Microsoft extends Windows Server 2022 hotpatching until October 2027
Microsoft has extended Windows Server 2022 hotpatching until October 2027, one year after the mainstream end date of October 2026. [...]
Intelligence Feed
Curated cybersecurity reporting and advisories. Headlines link to original sources.
Items
139
Last update
Jun 29, 2026, 05:47 PM (UTC)
No matching results
Try a different keyword, or switch the source filter back to “All sources”.
WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private
WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional feature is designed to help users connect with someone on the serv…
WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy
An optional ‘username key’ adds another layer by requiring a secondary credential before someone can message users. The post WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy appeared first on SecurityWeek.
U.S. offers $10 million for hackers targeting WhatsApp, Signal users
The U.S. Department of State is offering up to $10 million for information that helps identify or locate members of the UNC5792 and UNC4221 hacker groups, which are linked to Russia's intelligence and military services. [...]
Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks
The China-aligned espionage group Mustang Panda is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel. Acronis Threat Research Unit found active comp…
OpenAI Reveals GPT-5.6 Sol Cybersecurity Model, Restricts Early Access
OpenAI is previewing its GPT-5.6 Sol model to a vetted few at the US government's request
⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More
This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open. The noise is not all noise, either. Forums are talking, researchers are finding easy cracks, and def…
Telegram-Based Millenium RAT Campaign Infects 60,000 Devices
Group-IB says Millenium RAT, now rewritten in C++, has hit 62,289 devices in 160+ countries
Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines
Indirect prompts hidden in a repository can lead to Claude Code spawning a reverse shell on the developer’s machine. The post Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines appeared first on SecurityWee…
Straiker Raises $64 Million for AI Security Platform
The startup’s platform can identify AI agents and provide visibility into their access, behavior, and risks. The post Straiker Raises $64 Million for AI Security Platform appeared first on SecurityWeek.
Agentic AI Has an Identity Problem and Attackers Know It
AI agents can access data, trigger workflows, and take action across enterprise systems. Token Security explains why governing these privileged identities is becoming essential for enterprise security. [...]
Critical SimpleHelp flaw exploited to deploy new stealer malware
Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting Windows, macOS, and Linux. [...]
Hackers now exploit critical Oracle E-Business flaw in attacks
Attackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused. [...]
Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack
The ShinyHunters extortion group claims to have stolen 3.1 TB of data from the organization. The post Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack appeared first on SecurityWeek.
Global Cybersecurity Market Forecasts From Cybersecurity Ventures, Forrester, Gartner
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 29, 2026 – Read the report Forrester forecasts that worldwide information security spending will reach $200 billion in 2026, while Gartner projects $240 billion for 202…
Webinar: Why business email compromise attacks keep succeeding
Business email compromise attacks increasingly rely on convincing impersonation rather than malware, making them harder for employees and traditional email defenses to detect. This webinar explores how behavioral AI can help identify sophisticated email threat…
236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers
New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App. The templates power bogus cryptocu…
Why Post-Quantum Cryptography Starts With Credentials
Today’s encrypted data, such as credentials, may no longer remain confidential in the future because the public-key cryptography protecting it will soon be broken by quantum computers. Although no machine today can break elliptic curve cryptography or RSA, qua…
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
A Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025. Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing cam…
US seizes hundreds of FIFA World Cup illegal streaming domains
The U.S. Justice Department's Criminal Division has seized nearly 400 web domains used for illegally streaming matches at the FIFA World Cup. [...]
‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access
A variant of DirtyFrag, the flaw allows unprivileged local users to manipulate the Linux page cache and gain root privileges. The post ‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access appeared first on SecurityWeek.
OpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurity Review
ChatGPT maker OpenAI said Friday it is restricting the release of its new artificial intelligence model at the request of President Donald Trump’s administration. The post OpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurit…
US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw
An attacker has exploited a zero day in Oracle Peoplesoft to gain access to the IT systems of the NAIC, the standard-setting association for the US federal insurance system
US Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve
UNC5792 and UNC4221 have been targeting US government officials, military leaders, and allied personnel. The post US Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve appeared first on SecurityWeek.
Russian Hackers Accused of Destructive Cyber-Attack on Jaguar Land Rover
Experts warn the Jaguar Land Rover breach bears hallmarks of Kremlin-backed hackers, citing novel ransomware, strategic timing and efforts to obscure attribution
Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts
Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud. The company calls it StegoAd, a ma…
FBI Sounds Alarm Over Russian Intelligence Signal Phishing
The FBI claims Russian spies are targeting Signal backup keys
OpenAI Unveils GPT-5.6 Sol as Its Most Advanced Cybersecurity AI
The company says Sol matches competing systems like Mythos Preview while using only a third of the output tokens. The post OpenAI Unveils GPT-5.6 Sol as Its Most Advanced Cybersecurity AI appeared first on SecurityWeek.
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug aff…
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution pat…
Data breach exposes up to 14.2 million email logins at six ISPs
Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country. [...]
Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials
The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military…
Clean GitHub repo tricks AI coding agents into running malware
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious payload that remains invisible to security scanners, AI agents, and human reviewers. [...]
OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards
OpenAI on Friday released three versions of GPT-5.6, called Sol, Terra, and Luna, as a limited preview to a small number of companies as part of an ongoing engagement with the U.S. government. While Sol is the latest flagship model and the most powerful, Terra…
Chinese Framework Powers 200,000 Scam Sites
Threat actors are selling investment scam templates created using the legitimate DCloud Uni-App toolkit. The post Chinese Framework Powers 200,000 Scam Sites appeared first on SecurityWeek.
FBI: Russian hackers now target Signal backup recovery keys
The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Signal Backup Recovery Keys, allowing attackers to access victims' historical messages. [...]
CISA sets urgent deadline to fix Cisco flaw exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited. [...]
FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys
The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step: they now coax targets into handing over their Signal Backup Recovery Key. Hand it over once, and the attacker can restor…
New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts. Kaspersky, which is tracking the activity under the…
Polymarket customers lose $3 million in supply-chain attack
Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform's frontend following a breach at a third-party vendor. [...]
Cybersecurity firms targeted by fraudulent OpenAI organization invites
Threat actors are creating OpenAI tenants that impersonate legitimate companies and inviting employees to join them, in what appears to be a ploy to trick targets into submitting sensitive company information in chats and projects. [...]
Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign
A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks aimed at government entities and critical infrastructure in Southeast Asia. The activity, particularly aimed at state-own…
Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories
AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact. The post Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories appeared first on SecurityWeek.
Your First GRC Agent: A Red Teamer's Walkthrough
AI won't replace GRC analysts, but it can eliminate much of the repetitive work they do. Anecdotes walks through building an agent that continuously monitors controls, identifies evidence gaps, and opens remediation tasks. [...]
New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed "pedit COW," is an out-of-bounds write in the packet-editing action (act_pedit) that corrupts shared page-cache me…
Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it. Tracked as CV…
CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management (PDM) and Product Lifecycle Management (PLM) so…
Insider Threat: Cybersecurity Needs To Go Above And Beyond
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 26, 2026 – Watch the YouTube video The 2026 CISO Report from Cybersecurity Ventures in partnership with Sophos reports that in Jan. 2026, the U.S. Cybersecurity and Inf…
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant. Tracked as CVE-2026-43503 (CVSS 8.8), it le…
Guardian Agents: The Next Layer of Identity Governance
AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built to govern human access wasn't designed for autonomous actors, a…
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem. "The latest a…
China-Linked Hackers Strike Asian Critical Infrastructure with TinyRCT Backdoor
A China-linked threat group has been targeting critical infrastructure in Southeast Asia with a new custom backdoor called TinyRCT
Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant
An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and dig into front-desk machines, Microsoft says. The company has not attri…
Russia Used Cellebrite on Jailed Activist's iPhone Months After Sales Cutoff
Russian authorities used Cellebrite's UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite said it would stop selling its tools and services to Russia and Belarus. The finding…
CMC Releases Analysis and Guidance for Education Sector After Canvas Data Breach
The UK Cyber Monitoring Centre reviews the Canvas breach affecting 160 UK universities, highlighting data theft risks and financial impacts of cyber incidents
Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Itali…
Anthropic is testing desktop-like Claude Cowork for mobile
Anthropic appears to be testing Claude Cowork support on mobile, allowing you to manage long-running Claude tasks from your phone. [...]
Cisco Vulnerability Exploited Months Before Disclosure, Google Warns
A high-severity flaw in Cisco Catalyst SD-WAN Manager disclosed in early June was exploited as early as March
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code. According to Island, the extension, named Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), has more than 10 million…
Twenty Million US IP Connections Used by Proxy Services
Digital Citizens Alliance report claims that millions of Americans may have unwittingly had IP connections used by cybercriminals
ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories
It’s dumb out there again. This week has the usual smell of prod on fire and nobody wanting to admit who left the door open — old creds still working, trusted apps doing sketchy crap, browser tricks jumping the fence, and “normal” workflows turning into phishi…
Attack Of The Killer Lawnmowers: Security Flaw Let Hackers Control These Landscaping Robots
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 25, 2026 – Listen to the podcast SlashGear reports that a hacker in Germany was stunned to find he had complete control of a robotic lawnmower. Weighing over 200 pounds…
Trust in Automated AI Vulnerability Scanning Collapses to 9%, New Study Finds
Cobalt study finds 20-percentage-point drop in number of organizations relying solely on AI automation for testing
New CISA Guide Helps Agencies Adopt SASE For Zero Trust
New CISA guidance shows federal agencies how to use SASE to move from legacy TIC 2.0 to zero trust
Surviving the Mythos Era: Richard Bejtlich on the Case for NDR
Despite the abundance of telemetry at analysts’ disposal, many security operations teams struggle to answer a few basic questions during incident investigation: What happened? What evidence do we have? How do we know we’re seeing it all, in context? Answering…
macOS Flaw Lets Standard Users Disable EDR and MDM
macos-xpc-flaw-disable-edr-mdm-standard-user-xm-cyber
Major Increase in Ransomware Attacks Targeting Europe, Warns New Report
Analysis of ransomware incidents by researchers at Black Kite found that attacks have risen by over 50% in the last year, with supply chain attacks increasing
New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis
A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst's artificial intelligence (AI) tools and trick it into aborting or refusing an analysis of the art…
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026. According to Symantec and Carbon B…
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, trac…
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by Jun…
Researchers Trick AI Browsers Into Leaking Credentials
LayerX tricked AI browsers including ChatGPT Atlas and Comet into bypassing their guardrails
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. "The main common goal was to disrup…
Europol-Led Operation Endgame Takes Down StealC and Amadey Infostealers
Operation Endgame seized around 50 domains and nearly 200 active IP-based servers associated with the infostealers
macOS Backdoor Uses Prompt Injection to Evade AI Triage
SentinelLabs found a North Korea-linked macOS backdoor using prompt injection on AI triage tools
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The "critical exploitable pattern" has been codenamed Cordyceps by Novee Security. The issue can a…
KDDI Breach Affects Six Japanese ISPs, Exposes 14.2 Email Credentials
Customers of the affected Japanese email services are “strongly advised” to change their email passwords
AEV, BAS, Or Pentesting: Which Security Validation Solution Is Right for You?
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 24, 2026 – Read the full story from BreackLock AEV, BAS, and penetration testing each answer a different security question. Adversarial Exposure Validation (AEV) maps w…
Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Cyber Espionage
An NCC Group report warns state-backed hackers are attempting to hide activity by posing as ransomware groups and deploying commercially available malware
Dawn of the Apex Agentic Adversary
We are standing at the end of an era we never thought to mourn: the era of human-speed threats. For years, cybersecurity moved to a rhythm organizations could follow. A researcher found a bug, a CVE was cataloged, a vendor navigated a patch cycle, and weeks or…
AI Is Making Attacks Cheaper, Faster and More Covert, Says ReliaQuest
New ReliaQuest study reveals the six ways AI is practically being used in attacks today
DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering
The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entiti…
UK Museums Face Cybersecurity Risks, MPs Warn
Public Accounts Committee (PAC) warns that museums and galleries aren’t getting enough government support on cyber
Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root
Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability, tracked as CVE-2026-2…
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally. The campaign, active since February…
Scattered Spider Hackers Plead Guilty on Day 1 of Trial
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members…
Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it…
Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration
President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography. Key establishment must move by December 31, 2030; digital signatures by December 31…
Lookalike npm Package Hides a Multi-Stage Windows RAT
JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT
GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
GitHub is moving to strengthen software supply chain security by updating "actions/checkout" to block pwn request attacks that exploit the risky use of the "pull_request_target workflow" trigger to run malicious code with the workflow's full privileges. Effect…
OpenAI Expands Daybreak to Help Defenders Patch Flaws
OpenAI expanded Daybreak with a full GPT-5.5-Cyber release to help defenders patch software flaws
Trump Issues Executive Order to Fast-Track Post-Quantum Migration
All US federal agencies will have to complete their post-quantum cryptography transition by 2031, according to a new Trump Executive Order
GTA 6 Scams Emerge as Pre-Orders Open
Cybercriminals launch fake GTA 6 pre-order sites offering early access for crypto payments
Cybersecurity “Talking Sports” On The Cybercrime Magazine Podcast
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 23, 2026 – Listen to the podcast Richard Seewald, founder and Managing Partner at Evolution Equity Partners, joins Steve Morgan, founder of Cybersecurity Ventures, for…
Agentic AI: The Weapon That No Longer Needs a Warrior
Every weapon begins as an extension of the hand that holds it. The spear lengthened the reach of the arm. The bow sent the point flying without the throw. The rifle placed a man's death a quarter mile beyond his sight, and the aircraft carried that death acros…
Scattered Spider Teens Convicted of TfL Cyber-Attack
Two young British men have pleaded guilty to hacking Transport for London as part of a Scattered Spider plot
Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The list of identified packages, is below - aes-decode-runner-pro (145 downloads) postcss-minify-selector (256 do…
Five Eyes Group Issues Urgent Call to Tackle Frontier AI Threats
The Five Eyes Alliance has published a rare call to action for organizations facing AI threats
WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate Remote Monitoring and Management (RMM) software. Per findings from Kaspersky, the active campaign is targe…
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative the artificial intelligence (AI) company announced last month. Calling GPT‑5.5‑Cyber its "strongest model yet for findin…
ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code. "Attackers compromised the vendor's build and distribution pipeline,…
29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests
A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is…
Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence (AI) conversions from other cu…
GentleKiller Framework Disables Victims' Security Software
ESET details GentleKiller, the EDR-killer framework the Gentlemen ransomware gang gives affiliates
Unpatchable BootROM Flaw Impacts Apple A12, A13 Chips
Apple BootROM exploit exposes unpatchable USB flaw on A12 and A13 devices
New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer
Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting poi…
Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries
Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start. On that date, certified Android phones in Brazil, Indonesia, Singapore, a…
Midnight in the War Room: A Documentary On Cyber War
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 22, 2026 – Visit MidnightInTheWarRoom.com Cybersecurity Ventures predicted that cybercrime would cost the world $10.5 trillion in 2025, according to a post on Public Se…
Stop Your Legacy Infrastructure from Hijacking Your AI Agents
Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventing AI security programs by using legacy infrastructure to hijack AI agents. AI ad…
Microsoft Attributes Mastra AI Supply Chain Attack to North Korea
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers
⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much control. The annoying part is how little of…
Klue Breach Enables Hackers to Compromise Cybersecurity Firms via OAuth Tokens
At least four cybersecurity firms confirmed they have been affected by a breach of business intelligence platform Klue via Salesforce integration
UK Information Commissioner Resigns After Workplace Investigation
The UK’s data protection regulator the information commissioner has resigned after his position became “untenable”
NCSC Urges Fortinet Customers to Tackle FortiBleed Fallout
The NCSC has released guidance for Fortinet customers impacted by the FortiBleed threat campaign
AWS Unveils 'Continuum,' an AI-Powered Vulnerability Management Platform
Working with frontier AI models, this new platform aims to help discovering, prioritizing, validating and remediating code vulnerabilities
Operation Endgame Disrupts Malware Network Linked to Major Ransomware Gang
SocGholish malware has been removed from 15,000 sites associated with Evil Corp hackers
Confidence Lacks in Threat Detection Across Non-Email Channels like Slack and Teams
Half of cybersecurity leaders lack confidence in detecting threats on Slack, Teams and other non-email platforms, despite growing attacker focus
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple securi…
Fake GitHub Stars and AI Videos Mask a Crypto Clipper
A Rust crypto clipper hides behind fake GitHub stars and AI-narrated YouTube videos
ICO Cautions Healthcare Worker After Princess of Wales Incident
Hospital insider escapes criminal prosecution after attempting to sell royal’s medical records
Cybercriminals Are Worried About AI Taking Their Jobs Too
Analysis of chatter on underground forums by Sophos finds that hackers fear AI could take work away from them
LATAM Infrastructure Hit by Fortinet and Ivanti Exploits
CloudSEK maps Operation Escaneo, a campaign hitting Latin American infrastructure via perimeter bugs
Hostile States Behind 75% of Cyber-Attacks on UK Critical Infrastructure, NCSC Warns
Richard Horne, the NCSC CEO, said three-quarters of cyber-attacks targeting UK critical infrastructure came from nation-state actors
Cybercrime Surges in APAC as Digitalization Takes Hold
Interpol claims cybercrime accounts for third of crime in over half of Asia and South Pacific countries
North Korean Hiring Fraud Runs on AI and US Laptop Farms
Nisos infiltrated a North Korean IT-worker fraud cell running on AI interviews and a US laptop farm
Serverless Phishing Kit on GitHub Targets Mexican Banks
GitBait phishing kit abuses GitHub Pages and the SheetBest API to steal Mexican banking credentials
Nir Zuk: Backstory of a Cybersecurity Legend
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 17, 2026 – Watch the YouTube video “I started my cybersecurity ‘career’ as one of the earlier virus developers in the world,” Nir Zuk, co-founder of Palo Alto Networks,…
Sensitive Enterprise Data Uploads to AI Models Double in a Year
The rise of AI-assistants and applications in the enterprise has seen a 93% increase in employees attempting to upload sensitive data, bringing security challenges
AI Threats and Alert Fatigue Challenge Cybersecurity Teams
Filigran survey at Infosecurity Europe 2026 reveals AI-powered attacks as the top concern, with false positives, alert fatigue and manual processes draining security teams
EU Security Experts to Support Ukrainian Organizations in Case of Cyber-Attacks
Ukraine has been added to the EU Cybersecurity Reserve, which provides incident response services against large-scale incidents
Fifteen JetBrains Marketplace Plugins Found Stealing API Keys
Aikido Security has discovered at least 15 IDE plugins on the JetBrains Marketplace
Staffing Is Top SOC Challenge Even as AI Proliferates, Says SANS
SANS Institute study finds few SOCs have built AI into defined workflows, despite widespread adoption
SprySOCKS Backdoor Expands From Linux to Windows
China-linked SprySOCKS backdoor gains stealthy Windows variants and 30-plus C2 commands
Rokarolla Trojan Combines Banking Fraud With Device Surveillance
Rokarolla Android trojan steals banking logins and spies on victims while blocking fraud alerts
Virtual Or Full-Time CISO: ROI Calculator On Security Leadership
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 16, 2026 – Read the full story from LinkedIn The 2026 CISO Report by Cybersecurity Ventures, published in partnership with Sophos, lays out numbers that explain why mid…
Over Two-Thirds of Security Pros Say Cyber Is Getting Harder
ISSA study finds most security professionals feel challenged by colleagues’ involvement in cyber
DragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major Company
Command and control traffic exploited a Teams visitor token to make malicious activity look legitimate to defenders
Chainguard, JPMorgan, BNY Team Up to Secure Open Source from AI Threats
Athena is a new an industry coalition to fix the vulnerabilities frontier AI models find before attackers can exploit them
FBI Warns Courier Cash Pickups Are Driving Crypto Scams
The FBI claims couriers are being used to circumvent bank transfers in crypto investment schemes
Page 1 of 1 0 results