Generated by All in One SEO Pro v4.9.6.2, this is an llms.txt file, used by LLMs to index the site.

Cybernoz

Cybersecurity News

Sitemaps

XML Sitemap: Contains all public & indexable URLs for this website.

Posts

EDRChoker: Choking The Telemetry Stream to Bypass Defenses - I. INTRO In an era where cloud-based Endpoint Detection and Response (EDR) is increasingly common, bypassing/evasion now includes ways to interfere with primarily block the connection between an EDR agent and its server. Once an EDR agent loses contact with its server, much of its power is gone. In this article I present a
I Have a Lot to be Thankful for in 2020 - I have a lot to be thankful for in 2020 — and it starts with the MSP community.Thanksgiving 2015: I was a punk with hacking skills but hardly knew SMB security (let alone MSPs). The MSP community had SMB skills but hardly knew security (let alone hacking).Thanksgiving 2020: I’m still a punk, but my hacking
New IronWorm malware hits 36 packages in npm supply-chain attack - A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm credentials, vault configuration files, SSH keys, and Exodus cryptocurrency wallet files. According to researchers at
Instagram Fixes Password Reset Flaw That Exposes User Emails and Phone Numbers - The bug was first spotted and publicly demonstrated on June 6, 2026, by security researchers monitoring Meta’s account recovery infrastructure. Within hours of the demonstrations going viral, security researcher @Scot0xo confirmed on X that the flaw was a logic bug in the web reset flow, not an API credential leak or server-side breach that leaked
UNC3753 Targets US Law Firms with Vishing, RMM Tools, and Physical Break-Ins - Threat cluster UNC3753, widely tracked as Silent Ransom Group or Luna Moth, is actively targeting professional, legal, and financial services in the United States. According to Mandiant’s Google Threat Intelligence Group (GTIG), this financially motivated campaign leverages a highly effective combination of voice phishing, remote monitoring and management abuse, and unprecedented physical office intrusions. Attackers
Most pros have seen AI hallucinations in IT operations - Autonomous AI is taking action inside enterprise IT environments. Software is restarting services, isolating risky devices, and applying patches without waiting for a human to approve the step. The capability is spreading at the same time IT professionals are reporting frequent encounters with AI output errors that can carry operational impact. Ivanti’s 2026 AI Maturity
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available - Ravie LakshmananJun 06, 2026Vulnerability / Network Security Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types - On-Prem Deployment Cisco SD-WAN Cloud-Pro Cisco SD-WAN
Supply Chain Exploitation of SolarWinds Orion Software - On December 13, FireEye discovered that SolarWinds Orion products (versions 2019.4 HF 5 and 2020.2 with no hotfix or 2020.2 HF 1) were being exploited by malicious actors. The supply chain attack trojanized SolarWinds Orion business software updates in order to distribute malware that has been referred to as both SUNBURST and Solorigate.This post was
UN food agency discloses breach affecting 600,000 Gaza households - Image: Kaga Tau (CC BY-SA 4.0) The United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine was breached. The WFP disclosed the incident in a Sunday Telegram message, saying that the self-registration application used for assistance registration in Gaza had been breached.
CISA Warns of Linux Kernel Improper Authentication Vulnerability Exploited in Attacks - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel vulnerability, tracked as CVE-2022-0492, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. The issue, categorized as improper authentication, affects Linux systems using the cgroups v1 release_agent feature and may allow attackers
Malspam Campaign Abuses DoubleClick to Deploy Stealthy .NET Loader - A sophisticated new malspam campaign is actively exploiting Google’s DoubleClick ad-tracking infrastructure to bypass enterprise email security gateways. Discovered by researchers at Huntress, the attack utilizes highly personalized dynamic lures to initiate a complex, five-stage infection chain that actively dismantles local defenses before deploying process-hollowed payloads. The attack chain begins with a malicious HTML attachment,
AI agent governance gets harder when agents outnumber your people - In this Help Net Security video, Amit Gautam, CTO at Abluva, explains the security risks that autonomous AI agents bring into enterprise environments. He opens with a real case: a reconciliation agent at a financial services firm had legitimate access to a customer database. A poison instruction from upstream changed its behavior, and it scanned
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack - Ravie LakshmananJun 06, 2026Supply Chain Attack / Malware Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, per OpenSourceMalware. The development has GitHub to disable access to
U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog - U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini June 06, 2026 U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Serv-U flaw, tracked as CVE-2026-28318 (CVSS ver 3.1 score of 7.5), to
Annual Security Awareness Training is a Waste of Time - It’s that time of year again. December is a time for the holidays. With that comes time to travel, eat great food, visit family & friends, and wrap up another year of great work. If you are like most organizations, you have some busy work to do as well. Complete your annual reviews, fill out
Credit card theft campaign abuses Stripe to host stolen payment info - A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. The entire malicious activity relies on Google Tag Manager and Stripe domains - googletagmanager.com and api.stripe.com - that are trusted implicitly by online stores. The new malware family was discovered by researchers at
Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks - A newly disclosed critical vulnerability in the HuggingFace Transformers library, tracked as CVE-2026-4372, allows attackers to achieve remote code execution (RCE) through malicious model configuration files. The flaw exposes a significant supply chain risk in one of the most widely used machine learning frameworks, impacting developers, enterprises, and AI pipelines globally. The vulnerability stems from
CISA Alerts on Actively Exploited SolarWinds Serv-U Denial-of-Service Flaw - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability in SolarWinds Serv-U to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-28318, this flaw allows unauthenticated threat actors to remotely crash the file transfer service. With active exploitation observed in the wild, this development signals a severe risk to enterprise
New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams - A new cybercrime group called Pink is targeting corporate data for financial extortion. Palo Alto Networks’ research division, Unit 42, first exposed this threat, believed to be linked with the broader Com network. The researchers tracked the group under the cluster code CL-CRI-1147, and reported that Pink launched a dedicated data leak site on 31
Thieves can pull off keyless car theft in under a minute and here's how to stop them - A keyless car can be stolen in under a minute. Two people, a pair of cheap radio amplifiers, and a fob sitting on a hallway table inside the house. That is enough. No broken glass. No alarm. No sound. Most keyless cars remain vulnerable The vulnerability runs across the global market. Germany’s largest auto club,
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog - Ravie LakshmananJun 06, 2026Vulnerability / Patch Management The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 - Cisco informed customers on Thursday about yet another SD-WAN product vulnerability that has been exploited in the wild – the seventh whose exploitation was detected in 2026. The new vulnerability, which has yet to be patched by Cisco, is tracked as CVE-2026-20245 and it affects the command-line interface (CLI) of Cisco Catalyst SD-WAN Manager. An
Finding the Middle in AI Narratives - Another major AI vibe shift is happening.The tech is moving so fast that our collective reactions are emotionally exaggerated.In mid 2022 most people didn't think anything could pass the Turing test. We got chatbots in 2023. We got agents in 2024, but nobody trusted AI for coding.We got Claude Code in 2025, and in one
Top Hacker Tradecraft That Caught Our Eye in 2020 - As the year-that-must-not-be-named comes to a close, we’ve decided to take a look back at some of the more interesting — and innovative — hacker tradecraft we saw over these past 12 months.We also covered this topic on our most recent Tradecraft Tuesday episode — go give it a watch if you’d prefer to recap
Over 900 US gas station tank gauge systems exposed to attacks - Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure sectors, have been found exposed online and are vulnerable to ongoing attacks. ATG systems are electronic monitoring devices used to remotely track fuel, chemicals, or other liquids in storage tanks, automating inventory control,
New ChatGPT Lockdown Mode to Mitigate Prompt Injection and Data Exfiltration Attacks - OpenAI has released ChatGPT Lockdown Mode, a new security feature designed to limit outbound network access and reduce the risk of data exfiltration from prompt-injection attacks. The feature is now available to eligible personal accounts, self-serve ChatGPT Business users, and managed enterprise workspaces. Prompt injection, where malicious instructions are embedded in content processed by an
Critical UniFi OS Auth Bypass Flaws Lead to Unauthenticated Root RCE - Ubiquiti has addressed three critical vulnerabilities within the UniFi OS Server that attackers can chain together to achieve unauthenticated remote code execution (RCE) with root privileges. Disclosed on May 21, 2026, via Security Advisory Bulletin 064 (SAB-064), the flaws are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. Each vulnerability carries a maximum CVSS 3.1 severity score
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration - Ravie LakshmananJun 06, 2026Cybersecurity / Artificial Intelligence OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection guarantees. Lockdown Mode is
Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities - Chinese military intelligence officers are posing as recruiters in online campaigns targeting government and military personnel with access to sensitive information, the Five Eyes countries warn. Using fake job announcements on professional networking sites and recruitment platforms, the Chinese spies impersonate think tanks, private consultancies, and HR firms, placing advertisements for positions such as foreign
Report: Anthropic Deploys Engineers to Support NSA Use of Mythos - Report: Anthropic Deploys Engineers to Support NSA Use of Mythos Pierluigi Paganini June 06, 2026 Reports claim Anthropic engineers are helping the NSA use its restricted AI model Mythos, known for advanced cybersecurity capabilities. This week, the Financial Times reported that Anthropic has placed approximately six “forward-deployed” engineers inside the National Security Agency to help
Redefining Beta | Huntress - What if technology never changed? On the plus side, there wouldn’t be constant updates to contend with, no new blogs to read about the latest and greatest (ahem), and no new buttons and menu items to figure out.With change, there is always inconvenience — until it becomes the new norm.As we’ve talked about before, our
Critical Everest Forms Pro flaw exploited to take over WordPress sites - Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website. The security issue affects versions 1.9.12 and earlier of the plugin and can be leveraged without authentication to execute arbitrary code on the server. Everest Forms Pro is a commercial add-on
Free Apps on Samsung and LG Smart TVs Secretly Turning Your Devices Into AI Proxies - Free apps available on Samsung, LG, Roku, and other major smart TV platforms have been quietly enrolling millions of living room devices into a commercial residential proxy network used to scrape web data for AI training all through a consent dialog buried in a TV remote’s arrow-key navigation, according to new research from Include Security.
Crypto-Funded Chinese Peptide Labs Are Booming - Meta has been quietly stashing dormant face recognition code on more than 50 million phones, WIRED reported this week, tucked inside the companion app that pairs with its Ray-Ban and Oakley smart glasses. If activated, the feature—known internally as NameTag—would let wearers identify people in front of them by matching captured faces against a biometric
China-Linked Espionage Cluster Deploys Custom ASPX/ASHX Shells on IIS - GBHackers Security - A previously disclosed China-linked threat cluster, tracked as OP-512, has been observed deploying a purpose-built web shell framework to compromise Internet Information Services (IIS) servers. Identified by ReliaQuest, the espionage operation targeted a Windows Server 2016 environment running an end-of-life .NET Framework 4.0. Telemetry revealed the threat actors established access 75 days prior to the
AgentGG: Open-source agentic SAST scanner - Static analysis tools have spent years matching source code against known-bad patterns and handing engineers long lists of candidate issues to triage by hand. AgentGG approaches the same job with AI agents that read the code, follow imports, walk the call graph, and confirm a finding before they report it. The project is an open-source
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI - A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the AI industry. The company, the successor to Luminati, operates what it calls the largest
Opal Security Raises $23 Million for AI-Native Identity Governance - Identity governance startup Opal Security has announced raising $23 million in a new funding round that brings the total investment in the company to $59 million. The fresh round of funding was led by Greylock and Battery Ventures, with additional support from Cambium Capital. Founded in 2020, San Francisco-based Opal has built an AI-native platform
Claude Opus Found a Four-Year-Old Hole in Zcash's Privacy Layer. Nobody Knows If Someone Already Used It. - Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Someone Already Used It. Pierluigi Paganini June 06, 2026 Claude Opus 4.8 helped uncover a four-year-old critical flaw in Zcash that could have enabled undetectable creation of counterfeit coins. On May 29, the security researcher Taylor Hornby found a critical vulnerability in
HP Poly VoIP vulnerability sets the stage for executive voice deepfakes - ICE enables VoIP devices to establish peer-to-peer connections using the shortest available network path. The feature is not enabled by default on HP Poly devices, and the company advises administrators to disable it if it’s not needed. The flaw, rated 9.2 on the CVSS severity scale, affects all phones from the HP Poly VVX series,
Malware Under The Microscope: Manual Analysis - All too often we find clever malware here at Huntress. We look for persistent footholds — the implants and backdoors that hackers leave behind so they can maintain access. Oftentimes, this takes the shape of code that needs to be started automatically, without any user interaction.We tend to find these footholds in Windows autoruns, scheduled
Dark web Nemesis Market vendor gets 26 years for selling drugs - A California man was sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine through Nemesis Market, one of the world's largest dark web marketplaces. 39-year-old Darren Hughes of San Jose was convicted on drug trafficking charges in November 2025 and was sentenced by U.S. District Judge John F. Kness on
CISA Warns of SolarWinds Serv-U Vulnerability Exploited in Attacks - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SolarWinds Serv-U vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in the wild. Tracked as CVE-2026-28318, the vulnerability affects SolarWinds Serv-U file transfer software and enables unauthenticated attackers to crash the service through specially
Hugging Face Transformers Security Flaw Allows Remote Code Execution - A critical security flaw in Hugging Face Transformers, tracked as CVE-2026-4372, has exposed millions of machine learning workflows to silent remote code execution (RCE) through a malicious model configuration. Discovered by Pluto Security researcher Yotam Perkal, the issue allows attackers to execute arbitrary code on a victim’s system simply by tricking them into loading a
June 2026 Patch Tuesday forecast: Where are the CVEs? - My forecast from last month was only partly right. After the Anthropic Mythos announcements and the deluge of newly discovered vulnerabilities from vendors like Mozilla, Microsoft’s updates were standard fare, 65 CVEs reported in Windows 11 and 58 in Windows 10. The Microsoft Office releases were a bit higher with 19 CVEs or so reported
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs - Swati KhandelwalJun 06, 2026Vulnerability / Endpoint Security Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped Chrome 149 with patches for
Industry Reactions to New Trump AI Cybersecurity Executive Order: Feedback Friday - President Donald Trump has signed an executive order establishing a voluntary framework for federal vetting of the most advanced frontier AI models before their public release. The directive provides government agencies with a 30-day testing window to assess potential national security and cybersecurity risks posed by these cutting-edge systems. Participation remains optional for AI developers
Malware could drain your fuel tank as well as your bank account - The attacks take three forms: authentication bypass and hardcoded credentials, which allow attackers to gain access to device management; OS command execution and SQL injection to manipulate underlying databases; and privilege escalation, in which attackers obtain full administrator access. System administrators working for organizations using ATGs are advised to protect their systems by removing connections
Connecting Vulnerability Intelligence to Real-World Exposure With Flashpoint EASM - The volume of vulnerability disclosures is higher than ever, yet most security teams are still struggling to act. From vulnerability scanners to public sources and AI-accelerated discovery, organizations are often drowning in findings, but lack the context to prioritize what affects their perimeter and is actively being exploited. Compounding this challenge is the growing issue
Why Microsoft Defender Antivirus Is Worth Another Look - It seems as though the battle for the best antivirus is a never-ending one. There are many options to choose from, and among one of the leading contenders is (yes I’m saying it): Microsoft Defender Antivirus.Let’s dive into why Microsoft Defender Antivirus is worth another look — and why you should seriously consider including it
Chinese APT deploys new malware to keep access to hacked networks - A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. An investigation into the incident revealed that the threat actor had gained access to the victim network at least 18 months before detection, and had also compromised the victim organization's
OWASP CVE Lite CLI - New Tool to Scan for Vulnerabilities in Your Projects - CVE Lite CLI is a free, open-source vulnerability scanner officially recognized as an OWASP Incubator Project, designed to bring dependency security directly into developers’ terminals rather than leaving it buried in CI pipelines. Maintained by Sonu Kapoor and backed by the same organization behind the OWASP Top 10, the tool addresses a longstanding gap in
Trend Micro Deep Security Agent Flaw Allows Repeatable Security Bypass - Trend Micro’s Deep Security Agent for Linux contains a design flaw in its behavior-monitoring stack that allows a local, unprivileged attacker to repeatedly force short “blind spots” in which endpoint protections are temporarily bypassed. The issue stems from how the agent unloads and reloads its bmhook and tmhook kernel modules under heavy local event load,
AI is helping low-skill hackers pull off advanced cyberattacks - Anthropic has published an analysis of cyber-related misuse of its AI systems, examining 832 accounts that were banned for malicious cyber activity between March 2025 and March 2026. The company mapped the observed behavior to the MITRE ATT&CK framework, which documents tactics and techniques used by attackers. “These 832 cases are just a subset of
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework - Ravie LakshmananJun 05, 2026Cyber Espionage / Threat Intelligence Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 (where "OP" stands for "opponent") that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework. ReliaQuest has assessed with moderate to high confidence that the espionage-focused activity is linked
Scottish residents granted permission for group action against Capita - Capita could face a group legal action from people living in Scotland who were affected by a 2023 breach of its systems after a judge in the highest civil court granted permission, opening a route to compensation for thousands of people residing in the country. According to a Scottish Legal News report, Supreme Court judge
CommBank creates opportunities for technologists to upskill with frontier AI companies - Technologists at the new San Francisco Tech Hub learn from partners such as OpenAI and Anthropic to support adoption of emerging AI technologies. It builds on CommBank’s Seattle Tech Hub, where more than 100 CommBank technologists have already upskilled in areas including generative AI, agentic engineering, cloud-native development and platform engineering. While in San Francisco,
Chrome 149 Patches 429 Vulnerabilities - Google this week promoted Chrome 149 to the stable channel with patches for 429 vulnerabilities, a record for a single Chrome refresh. Already exceeding several times the total number of Chrome security fixes released in 2025, the surge in Chrome flaws is likely driven by AI use, which led Google to lower Chrome bug bounties
Fake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications - Fake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications Pierluigi Paganini June 05, 2026 SafeBreach tricked Gemini into obeying attackers via WhatsApp notifications, using hidden foreign-language text to bypass Google’s defenses and control smart home devices. SafeBreach Labs researcher Or Yair spent months trying to break Google’s Gemini voice assistant after
Patching fast and slow: Ruby devs delay to defend against supply chain attack - To counteract this, RubyGems team has added a new cooldown argument to Bundler that takes ignores gems until they have been published for a specified number of days. This provides an additional layer of defense against malicious package releases as it gives others an opportunity to identify any malicious code they contain before installation. The
How a USB-connected speaker can infect a PC without ever being touched - After successfully replacing the firmware with a replacement image that did nothing more than display the word “patched” on the speaker’s LED display, the researcher got to wondering what else a hacker might do. So he turned his attention to FreeRTOS, the open source operating system that ran the Katana V2X. It contained a set
Why Holistic Sourcing Wins: The Numbers Behind the Recorded Future Advantage - Part 1 of 3: Built Different — How Recorded Future's Unique Sourcing Enables Comprehensive Intelligence Threats don't manifest from a single place or operate in silos. Your intelligence shouldn’t, either. When you’re evaluating threat intelligence providers, visibility at speed matters most. Many providers focus exclusively on narrow collection areas, like dark web activity or malware.
Huntress Service: Managed Antivirus | Huntress - Keeping up with today’s threat landscape isn’t just about tracking hacker techniques and tradecraft (although, it is one of our favorite things to do). We’ve always said the best offense is a good defense, and that means we must keep an eye on how cyber defenses are changing as well.When we unveiled the new Huntress
Suspicious Polyfill login prompts pop up on Toshiba, Muji websites - Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could collect credentials. Both Japanese companies advised users who entered their account login data in the authentication screens to change their passwords to access the service. The login pop-ups were generated by the external service hosted at polyfill[.]io,
Hackers are Increasingly Weaponizing Trusted Tools to Deploy Notorious Malware - Cybercriminals have found a clever and dangerous new way to slip past defenses. Instead of building custom attack tools that security software can flag, they are turning everyday system utilities into weapons. This shift is reshaping how attacks unfold, and the numbers are hard to ignore. According to ANY.RUN’s Q1 2026 Cyber Risk Report, based
Hola Browser Windows Delivery Pipeline Hijacked to Deploy Cryptominer - An undeclared executable bundled with Hola Browser for Windows (version 1.251.91.0) that later proved to be a crypto‑miner. The binary, written to C:Program FilesHolame.exe in affected installs, was not part of the certified footprint, lacked code signing and a timestamp, contained obfuscated code and memory‑write capabilities. Analysis identified miner‑related strings, XMRig indicators, and behavior to
Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account - On 1 June 2026, experts from multiple cybersecurity firms found a major supply chain compromise affecting software components used by Red Hat. Security firms Microsoft, Wiz Research, Snyk, and Aikido reported that hackers sneaked harmful code into software packages under the @redhat-cloud-services name on npm, which is a public library where developers get building blocks
Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) - A 0-day privilege escalation vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that has yet to be patched by Cisco is being leveraged by attackers. “To exploit this vulnerability, an attacker must have netadmin privileges on an affected system. This would require valid credentials or exploitation of CVE-2026-20182 or CVE-2026-20127. Cisco is not aware of successful
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks - Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer "scrapes every secret it can find on a developer's machine, hides behind an eBPF
Interview: Michael Cole, chief technology officer, DP World Tour - Michael Cole, chief technology officer (CTO) at DP World Tour, the men’s professional golf tour that oversees 42 tournaments in 25 countries, wants to use data and emerging technology to create a digital platform that powers new immersive experiences. Cole, who joined the organisation in late 2017, says that as well as delivering improvements for
Agile isn’t the problem: why projects still fail, and what’s missing - That stubborn statistic, cited at the outset of a recent iTnews webinar hosted in partnership with Lumify Work, framed a broader and more uncomfortable truth: the issue isn’t technology. Instead, it’s execution. Across the discussion, key themes emerged consistently from practitioners and global experts alike: misalignment between leadership and teams; gaps in training and capability;
In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA - SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of
Silent Ransom Group (SRG): Switching To DNS Fast Flux Infrastructure - Silent Ransom Group (SRG): Switching To DNS Fast Flux Infrastructure Pierluigi Paganini June 05, 2026 Researchers exposed the Silent Ransom Group ‘s Fast Flux infrastructure as the FBI warns of ongoing attacks targeting U.S. law firms and businesses. Resecurity uncovered the Silent Ransom Group (SRG)’s Fast Flux network infrastructure and shares available intelligence with the
Sprawling new House AI bill includes frontier model oversight, open-source security grants - The legislation has already drawn widespread criticism for its proposal to preempt state AI laws. Source link
Microsoft identifies seven new ways AI agents can be hacked - The seven new failure modes it has identified are: Agentic Supply Chain Compromise —agent behavior can be affected by natural language rather than malicious code; Goal Hijacking — adversarial instructions appear aligned with legitimate task completion, while silently redirecting the agent’s terminal goal; Inter-Agent Trust Escalation —a compromised agent asserts false identity or inflates claimed
Advancing Cybersecurity in the Age of Frontier AI: Qualys Steps into Project Glasswing - The cybersecurity industry has spent much of the last two years debating how attackers might use AI. That debate matters, but it misses a larger point: defenders now have an opportunity to change the economics of cyber risk. For me, the question is not whether AI will influence cybersecurity. It already is. The real question
CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. Serv-U is the company's Windows and Linux file transfer software that offers Managed File Transfer (MFT) and FTP server capabilities, which allow users to securely exchange files via HTTP/HTTPS,
Microsoft 365 Service Degradation Bypassed Windows Driver Auto-Update Controls - Microsoft has resolved a Microsoft 365 service degradation issue that temporarily bypassed Windows driver auto-update controls, leading to unintended driver installations on managed devices. The issue affected Windows devices configured with policies designed to prevent automatic updates, particularly in enterprise environments where strict update governance is enforced. Despite these controls, some users observed that drivers
New Magecart Attack Abuses Stripe as Malware C2 - A novel Magecart campaign that weaponizes legitimate cloud services to evade detection: attackers are storing a JavaScript skimmer inside Stripe customer metadata and delivering it to victim checkouts via Google Tag Manager. The combination makes Stripe both the command server for arbitrary code and the durable exfiltration sink for stolen card data, using domains (googletagmanager.com
Atlas Menu Data Breach Exposes 64,000 GTA V and CS2 Cheat Service Users - Atlas Menu, a widely used cheat service for Grand Theft Auto V and Counter-Strike 2, was hacked during May 2026, and reportedly, hackers managed to sneak into the company’s private computer servers and steal a massive file full of customer records. The data breach was confirmed and verified on June 2, 2026, by the cybersecurity
Virginia Is For Cyber - 05 Jun Virginia Is For Cyber Posted at 09:18h in Blogs by Taylor Fox This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 5, 2026 – Listen to the podcast Virginia is home to the second largest cybersecurity industry in the country, with around 88,000 cybersecurity workers, according to Cyberseek,
Let's Encrypt works toward post-quantum certificates at web scale - Let’s Encrypt plans to pursue a post-quantum-safe Web PKI through Merkle Tree Certificates (MTCs), a new approach that adds post-quantum authentication to the web without sacrificing the speed and reliability that have made TLS universal. The project is targeting late 2026 for a staging environment that issues MTCs, with a production-ready environment planned for 2027.
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps - Ravie LakshmananJun 05, 2026Spyware / Mobile Security Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites mimicking utilities, war-related
Agentic AI helps Microsoft speed-up viable quantum computer - An artificial intelligence (AI) agent developed by Microsoft has been credited with helping it half the projected time it thinks it will need to develop a commercially viable quantum computer. During the company’s annual Build 2026 software developer conference, Microsoft showcased how its Discovery agentic AI tool has enabled it to improve the quality of qubits
Service NSW CTO joins CDO in exiting - Service NSW’ chief technology officer of six-and-a-half years Suneetha Bodduluri has left the government service delivery operator, less than a month after its chief digital officer also moved on. Bodduluri revealed her departure in a LinkedIn post over the weekend. She has since been appointed as the chief information officer of James Cook University. Bodduluri
OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds - Including npm packages in software development projects saves but can introduce unseen but known vulnerabilities. CVE Lite CLI is a lightweight command line security scanner that operates on lockfiles during software development. It focuses on JavaScript and Typescript files and is an OSV-powered dependency scanner supporting npm, pnpm and Yarn. It is an open source
Cisco SD-WAN Has a New Root-Level Problem, and There's No Fix Yet - Cisco SD-WAN Has a New Root-Level Problem, and There’s No Fix Yet Pierluigi Paganini June 05, 2026 Cisco warns of CVE-2026-20245 in SD-WAN Manager, a flaw that can lead to root access via file upload command injection; no patch or workaround yet. Cisco warns of a privilege escalation flaw, tracked as CVE-2026-20245 (CVSS base score
Cisco warns zero-day flaw in SD-WAN is being exploited - The company cautioned that no current patches are available and the flaw could allow an attacker to conduct command injection attacks. Source link
Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away - Microsoft reopened some wounds and has reignited debate over the past couple weeks about vulnerability disclosure and the sometimes adversarial dynamic it creates between security researchers and vendors. The latest controversy ensued when Microsoft threatened criminal legal action against a security researcher who publicly disclosed a series of zero-day vulnerabilities with proof-of-concept exploits. Microsoft insisted
Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 - Palo Alto Networks Unit 42 has observed active exploitation of PAN-OS vulnerability CVE-2026-0257 by an unidentified threat actor attempting to access GlobalProtect. This security flaw involves an authentication bypass in the portal and gateway components of vulnerable versions of PAN-OS® software, which could allow unauthorized attackers to circumvent security controls and initiate VPN connections. This
AI tools becoming hot commodities on ransomware marketplaces - The AI tools for sale divided into four categories: Weaponized LLMs: Sometimes called dark LLMs, these tools omit the safety guardrails and rules present in legitimate large language models (LLMs). “WormGPT” is the market leader in this category of cybercrime-focused AI tooling but only as a brand used by multiple operators, some of which are
Reporting from Vegas: Networking, AI, and good boys - Welcome to this week’s edition of the Threat Source newsletter. Howdy friends, and hello from Cisco Live U.S., here in sunny (and very hot) Las Vegas! An interesting quirk of being sent to one of these events is you learn to understand your limits as a person. Cisco Live is a three-day event, and it encompasses so many people, partners, workshops, CTFs (!!), and symposiums. I
Malware Deep Dive: Examining A PowerShell Payload - We’re seeing more and more malware that is “Living off the Land,” turning a system's own native tools against itself. In other words, it uses the features and tools that are built into the operating system, such as Windows PowerShell, to perform a malicious activity and avoid detection. In this post, we’ll examine a malicious payload
What 2026 DBIR Confirms: Attacks Are Living in the Browser - Every year, the Verizon Data Breach Investigations Report serves as a ground-truth benchmark for the industry. Its value comes not just from the headline numbers but from the convergence signals: when multiple independent data sources point to the same structural shift in how attackers operate, that convergence is worth paying attention to. This year, as
New SHub Stealer Variant Malware Targets Chrome, Firefox, Brave, Edge, Opera, and Crypto Wallets - A dangerous new variant of the SHub Stealer malware has emerged, targeting Mac users in ways that are smarter and harder to detect than before. The updated build, now called Reaper, spreads through fake websites that impersonate popular software, luring unsuspecting users into a trap. Once inside a system, it can silently drain everything from
Hackers Weaponize Trusted Tools to Deploy Notorious Malware - Attackers are leaning harder on legitimate, preinstalled, or widely used system tools to deliver and operate notorious malware families, creating a stealthy, high-velocity threat that outpaces many traditional defenses. The operational logic for attackers is straightforward. Native utilities such as PowerShell, Windows Management Instrumentation (WMI), certutil, mshta, and JavaScript execution contexts already enjoy elevated privileges
Reaper macOS Infostealer Abuses Script Editor to Steal Crypto and Passwords - macOS users are facing another malware campaign, this time involving a modified infostealer that poses as trusted technology brands to compromise local files and cryptocurrency assets. As previously reported by Hackread.com, researchers at SentinelOne first identified the campaign distributing an updated version of SHub Stealer under the build tag Reaper. A later investigation by Moonlock
Attackers obtained encrypted password vaults from some Dashlane user accounts - Dashlane has disclosed new details about a brute-force attack that let a threat actor access some customer accounts and copy encrypted vaults. Dashlane said it found no evidence that the attackers compromised its internal systems. The company first acknowledged the incident on May 31 after users reported receiving account suspension emails and experiencing login problems.
AI: Threat, tool, or both? - Public attitudes toward Artificial Intelligence (AI) are changing, and we wanted to understand why. A recent Pew Research survey found that about half of adults say the increased use of AI in daily life makes them more concerned than excited, and that concern has grown over the last few years. People tend to worry most
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites - Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including,
UAE launches national cryptography discovery platform to accelerate post-quantum security transition - The United Arab Emirates (UAE) is taking another significant step in its cyber security strategy with the launch of a national Crypto Discovery Tool (CDT), designed to help organisations identify, manage and ultimately replace cryptographic systems that could become vulnerable in the era of quantum computing. Developed through a partnership between the UAE Cyber Security
Study Of AI-Assisted Cyberattacks May Reshape How Security Industry Measures Risk - The threat intelligence community has spent decades building frameworks to assess how dangerous a cyberattacker is. Anthropic just published data suggesting those frameworks are failing — not because they were poorly designed, but because AI has fundamentally changed the relationship between attacker skill and attacker capability, and AI-assisted cyberattacks are now becoming a norm. Anthropic’s
TCE Weekly Roundup: Extortion, Android & Cloud Attacks - The cybersecurity landscape in this weekly roundup continues to show a clear shift toward identity-driven attacks, long-term persistence operations, and exploitation of trusted cloud environments. Threat actors are increasingly focusing on stealing credentials, abusing administrative access, and leveraging legitimate platforms to scale impact across organizations. Rather than relying on one-off intrusions, attackers are now building sustained access
Telstra, Google Cloud take capacity on each other's networks - Telstra has picked up Google Cloud as a customer on its national fibre network Aura, and will, in turn, take capacity on three of the hyperscaler’s subsea cable systems. The agreement sees Google “secure intercity dark fibre capacity” on Aura, and Telstra “use subsea fibre pairs on the Tabua, Proa, and Bulikula subsea cable systems”,
Hackers Leak DentaQuest Information Impacting 2.6 Million - The ShinyHunters extortion group has published over 230 gigabytes of data allegedly stolen from dental benefits administrator DentaQuest. The threat actor listed DentaQuest on its Tor-based leak site last month, claiming negotiations with the company failed, and leaking a 234 GB archive containing allegedly stolen data. According to data breach notification website HaveIBeenPwned, which added
PCPJack Exposed: Researchers Uncover 230-Node Cloud Email Relay Network - PCPJack Exposed: Researchers Uncover 230-Node Cloud Email Relay Network Pierluigi Paganini June 05, 2026 Researchers uncovered a 230-node cloud-based email relay network after the actor PCPJack accidentally exposed tools, logs, and C2 files online A threat actor tracked as PCPJack compromised 230 cloud servers across Amazon Web Services, Google Cloud, and Microsoft Azure and turned
Claude Code has an MCP security problem — and your developers are already using it - What researchers found Last week, researchers at Mitiga Labs published an attack chain that should concern every security team whose developers use Claude Code. The attack starts with a malicious npm package — something that looks like a legitimate utility or wrapper. Hidden inside is a post-install hook that runs silently during installation. That hook
Global ransomware activity rises modestly in May as Qilin, The Gentlemen, and DragonForce lead attacks - Ransomware activity edged higher in May 2026, with researchers at Comparitech recording 661 attacks worldwide, a 3% increase from April’s 640 incidents. Despite the rise, attack volumes remained below the 700 to 800 monthly range seen during the first quarter of the year. Education organizations experienced the sharpest increase, with attacks jumping 54% month over
EU Council to examine cybersecurity package focused on ENISA, NIS2 simplification, and supply chain security - EU telecommunications ministers are set to review progress on a proposed cybersecurity package at the Transport, Telecommunications and Energy (TTE) Council meeting on June 9, with discussions centered on strengthening the bloc’s cyber resilience, securing ICT supply chains, and reinforcing the role of the EU Agency for Cybersecurity (ENISA). The EU Council detailed a package,
Zero-Day Vulnerabilities in Platforms Could Leave MSPs Exposed - Let’s put our adversarial hats on, shall we? Say you were a malicious hacker, and you wanted to target the top managed service providers (MSPs). How would you do it? Where would you start?Well… a good fisherman goes where the fish are.Through the rush to remote work and the COVID pandemic, we live in a
Cisco warns of unpatched SD-WAN zero-day exploited in attacks - On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. The zero-day flaw impacts all deployment types, including On-Prem Deployment, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP). In a Thursday advisory, Cisco said
VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore - A new ransomware strain called VECT 2.0 is raising serious concerns among security professionals, and for a troubling reason — even if a victim pays the ransom, the attacker’s own decryptor may not fully restore their files. This is not a typical failure tied to weak defenses or victim error. The damage, in many cases,
New SHub Stealer Variant Targets Major Browsers and Crypto Wallets - Threat actors have resurfaced with an upgraded SHub stealer for macOS, now branded “Reaper,” and they’re using a stealthy distribution trick that should worry every Mac user. Attackers build fake download pages for popular apps (WeChat, Miro and others) and employ an automated ClickFix technique that opens Apple’s Script Editor preloaded with malicious code. One
Photos: Infosecurity Europe 2026 - Help Net Security - Infosecurity Europe 2026 is a cybersecurity event that took place from June 2 to 4 in London. Help Net Security was on-site and here’s a closer look at the conference. The featured vendors are: Microsoft, JupiterOne, Menlo Security, Cato Networks, Falkin, Vivida, Pen Test Partners, Netskope, Qualys, Syteca, runZero, Vanta, OneTrust, Panaseer, Airia. Source link
FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins - Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff. Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming apps, and at least one operation that copies FIFA's login page well enough to take
The unstoppable rise of the Chief AI Officer - Back in 2024, research at Harvey Nash found that just over 10% of businesses already had or were planning to appoint a Chief AI Officer (CAIO). This was an exciting development – but would it last, or would AI roles perhaps become subsumed into existing tech leadership briefs such as CIO, CTO, CDO as AI
China's VerdantBamboo Actors Latest Campaign Shows Evolution - China’s VerdantBamboo spent 18 months inside a company’s network. The entry point was the managed service provider next door. The incident response started with a suspicious connection from a Linux appliance. It ended with the discovery of a Chinese state-sponsored threat actor that had been silently present in two interconnected networks for at least a
DPDP And Cybersecurity: The Rise Of Data Minimization - By Malcolm Gomes, COO, IDfy Seventy percent of all sensitive data sitting in enterprise systems right now has not been accessed, used, or reviewed in years, according to a Data Risk report from 2021. It was never deleted when it should have been and, in a breach, it is just as exposed as everything else.
Antares: From AI pilots to enterprise-scale impact - Q&A with Aaron Cunnington, Managing Director at Antares Solutions Where are organisations struggling most when it comes to scaling AI, and how are you helping address those gaps? We see two patterns. Some organisations are stuck in pilot purgatory — they've run proofs-of-concept around knowledge retrieval or content creation, but aren't sure which use case comes
Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals - Adult nightclub giant RCI Hospitality Holdings has informed authorities that a data breach disclosed in April affects roughly 40,000 individuals. RCI Hospitality is one of the largest adult nightclub operators in the United States, and its portfolio also includes sports bars and dance clubs. The company told the SEC in mid-April that its RCI Internet
Phishing Has Become an Industry, And AI Is Driving Its Growth - By Matt Caffery, Senior Solutions Architect for Australia and New Zealand at Barracuda Networks For years, cybersecurity leaders have warned that email would remain the most effective pathway into organisations, not because inboxes are inherently insecure, but because email sits at the intersection of identity,urgency, trust and human behaviour. What has changed in 2026 is
US government report slams NIST for NVD backlog - Inter-agency squabbles The Inspector General’s report blamed NIST for a variety of management and strategy shortcomings. “NIST’s lack of strategic planning and decisive action have allowed the backlog of unprocessed vulnerabilities to continue growing,” the report said, pointing out that NIST and the Cybersecurity and Infrastructure Security Agency (CISA) are operating two vulnerability enrichment programs
Defense tech, AI, and fundraising take center stage at StrictlyVC Los Angeles - With just two weeks to go, StrictlyVC Los Angeles is quickly approaching. On Thursday, June 18, at The Aerospace Corporation Campus in El Segundo, investors, founders, and tech leaders will gather for an evening of conversation exploring some of the most consequential shifts taking place across venture capital, defense technology, artificial intelligence, and advanced industry. Secure your spot here.
What Is Human-Powered Threat Hunting? - Hunting is a tale as old as time. Humans have been hunting for thousands of years—whether it be against prey or foe. While the hunt looks a bit different in the realm of cybersecurity, there’s one thing that still applies—nothing beats human instinct. Now you may be thinking, “what about human error? Isn’t that what attackers
Hola Browser for Windows compromised to deliver cryptominer - The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. The compromise was uncovered during periodic certification checks on Hola Browser as part of its AppEsteem certification testing procedure, which it had previously passed. Hola is an Israeli
Dashlane Details How Hackers Managed to Download Encrypted Password Vaults - Dashlane has disclosed that threat actors successfully brute-forced two-factor authentication (2FA) protections to register unauthorized devices and download encrypted password vaults belonging to fewer than 20 personal plan users, with a completed investigation confirming no broader impact on its internal systems. Beginning Sunday, May 31, 2026, an external threat actor launched a high-volume brute-force campaign
Comodo Internet Security 0-Day Flaw Triggers Windows System Crashes - No official patch is available. Organizations running Comodo Internet Security should monitor for anomalous IPv6 traffic at the network perimeter and consider blocking IPv6 extension headers, particularly Destination Options (Next Header = 60), at edge devices until Comodo issues a fix. Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred
Five Eyes Warns Chinese Spies Are Using Fake Job Ads to Target Military Staff - Western intelligence agencies are warning about the growing preference of China-linked state actors regarding the use of job websites to trick government workers and military staff into sharing sensitive information. This warning comes from the Five Eyes (FVEY), an international intelligence partnership comprising agencies from the UK, the US, Canada, Australia, and New Zealand. Five
Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It - The Hacker NewsJun 04, 2026Artificial Intelligence / Defense Technology Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's Claude Mythos model was made available to a limited set of organizations as a technical preview, it was reported that
Capita launched civil service pension scheme site without ‘basic’ web security - Capita was warned in December that the security of the web domain which manages the pensions of 1.7 million members of the Civil Service Pension Scheme (CSPS), lacked “basic controls”. Only after the warning, through what Capita’s chief information security officer (CISO) Luke Beeson acknowledged as a "responsible disclosure," did Capita enable DNSSEC on the
Meta accuses Australia of breaching free trade agreement - Meta accused Australia of violating a free trade ⁠agreement with ⁠the US by proposing a new tax on certain tech giants which do not strike licensing deals with local media, escalating a dispute which has simmered for half a decade. The US$1.6 trillion ($2.2 trillion) Facebook and Instagram owner said a proposal ‌to tax platforms
Willow Raises $7 Million for Securing Autonomous AI Agents - Willow (formerly Webrix) emerged from stealth mode on Thursday with an identity and access platform for enterprise AI agents and $7 million in seed funding. The Israeli company received funding from Hetz Ventures and executives at website-building platform Wix. Willow has developed an identity and access management layer designed to secure enterprise AI systems and
Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft's Disclosure Process - Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft’s Disclosure Process Pierluigi Paganini June 04, 2026 A researcher publicly released a VS Code exploit within hours, citing past disputes with Microsoft over bug handling. The security researcher Ammar Askar found a new serious zero-day in Visual Studio Code, told a contact at
Your AI agent could become your biggest insider threat - Government agencies, cybersecurity companies and threat researchers are pouring resources into studying how fast-developing AI tools can be wielded by malicious actors to hack into victim organizations. But as agentic AI becomes more embedded in business infrastructure, there’s also a high possibility that a breach could be caused by an insider guiding the tool, whether
OpenAI responds to White House executive order on AI governance - At the center of OpenAI’s proposal is a distinction between government evaluation and government approval. The company proposed that the most capable AI models undergo pre-release assessments by the Center for AI Standards and Innovation (CAISI), the federal government’s AI evaluation and standards body, while stopping short of giving regulators authority to approve or block
Filtr is a new privacy tool that blocks ads in almost every iPhone and Mac app - Using an ad blocker is good for your security, privacy, and even the FBI recommends them to defend from online harms. But as much as ad blockers are great for cleaning up your browsing experience, these tools often do little to prevent the pervasive tracking from ads within apps. Now, thanks to a new feature
Amazon Cognito unlocks advanced capabilities with next-generation infrastructure - Amazon Cognito recently introduced high-throughput performance for demanding workloads, customer-managed keys for full control over data encryption at rest, and multi- Region replication for business continuity improvement. These capabilities were made possible through a next-generation storage infrastructure designed for extensibility and scale. To deliver this, we migrated hundreds of millions of user profiles, and you
Remembering Sir Alex Younger - There are moments when you meet a person who you immediately know will have a formative influence on you — a person you will learn from, who you will respect, who you will follow anywhere, who you will listen to, who will be your friend. Sir Alex was just that. I was lucky to meet
Peeling Back the Layers of .NET Malware - Cyberattackers constantly develop creative ways to obfuscate their code to conceal the presence (and purpose) of their malware.In this blog, we dive into an executable we found that compiles a DLL file on the fly, loads the DLL and then decodes an image embedded in the original executable that contains the true payload. Follow along
Brave Software releases Origin for a paid, bloat-free browsing experience - Brave Software has announced the public release of Origin, a paid minimalist, bloat-free version of its browser that strips out cryptocurrency, AI, rewards, and other monetization-focused features. The browser maker says Brave Origin is designed for users who want a more streamlined, privacy-focused browser without the company's optional revenue-generating services and integrations. "Today, Brave is
Hackers Impersonate Ghidra, dnSpy, and SpiderFoot to Spread Malware via Fake Download Sites - Hackers are creating convincing fake websites that impersonate popular security tools to trick users into downloading malware. Instead of obvious phishing pages, these sites look almost identical to real project portals, complete with professional designs and links pointing to actual GitHub repositories. The moment a user clicks the download button, something very different happens behind
Malicious Ads Target macOS Users with FlutterShell Backdoor - Hackers are leveraging large-scale malvertising campaigns to distribute a newly identified macOS backdoor dubbed FlutterShell, marking a significant evolution in financially motivated adware operations. Security researchers tracking the activity attribute it to a broader cluster known as CL-CRI-1089 and have named the ongoing campaign Operation FlutterBridge. The campaign builds on earlier activity linked to the
Why eSIMs Are Replacing Traditional SIM Cards - The physical SIM card is becoming less important with every new phone release. For years, that tiny plastic card was the key to getting a device connected. Now, eSIM technology is giving users a simpler way to activate mobile service, switch plans, and protect their number. Industry forecasts expect eSIMs to make up most smartphone
ETSI sets security requirements for AI data centers and cloud platforms - ETSI has published TS 104 033, a technical specification that defines security requirements for AI computing platforms. The specification establishes a security framework for platforms used to host AI applications in data center and edge computing environments, covering security functions, platform components, interfaces, and services designed to protect AI models, datasets, training processes, and inference
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories - Swati KhandelwalJun 04, 2026Vulnerability / AI Security A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed malicious
Property sector plans for digital ID collapse over government policy concerns - A property sector initiative to introduce a digital identity scheme is being scrapped due to concerns over UK government policy and a lack of consumer benefits. Organisers of the scheme have informed Whitehall departments backing the plan, along with regulators and industry bodies, that they are withdrawing support for the implementation of a standard digital
New Threat Actor Targets Crypto Firms’ Development Infra - A previously undocumented threat actor is conducting highly targeted attacks against cryptocurrency organizations, using fake recruitment opportunities, custom macOS malware, and software supply chain compromises to gain access to development environments and cloud infrastructure. Researchers at Wiz Research have identified the group as JINX-0164, a financially motivated actor that has been active since at least
Tarocash owner Retail Apparel Group to give HR systems an AI boost - Retail Apparel Group, owner of menswear stores like Tarocash, Conner and .yd, is preparing to serve up AI within its human resources function amid a company-wide push to take advantage of the technology. Head of people and pay Nicole O’Dowd Martins said that using AI was the next step for the company after having spent
Webinar Today: Third-Party Risk in Practice - Where Programs Break Down and How to Respond - Live Webinar: June 4, 2026 at 4PM ET – Register to Attend Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Rather than focusing on theory or tooling, this session uses real-world benchmark data to help you evaluate your current
Critical Cisco Unified CM Bug Patched as Public Exploit Code Emerges - Critical Cisco Unified CM Bug Patched as Public Exploit Code Emerges Pierluigi Paganini June 04, 2026 Cisco patched a critical Unified CM flaw with public PoC code that allows unauthenticated attackers to launch SSRF attacks remotely. Cisco has addressed a high-severity vulnerability, tracked as CVE-2026-20230, affecting Unified CM and Unified CM SME. The flaw, caused
CrowdStrike, Palo Alto Networks defy estimates as AI fuels cyber demand - The cybersecurity sector has been under perceived pressure due to accelerating deployment of AI tools. Source link
Hill Dems hammer GOP for $250M CISA budget cut - House Democrats criticized a draft Republican Department of Homeland Security spending bill Thursday that they said would cut funding for the Cybersecurity and Infrastructure Security Agency by $250 million. Republicans said the bill provides $2.4 billion for CISA, and that among its focuses are “improving cybersecurity resilience,” in the words of House Appropriations Chairman Tom
HTTP/2’s speed abused to slow webserver performance in DoS attack - HTTP/2 was introduced in 2015 to increase the speed of HTTP by allowing multiple simultaneous connections, and is gradually being superceded by HTTP/3, which is built on the new QUIC encrypted transport protocol. The problem uncovered by Calif lies in how affected servers handle HTTP/2 header compression and request processing, allowing an attacker to trigger
Dashlane explains how attackers managed to download encrypted password vaults - That means the chances of the attackers decrypting one of the encrypted vaults they obtained is very small in the event the master password was strong, meaning long, randomly generated, and has high entropy. However, not everyone uses such master passwords. In the event the master password was included in word lists exchanged by password
Gain visibility into DDoS attacks with flow logs in AWS Shield Advanced - Reconstructing distributed denial of service (DDoS) attack traffic used to mean combining data from multiple sources after the fact. AWS Shield Advanced attack flow logs change that—they capture traffic metadata during attacks so you can pinpoint sources, verify mitigations, and feed your existing analysis pipelines. Shield publishes logs to Amazon Simple Storage Service (Amazon S3),
Abusing Ngrok: Hackers at the End of the Tunnel - Do you know that expression, “light at the end of the tunnel?”Usually, that has a positive connotation. After some hard work or persevering through something difficult or unpleasant, you can see "the light at the end of the tunnel” and rejoice that the work is almost done.Today, we're telling a different story—one where remote access
DentaQuest data breach exposed info of 2.6 million accounts - A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts. The security incident came to light last month, when the infamous extortion group ShinyHunters listed the company on its data leak site and claimed to have stolen more than 234 GB of data. Following what the
Stock Exchange Executive’s Outlook Account Targeted to Exfiltrate Credentials - A senior executive at a major global stock exchange had their Microsoft Outlook account silently compromised for five straight months, with attackers carefully siphoning emails in small batches to avoid detection. The intrusion ran from October 2025 through at least March 2026, designed entirely around one single goal: stealing the complete contents of one person’s
Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones - Meta has quietly embedded face-recognition technology for its smart glasses into an app downloaded to millions of phones, according to a WIRED analysis of the company's software.Code discreetly added to Meta’s AI app over multiple updates this year shows that the feature, internally called “NameTag,” identifies people captured by the glasses’ camera and, when activated,
Supply Chain Attack Hits Dozens of npm Packages via binding.gyp - A large-scale npm supply chain attack has compromised at least 57 packages across more than 286 malicious versions in a rapid, coordinated campaign that unfolded in under two hours on June 3, 2026. The attack began at approximately 23:30 UTC with the compromise of @vapi-ai/server-sdk, the official Vapi.ai voice AI SDK with over 408,000 monthly
iFood Confirms Data Breach Affecting 1.2 Million Users in Brazil - Brazilian food delivery app iFood has confirmed becoming the victim of a data breach in December 2025 that affected 1.2 million users (which makes up about 2% of its customer base). According to the iFood announcement on Wednesday, June 3, the incident was an isolated issue where hackers took names, phone numbers, addresses, and CPF
Product showcase: Trend Micro Mobile Security detects scams in messages, QR codes, and websites - Trend Micro Mobile Security for iOS protects devices from potentially harmful websites while browsing, blocks ads and personal information trackers, helps users avoid unsafe Wi-Fi networks, and monitors data usage. The app is available for both iOS and Android devices. Getting Started After installing the app from the App Store, I created an account to
Meta's AI support bot happily handed Instagram accounts to hackers - Customer service chatbots have one job: get the user what they’re asking for without bothering a human. Meta’s new AI support assistant took that brief a little too seriously. Over the past few months, attackers have been opening support chats, telling the bot they were locked out of Instagram accounts they didn’t own, and walking
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public - Swati KhandelwalJun 04, 2026Vulnerability / Network Security Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the
Publishers can now opt out of Google AI summaries and training - Online publishers and news organisations will now be able to prevent Google from using their content to train its artificial intelligence (AI) models, or from appearing in the company’s AI search summaries, the UK’s competition watchdog has announced. In October 2025, the Competition and Markets Authority (CMA) classified Google search and search advertising with strategic market status
Pink Extortion Group Emerges Targeting Microsoft 365 Data - A newly identified cyber extortion operation is gaining attention among incident responders after security researchers uncovered a threat group using voice phishing, cloud data theft and aggressive extortion tactics to target organizations. Researchers at Unit 42 have begun tracking the activity under the cluster designation CL-CRI-1147, while the threat actors themselves operate under the newly
Cubesys: Redesigning work for the age of AI - Q& A Avron Welgemoed, Strategic AI Advisor and AI Practice Lead at Cubesys Where are organisations struggling most when it comes to scaling AI, and how are you helping address those gaps? The biggest gap we see isn't technology — it's thinking. Most organisations are still treating AI as a smarter search engine, asking it questions
Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity Risk - Criminals no longer knock at the door; they abuse the keys that companies can no longer control. Offroad seeks to provide that control. New York- and Tel Aviv-based Offroad emerged from stealth with seed funding of $7 million, led by Ibex Investors and Skywell Capital. Offroad helps organizations move from identity visibility to identity resolution
U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog - U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini June 04, 2026 U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Mirasvit Full Page Cache Warmer flaw, tracked
Introducing the Wallarm AI Control Platform: One closed loop for AI security and API security. — AI Security - TL;DR- AI deployment has outpaced AI governance. Most enterprises running AI on AWS cannot answer four basic security questions about what's running, what it's doing,how to stop it, and how to prove it's under control.- The Wallarm AI Control Platform closes this gap: one platform for Discover, Observe,Enforce, and Govern — running natively in your
CISA chief says Trump AI executive order implementation will start soon - The agency, depleted after several rounds of cuts imposed by the White House, insists it can handle its new AI security responsibilities. Source link
Inside the race to adapt to an AI-powered security world - Troy West was in Warsaw when his dinner was interrupted by his phone. But he was happy about it. West, associate director of cybersecurity for autonomous offensive security company XBOW, had just learned that a trial version of the company’s platform had found a vulnerability that led to a full takedown of a development environment
How the “Swiss Cheese” model can help you choose the right MDR provider - Not all managed detection and response (MDR) solutions are equal. Finding the differences between vendors can be quite hard, and then understanding how those differences impact your business can be even harder. For instance, you may come across an MDR provider whose pricing is based on how much data you ingest rather than the number
Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs - “The malicious field uses an underscore-prefixed name that looks like an internal implementation detail — the kind of field that config files are full of,” researchers from Pluto Security who found the vulnerability said in their report. “There are no runtime warnings, no consent prompts, no unusual log entries.” The Hugging Face Transformers library allows
How Hackers Exploit Windows Administrative Shares - The Huntress SOC team continues to see new Emotet, Trickbot, and Qakbot malware outbreaks within networks — regardless of antivirus, anti-spam, or firewall solutions. As a result, we’ve become too familiar with the hurdles MSPs and IT departments face when attempting to contain these worms (sometimes taking months to remediate).In this blog post, we’ll look at how these
Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook - A forum thread titled “Hacking for Profit. Working method” offers a rare glance into how underground communities pass information about vulnerability exploitation and hacking techniques in a form of tutorial. The post, written by an actor using the name "Hercules", is not especially long or technical."Its value lies in breaking down a complex process into
Weaponized ChatGPT Download Site Delivers Malware Via Sponsored Search Results - A new malvertising campaign is exploiting ChatGPT’s popularity by promoting a weaponized fake download site via sponsored search results, delivering malware to both Windows and macOS users. Security researchers from Evalian’s SOC team identified the operation, which leverages convincing OpenAI branding and search engine ads to lure users actively seeking legitimate AI tools. The campaign
Frontline Workers Twice as Likely to Use Unapproved AI - New research by Mitel has revealed a widening gap between AI adoption and enablement, with limited support and low confidence contributing to the rise of Shadow AI and unapproved AI usage. The State of Workforce Communication report found that while workplace communication is mission-critical, tools are misaligned with how teams execute, forcing employees to quietly
Fake Ghidra, dnSpy & SpiderFoot Sites Used to Spread Malware - Hackers are abusing search results and professional-looking fake download portals to distribute malware by impersonating popular security tools like Ghidra, dnSpy, and SpiderFoot. These sites capture users’ first click on a “Download” button and silently hand it to a traffic distribution system (TDS) that can route victims to infostealers, clippers, and a sophisticated loader framework
Lazarus Group Uses npm Brandjacking Campaign to Target Developers - A new npm campaign linked to North Korea’s Lazarus Group shows how attackers are using familiar-looking package names to gain access to developers’ systems and software build environments. Sonatype Security Research said it is tracking dozens of malicious npm packages connected to the campaign, including some that reached up to 500 weekly downloads. The packages
Scam Compound Trafficking Victim To Cybercrime Whistleblower: Mohammad Muzahir's Story - 04 Jun Scam Compound Trafficking Victim To Cybercrime Whistleblower: Mohammad Muzahir’s Story Posted at 08:43h in Blogs by Taylor Fox This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 4, 2026 – Listen to the podcast Popular radio host Kim Komando tells Mohammad Muzahir’s Story on the Komando.com blog. Muzahir grew
OAuth marketplace apps keep access after publishers vanish - Installing an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI workflows, organization settings, and secrets. Marketplace presence gives these apps the appearance of approval. The OAuth grants behind them often reach into business systems beyond the listed function. An audit
Travel scams are everywhere. Here's how to avoid them - Planning a holiday should be exciting, fun, and not a cybersecurity risk. But booking flights, hotels, and rental properties often means sharing sensitive personal and financial information across multiple platforms. Combined with frequent travel scams and recurring data breaches in the travel and hospitality sector, it creates plenty of opportunities for criminals. This guide covers
China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa - Ravie LakshmananJun 04, 2026Malware / Cybercrime A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid operational tempo" and a continually evolving malware arsenal comprising known families like ValleyRAT (aka Winos 4.0)
Interview: Clare Hickie, EMEA CTO, Workday - Clare Hickie, chief technology officer (CTO) for EMEA at Workday, sits in the Customer Experience Centre in the technology firm’s European headquarters in Dublin and reflects on the characteristics that have helped her to succeed during her digital leadership career. “I’m a change maker; I was born as one,” she says. “The most important thing
NCSC Releases Software Supply Chain Attacks Guidance - In May 2026, malicious code appeared inside packages used across NHS software projects. The software supply chain attack named Mini Shai-hulud by researchers spread through CI/CD systems, package registries, and developer tooling before anyone noticed something was wrong. It was caught quickly. Damage was limited. The UK’s National Cyber Security Centre is using that near-miss
AI-Powered Bots Create Governance Challenges - For years, security teams have relied on behavioral clues to identify malicious activity. However, the rise of AI-powered bots is making that task far more challenging. Unlike traditional automated tools, these bots can imitate legitimate user behavior with remarkable accuracy, allowing them to blend into normal traffic patterns. A new study examining enterprise security readiness
Fujifilm: Turning AI ambition into practical business value - One of the biggest challenges with scaling AI is that the term itself has become too vague to be useful. When AI is discussed as a broad technology category, leaders struggle to understand what value is realistically achievable, where to focus first, and what success should look like. That vagueness often leads to two extremes:
Mirasvit Vulnerability Exploited to Execute Code on Magento Servers - The US cybersecurity agency CISA on Wednesday urged federal agencies to immediately patch a critical-severity vulnerability in the Mirasvit Full Page Cache Warmer for Magento 2 extension that has been exploited in the wild for remote code execution (RCE). Cache Wormer monitors a page’s cache status and automatically adds the latest version of the page
[Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian T

… [truncated — open the raw llms.txt above for the full file]