BleepingComputer Jul 6, 2026, 08:27 PM (UTC)
Read
A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals. [...]
BleepingComputer Jul 6, 2026, 08:23 PM (UTC)
Read
Threat actors are abusing Microsoft Teams voice calls by impersonating corporate IT support staff to trick employees into installing the EtherRAT malware, giving attackers initial access to corporate networks. [...]
SecurityWeek Jul 6, 2026, 07:14 PM (UTC)
Read
Securonix says the sophisticated framework abuses compromised websites, Blogspot, PowerShell, and fileless techniques to evade detection and deploy the PureLog information stealer. The post Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks appeared fir…
The Hacker News Jul 6, 2026, 06:34 PM (UTC)
Read
An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which…
BleepingComputer Jul 6, 2026, 06:25 PM (UTC)
Read
Vietnamese authorities have arrested and are prosecuting seven suspects believed to have run HiAnime, the largest anime piracy streaming service before its shutdown in June. [...]
The Hacker News Jul 6, 2026, 05:37 PM (UTC)
Read
A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as CVE-2026-53359, the flaw sits in the shadow MMU code that KVM share…
The Hacker News Jul 6, 2026, 04:28 PM (UTC)
Read
Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform…
Infosecurity Magazine Jul 6, 2026, 04:00 PM (UTC)
Read
Check Point researchers have identified a new cyber adversary targeting Israeli government and IT businesses, tracked as ‘Cavern Manticore’
SecurityWeek Jul 6, 2026, 03:20 PM (UTC)
Read
Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences. The post The Shift Toward Business-Aligned Risk Management appeared first on SecurityWeek.
SecurityWeek Jul 6, 2026, 03:10 PM (UTC)
Read
The threat actor uses modular RATs and information stealers in financially motivated and cyber espionage campaigns. The post Armored Likho APT Targeting Government, Electric Power Entities appeared first on SecurityWeek.
Infosecurity Magazine Jul 6, 2026, 03:00 PM (UTC)
Read
Zscaler found sites hiding prompt-injection text to manipulate AI agents into crypto payments
Infosecurity Magazine Jul 6, 2026, 02:15 PM (UTC)
Read
Opera GX flaw let sites automatically install mods to steal data from other pages, now patched
BleepingComputer Jul 6, 2026, 02:00 PM (UTC)
Read
Every evolution in software development has reduced the friction between an idea and a deployable application. AI may remove the final barrier, but it also removes many of the moments where security decisions have traditionally taken place. [...]
BleepingComputer Jul 6, 2026, 01:18 PM (UTC)
Read
Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel. [...]
SecurityWeek Jul 6, 2026, 01:11 PM (UTC)
Read
The PolinRider campaign has compromised more than 100 legitimate open source packages and repositories to deliver a backdoor and information stealer to developers. The post North Korean Hackers Target Open Source Developers in Supply Chain Attacks appeared fir…
The Hacker News Jul 6, 2026, 01:01 PM (UTC)
Read
A streaming box should not need a threat model. Neither should a username field, a demo repo, a reset flow, or a browser permission prompt. That is the irritating part this week: the risky pieces were ordinary. Home devices became a routing cover. Clean code p…
SecurityWeek Jul 6, 2026, 12:48 PM (UTC)
Read
Organizations are urged to patch after proof-of-concept code makes the Linux root escalation flaw easier to exploit. The post Proof-of-Concept Exploit Released for Linux ‘Bad Epoll’ Root Access Vulnerability appeared first on SecurityWeek.
Cybersecurity Ventures Jul 6, 2026, 12:38 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 6, 2026 – Watch the YouTube video “One of the biggest misconceptions in cybersecurity is that seeing a problem means you’re protected,” Ariel Litmanovich, co-founder an…
The Hacker News Jul 6, 2026, 11:30 AM (UTC)
Read
Building a shortlist for an AI SOC evaluation can be tough. SIEM, SOAR, and pureplay AI SOC vendors are all saying the same thing. But behind the identical label sit very different products, from chat assistants bolted onto a legacy SIEM to agent platforms tha…
SecurityWeek Jul 6, 2026, 11:19 AM (UTC)
Read
Researchers uncovered two campaigns embedding indirect prompt injections in malicious websites to exploit autonomous AI agents browsing the web. The post Prompt Injection Attacks Trick AI Agents Into Making Crypto Payments appeared first on SecurityWeek.
The Hacker News Jul 6, 2026, 10:58 AM (UTC)
Read
A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts. The multi-stage campaign, co…
Infosecurity Magazine Jul 6, 2026, 09:00 AM (UTC)
Read
IWF and NCA warn that growing numbers of images and videos are being manipulated into sexual abuse material
The Hacker News Jul 6, 2026, 08:50 AM (UTC)
Read
Researchers at Shandong University have shown a fast new way to pull data off computers that are cut off from every network. The technique, called TrojPix, tweaks on-screen pixels in ways the eye cannot see, so that the video cable carrying them radiates a fai…
Infosecurity Magazine Jul 6, 2026, 08:30 AM (UTC)
Read
Researchers have revealed JadePuffer, the first agentic AI-powered ransomware campaign, highlighting how autonomous agents can automate cyber-attacks
The Hacker News Jul 6, 2026, 08:13 AM (UTC)
Read
Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that's capable of targeting Windows, Linux, and macOS environments. According to LevelBlue, the cross-platform malware is advertised under a malware-as-a-servi…
The Hacker News Jul 6, 2026, 07:27 AM (UTC)
Read
Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits. In a proof of concept, they reconstructed a s…
The Hacker News Jul 6, 2026, 06:33 AM (UTC)
Read
Scanners meant to catch malicious add-on "skills" for AI coding agents can be fooled by a few simple changes that leave the malware working, according to a new study from researchers at the Hong Kong University of Science and Technology. Their strongest trick…
BleepingComputer Jul 5, 2026, 02:14 PM (UTC)
Read
Flipper Devices says development of the Flipper Zero firmware will continue, albeit with a smaller internal team and greater reliance on community contributions. [...]
BleepingComputer Jul 4, 2026, 02:16 PM (UTC)
Read
Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. [...]
The Hacker News Jul 4, 2026, 12:47 PM (UTC)
Read
A U.S. government entity paid about $1 million to keep stolen files from being leaked, according to a new case study by Rakesh Krishnan for Ransom-ISAC, built on a leaked negotiation chat and the blockchain trail the payment left. The odd part: the group that…
The Hacker News Jul 4, 2026, 11:17 AM (UTC)
Read
The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as part of an ongoing activity referred to as PolinRider. "Th…
The Hacker News Jul 3, 2026, 08:19 PM (UTC)
Read
Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws matter because FatFs is nearly everywhere. It ships inside the…
The Hacker News Jul 3, 2026, 07:40 PM (UTC)
Read
A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Android, and a fix is out. Bad Epoll sits in the same small stret…
The Hacker News Jul 3, 2026, 06:55 PM (UTC)
Read
Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditional security controls. Avalon combines credential collection…
BleepingComputer Jul 3, 2026, 05:50 PM (UTC)
Read
A joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android devices, including smart TVs and streaming boxes. [...]
The Hacker News Jul 3, 2026, 04:07 PM (UTC)
Read
Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft. According to JFrog, the packages "rollup-packages-polyfill-core" and "rollup…
SecurityWeek Jul 3, 2026, 03:10 PM (UTC)
Read
Noteworthy stories that might have slipped under the radar: Anonymous-linked Canadian hacker jailed, researcher drops zero-days in open source projects, Venezuelans sentenced in the US over ATM jackpotting. The post In Other News: Canadian Hacker Jailed, Open…
BleepingComputer Jul 3, 2026, 02:12 PM (UTC)
Read
A new phishing-as-a-service (PhaaS) platform dubbed "ARToken" appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed to compromise Microsoft 365. [...]
The Hacker News Jul 3, 2026, 01:36 PM (UTC)
Read
A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targetin…
Infosecurity Magazine Jul 3, 2026, 01:00 PM (UTC)
Read
The ransomware landscape is reconsolidating around major players, with Qilin emerging as the leading RaaS operation, researchers say
Infosecurity Magazine Jul 3, 2026, 11:30 AM (UTC)
Read
Researchers warn that collaboration could lead to “unprecedented” ransomware attacks, as FBI also issues warning
The Hacker News Jul 3, 2026, 11:05 AM (UTC)
Read
A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee that was tasked with investigating the abuse…
SecurityWeek Jul 3, 2026, 11:00 AM (UTC)
Read
Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions. The post Agentic AI Used to Conduct Ransomware Attack via Langflow appeared first on SecurityWeek.
SecurityWeek Jul 3, 2026, 10:00 AM (UTC)
Read
In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information. The post Medtronic Data Breach Impacts 3.8 Million People appeared first on SecurityWeek.
Infosecurity Magazine Jul 3, 2026, 09:35 AM (UTC)
Read
The NetNut proxy network and the ‘Popa’ botnet are known to have infected devices with variants of Mirai DDoS botnets
SecurityWeek Jul 3, 2026, 09:30 AM (UTC)
Read
Prosecutors say 19-year-old Peter Stokes was a member of Scattered Spider, the hacking group linked to more than 100 network intrusions and over $100 million in ransom payments. The post Alleged Scattered Spider Hacker Extradited to US appeared first on Securi…
The Hacker News Jul 3, 2026, 08:03 AM (UTC)
Read
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (…
BleepingComputer Jul 3, 2026, 01:37 AM (UTC)
Read
Anthropic says Claude Fable 5 won't be accessible via Claude subscriptions after July 7, but it's not a permanent change, and the company expects the model to return outside the usage-based plan soon. [...]
BleepingComputer Jul 3, 2026, 12:48 AM (UTC)
Read
Claude Fable, the company's most powerful model, is now available to all users, but early impressions are disappointing, as it appears to be nowhere near the original release. [...]
Krebs on Security Jul 2, 2026, 07:27 PM (UTC)
Read
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR].…
The Hacker News Jul 2, 2026, 06:54 PM (UTC)
Read
Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people's traffic. Working with the FBI, Lumen, and others, Google's Threat Intelligence Group (GTIG) said this week it had reduced the ne…
The Hacker News Jul 2, 2026, 06:30 PM (UTC)
Read
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in tradecraft through us…
The Hacker News Jul 2, 2026, 03:24 PM (UTC)
Read
This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break…
BleepingComputer Jul 2, 2026, 03:18 PM (UTC)
Read
Court of Justice of the European Union (CJEU) has dismissed Google's final appeal against a €4.1 billion ($4.7 billion) antitrust fine over the company's use of Android to promote its Chrome browser and search service. [...]
BleepingComputer Jul 2, 2026, 02:00 PM (UTC)
Read
ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. [...]
Cybersecurity Ventures Jul 2, 2026, 01:17 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 1, 2026 – Watch the YouTube video For years, social engineering has been the most common and effective attack vector in cybersecurity, according to Doppel, developers o…
The Hacker News Jul 2, 2026, 01:04 PM (UTC)
Read
The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate emai…
Infosecurity Magazine Jul 2, 2026, 12:51 PM (UTC)
Read
Infosecurity spoke with the researcher who dumped over 30 proof-of-concept exploits without disclosing the vulnerabilities first
BleepingComputer Jul 2, 2026, 12:15 PM (UTC)
Read
Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic) license. [...]
Infosecurity Magazine Jul 2, 2026, 12:00 PM (UTC)
Read
Bitdefender researchers warned of curious ransomware campaign which has targeted businesses around the world
BleepingComputer Jul 2, 2026, 11:35 AM (UTC)
Read
Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. [...]
The Hacker News Jul 2, 2026, 11:30 AM (UTC)
Read
Identity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals proliferate across enterprise environments, the governance model built for humans d…
Infosecurity Magazine Jul 2, 2026, 10:00 AM (UTC)
Read
The NCSC has shared best practice advice from pen testers which could help improve system resilience
The Hacker News Jul 2, 2026, 09:13 AM (UTC)
Read
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing…
Infosecurity Magazine Jul 2, 2026, 08:45 AM (UTC)
Read
A teenager accused of hacking as part of Scattered Spider has been arrested
The Hacker News Jul 2, 2026, 08:00 AM (UTC)
Read
The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. "An operator tied to FortiBleed's infrastructu…
The Hacker News Jul 2, 2026, 07:24 AM (UTC)
Read
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs. Run one, and…
The Hacker News Jul 2, 2026, 05:46 AM (UTC)
Read
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, trac…
The Hacker News Jul 1, 2026, 07:40 PM (UTC)
Read
Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port. Synacktiv, which found the bug,…
The Hacker News Jul 1, 2026, 07:28 PM (UTC)
Read
A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1. Peter Stokes, 19, a dual U.S. and Esto…
The Hacker News Jul 1, 2026, 05:53 PM (UTC)
Read
Unknown threat actors are leveraging the ScreenConnect remote access tool as a way to deploy and execute AsyncRAT. Kaspersky said the activity is part of a "massive, multi-domain, multi-language" campaign that distributes malicious installer archives hosted on…
The Hacker News Jul 1, 2026, 05:18 PM (UTC)
Read
Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEIL#DROP by Securonix. It's suspected that…
The Hacker News Jul 1, 2026, 03:26 PM (UTC)
Read
A Brazilian banking trojan called Ousaban is going after Windows users who bank in Spain and Portugal. Fortinet's FortiGuard Labs identified the campaign in May 2026. It opens with a phishing PDF disguised as a corrupted file, checks that the visitor is really…
The Hacker News Jul 1, 2026, 03:25 PM (UTC)
Read
Adobe has released patches for multiple maximum-severity security flaws impacting Adobe ColdFusion and Adobe Campaign Classic. The ColdFusion updates "resolves critical and important vulnerabilities that could lead to arbitrary code execution, privilege escala…
The Hacker News Jul 1, 2026, 02:42 PM (UTC)
Read
Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore. Cato AI Labs found the pair…
Infosecurity Magazine Jul 1, 2026, 02:30 PM (UTC)
Read
Securonix said the Veil#Drop campaign abuses Google Blogspot to deliver PureLog Stealer in memory
The Hacker News Jul 1, 2026, 01:56 PM (UTC)
Read
A recently disclosed critical security flaw impacting Progress Kemp LoadMaster is seeing active exploitation attempts, according to an advisory from eSentire's Threat Response Unit (TRU). The Canadian cybersecurity company said it identified exploitation attem…
Infosecurity Magazine Jul 1, 2026, 01:45 PM (UTC)
Read
FortiGuard says the Brazilian banking trojan Ousaban is targeting Spain and Portugal via phishing
Cybersecurity Ventures Jul 1, 2026, 01:15 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 1, 2026 – Watch the YouTube video “Black Hat USA 2026 is where CISOs come to gain the intelligence and insights that inform the toughest decisions they make,” says Suzy…
The Hacker News Jul 1, 2026, 12:59 PM (UTC)
Read
Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs…
The Hacker News Jul 1, 2026, 11:30 AM (UTC)
Read
Organizations have never had greater awareness of cyber risk. Yet turning that awareness into operational resilience has never been more challenging. The 2026 Bitdefender Cybersecurity Assessment confirms this is the case, as this year's findings reveal a seri…
Infosecurity Magazine Jul 1, 2026, 11:00 AM (UTC)
Read
The new classifier in Fable 5 blocks the jailbreak technique that prompted the US export controls “in over 99% of cases”
The Hacker News Jul 1, 2026, 10:41 AM (UTC)
Read
Microsoft on Tuesday said it's accelerating its quantum safe security roadmap, stating technology advances in quantum computing are making it essential to replace existing encryption standards sooner than previously expected. "Advances in quantum research and…
Infosecurity Magazine Jul 1, 2026, 10:00 AM (UTC)
Read
Microsoft has brought forward its timelines for transitioning to post-quantum cryptography (PQC)
Infosecurity Magazine Jul 1, 2026, 09:00 AM (UTC)
Read
Aflac Japan has notified regulators that policy details and personal and banking information have been compromised
The Hacker News Jul 1, 2026, 07:20 AM (UTC)
Read
Large language models keep inventing web addresses that do not exist. Attackers have started buying those made-up domains before anyone else can, then hosting phishing pages on them to catch traffic that AI tools point their way. Palo Alto Networks' Unit 42 ca…
The Hacker News Jul 1, 2026, 06:46 AM (UTC)
Read
Anthropic is putting Claude Fable 5 back online worldwide. On June 30, the U.S. Commerce Department lifted the export controls it had imposed on Fable and its more tightly controlled sibling Mythos 5 about two and a half weeks earlier. Fable 5 returns to users…
The Hacker News Jul 1, 2026, 05:46 AM (UTC)
Read
Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address…
The Hacker News Jul 1, 2026, 05:32 AM (UTC)
Read
ClickFix, the trick that fools people into running malware by hand, has quietly grown a back office. New research shows the malicious commands behind its fake "prove you're human" pages are now handed out by API-driven servers that give each visitor the same m…
The Hacker News Jul 1, 2026, 03:54 AM (UTC)
Read
Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-servic…
The Hacker News Jun 30, 2026, 05:46 PM (UTC)
Read
New Microsoft research shows how attackers can hijack AI agents that act on a user's behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider. The trick is that the agent never breaks a rule. E…
The Hacker News Jun 30, 2026, 05:45 PM (UTC)
Read
A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline. Researchers at QiAnXin's XLab have tracked…
Infosecurity Magazine Jun 30, 2026, 04:00 PM (UTC)
Read
Nissan says employees' data was stolen via the Oracle PeopleSoft zero-day campaign
The Hacker News Jun 30, 2026, 03:47 PM (UTC)
Read
Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code exec…
The Hacker News Jun 30, 2026, 03:40 PM (UTC)
Read
Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction. The cryptocurrency clipper activity has been codenamed…
Infosecurity Magazine Jun 30, 2026, 03:34 PM (UTC)
Read
Attackers exploited a critical SimpleHelp RMM bug to deploy TaskWeaver and Djinn Stealer malware
The Hacker News Jun 30, 2026, 02:26 PM (UTC)
Read
The safety check that is supposed to stop an AI coding agent from running a dangerous command can be walked straight past using a shell trick that has been public for decades. New research from Adversa AI, which is named the bypass GuardFall, found it works ag…
The Hacker News Jun 30, 2026, 01:49 PM (UTC)
Read
Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic. In many cases, the path in was visible just by watching what the app sent: a plaintext API key, a reusable to…
Cybersecurity Ventures Jun 30, 2026, 12:37 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 30, 2026 – Watch the YouTube video Anvilogic is on a mission to make advanced detection accessible to every security team, enabling them to detect across hybrid, multi-…
Infosecurity Magazine Jun 30, 2026, 12:00 PM (UTC)
Read
ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users
Infosecurity Magazine Jun 30, 2026, 10:30 AM (UTC)
Read
A wave of phishing emails sent to Booking.com partner accommodations in Japan in May led to blockchain-hosted malware
Infosecurity Magazine Jun 30, 2026, 09:30 AM (UTC)
Read
SonicWall records 264,000 events in first five months of 2026 as UK hospitals come under siege
Infosecurity Magazine Jun 30, 2026, 08:00 AM (UTC)
Read
Report Fraud data reveals that more than half of 323 UK ransomware victims last year were SMEs
Infosecurity Magazine Jun 29, 2026, 03:00 PM (UTC)
Read
OpenAI is previewing its GPT-5.6 Sol model to a vetted few at the US government's request
Infosecurity Magazine Jun 29, 2026, 02:30 PM (UTC)
Read
Group-IB says Millenium RAT, now rewritten in C++, has hit 62,289 devices in 160+ countries
Cybersecurity Ventures Jun 29, 2026, 12:35 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 29, 2026 – Read the report Forrester forecasts that worldwide information security spending will reach $200 billion in 2026, while Gartner projects $240 billion for 202…
Infosecurity Magazine Jun 29, 2026, 10:00 AM (UTC)
Read
An attacker has exploited a zero day in Oracle Peoplesoft to gain access to the IT systems of the NAIC, the standard-setting association for the US federal insurance system
Infosecurity Magazine Jun 29, 2026, 09:15 AM (UTC)
Read
Experts warn the Jaguar Land Rover breach bears hallmarks of Kremlin-backed hackers, citing novel ransomware, strategic timing and efforts to obscure attribution
Infosecurity Magazine Jun 29, 2026, 08:15 AM (UTC)
Read
The FBI claims Russian spies are targeting Signal backup keys
Cybersecurity Ventures Jun 26, 2026, 12:11 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 26, 2026 – Watch the YouTube video The 2026 CISO Report from Cybersecurity Ventures in partnership with Sophos reports that in Jan. 2026, the U.S. Cybersecurity and Inf…
Infosecurity Magazine Jun 26, 2026, 10:30 AM (UTC)
Read
A China-linked threat group has been targeting critical infrastructure in Southeast Asia with a new custom backdoor called TinyRCT
Infosecurity Magazine Jun 26, 2026, 08:00 AM (UTC)
Read
The UK Cyber Monitoring Centre reviews the Canvas breach affecting 160 UK universities, highlighting data theft risks and financial impacts of cyber incidents
Infosecurity Magazine Jun 25, 2026, 02:15 PM (UTC)
Read
A high-severity flaw in Cisco Catalyst SD-WAN Manager disclosed in early June was exploited as early as March
Infosecurity Magazine Jun 25, 2026, 01:00 PM (UTC)
Read
Digital Citizens Alliance report claims that millions of Americans may have unwittingly had IP connections used by cybercriminals
Cybersecurity Ventures Jun 25, 2026, 12:16 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 25, 2026 – Listen to the podcast SlashGear reports that a hacker in Germany was stunned to find he had complete control of a robotic lawnmower. Weighing over 200 pounds…
Infosecurity Magazine Jun 25, 2026, 12:00 PM (UTC)
Read
Cobalt study finds 20-percentage-point drop in number of organizations relying solely on AI automation for testing
Infosecurity Magazine Jun 25, 2026, 11:30 AM (UTC)
Read
New CISA guidance shows federal agencies how to use SASE to move from legacy TIC 2.0 to zero trust
Infosecurity Magazine Jun 25, 2026, 11:00 AM (UTC)
Read
macos-xpc-flaw-disable-edr-mdm-standard-user-xm-cyber
Infosecurity Magazine Jun 25, 2026, 10:45 AM (UTC)
Read
Analysis of ransomware incidents by researchers at Black Kite found that attacks have risen by over 50% in the last year, with supply chain attacks increasing
Infosecurity Magazine Jun 24, 2026, 04:05 PM (UTC)
Read
LayerX tricked AI browsers including ChatGPT Atlas and Comet into bypassing their guardrails
Infosecurity Magazine Jun 24, 2026, 03:25 PM (UTC)
Read
Operation Endgame seized around 50 domains and nearly 200 active IP-based servers associated with the infostealers
Infosecurity Magazine Jun 24, 2026, 02:00 PM (UTC)
Read
SentinelLabs found a North Korea-linked macOS backdoor using prompt injection on AI triage tools
Infosecurity Magazine Jun 24, 2026, 12:45 PM (UTC)
Read
Customers of the affected Japanese email services are “strongly advised” to change their email passwords
Cybersecurity Ventures Jun 24, 2026, 12:23 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 24, 2026 – Read the full story from BreackLock AEV, BAS, and penetration testing each answer a different security question. Adversarial Exposure Validation (AEV) maps w…
Infosecurity Magazine Jun 24, 2026, 12:00 PM (UTC)
Read
An NCC Group report warns state-backed hackers are attempting to hide activity by posing as ransomware groups and deploying commercially available malware
Infosecurity Magazine Jun 24, 2026, 09:30 AM (UTC)
Read
New ReliaQuest study reveals the six ways AI is practically being used in attacks today
Infosecurity Magazine Jun 24, 2026, 08:40 AM (UTC)
Read
Public Accounts Committee (PAC) warns that museums and galleries aren’t getting enough government support on cyber
Krebs on Security Jun 23, 2026, 04:12 PM (UTC)
Read
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members…
Infosecurity Magazine Jun 23, 2026, 03:00 PM (UTC)
Read
JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT
Infosecurity Magazine Jun 23, 2026, 02:15 PM (UTC)
Read
OpenAI expanded Daybreak with a full GPT-5.5-Cyber release to help defenders patch software flaws
Infosecurity Magazine Jun 23, 2026, 02:00 PM (UTC)
Read
All US federal agencies will have to complete their post-quantum cryptography transition by 2031, according to a new Trump Executive Order
Infosecurity Magazine Jun 23, 2026, 01:00 PM (UTC)
Read
Cybercriminals launch fake GTA 6 pre-order sites offering early access for crypto payments
Cybersecurity Ventures Jun 23, 2026, 12:24 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 23, 2026 – Listen to the podcast Richard Seewald, founder and Managing Partner at Evolution Equity Partners, joins Steve Morgan, founder of Cybersecurity Ventures, for…
Infosecurity Magazine Jun 23, 2026, 09:29 AM (UTC)
Read
Two young British men have pleaded guilty to hacking Transport for London as part of a Scattered Spider plot
Infosecurity Magazine Jun 23, 2026, 08:30 AM (UTC)
Read
The Five Eyes Alliance has published a rare call to action for organizations facing AI threats