery vehicle for remote code | Attack | The Hacker News |
| 20.6.26 | Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites | Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure | CyberCrime | The Hacker News |
| 20.6.26 | AI in the underground: Curiosity, claims, and concerns | Amid discussions about how artificial intelligence can facilitate cybercrime, some threat actors remain skeptical | AI blog | SOPHOS |
| 20.6.26 | A needle in a stack of needles: Hunting infostealers with AI | The sheer number of events and alerts can be overwhelming, but multi-layered pipelines can filter out the noise | AI blog | SOPHOS |
| 20.6.26 | Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People's Republic of China (PRC)-nexus threat actor, targeting institutions in the North American academic, medical, and military research community. While remaining undetected for over a year, the threat actor compromised externally facing web applications, deployed bespoke malware, pivoted to sensitive internal systems, and abused enterprise administrative tools for covert data exfiltration. | APT blog | GTI | |
| 20.6.26 | FortiBleed: You Can't Patch Your Way Out of This | A multi-phase campaign has cracked administrative credentials on roughly half of the world’s internet-facing FortiGate firewalls, and because the persistence lies below the operating system, patching will not mitigate all the threats. | Cyber blog | Eclypsium |
| 20.6.26 | No Patch Coming: The Arista EOS Tunnel Bug Your Scanner Will Miss | CVE-2026-7473 allows an attacker to sneak traffic into your network; there is no fix planned, and because the flaw lives in configuration rather than in a version number, your scanner will likely miss it. | Vulnerebility blog | Eclypsium |
| 20.6.26 | Securing the Foundation: What the New White House AI Executive Order Means for Federal Cybersecurity | The Executive Order Promoting Advanced Artificial Intelligence Innovation and Security signals a significant shift in how the federal government approaches cybersecurity. The order directs agencies to accelerate the use of AI-enabled security capabilities while strengthening the systems that support critical government operations. | AI blog | Eclypsium |
| 20.6.26 | Threat Actors Weaponizing RAR Archives to Target Thailand’s Healthcare Sector | Seqrite Threat Research Unit (TRU) actively tracks and analyses threat actors and their campaigns, focusing on attribution, infrastructure analysis, and adversary tradecraft. Throughout our research, we have attributed numerous operations to China-aligned and other threat clusters targeting both regional and international entities. | Hacking blog | Seqrite |
| 20.6.26 | Operation FanTrap: Inside the FIFA 2026 Fraud Ecosystem | Operation FanTrap reveals FIFA 2026 fraud ecosystem with 4,000+ fake domains, phishing, streaming scams, and dark web-driven cybercrime activity. | Cyber blog | Cyble |
| 20.6.26 | Inside Vidar’s ABE Bypass: From Memory Scanning to APC Injections | A Technical Walkthrough of How Vidar Defeats Application-Bound Encryption | Hacking blog | GENDIGITAL |
| 20.6.26 | Fake hiring pages abuse FIFA and other major brands to steal work credentials | Scammers are copying recruitment and calendar-booking flows to make fake Google and Facebook sign-ins look routine. | Cyber blog | GENDIGITAL |
| 20.6.26 | Your flight was cancelled. Is the refund message real? | Travel disruption gives scammers the one thing they need most: a believable reason to rush you | Spam blog | GENDIGITAL |
| 20.6.26 | Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden | Backdoor.Turn, a Go-based RAT, is the first known malware to abuse Microsoft Teams' TURN relay servers to mask command-and-control traffic. The attackers also used a previously unknown vulnerability in a Huawei driver. | Malware blog | SECURITY.COM |
| 20.6.26 | Governing Claude Enterprise in Environments Where Inline Controls Can't Go | TrendAI™ integrates the Claude Compliance API into TrendAI Vision One™ through two collectors that bring AI-aware visibility and detection to Claude Enterprise usage: one keeps all data inside the environment, while the other feeds TrendAI Vision One™ for deeper correlation and compliance. | Cyber blog | Trend Micro |
| 20.6.26 | Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign | Cybercriminals hijacked Google Ads searches for popular AI developer tools to funnel over 2,000 victims toward malicious download pages before quietly moving their operation onto claude.ai's own platform, turning the trusted domain into a delivery mechanism for credential-stealing malware. | Hacking blog | Trend Micro |
| 20.6.26 | PeopleSoft PeopleTools Pre-Authentication RCE: A PSIGW SSRF Chain That Executes Inside the JVM | A pre-authentication remote code execution (RCE) chain in Oracle PeopleSoft PeopleTools abuses the Integration Broker's PSIGW gateway to execute code inside the application server's Java virtual machine (JVM), evading behavioral and network sensors. | Hacking blog | Trend Micro |
| 20.6.26 | File Browser Hook Command Runner OS Command Injection | File Browser Hook Command Runner OS Command Injection (CVE-2026-35585) | Vulnerebility blog | SonicWall |
| 20.6.26 | Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility | Cloud logging services provide comprehensive visibility into actions performed within cloud resources, making them essential for security monitoring. However, this reliance also makes logging services a high-value target for attackers. An attacker who exploits these services could create weak spots, evade detection, and in certain scenarios, establish continuous visibility within a target’s environment. | Hacking blog | Palo Alto |
| 20.6.26 | Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE | We discovered a vulnerability in the Google Cloud Vertex AI software development kit (SDK) for Python, and responsibly disclosed it to Google. Before Google’s fix, the vulnerability would have allowed an attacker operating entirely from their own Google Cloud project to hijack a victim's model upload and poison it. | AI blog | Palo Alto |
| 20.6.26 | From Stars to Upvotes: Fake Reputation Fueling a Crypto Clipboard Hijacker | The threat actor uses multiple channels to promote and distribute a Rust clipboard hijacker, starting with a dedicated phishing page as the central hub and extending to GitHub and SourceForge projects promoted by fake accounts. A dedicated YouTube channel, using AI‑generated narrators, suspicious view spikes, and highly positive (likely coordinated) comments, further reinforces the illusion of popularity and trustworthiness. | Hacking blog | CHECKPOINT |
| 20.6.26 | From SQLi to RCE – Exploiting LangGraph’s Checkpointer | AI agents need memory. Frameworks like LangGraph provide it through checkpointers – persistence layers that store execution state. But what happens when that persistence layer isn’t locked down? | Exploit blog | CHECKPOINT |
| 20.6.26 | Scripting the disassembler: Local agentic reverse engineering through vbdec’s live COM object model | Cisco Talos detailed a new approach to reverse engineering that pairs local AI agents with traditional analysis tools like the VB6 disassembler vbdec. Instead of awkwardly bolting AI onto the software, vbdec exposes its parsed data through a live COM interface. | Hacking blog | CISCO TALOS |
| 20.6.26 | Close Encounters of the Human Kind | In the latest Threat Source, Hazel channels her inner Spielberg to explore why humans are delightfully irrational, reminding us that while security best practices are simple in theory, they’re a lot harder to pull off when you’re busy dealing with real life. | Cyber blog | CISCO TALOS |
| 20.6.26 | Winning the cyber marathon with Tony Giandomenico | Tony Giandomenico, Senior Director of Product Management, joins Amy to discuss the Talos Threat Hunting launch what he's excited about for the future of cybersecurity, and, of course, his Ironman triathlons. | Cyber blog | CISCO TALOS |
| 20.6.26 | Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting | Learn how Cisco Talos Threat Hunting uses hypothesis-driven methods and multi-domain telemetry correlation to find stealthy threats operating below automated detection thresholds. | Cyber blog | CISCO TALOS |
| 20.6.26 | Killing me gently: Inside Gentlemen’s EDR killer framework | ESET Research shares the results of a months-long investigation into the suite of EDR killers maintained by the RaaS gang Gentlemen | Ransom blog | Eset |
| 20.6.26 | Protecting legacy OT systems against modern cyberthreats | Many manufacturing plants depend on OT systems that stay in service for many years. That long run can hide significant cybersecurity risks. | Security blog | Eset |
| 20.6.26 | FishMonger’s arsenal upgraded: SprySOCKS for Windows | Malware blog | Eset | |
| 20.6.26 | EvilTokens: A phishing attack that doesn’t steal your password | A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing passwords or creating fake login pages | Hacking blog | Eset |
| 19.6.26 | CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take | Hack | The Hacker News |
| 19.6.26 | From Assistive to Agentic: The AI Shift That's Redefining Threat Management | Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset | AI | The Hacker News |
| 19.6.26 | Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data | Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident | Incindent | The Hacker News |
| 19.6.26 | Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone | Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to | Vulnerebility | The Hacker News |
| 19.6.26 | F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution | F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on | Vulnerebility | The Hacker News |
| 18.6.26 | Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2 | Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026. "The | Virus | The Hacker News |
| 18.6.26 | From emerging threat to top-tier ransomware-as-a-service: The evolution of INC ransomware | INC has evolved from an emerging ransomware-as-a-service (RaaS) operation into one of the most active ransomware groups in 2026, claiming more than 800 victims since 2023. | Ransom | ACRONIS |
| 18.6.26 | Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden | Backdoor.Turn, a Go-based RAT, is the first known malware to abuse Microsoft Teams' TURN relay servers to mask command-and-control traffic. The attackers also used a previously unknown vulnerability in a Huawei driver. | Malware blog | SECURITY.COM |
| 18.6.26 | INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023 | Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most | Ransom | The Hacker News |
| 18.6.26 | DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic | Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called | Virus | The Hacker News |
| 18.6.26 | Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network | If an autonomous AI agent interacts with your company's core intellectual property today, can your security team instantly name the person who | AI | The Hacker News |
| 18.6.26 | Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments | An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, | Cryptocurrency | The Hacker News |
| 18.6.26 | Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development | Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet . The vulnerability | Vulnerebility | The Hacker News |
| 18.6.26 | Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline | A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. | Hack | The Hacker News |
| 17.6.26 | Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats | Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than | Hack | The Hacker News |
| 17.6.26 | 144 Mastra npm Packages Compromised via Hijacked Contributor Account | As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript | Hack | The Hacker News |
| 17.6.26 | CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. | Vulnerebility | The Hacker News |
| 17.6.26 | Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting | A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model | AI | The Hacker News |
| 17.6.26 | ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures | Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader , Lorem Ipsum | Hack | The Hacker News |
| 16.6.26 | New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds | Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla , that targets 217 banking and cryptocurrency apps and packs 137 remote commands. | Virus | The Hacker News |
| 16.6.26 | Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week | Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a | Exploit | The Hacker News |
| 16.6.26 | China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth | Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS . "The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS," ESET said in a report shared with The Hacker News. | Virus | The Hacker News |
| 16.6.26 | Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware | The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages | Virus | The Hacker News |
| 16.6.26 | Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw | Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in | Exploit | The Hacker News |
| 16.6.26 | CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known | Exploit | The Hacker News |
| 16.6.26 | Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research | Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People's Republic of China (PRC)-nexus threat actor, targeting institutions in the North American academic, medical, and military research community. | APT | GTI |
| 16.6.26 | Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails | A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly | APT | The Hacker News |
| 16.6.26 | North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels | Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster | APT | The Hacker News |
| 15.6.26 | LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers | A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, | AI | The Hacker News |
| 15.6.26 | One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes | A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak . | Hack | The Hacker News |
| 15.6.26 | The Onboarding Password Mistake That Creates Unnecessary Risk | Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered | Security | The Hacker News |
| 15.6.26 | 152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic | Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to | Hack | The Hacker News |
| 15.6.26 | Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites | An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage , OptinMonster , and TrustPulse , turning those files into a way to break into the sites. When a site administrator was | Virus | The Hacker News |
| 15.6.26 | Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts | Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations. | Social | The Hacker News |
| 15.6.26 | Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw | Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor | Exploit | The Hacker News |
| 14.6.26 | Ex-school district employee jailed for hacks on former employer | A former IT employee at an Iowa school district was sentenced to 21 months in prison after conducting a prolonged cyberattack against the former employer that disrupted classroom operations, deleted accounts, and caused tens of thousands of dollars in damages. | CyberCrime | BleepingComputer |
| 14.6.26 | Chinese hackers hijack auth flow, spy on isolated network for a decade | Chinese hackers took control of a target organization's authentication stack and maintained persistence for 10 years, with full visibility into the administrative activity. | APT | BleepingComputer |
| 14.6.26 | US Gov asks Anthropic to ban 'foreign national' access to Fable, Mythos | The US government has ordered Anthropic to block all foreign nationals from accessing Fable 5 and Mythos 5, forcing the company to suspend both models worldwide. Anthropic is complying but disputes the basis, calling the cited jailbreak narrow and the capability widely available elsewhere. | AI | BleepingComputer |
| 14.6.26 | Maine disables data breach notification portal after fake disclosures | Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to prevent abuse in the future. | Incindent | BleepingComputer |
| 14.6.26 | phpBB forum fixes auth bypass bug lurking for a decade | A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. | Vulnerebility | BleepingComputer |
| 14.6.26 | Ukrainian national pleads guilty to role in Conti ransomware operation | A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. | Ransom | BleepingComputer |
| 14.6.26 | Over 400 Arch Linux packages compromised to push rootkit, infostealer | More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. | Virus | BleepingComputer |
| 14.6.26 | Early Warning Signs of Supply-Chain Attacks Live in the Dark Web | GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. | Hack | BleepingComputer |
| 14.6.26 | Microsoft fixes Windows update failures linked to WUSA installer | Microsoft has fixed a known issue that caused Windows updates released since May 2025 to fail when installed via the Windows Update Standalone Installer (WUSA) from a network share. | OS | BleepingComputer |
| 14.6.26 | Pharma giant Novo Nordisk discloses breach of clinical trials data | Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials. | Incindent | BleepingComputer |
| 14.6.26 | CISA orders feds to patch actively exploited Ivanti flaw by Sunday | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. | Exploit | BleepingComputer |
| 14.6.26 | Over 73,000 French govt employees affected in Tchap messenger breach | The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. | Incindent | BleepingComputer |
| 14.6.26 | Japanese energy firm loses drive with data of 10.9 million clients | Kyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. | Incindent | BleepingComputer |
| 14.6.26 | Maine breach portal abused to publish fake data breach disclosures | In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine's official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims. | Incindent | BleepingComputer |
| 14.6.26 | Oracle mitigates PeopleSoft zero-day exploited in data theft attacks | Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. | Exploit | BleepingComputer |
| 14.6.26 | Authorities dismantle 'AudiA6' ransomware crypto-laundering service | Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. | Ransom | BleepingComputer |
| 14.6.26 | Why AI-driven threats are exposing the limits of MSP security stacks | AI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automation, and recovery are becoming essential. | AI | BleepingComputer |
| 14.6.26 | Coupang hit with record $409 million data breach fine in Korea | The Personal Information Protection Commission (PIPC), South Korea's data protection regulator, has fined e-commerce giant Coupang a record 624.6 billion won (roughly $409 million) following a massive data breach affecting more than 37 million customers | Incindent | BleepingComputer |
| 14.6.26 | CISA tells govt agencies to patch critical exploited flaws in 3 days | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies. | Vulnerebility | BleepingComputer |
| 14.6.26 | How has use of framing protection security headers changed in the past 3 years? | Back in 2023, I wrote a diary discussing how commonly X-Frame-Options and CSP headers containing the frame-ancestors directive were used on 1 million most popular domains on the internet (based on the Tranco list), and how they were set. | Security | SANS |
| 14.6.26 | Microsoft June 2026 Patch Tuesday | Microsoft today released patches for 204 vulnerabilities. 38 of these vulnerabilities are considered critical, and three have been disclosed before today. | OS | SANS |
| 14.6.26 | TeamPCP Supply Chain Campaign: Activity Through 2026-06-07 | This diary continues the Internet Storm Center's tracking of the TeamPCP supply chain campaign, first documented in the SANS white paper When the Security Scanner Became the Weapon and most recently in the handler diary Activity Through 2026-05-24. | Hack | SANS |
| 14.6.26 | Microsoft fixes BitLocker recovery bug on Windows Server 2025 | Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. | OS | BleepingComputer |
| 14.6.26 | Nottingham University data breach affects over 450,000 students | The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. | Incindent | BleepingComputer |
| 14.6.26 | Max severity Ivanti Sentry vulnerability now exploited in attacks | Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. | Vulnerebility | BleepingComputer |
| 14.6.26 | Path traversal flaw in AI dev platform Langflow exploited in attacks | Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. | Vulnerebility | BleepingComputer |
| 14.6.26 | The ‘Miasma’ worm source code briefly leaked on GitHub | The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. | Virus | BleepingComputer |
| 14.6.26 | GitHub announces npm security changes to tackle supply-chain attacks | GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the 'npm install' command. | Hack | BleepingComputer |
| 14.6.26 | Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks | Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. | APT | BleepingComputer |
| 14.6.26 | China-linked JDY botnet expands targeting of U.S. military networks | The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reconnaissance efforts. | APT | BleepingComputer |
| 14.6.26 | Microsoft patches Exchange Server zero-day exploited in attacks | Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users. | OS | BleepingComputer |
| 14.6.26 | Microsoft: Some Windows PCs fail to install latest monthly updates | Microsoft warned customers on Tuesday that they may have issues installing the latest monthly updates on some Windows devices that were upgraded to Windows 11 24H2 or 25H2. | OS | BleepingComputer |
| 14.6.26 | Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days | On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives. | OS | BleepingComputer |
| 14.6.26 | Ivanti: Max severity Sentry flaw allows code execution as root | Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. | Vulnerebility | BleepingComputer |
| 14.6.26 | Anthropic rolls out Claude Fable 5, but it's available for a limited time | Anthropic has begun rolling out a new model called "Fable," which is based on the same underlying model as Mythos, its most powerful AI model class. | AI | BleepingComputer |
| 14.6.26 | Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges | A security researcher has released a new Microsoft Defender zero-day exploit named "RoguePlanet" just hours after Microsoft fixed two previously disclosed flaws during June 2026 Patch Tuesday. | OS | BleepingComputer |
| 14.6.26 | ServiceNow discloses security incident exposing customer data | ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances | Incindent | BleepingComputer |
| 14.6.26 | OpenClaw AI agent found falling for phishing attacks, spills user data | Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. | AI | BleepingComputer |
| 14.6.26 | SAP fixes critical flaws in NetWeaver and Commerce Cloud | SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. | Vulnerebility | BleepingComputer |
| 14.6.26 | Microsoft releases Windows 10 KB5094127 extended security update | Microsoft has released the Windows 10 KB5094127 extended security update, which fixes the June 2026 Patch Tuesday vulnerabilities and adds new functionality to monitor the rollout of updated Secure Boot certificates that replace those expiring this month. | OS | BleepingComputer |
| 14.6.26 | Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flaws | Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including five publicly disclosed zero-day vulnerabilities and one actively exploited in attacks. | OS | BleepingComputer |
| 14.6.26 | Windows 11 KB5094126 & KB5093998 cumulative updates released | Microsoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. | OS | BleepingComputer |
| 13.6.26 | XBOW tests Anthropic's Mythos Preview for offensive security | Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit discovery, reverse engineering, and live-site validation. | AI | BleepingComputer |
| 13.6.26 | GitHub disables Microsoft repos pushing password-stealing malware | Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines | Virus | BleepingComputer |
| 13.6.26 | New Veeam vulnerability exposes backup servers to RCE attacks | Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. | Vulnerebility | BleepingComputer |
| 13.6.26 | French govt messaging service breached in account hijacking attack | DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government's encrypted messaging platform. | Hack | BleepingComputer |
| 13.6.26 | CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day | CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. | Exploit | BleepingComputer |
| 13.6.26 | Google patches new Chrome zero-day flaw exploited in the wild | Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. | Exploit | BleepingComputer |
| 13.6.26 | NFCShare Android malware spreads via fake banking app updates on GitHub | New variants of the NFCShare Android malware are being distributed as fake updates for legitimate banking apps hosted on GitHub. | Virus | BleepingComputer |
| 13.6.26 | SoFi confirms third-party data breach at Hong Kong subsidiary | SoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information. | Incindent | BleepingComputer |
| 13.6.26 | New Apple feature automatically changes your compromised passwords | At WWDC 26, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. This works in Safari, and it's rolling out with iOS 27. | OS | BleepingComputer |
| 13.6.26 | New Shai-Hulud attack trojanizes 19 science-focused PyPI packages | Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets. | Hack | BleepingComputer |
| 13.6.26 | WhatsApp says it disrupted new NSO spyware phishing attacks | WhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attacks. | Social | BleepingComputer |
| 13.6.26 | Gogs patches critical zero-day enabling remote code execution | Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). | Vulnerebility | BleepingComputer |
| 13.6.26 | Critical UniFi OS bug lets hackers gain root without authentication | Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication. | Vulnerebility | BleepingComputer |
| 13.6.26 | Reducing security operations complexity with Wazuh Cloud | Security teams are increasingly overwhelmed by alert fatigue, infrastructure maintenance, and complex hybrid environments. This article explores how Wazuh Cloud helps simplify SIEM/XDR operations through managed infrastructure, automated scaling, and AI-driven security analysis | Security | BleepingComputer |
| 13.6.26 | Check Point links VPN zero-day attacks to Qilin ransomware gang | Israeli cybersecurity company Check Point has released security updates to patch a critical flaw affecting Remote Access VPN and Mobile Access deployments, which was exploited in zero-day attacks. | Ransom | BleepingComputer |
| 13.6.26 | Oxford University discloses data breach after careers platform hack | The University of Oxford disclosed a new data breach last week after being informed by its third-party provider, Group GTI, that its CareerConnect career services platform had been compromised. | Incindent | BleepingComputer |
| 13.6.26 | Over 20,000 Instagram accounts stolen in Meta AI support hack | Meta has revealed that 20,225 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords. | Social | BleepingComputer |
| 13.6.26 | Hands on with Intelligent Terminal, an AI-powered Windows Terminal | Microsoft has created an open-source fork of Windows Terminal called "Intelligent Terminal," and it allows you to use AI directly inside Terminal without interfering with the regular session. | OS | BleepingComputer |
| 13.6.26 | C0XMO botnet spreads via DD-WRT router flaw, kills rival malware | A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with various CPU architectures. | BotNet | BleepingComputer |
| 13.6.26 | Silent Ransom Group targets law firms with fake IT support calls | The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant. | Ransom | BleepingComputer |
| 13.6.26 | Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication | Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as | Vulnerebility | The Hacker News |
| 13.6.26 | U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals | Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5 , for all | BigBrothers | The Hacker News |
| 13.6.26 | Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit | Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential | Hack | The Hacker News |
| 13.6.26 | Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing | Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence | AI | The Hacker News |
| 13.6.26 | China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade | Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the | APT | The Hacker News |
| 13.6.26 | Bug bounties in the Mythos era | How AI is rewriting vulnerability research, and how our program has adapted | AI blog | SOPHOS |
| 13.6.26 | ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploit | Mandiant and Google Threat Intelligence Group (GTIG) have identified an active compromise and extortion campaign attributed to UNC6240 (ShinyHunters) targeting Oracle PeopleSoft application infrastructure. | Exploit blog | GTI |
| 13.6.26 | You Need to Verify the Hardware Supply Chain Behind Cyber-Physical Systems | Eclypsium was recently named in the Gartner® Hype Cycle™ for CPS Security, 2026 in the category of CPS Supply Chain Security. | Hacking blog | Eclypsium |
| 13.6.26 | Borrowed Trust – Systematic Exploitation of Abandoned Cloud DNS Delegations to serve Thai Gambling SEO Content | Cyble's latest analysis exposes 163 organizations compromised via abandoned DNS delegations in a Thai gambling SEO poisoning campaign. | Exploit blog | Cyble |
| 13.6.26 | FIFA World Cup 2026 Scams Are Already Active: Fake Domains, Phishing Sites, and How to Stay Safe | FIFA World Cup 2026 scams are rising as cybercriminals launch fake tickets, recruitment, and streaming websites targeting fans worldwide. | Cyber blog | Cyble |
| 13.6.26 | Who's Really Using Your Home Internet Connection? | Since January 2026, we have detected 7.4 million malicious incidents tied to residential proxy traffic, affecting 572,000 users in our telemetry. In this model, the household whose connection is being used is often not the buyer of the traffic. It is the exit point. | Cyber blog | GENDIGITAL |
| 13.6.26 | GoFlateLoader: A Widespread Golang Loader Delivering Multiple Infostealers | Gen Threat Labs has been tracking GoFlateLoader, a widespread Golang loader used to deliver multiple infostealers, including Amatera, Remus, Lumma, Vidar and StealC. | Malware blog | GENDIGITAL |
| 13.6.26 | Fake hiring pages abuse FIFA and other major brands to steal work credentials | In samples reviewed by Gen threat researchers, scammers used branded hiring pages that looked like ordinary recruitment flows: a company logo, a recruiter profile, a 30-minute meeting, and a button to continue with Google or Facebook. There was no attachment to open and no software to install. The credential theft attempt sat inside a step many job applicants already expect: signing in to schedule a call. | Cyber blog | GENDIGITAL |
| 13.6.26 | AI brands as bait: How threat actors are using the AI hype in social engineering | As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. | AI blog | Microsoft blog |
| 13.6.26 | GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026 | This year’s Pwn2Own competition in Berlin revealed just how much of the AI stack remains exposed -- and the gap between what these tools promise and what they can withstand point to the fragile security foundations underneath. | Cyber blog | Trend Micro |
| 13.6.26 | Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open | Two separate Russia-aligned campaigns are still exploiting the WinRAR flaw CVE-2025-8088 against Ukrainian organizations nearly a year after it was patched, showing how unmanaged software keeps an exploited entry point open long after the fix ships. | Vulnerebility blog | Trend Micro |
| 13.6.26 | Microsoft Security Bulletin Coverage for June 2026 | Microsoft’s June 2026 Patch Tuesday has 210 vulnerabilities, of which 67 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2026 and has produced coverage for 14 of the reported vulnerabilities. | Vulnerebility blog | SonicWall |
| 13.6.26 | Tracking Havoc Malware Activity and Evasion Techniques | This week, the SonicWall Capture Labs Threat Research Team reviewed a sample of Havoc malware. This is a C2 framework that has many stealth capabilities, including EDR bypass by using sleep obfuscation, return address stack spoofing, and indirect syscalls. While it can be used for legitimate purposes, Havoc has been and continues to be used for a variety of malicious campaigns. | Hacking blog | SonicWall |
| 13.6.26 | Trust No Skill: Integrity Verification for AI Agent Supply Chains | AI agents now extend their capabilities by installing third-party skills the way smartphones install apps. Anyone can publish a skill to a public registry. Anyone can install one into a production agent. And until now, no automated tool has verified what a skill does before it gains privileged access to credentials, files and shell commands inside that agent. | AI blog | Palo Alto |
| 13.6.26 | Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 | Palo Alto Networks Unit 42 has observed active exploitation of PAN-OS vulnerability CVE-2026-0257 by an unidentified threat actor attempting to access GlobalProtect. This security flaw involves an authentication bypass in the portal and gateway components of vulnerable versions of PAN-OS® software, which could allow unauthorized attackers to circumvent security controls and initiate VPN connections. This CVE was added to the Known Exploited Vulnerability (KEV) catalog on May 29. | Vulnerebility blog | Palo Alto |
| 13.6.26 | Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility | Cloud logging services provide comprehensive visibility into actions performed within cloud resources, making them essential for security monitoring. However, this reliance also makes logging services a high-value target for attackers. An attacker who exploits these services could create weak spots, evade detection, and in certain scenarios, establish continuous visibility within a target’s environment. | Hacking blog | Palo Alto |
| 13.6.26 | From SQLi to RCE – Exploiting LangGraph’s Checkpointer | AI agents need memory. Frameworks like LangGraph provide it through checkpointers – persistence layers that store execution state. But what happens when that persistence layer isn’t locked down? | Exploit blog | CHECKPOINT |
| 13.6.26 | A tale of two eras | In this week’s newsletter, Amy reminisces on the tech toys of their childhood, inspired by a hilarious lesson about why your digital privacy shouldn't be left on an open channel. | Cyber blog | CISCO TALOS |
| 13.6.26 | OceanLotus: From external espionage to domestic targeting | A shift in operational pattern of the infamous Vietnam-aligned APT group | APT blog | Eset |
| 13.6.26 | What makes or breaks SMB cyber-readiness | A company that's expecting a cyberattack but hasn’t actively prepared for it risks making the hardest decisions at the worst possible moment | Cyber blog | Eset |
| 13.6.26 | Cybercriminals: the 'auditors' you never hired | Every organisation gets audited. The question is who does the auditing. | Cyber blog | Eset |
| 12.6.26 | Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code | Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running | AI | The Hacker News |
| 12.6.26 | LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution | Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph , including a critical vulnerability | CyberCrime | The Hacker News |
| 12.6.26 | INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator | An INTERPOL-led operation last month resulted in the disruption of Sniper Dz , a decade-long phishing-as-a-service (PhaaS) platform, Group- | CyberCrime | The Hacker News |
| 12.6.26 | Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs | Authorities in Europe have disrupted AudiA6 , a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, | Cryptocurrency | The Hacker News |
| 12.6.26 | ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities | The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand | Exploit | The Hacker News |
| 12.6.26 | New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets | Two security teams have shown, in separate research published this week, that OpenClaw , the popular self-hosted AI agent, can be driven to | AI | The Hacker News |
| 12.6.26 | New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files | Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML , a day after they published an exploit for Microsoft Defender. "This was an accidental discovery, it took a total of 4 hours to find this," the researcher said in a post on Blogger. | Exploit | The Hacker News |
| 12.6.26 | The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm | A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate | Ransom | The Hacker News |
| 11.6.26 | OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack | The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and | APT | The Hacker News |
| 11.6.26 | GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks | GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to | Hack | The Hacker News |
| 11.6.26 | China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance | Cybersecurity researchers have warned of a "resurgence and expansion" of JDY , a covert network associated with China-nexus state-sponsored | BotNet | The Hacker News |
| 10.6.26 | Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities | Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code | Vulnerebility | The Hacker News |
| 10.6.26 | Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE | A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come | Vulnerebility | The Hacker News |
| 10.6.26 | CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited | Vulnerebility | The Hacker News |
| 10.6.26 | Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs | Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that | OS | The Hacker News |
| 10.6.26 | Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards | On June 9, Anthropic released Claude Fable 5 , the most capable model it has ever made, generally available. It also did something unusual: it | AI | The Hacker News |
| 10.6.26 | ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances | ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to | Exploit | The Hacker News |
| 10.6.26 | Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows | The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for | Vulnerebility | The Hacker News |
| 10.6.26 | Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS | Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol | Vulnerebility | The Hacker News |
| 10.6.26 | Meta to Use Off-Site Business Data for Feed and AI Personalization | Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial | Social | The Hacker News |
| 10.6.26 | Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code | Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code | Vulnerebility | The Hacker News |
| 10.6.26 | Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues | Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its | Incindent | The Hacker News |
| 9.6.26 | Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open | Two separate Russia-aligned campaigns are still exploiting the WinRAR flaw CVE-2025-8088 against Ukrainian organizations nearly a year after it was patched, showing how unmanaged software keeps an exploited entry point open long after the fix ships. | Vulnerebility | Trend Micro |
| 9.6.26 | AI Agents Enable Adaptive Computer Worms | In our pursuit of new knowledge to enhance the security of artificial intelligence, we uncovered a cybersecurity threat with implications across society. | AI | CLEVERHANS |
| 9.6.26 | WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine | Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year | Exploit | The Hacker News |
| 9.6.26 | Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models | University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight | Virus | The Hacker News |
| 9.6.26 | Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now | Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The | Exploit | The Hacker News |
| 9.6.26 | New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing | A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The | Attack | The Hacker News |
| 9.6.26 | Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer | The Miasma supply chain campaign has sparked a fresh attack wave called Hades , this time involving 37 malicious wheel artifacts across 19 | Virus | The Hacker News |
| 9.6.26 | LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. | Exploit | The Hacker News |
| 9.6.26 | One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public | Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to | Exploit | The Hacker News |
| 8.6.26 | Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order | Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group . In addition, the tech giant | Social | The Hacker News |
| 8.6.26 | Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups | Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The | Exploit | The Hacker News |
| 8.6.26 | VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances | A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two | APT | The Hacker News |
| 8.6.26 | From cause to cash: a cross-border look at hacktivist activity | While tracking the activities of 4BID we uncovered a new string of campaigns that appear to be the work of several interconnected actors. While politically motivated groups generally limit their scope to specific nations – for 4BID and its peers, primarily Russian and occasionally Belarusian organizations – our latest findings reveal a shift. | Hack | SECURELIST |
| 8.6.26 | UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign | Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of | APT | The Hacker News |
| 8.6.26 | VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks | Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development | Hack | The Hacker News |
| 8.6.26 | New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration | OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising | AI | The Hacker News |
| 7.6.26 | Critical Everest Forms Pro flaw exploited to take over WordPress sites | Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website. | Vulnerebility | BleepingComputer |
| 7.6.26 | Suspicious Polyfill login prompts pop up on Toshiba, Muji websites | Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could collect credentials. | CyberCrime | BleepingComputer |
| 7.6.26 | CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers | CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. | Exploit | BleepingComputer |
| 7.6.26 | Chinese APT deploys new malware to keep access to hacked networks | A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD | APT | BleepingComputer |
| 7.6.26 | Dark web Nemesis Market vendor gets 26 years for selling drugs | A California man was sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine through Nemesis Market, one of the world's largest dark web marketplaces. | CyberCrime | BleepingComputer |
| 7.6.26 | Over 900 US gas station tank gauge systems exposed to attacks | Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure sectors, have been found exposed online and are vulnerable to ongoing attacks. | Incindent | BleepingComputer |
| 7.6.26 | What 2026 DBIR Confirms: Attacks Are Living in the Browser | Phishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveals about browser-layer security gaps and modern attacks. | CyberCrime | BleepingComputer |
| 7.6.26 | Cisco warns of unpatched SD-WAN zero-day exploited in attacks | On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. | Exploit | BleepingComputer |
| 7.6.26 | Brave Software releases Origin for a paid, bloat-free browsing experience | Brave has announced the public release of Brave Origin, a paid minimalist version of its browser that strips out cryptocurrency, AI, rewards, and other monetization-focused features. | Security | BleepingComputer |
| 7.6.26 | Hola Browser for Windows compromised to deliver cryptominer | The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. | Cryptocurrency | BleepingComputer |
| 7.6.26 | Credit card theft campaign abuses Stripe to host stolen payment info | A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. | CyberCrime | BleepingComputer |
| 7.6.26 | DentaQuest data breach exposed info of 2.6 million accounts | A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts. | Incindent | BleepingComputer |
| 7.6.26 | UN food agency discloses breach affecting 600,000 Gaza households | The United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine was breached. | Incindent | BleepingComputer |
| 7.6.26 | New IronWorm malware hits 36 packages in npm supply-chain attack | A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. | Virus | BleepingComputer |
| 7.6.26 | Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook | Threat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tutorial reveals about modern attacker workflows. | Security | BleepingComputer |
| 7.6.26 | Microsoft blames unexpected Windows driver updates on caching issue | On Wednesday, Microsoft fixed an issue that caused some Windows devices to install driver updates without notice despite policies configured to prevent auto-updates. | OS | BleepingComputer |
| 7.6.26 | Police dismantles fake ID marketplace used by migrant smugglers | French and Spanish authorities took down an online marketplace selling fake identity documents to migrant smuggling rings operating within the European Union. | CyberCrime | BleepingComputer |
| 7.6.26 | Cisco warns of critical Unified CM flaw with PoC exploit code | Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. | Exploit | BleepingComputer |
| 7.6.26 | Chinese hackers use new Atlas RAT malware in European cyberattacks | A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. | Virus | BleepingComputer |
| 7.6.26 | U.S. sanctions Nobitex crypto exchange used by Iranian ransomware actors | The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. | Cryptocurrency | BleepingComputer |
| 7.6.26 | CISA warns of cyberattacks targeting fuel tank monitoring systems | CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors. | Cyber | BleepingComputer |
| 7.6.26 | New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute | A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. | Attack | BleepingComputer |
| 7.6.26 | CISA warns of active attacks exploiting Android, Linux bugs | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. | Exploit | BleepingComputer |
| 7.6.26 | What 345 Days of Untested Exposure Looks Like at a Bank | A two-week penetration test can leave roughly 345 days of real-world exposure unvalidated. Sprocket Security explores why continuous testing is becoming critical as attack surfaces constantly change. | CyberCrime | BleepingComputer |
| 7.6.26 | Acer working to patch max severity zero-days in Wave 7 routers | Acer is working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. | Vulnerebility | BleepingComputer |
| 7.6.26 | Police dismantles 9 crime groups in illegal streaming crackdown | European and international law enforcement agencies have dismantled nine organized crime groups and arrested 29 suspects in a major crackdown on illegal streaming operations. | CyberCrime | BleepingComputer |
| 7.6.26 | Google adds Android protection against AI deepfake scam calls | Google is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user's personal contacts. | AI | BleepingComputer |
| 7.6.26 | VS Code zero-day lets hackers steal GitHub tokens in one click | A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link. | Vulnerebility | BleepingComputer |
| 7.6.26 | Microsoft's Coreutils project brings Linux commands to Windows | Microsoft announced today at its Build 2026 developer conference the release of Coreutils for Windows, bringing many commonly used Linux command-line utilities to Windows as native applications. | OS | BleepingComputer |
| 7.6.26 | OpenAI upgrades GPT-5.5, as it plans to retire legacy ChatGPT models | OpenAI says it's rolling out a new update that improves the existing GPT-5.5 Instant model, and this move comes ahead of the scheduled retirement of multiple legacy models, including o3. | AI | BleepingComputer |
| 7.6.26 | Critical Kirki flaw exploited to hijack WordPress admin accounts | Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators. | Exploit | BleepingComputer |
| 7.6.26 | Over 116,000 Minecraft systems infected in WeedHack malware campaign | A large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January. | Hack | BleepingComputer |
| 6.6.26 | AI-built ransomware toolkit automates EDR evasion, AD discovery | A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. | AI | BleepingComputer |
| 6.6.26 | Microsoft Exchange Online outage causes email delays, failures | Microsoft is working to address a widespread service issue affecting the mail flow pipeline for Exchange Online customers across North America and Germany. | OS | BleepingComputer |
| 6.6.26 | Instagram users locked out after Meta AI abused to steal accounts | Multiple Instagram users had their accounts hijacked after attackers convinced Meta's AI-powered support tools that they were the legitimate owners. | Social | BleepingComputer |
| 6.6.26 | CISA flags two-year-old Oracle flaw as actively exploited in attacks | CISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks. | Exploit | BleepingComputer |
| 6.6.26 | Google fixes one actively exploited Android zero-day, 124 flaws | Google has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. | OS | BleepingComputer |
| 6.6.26 | Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks | A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. | Hack | BleepingComputer |
| 6.6.26 | Red Hat npm packages compromised to steal developer credentials | More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." | Incindent | BleepingComputer |
| 6.6.26 | Spain arrests doxer leaking sensitive data of govt employees | The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute (INCIBE). | CyberCrime | BleepingComputer |
| 6.6.26 | Dashlane password manager users locked out by brute force attacks | Multiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. | Hack | BleepingComputer |
| 6.6.26 | WordPress malware campaign hides payloads in Steam profiles | Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. | Social | BleepingComputer |
| 6.6.26 | Microsoft investigates Office Apps, Teams file access issues | Microsoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. | OS | BleepingComputer |
| 6.6.26 | Critical Windows Netlogon RCE flaw now exploited in attacks | The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability (CVE-2026-41089) in attacks. | Exploit | BleepingComputer |
| 6.6.26 | Webinar tomorrow: From alert to resolution in network incident response | Network incidents are often detected quickly, but investigations and coordination can delay resolution. Join our webinar tomorrow to learn how automation and AI-assisted workflows can help IT teams accelerate incident response. | Security | BleepingComputer |
| 6.6.26 | Microsoft fixes outage affecting MFA setup, MySignIn service | Microsoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. | OS | BleepingComputer |
| 6.6.26 | Microsoft fixes KB5089549 Windows security update install issues | Microsoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). | OS | BleepingComputer |
| 6.6.26 | WP Maps Pro bug exploited to create admin accounts on WordPress sites | Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. | Exploit | BleepingComputer |
| 6.6.26 | Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI | A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, | AI | The Hacker News |
| 6.6.26 | CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi- | Exploit | The Hacker News |
| 6.6.26 | AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs | Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media | AI | The Hacker News |
| 6.6.26 | Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack | Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The | Virus | The Hacker News |
| 6.6.26 | Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available | Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, | Vulnerebility | The Hacker News |
| 6.6.26 | IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks | Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 | Virus | The Hacker News |
| s6.6.26 | New Malware Targeting Minecraft Infects 2K Daily, and Teens are Becoming Attackers | If you or your child plays Minecraft, here's what you need to know about a large-scale malware campaign McAfee Labs just uncovered, and what to do about... | Malware blog | MCAFEE |
| 6.6.26 | Pointing a Cursor at evading detection | AI accelerated tool development and testing, but humans drove the workflow | AI blog | SOPHOS |
| 6.6.26 | You do surprise me.exe: An unexpected executable in Hola Browser | Following a certification test, Sophos X-Ops found an unexpected guest had hitched a ride | Security blog | SOPHOS |
| 6.6.26 | Explore GTIG's 2026 report on how adversaries leverage AI for zero-day exploits, autonomous malware, and industrial-scale cyber operations. | AI blog | GTI | |
| 6.6.26 | From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as "Luna Moth," “Chatty Spider,” and "Silent Ransom Group") targeting dozens of organizations across professional, legal, and financial services in the United States. | Hacking blog | GTI | |
| 6.6.26 | Microsoft Secure Boot Certificates Expiring in 2026: Enterprise Impact | Three certificates expire, two UEFI stores are affected, and one permanent gap opens if you miss the deadline. You can use Eclypsium’s solution to identify these gaps that will inevitably affect your Windows fleet. | Security blog | Eclypsium |
| 6.6.26 | C-Suite Impersonation in the Gulf: How Threat Actors Are Targeting UAE & Saudi Executives in 2026 | CEO fraud is rising across the Gulf. Discover how BEC, executive impersonation, and deepfake scams target business leaders. | Spam blog | Cyble |
| 6.6.26 | How AI-Powered Brand Impersonation Works — And Why Traditional Security Misses It Entirely | AI-powered brand impersonation combines deepfakes, fake domains, and social engineering, creating scalable fraud that evades traditional defenses. | AI blog | Cyble |
| 6.6.26 | OverlayPhantom: The Android Banking Trojan Hiding in Plain Sight | Cyble analyzes OverlayPhantom, an Android banking trojan targeting 180+ apps across 10 countries, stealing credentials via fake overlays and real-time screen streaming. | Malware blog | Cyble |
| 6.6.26 | Meet DriveSurge: A New Threat Actor Using ClickFix and Fake Update Drive-By Attacks in Thousands of Compromised Sites | Silent Push Preemptive Cyber Defense Analysts recently observed several drive-by attack clusters developed by a threat actor to automate malware delivery at scale. We named the primary driver behind an extensive surge in ClickFix and FakeUpdates campaigns: DriveSurge. | Hacking blog | Silent Push |
| 6.6.26 | When Hotel Scams Know Your Booking: 350 Compromised Accommodations Across 50 Countries | After our first report, Booking.com began warning customers that reservation data had been accessed. Our continuing investigation shows how criminals are using that data at scale. | Spam blog | GENDIGITAL |
| 6.6.26 | Espionage Campaign Targeted Stock Exchange Executive for Five Months | Unknown attackers stole a senior executive's Outlook mailbox in incremental batches, exfiltrating through Dropbox and OneDrive Personal to keep the traffic indistinguishable from legitimate activity. | Hacking blog | SECURITY.COM |
| 6.6.26 | Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI's Biggest AI Showdown Yet | 47 zero-days fell at Pwn2Own Berlin 2026 for US$1,298,250 in payouts. TrendAI™ was on the ground all three days — here's what we saw. | Cyber blog | Trend Micro |
| 6.6.26 | NGINX Rift Rewrite Module Remote Code Execution | The SonicWall Capture Labs threat research team became aware of a heap buffer overflow vulnerability in NGINX products, assessed its impact and developed mitigation measures. NGINX is the top web server and reverse proxy globally. | Vulnerebility blog | SonicWall |
| 6.6.26 | Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 | Palo Alto Networks Unit 42 has observed active exploitation of PAN-OS vulnerability CVE-2026-0257 by an unidentified threat actor attempting to access GlobalProtect. | Vulnerebility blog | Palo Alto |
| 6.6.26 | The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2) | The security of the npm ecosystem reached a critical inflection point in September 2025. The Shai-Hulud worm, a self-replicating malware that automated the compromise and redistribution of malicious packages, marked the end of the “nuisance” era of npm attacks and the beginning of a high-consequence threat landscape. | Cyber blog | Palo Alto |
| 6.6.26 | Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell | We are tracking an increasingly widespread malvertising campaign targeting macOS. This campaign appears to be the next stage of a previous campaign known as JSCoreRunner, which was first identified in August 2025. | Malware blog | Palo Alto |
| 6.6.26 | Impersonation, Click Hijacking, and TDS: Inside a Malware Distribution Ecosystem | Check Point Research investigated a large-scale operation that impersonates open-source and freeware projects to capture search traffic, including lookalikes for researcher and security tooling such as Ghidra, dnSpy, and SpiderFoot. | Hacking blog | CHECKPOINT |
| 6.6.26 | Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting | Learn how Cisco Talos Threat Hunting uses hypothesis-driven methods and multi-domain telemetry correlation to find stealthy threats operating below automated detection thresholds. | Cyber blog | CISCO TALOS |
| 6.6.26 | Reporting from Vegas: Networking, AI, and good boys | Joe’s on-the-ground report from Cisco Live U.S. is here, complete with therapy dog pictures and tips on handling conference overstimulation. | Cyber blog | CISCO TALOS |
| 6.6.26 | Winning the cyber marathon with Tony Giandomenico | Tony Giandomenico, Senior Director of Product Management, joins Amy to discuss the Talos Threat Hunting launch what he's excited about for the future of cybersecurity, and, of course, his Ironman triathlons. | Cyber blog | CISCO TALOS |
| 6.6.26 | DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap | This white paper presents a concrete case study demonstrating the creation of a heap overflow vulnerability through the exploitation of the DICOM file format. | Security blog | CISCO TALOS |
| 6.6.26 | Less panic patching, more precision | In this newsletter, Thor breaks down why you should stop relying solely on CVSS and start using EPSS and GCVE to focus your patching efforts on the threats that actually matter. | Vulnerebility blog | CISCO TALOS |
| 6.6.26 | MediaArea heap-based buffer overflow vulnerabilities | EvidenceForge generates high-quality, realistic, and consistent datasets across multiple log formats, enabling teams to effectively train personnel and validate detection models without the need for complex manual simulations. | Vulnerebility blog | CISCO TALOS |
| 6.6.26 | Lessons for life: Why children’s data is a long-term identity risk | Your child’s first data breach may happen before they’ve even opened a bank account. Here’s how to keep their digital life safe. | Vulnerebility blog | Eset |
| 5.6.26 | MiniPlasma: detecting exploitation of a critical unpatched Windows vulnerability | Over the past two months, the anonymous researcher Nightmare Eclipse has publicly released six Windows vulnerabilities complete with ready-to-use exploits, without prior coordination with Microsoft. The most critical of these is MiniPlasma. | Vulnerebility | SECURELIST |
| 5.6.26 | Argamal: Malware hidden in hentai games | In April 2026, we discovered a new malware campaign targeting players of “hentai” games. Once launched, the infected games install a previously unknown malicious implant on the user’s machine. | Virus | SECURELIST |
| 5.6.26 | The Evil MSI Background is Back! | A few months ago, I wrote a diary about a payload that was embedded into a JPEG picture. It was a MSI-branded background. Yesterday, I spotted another one! | Hack | SANS |
| 5.6.26 | Microsoft's Coreutils for Windows | I've been using the GnuWin32 CoreUtils for Windows for many years now (it gives you many *nix core commands on Windows). | Hack | SANS |
| 5.6.26 | Continuing Scans for swagger.json | Enterprise applications often still use complex standards like SOAP for web services. The big advantage of SOAP is its tight and extensive standards, which enable interoperability across an enterprise governed by web services. | Hack | SANS |
| 5.6.26 | Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps | Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin , according to findings from ESET. The | Virus | The Hacker News |
| 5.6.26 | New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework | Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 (where "OP" stands for "opponent") that has been | APT | The Hacker News |
| 5.6.26 | PCPJack Hijacked 230 AWS, GCP, and Azure Servers to Run a Hidden SMTP Relay Network | SentinelOne documented PCPJack in April 2026, covering how the campaign gains initial access and harvests credentials from compromised Linux servers. What that report didn't cover was what happens next. | Hack | HUNT.IO |
| 5.6.26 | Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites | Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to | Exploit | The Hacker News |
| 5.6.26 | FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins | Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 | Spam | The Hacker News |
| 5.6.26 | PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network | The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and | Hack | The Hacker News |
| 5.6.26 | Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public | Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, | Vulnerebility | The Hacker News |
| 5.6.26 | Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories | A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because | AI | The Hacker News |
| 5.6.26 | Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It | Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It | AI | The Hacker News |
| 4.6.26 | Gemini’s Secret Affair: Exploiting Gemini Voice Assistant Through Instant Messaging Apps | SafeBreach Labs researchers discovered a new security vulnerability that allows attackers to exploit Google Gemini through notification-based indirect prompt injections from messaging apps like WhatsApp, Slack, and SMS. | Hack | SAFEBREACH |
| 4.6.26 | Espionage Campaign Targeted Stock Exchange Executive for Five Months | Unknown attackers stole a senior executive's Outlook mailbox in incremental batches, exfiltrating through Dropbox and OneDrive Personal to keep the traffic indistinguishable from legitimate activity. | APT | SECURITY.COM |
| 4.6.26 | Impersonation, Click Hijacking, and TDS: Inside a Malware Distribution Ecosystem | Check Point Research investigated a large-scale operation that impersonates open-source and freeware projects to capture search traffic, including lookalikes for researcher and security tooling such as Ghidra, dnSpy, and SpiderFoot. | Hack | CHECKPOINT |
| 4.6.26 | China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa | A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. | APT | The Hacker News |
| 4.6.26 | FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads | Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new | Virus | The Hacker News |
| 4.6.26 | Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS | Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting | Virus | The Hacker News |
| 4.6.26 | Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months | Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox | Hack | The Hacker News |
| 4.6.26 | DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets | The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and | CyberCrime | The Hacker News |
| 4.6.26 | WhatsApp, Slack Notifications Could Hijack Google Gemini on Android | A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice | Social | The Hacker News |
| 4.6.26 | One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens | Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's | Hack | The Hacker News |
| 4.6.26 | Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479) | Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting | AI | The Hacker News |
| 4.6.26 | CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a | Exploit | The Hacker News |
| 4.6.26 | Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT | Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection | Virus | The Hacker News |
| 3.6.26 | Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag | A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token | OS | The Hacker News |
| 3.6.26 | Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479) | Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting | Vulnerebility | The Hacker News |
| 3.6.26 | Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes | Varonis Threat Labs discovered a new Outlook exploit and three new ways to access NTLM v2 hashed passwords. | Vulnerebility | VARONIS |
| 3.6.26 | FSB’s matryoshka #1/3 – Gamaredon’s gifts that keeps unpacking – GammaPhish and GammaWorm | Gamaredon is a cyberespionage group specialized in long-term and persistent intrusion operations targeting Ukraine. Officially operated by Russia’s FSB, the group is focusing government, military, and critical infrastructure networks, and is still actively operating at the time of this publication. | Virus | SEKOIA BLOG |
| 3.6.26 | FSB’s matryoshka #2/3 – Gamaredon’s gifts that keeps unpacking – GammaLoad | Gamaredon is a cyberespionage group specialized in long-term and persistent intrusion operations targeting Ukraine. Officially operated by Russia’s FSB, the group is focusing government, military, and critical infrastructure networks, and is still actively operating at the time of this publication. | Virus | SEKOIA BLOG |
| 3.6.26 | One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens | Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's | Hack | The Hacker News |
| 3.6.26 | Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes | Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. | Vulnerebility | The Hacker News |
| 3.6.26 | New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare | Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, | Attack | The Hacker News |
| 3.6.26 | Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content | Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The Minecraft-focused malware-as-a-service | Virus | The Hacker News |
| 3.6.26 | Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited | Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, | OS | The Hacker News |
| 3.6.26 | Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine | The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple | Exploit | The Hacker News |
| 3.6.26 | Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic | Vulnerebility | The Hacker News |
| 2.6.26 | New Wave Of Phishing Emails with SVG Files | For a few days, my SANS ISC mailbox is flooded with emails that delivers SVG files. An SVG ("Scalable Vector Graphic") is a web-friendly vector file format used for graphics and icons. | Phishing | SANS |
| 2.6.26 | Wardriving assessment across Mexico: Preparing for the 2026 World Cup | In the lead-up to the 2026 FIFA World Cup, Kaspersky GReAT experts conducted a wardriving assessment in Mexico City, Monterrey, and Guadalajara to evaluate Wi-Fi hotspot security configurations and potential exposure risks. | CyberCrime | SECURELIST |
| 2.6.26 | Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT | Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance with an open-source remote | APT | The Hacker News |
| 2.6.26 | Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded | Password manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded | Hack | The Hacker News |
| 2.6.26 | Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm | A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma , has compromised @redhat-cloud-services packages to steal | Hack | The Hacker News |
| 1.6.26 | China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan | A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic | APT | The Hacker News |
| 1.6.26 | Containers on fire: from container escapes to supply chain attacks | We break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks. | Hack | SECURELIST |
| 1.6.26 | What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant | Containerization using Docker has become firmly established in modern development standards, significantly increasing the speed and convenience of deploying various services. Developers often use ready-made Docker images, making only minimal changes. The largest repository of container images is the Docker Hub service. | AI | SECURELIST |
| 1.6.26 | Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years | In late April 2026, a client reached out to us for incident response support after discovering a miner running on users’ computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. | CyberCrime | SECURELIST |
| 1.6.26 | OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack | Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui- | AI | The Hacker News |
| 1.6.26 | Unidentified RAT pushes NetSupport RAT | This diary provides indicators from an unidentified RAT infection on Wednesday 2026-05-27 that was followed by a malicious NetSupport Manager RAT package. | Virus | SANS |
| 1.6.26 | YARA-X 1.17.0 Release | YARA-X's 1.17.0 release brings 5 improvements (several performance improvements) and 1 bugfix. | Security | SANS |
| 1.6.26 | Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts | Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro , a WordPress plugin that has had over 15,000 | Exploit | The Hacker News |
| 1.6.26 | Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices | Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks. The bot network, per the Dutch Politie and the National Cyber Security Center (NCSC), consisted of at least 17 million infected devices. | BotNet | The Hacker News |