Anthropic is testing desktop-like Claude Cowork for mobile
Anthropic appears to be testing Claude Cowork support on mobile, allowing you to manage long-running Claude tasks from your phone. [...]
Intelligence Feed
Curated cybersecurity reporting and advisories. Headlines link to original sources.
Items
140
Last update
Jun 26, 2026, 12:22 AM (UTC)
No matching results
Try a different keyword, or switch the source filter back to “All sources”.
Poland busts SIM-swapping gang tied to millions in crypto theft
Authorities in Poland have arrested four members of an organized cybercrime group accused of breaching telecommunications partners and hijacking email accounts to carry out SIM-swapping attacks. [...]
Order-tracking app Shop abused to push callback phishing attacks
Threat actors are increasingly abusing Shop, the order-tracking app from Shopify, by adding fake purchase receipts in users' order histories to trick them into providing sensitive data or installing remote access software. [...]
Microsoft quietly extends free Windows 10 ESU support to October 2027
Microsoft has quietly extended its free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year, allowing enrolled devices to continue receiving security updates until October 12, 2027. [...]
New macOS malware embeds fake errors to confuse AI analysis tools
A newly discovered macOS malware dubbed "Gaslight" is designed to confuse AI-assisted malware analysis tools by hiding prompt injection strings and fake debugging data within the executable. [...]
PirloTV sports piracy network disrupted as 44 domains seized
A major sports piracy ring linked to the illegal PirloTV streaming platform has been disrupted in an action that targeted 44 domains. [...]
Bluekit phishing kit adopts browser-in-the-middle for login theft
The Bluekit phishing-as-a-service platform continues to evolve with nearly 70 new hostnames identified over the past week and by adding browser-in-the-middle capabilities for improved data theft. [...]
Cisco Vulnerability Exploited Months Before Disclosure, Google Warns
A high-severity flaw in Cisco Catalyst SD-WAN Manager disclosed in early June was exploited as early as March
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), has more than 10 million…
The Four Elevations of Effective Fraud Prevention
Fraudsters don't attack just one transaction. They target accounts, platforms, and entire ecosystems. IPQS explains the four elevations of fraud prevention and why broader visibility improves fraud detection. [...]
Twenty Million US IP Connections Used by Proxy Services
Digital Citizens Alliance report claims that millions of Americans may have unwittingly had IP connections used by cybercriminals
Runlayer Raises $30 Million in Series A Funding
The startup’s platform functions as a secure control layer, aiming to secure AI tools across enterprises. The post Runlayer Raises $30 Million in Series A Funding appeared first on SecurityWeek.
ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories
It’s dumb out there again. This week has the usual smell of prod on fire and nobody wanting to admit who left the door open — old creds still working, trusted apps doing sketchy crap, browser tricks jumping the fence, and “normal” workflows turning into phishi…
Attack Of The Killer Lawnmowers: Security Flaw Let Hackers Control These Landscaping Robots
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 25, 2026 – Listen to the podcast SlashGear reports that a hacker in Germany was stunned to find he had complete control of a robotic lawnmower. Weighing over 200 pounds…
Webinar: Why account takeovers remain one of the hardest threats to stop
Account takeover attacks continue to challenge security teams because attackers often operate through legitimate accounts and trusted services. This webinar explores how behavioral AI can help organizations identify compromised accounts faster and automate res…
Cal Water Says No OT Systems Breached in Iranian Handala Cyberattack
Mandiant has helped the California water utility investigate the cyberattack launched by Iranian hacker group Handala. The post Cal Water Says No OT Systems Breached in Iranian Handala Cyberattack appeared first on SecurityWeek.
Trust in Automated AI Vulnerability Scanning Collapses to 9%, New Study Finds
Cobalt study finds 20-percentage-point drop in number of organizations relying solely on AI automation for testing
New CISA Guide Helps Agencies Adopt SASE For Zero Trust
New CISA guidance shows federal agencies how to use SASE to move from legacy TIC 2.0 to zero trust
Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project. The post Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning appeared first on SecurityWeek.
Surviving the Mythos Era: Richard Bejtlich on the Case for NDR
Despite the abundance of telemetry at analysts’ disposal, many security operations teams struggle to answer a few basic questions during incident investigation: What happened? What evidence do we have? How do we know we’re seeing it all, in context? Answering…
GitLab Patches Code Execution, Information Disclosure Vulnerabilities
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects. The post GitLab Patches Code Execution, Information Disclosure Vulnerabilities appeared first on SecurityWeek.
macOS Flaw Lets Standard Users Disable EDR and MDM
macos-xpc-flaw-disable-edr-mdm-standard-user-xm-cyber
Major Increase in Ransomware Attacks Targeting Europe, Warns New Report
Analysis of ransomware incidents by researchers at Black Kite found that attacks have risen by over 50% in the last year, with supply chain attacks increasing
25-Year-Old Vulnerability Patched in Curl
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities. The post 25-Year-Old Vulnerability Patched in Curl appeared first on SecurityWeek.
New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis
A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst's artificial intelligence (AI) tools and trick it into aborting or refusing an analysis of the art…
SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary Edition
The 2026 Industrial Control Systems (ICS) Cybersecurity Conference takes place October 6-8, 2026, at the W Nashville. The post SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary Edition appeared first on SecurityWeek.
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026. According to Symantec and Carbon B…
NIST Opens Updated IoT Security Guidance to Public Review
The guidance aims to establish product cybersecurity requirements for IoT devices integrated into federal agencies’ networks. The post NIST Opens Updated IoT Security Guidance to Public Review appeared first on SecurityWeek.
Chrome 149 Update Resolves 18 Severe Vulnerabilities
More than half of the bugs are use-after-free defects, which can potentially lead to remote code execution. The post Chrome 149 Update Resolves 18 Severe Vulnerabilities appeared first on SecurityWeek.
Cisco SD-WAN Zero-Day Exploited Months Before Patching
CVE-2026-20245, the 7th Cisco SD-WAN vulnerability exploited in 2026, was used for months prior to its disclosure and patching. The post Cisco SD-WAN Zero-Day Exploited Months Before Patching appeared first on SecurityWeek.
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, trac…
Google releases new privacy controls for activity history, personalization
Google is rolling out new privacy controls for Search services and Google Play, giving you more control over saved history and personalized recommendations. [...]
DraftKings hacker 'Snoopy' sentenced to 18 months in prison
A 21-year-old using the alias "Snoopy" was sentenced to 18 months in prison for his role in hacking DraftKings accounts in the November 2022 cyberattack. [...]
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access
New details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to create rogue root accounts on targeted devices. [...]
Malicious Edge extension abuses Native Messaging as bridge to malware
A malicious Microsoft Edge extension dubbed 'Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. [...]
When Information Becomes the Attack Surface – Understanding AI Agent Traps
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. The post When Information Becomes the Attack Surface – Understanding AI Agent Traps appeared first on SecurityWeek.
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by Jun…
Researchers Trick AI Browsers Into Leaking Credentials
LayerX tricked AI browsers including ChatGPT Atlas and Comet into bypassing their guardrails
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. "The main common goal was to disrup…
Europol-Led Operation Endgame Takes Down StealC and Amadey Infostealers
Operation Endgame seized around 50 domains and nearly 200 active IP-based servers associated with the infostealers
CISA warns of max severity Ubiquiti flaws exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers. [...]
Amadey, StealC malware operations disrupted in Operation Endgame action
Microsoft, Europol, and international partners have disrupted infrastructure used by the Amadey and StealC malware operations as part of Operation Endgame, which targets cybercriminal services and ransomware gangs. [...]
macOS Backdoor Uses Prompt Injection to Evade AI Triage
SentinelLabs found a North Korea-linked macOS backdoor using prompt injection on AI triage tools
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The "critical exploitable pattern" has been codenamed Cordyceps by Novee Security. The issue can a…
KDDI Breach Affects Six Japanese ISPs, Exposes 14.2 Email Credentials
Customers of the affected Japanese email services are “strongly advised” to change their email passwords
AEV, BAS, Or Pentesting: Which Security Validation Solution Is Right for You?
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 24, 2026 – Read the full story from BreackLock AEV, BAS, and penetration testing each answer a different security question. Adversarial Exposure Validation (AEV) maps w…
Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Cyber Espionage
An NCC Group report warns state-backed hackers are attempting to hide activity by posing as ransomware groups and deploying commercially available malware
Dawn of the Apex Agentic Adversary
We are standing at the end of an era we never thought to mourn: the era of human-speed threats. For years, cybersecurity moved to a rhythm organizations could follow. A researcher found a bug, a CVE was cataloged, a vendor navigated a patch cycle, and weeks or…
AI Is Making Attacks Cheaper, Faster and More Covert, Says ReliaQuest
New ReliaQuest study reveals the six ways AI is practically being used in attacks today
DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering
The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entiti…
UK Museums Face Cybersecurity Risks, MPs Warn
Public Accounts Committee (PAC) warns that museums and galleries aren’t getting enough government support on cyber
Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root
Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability, tracked as CVE-2026-2…
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally. The campaign, active since February…
Scattered Spider Hackers Plead Guilty on Day 1 of Trial
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members…
Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it…
Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration
President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography. Key establishment must move by December 31, 2030; digital signatures by December 31…
Lookalike npm Package Hides a Multi-Stage Windows RAT
JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT
GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
GitHub is moving to strengthen software supply chain security by updating "actions/checkout" to block pwn request attacks that exploit the risky use of the "pull_request_target workflow" trigger to run malicious code with the workflow's full privileges. Effect…
OpenAI Expands Daybreak to Help Defenders Patch Flaws
OpenAI expanded Daybreak with a full GPT-5.5-Cyber release to help defenders patch software flaws
Trump Issues Executive Order to Fast-Track Post-Quantum Migration
All US federal agencies will have to complete their post-quantum cryptography transition by 2031, according to a new Trump Executive Order
GTA 6 Scams Emerge as Pre-Orders Open
Cybercriminals launch fake GTA 6 pre-order sites offering early access for crypto payments
Cybersecurity “Talking Sports” On The Cybercrime Magazine Podcast
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 23, 2026 – Listen to the podcast Richard Seewald, founder and Managing Partner at Evolution Equity Partners, joins Steve Morgan, founder of Cybersecurity Ventures, for…
Agentic AI: The Weapon That No Longer Needs a Warrior
Every weapon begins as an extension of the hand that holds it. The spear lengthened the reach of the arm. The bow sent the point flying without the throw. The rifle placed a man's death a quarter mile beyond his sight, and the aircraft carried that death acros…
Scattered Spider Teens Convicted of TfL Cyber-Attack
Two young British men have pleaded guilty to hacking Transport for London as part of a Scattered Spider plot
Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The list of identified packages, is below - aes-decode-runner-pro (145 downloads) postcss-minify-selector (256 do…
Five Eyes Group Issues Urgent Call to Tackle Frontier AI Threats
The Five Eyes Alliance has published a rare call to action for organizations facing AI threats
WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate Remote Monitoring and Management (RMM) software. Per findings from Kaspersky, the active campaign is targe…
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative the artificial intelligence (AI) company announced last month. Calling GPT‑5.5‑Cyber its "strongest model yet for findin…
ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code. "Attackers compromised the vendor's build and distribution pipeline,…
29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests
A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is…
Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence (AI) conversions from other cu…
GentleKiller Framework Disables Victims' Security Software
ESET details GentleKiller, the EDR-killer framework the Gentlemen ransomware gang gives affiliates
Unpatchable BootROM Flaw Impacts Apple A12, A13 Chips
Apple BootROM exploit exposes unpatchable USB flaw on A12 and A13 devices
New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer
Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting poi…
Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries
Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start. On that date, certified Android phones in Brazil, Indonesia, Singapore, a…
Midnight in the War Room: A Documentary On Cyber War
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 22, 2026 – Visit MidnightInTheWarRoom.com Cybersecurity Ventures predicted that cybercrime would cost the world $10.5 trillion in 2025, according to a post on Public Se…
Stop Your Legacy Infrastructure from Hijacking Your AI Agents
Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventing AI security programs by using legacy infrastructure to hijack AI agents. AI ad…
Microsoft Attributes Mastra AI Supply Chain Attack to North Korea
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers
⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much control. The annoying part is how little of…
Klue Breach Enables Hackers to Compromise Cybersecurity Firms via OAuth Tokens
At least four cybersecurity firms confirmed they have been affected by a breach of business intelligence platform Klue via Salesforce integration
UK Information Commissioner Resigns After Workplace Investigation
The UK’s data protection regulator the information commissioner has resigned after his position became “untenable”
Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices
Canada's spy service got a judge's permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federal Court released a public version of the ruling on June 15. It is the first time…
NCSC Urges Fortinet Customers to Tackle FortiBleed Fallout
The NCSC has released guidance for Fortinet customers impacted by the FortiBleed threat campaign
AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network
A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up in. QiAnXin's XLab calls it AryStinger and counts at least 4,300 infected routers, a total it says is s…
INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific
A new report from INTERPOL has revealed a "dramatic increase" in cybercrime in Asia and the South Pacific, fueled by rapid digitalization, internet penetration, new technologies, organized criminal networks, and a disparity in cybersecurity maturity. According…
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw th…
Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips. That code is burned into the silicon at manufacture. No software update can rea…
The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes
The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affiliates for impairing system defenses before deploying the encryptor. This mature por…
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker's web page, and that page's JavaScript can reach a privileged local ser…
Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites
Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites. "With these actions we deprive cybercri…
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices. The sweeping campaign,…
From Assistive to Agentic: The AI Shift That's Redefining Threat Management
Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset data. But often, these tools are working in siloes, generating (overlapping) alerts and data. And yet, breach dwell ti…
AWS Unveils 'Continuum,' an AI-Powered Vulnerability Management Platform
Working with frontier AI models, this new platform aims to help discovering, prioritizing, validating and remediating code vulnerabilities
Forget Data Leakage: Shadow AI's Real Threat Is Access Control
The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive data into public AI tools. Security teams responded with usage policies, domain blocks, and data loss prevention rules. That response made sense at the time.…
Operation Endgame Disrupts Malware Network Linked to Major Ransomware Gang
SocGholish malware has been removed from 15,000 sites associated with Evil Corp hackers
Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data
Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To that end, organizations will be unable to connect to Salesf…
Confidence Lacks in Threat Detection Across Non-Email Channels like Slack and Teams
Half of cybersecurity leaders lack confidence in detecting threats on Slack, Teams and other non-email platforms, despite growing attacker focus
Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone
Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect autho…
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple securi…
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below - CVE-2026-42530 (CVSS v4 score: 9.2) - A use-after-free vu…
Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network
If an autonomous AI agent interacts with your company's core intellectual property today, can your security team instantly name the person who authorized it? For most enterprises, the answer is a simple no. The rush to adopt internal AI tools has left a massiv…
ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories
The internet did not break this week. It got used exactly as designed, which is worse. Searches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks ran in memory and left almost nothing behind. Cloud age…
Fake GitHub Stars and AI Videos Mask a Crypto Clipper
A Rust crypto clipper hides behind fake GitHub stars and AI-narrated YouTube videos
ICO Cautions Healthcare Worker After Princess of Wales Incident
Hospital insider escapes criminal prosecution after attempting to sell royal’s medical records
Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign codenamed CryptoBandits that has targeted users since February 2026 with clipboard-intercepting malware with self-spreading capabilities and using the Tor anonymity network to h…
INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims since August 2023. "The disruption of LockBit and the…
The Scripts on Your Checkout Page Are Now a PCI DSS Problem
An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the full QSA assessment here → When a customer types their card number into your checkout, their browser is running far more than your code. Analytics tags, a…
DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic
Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure. According to findings f…
Cybercriminals Are Worried About AI Taking Their Jobs Too
Analysis of chatter on underground forums by Sophos finds that hackers fear AI could take work away from them
LATAM Infrastructure Hit by Fortinet and Ivanti Exploits
CloudSEK maps Operation Escaneo, a campaign hitting Latin American infrastructure via perimeter bugs
Hostile States Behind 75% of Cyber-Attacks on UK Critical Infrastructure, NCSC Warns
Richard Horne, the NCSC CEO, said three-quarters of cyber-attacks targeting UK critical infrastructure came from nation-state actors
Cybercrime Surges in APAC as Digitalization Takes Hold
Interpol claims cybercrime accounts for third of crime in over half of Asia and South Pacific countries
Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments
An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phis…
Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a priv…
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and Tails…
North Korean Hiring Fraud Runs on AI and US Laptop Farms
Nisos infiltrated a North Korean IT-worker fraud cell running on AI interviews and a US laptop farm
Serverless Phishing Kit on GitHub Targets Mexican Banks
GitBait phishing kit abuses GitHub Pages and the SheetBest API to steal Mexican banking credentials
Nir Zuk: Backstory of a Cybersecurity Legend
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 17, 2026 – Watch the YouTube video “I started my cybersecurity ‘career’ as one of the earlier virus developers in the world,” Nir Zuk, co-founder of Palo Alto Networks,…
Sensitive Enterprise Data Uploads to AI Models Double in a Year
The rise of AI-assistants and applications in the enterprise has seen a 93% increase in employees attempting to upload sensitive data, bringing security challenges
AI Threats and Alert Fatigue Challenge Cybersecurity Teams
Filigran survey at Infosecurity Europe 2026 reveals AI-powered attacks as the top concern, with false positives, alert fatigue and manual processes draining security teams
EU Security Experts to Support Ukrainian Organizations in Case of Cyber-Attacks
Ukraine has been added to the EU Cybersecurity Reserve, which provides incident response services against large-scale incidents
Fifteen JetBrains Marketplace Plugins Found Stealing API Keys
Aikido Security has discovered at least 15 IDE plugins on the JetBrains Marketplace
Staffing Is Top SOC Challenge Even as AI Proliferates, Says SANS
SANS Institute study finds few SOCs have built AI into defined workflows, despite widespread adoption
SprySOCKS Backdoor Expands From Linux to Windows
China-linked SprySOCKS backdoor gains stealthy Windows variants and 30-plus C2 commands
Rokarolla Trojan Combines Banking Fraud With Device Surveillance
Rokarolla Android trojan steals banking logins and spies on victims while blocking fraud alerts
Virtual Or Full-Time CISO: ROI Calculator On Security Leadership
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 16, 2026 – Read the full story from LinkedIn The 2026 CISO Report by Cybersecurity Ventures, published in partnership with Sophos, lays out numbers that explain why mid…
Over Two-Thirds of Security Pros Say Cyber Is Getting Harder
ISSA study finds most security professionals feel challenged by colleagues’ involvement in cyber
DragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major Company
Command and control traffic exploited a Teams visitor token to make malicious activity look legitimate to defenders
Chainguard, JPMorgan, BNY Team Up to Secure Open Source from AI Threats
Athena is a new an industry coalition to fix the vulnerabilities frontier AI models find before attackers can exploit them
FBI Warns Courier Cash Pickups Are Driving Crypto Scams
The FBI claims couriers are being used to circumvent bank transfers in crypto investment schemes
Attackers Hijack Popular WordPress Plugins to Deploy Backdoors
Tampered OptinMonster and sister plugins plant hidden backdoors on 1.2 million WordPress sites
Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security Risks
How the Anubis ransomware group stole and leaked an Italian Adriatic port authority's data
Cybercrime is Accelerating: Preparing the Next Wave of Cybersecurity Experts
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 15, 2026 – Read the full story from CMBlog By harnessing AI, cybercriminals are developing increasingly sophisticated techniques to commit their crimes, posing a growin…
Cybersecurity Experts Urge US to Lift Ban on Anthropic's Frontier AI Models
Access to two Anthropic large language models, Mythos 5 and Fable 5, has effectively been banned to any non-US nationals by the Trump administration
UK Government Finds 400+ Vulnerabilities in AI Hackathons
Government departments find hundreds of vulnerabilities after testing frontier models
Maine Takes Breach Reporting Portal Offline After Fake Entries
The Office of the Maine Attorney General has suspended its breach reporting portal
Ransomware Payment Crypto Laundering Platform Taken Out by FBI and Europol
Domain of dark web money laundering platform AudiA6 seized and suspects arrested in joint operation by the FBI, Europol and others
GitHub to Update npm to Thwart Software Supply Chain Attacks
NPM, part of GitHub, announced a new version of the npm package manager with several security improvements, including disabling install scripts
Code Girls: The Secret Heroes Of World War II
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 12, 2026 – Watch the YouTube Short During World War II, some of America’s most powerful weapons weren’t bombs or guns. They were women sitting in secret rooms breaking…
Over 80% of Sports Organizations Targeted by Hackers in the Last Year
As the FIFA World Cup 2026 kicks off, a new Darktrace report warns that sports teams and bodies are a major target for cyber criminals
Page 1 of 1 0 results