The Hacker News Jul 2, 2026, 03:24 PM (UTC)
Read
This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break…
BleepingComputer Jul 2, 2026, 03:18 PM (UTC)
Read
Court of Justice of the European Union (CJEU) has dismissed Google's final appeal against a €4.1 billion ($4.7 billion) antitrust fine over the company's use of Android to promote its Chrome browser and search service. [...]
SecurityWeek Jul 2, 2026, 03:04 PM (UTC)
Read
Hackers are targeting NetScaler appliances using public PoC code to retrieve arbitrary memory content in the HTTP response. The post New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure appeared first on SecurityWeek.
BleepingComputer Jul 2, 2026, 02:00 PM (UTC)
Read
ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. [...]
Cybersecurity Ventures Jul 2, 2026, 01:17 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 1, 2026 – Watch the YouTube video For years, social engineering has been the most common and effective attack vector in cybersecurity, according to Doppel, developers o…
SecurityWeek Jul 2, 2026, 01:15 PM (UTC)
Read
As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. The post How to Conduct a Successful Audit of AI-Driven Software Developme…
The Hacker News Jul 2, 2026, 01:04 PM (UTC)
Read
The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate emai…
Infosecurity Magazine Jul 2, 2026, 12:51 PM (UTC)
Read
Infosecurity spoke with the researcher who dumped over 30 proof-of-concept exploits without disclosing the vulnerabilities first
SecurityWeek Jul 2, 2026, 12:34 PM (UTC)
Read
Researchers say credentials harvested from hundreds of thousands of FortiGate firewalls are being used to facilitate ransomware attacks by the INC and Lynx operations. The post FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks appeared first on Securi…
BleepingComputer Jul 2, 2026, 12:15 PM (UTC)
Read
Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic) license. [...]
Infosecurity Magazine Jul 2, 2026, 12:00 PM (UTC)
Read
Bitdefender researchers warned of curious ransomware campaign which has targeted businesses around the world
BleepingComputer Jul 2, 2026, 11:35 AM (UTC)
Read
Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. [...]
The Hacker News Jul 2, 2026, 11:30 AM (UTC)
Read
Identity lifecycle management was architected around a person with an employment record, a manager, and a departure date. AI agents have none of those. As autonomous principals proliferate across enterprise environments, the governance model built for humans d…
SecurityWeek Jul 2, 2026, 11:01 AM (UTC)
Read
Anthropic said Tuesday night that its AI model called Claude Fable 5 is now widely available. The post Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm appeared first on SecurityWeek.
BleepingComputer Jul 2, 2026, 10:52 AM (UTC)
Read
CISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May. [...]
SecurityWeek Jul 2, 2026, 10:48 AM (UTC)
Read
A PoC exploit has been available since public disclosure, and the first exploitation attempts were observed last week. The post Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability appeared first on SecurityWeek.
BleepingComputer Jul 2, 2026, 10:46 AM (UTC)
Read
Opera has introduced Paste Protect, a security feature designed to block ClickFix-style attacks that trick users into executing malicious commands through social engineering. [...]
SecurityWeek Jul 2, 2026, 10:45 AM (UTC)
Read
Researchers show how context manipulation can cause agentic browsers to abandon safety guardrails and exfiltrate sensitive credentials. The post ‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials appeared first on SecurityWeek.
SecurityWeek Jul 2, 2026, 10:30 AM (UTC)
Read
CISA says threat actors are exploiting a recently patched SharePoint remote code execution vulnerability (CVE-2026-45659). The post CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability appeared first on SecurityWeek.
Infosecurity Magazine Jul 2, 2026, 10:00 AM (UTC)
Read
The NCSC has shared best practice advice from pen testers which could help improve system resilience
The Hacker News Jul 2, 2026, 09:13 AM (UTC)
Read
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing…
BleepingComputer Jul 2, 2026, 08:58 AM (UTC)
Read
A dual United States and Estonian citizen has been extradited to the U.S. to face charges alleging he was a member of the Scattered Spider hacking collective. [...]
Infosecurity Magazine Jul 2, 2026, 08:45 AM (UTC)
Read
A teenager accused of hacking as part of Scattered Spider has been arrested
The Hacker News Jul 2, 2026, 08:00 AM (UTC)
Read
The recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. "An operator tied to FortiBleed's infrastructu…
The Hacker News Jul 2, 2026, 07:24 AM (UTC)
Read
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs. Run one, and…
The Hacker News Jul 2, 2026, 05:46 AM (UTC)
Read
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, trac…
BleepingComputer Jul 2, 2026, 04:25 AM (UTC)
Read
Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. [...]
BleepingComputer Jul 1, 2026, 09:37 PM (UTC)
Read
The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions. [...]
BleepingComputer Jul 1, 2026, 09:09 PM (UTC)
Read
Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year. [...]
BleepingComputer Jul 1, 2026, 08:08 PM (UTC)
Read
Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a campaign believed to target cybersecurity researchers. [...]
The Hacker News Jul 1, 2026, 07:40 PM (UTC)
Read
Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port. Synacktiv, which found the bug,…
The Hacker News Jul 1, 2026, 07:28 PM (UTC)
Read
A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1. Peter Stokes, 19, a dual U.S. and Esto…
SecurityWeek Jul 1, 2026, 06:08 PM (UTC)
Read
Microsoft's new Teams admin policy requires organizer approval for external AI bots, giving organizations greater visibility and control over automated participants in sensitive meetings. The post Microsoft Adds New Teams Controls to Block Unauthorized AI Bots…
The Hacker News Jul 1, 2026, 05:53 PM (UTC)
Read
Unknown threat actors are leveraging the ScreenConnect remote access tool as a way to deploy and execute AsyncRAT. Kaspersky said the activity is part of a "massive, multi-domain, multi-language" campaign that distributes malicious installer archives hosted on…
BleepingComputer Jul 1, 2026, 05:32 PM (UTC)
Read
The Department of Homeland Security is investigating a cyberattack that compromised the Homeland Security Information Network (HSIN), a sensitive information-sharing platform used by federal, state, local, and private-sector partners. [...]
The Hacker News Jul 1, 2026, 05:18 PM (UTC)
Read
Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEIL#DROP by Securonix. It's suspected that…
BleepingComputer Jul 1, 2026, 04:54 PM (UTC)
Read
Modern phishing, business email compromise, and account takeover attacks increasingly exploit trusted identities and legitimate business workflows, making them harder for traditional email defenses to detect. This webinar explores how behavioral AI can help or…
BleepingComputer Jul 1, 2026, 04:38 PM (UTC)
Read
An aggressive password-spraying campaign targeting Microsoft 365 environments generated more than 81 million login attempts over a two-week period. [...]
The Hacker News Jul 1, 2026, 03:26 PM (UTC)
Read
A Brazilian banking trojan called Ousaban is going after Windows users who bank in Spain and Portugal. Fortinet's FortiGuard Labs identified the campaign in May 2026. It opens with a phishing PDF disguised as a corrupted file, checks that the visitor is really…
The Hacker News Jul 1, 2026, 03:25 PM (UTC)
Read
Adobe has released patches for multiple maximum-severity security flaws impacting Adobe ColdFusion and Adobe Campaign Classic. The ColdFusion updates "resolves critical and important vulnerabilities that could lead to arbitrary code execution, privilege escala…
The Hacker News Jul 1, 2026, 02:42 PM (UTC)
Read
Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore. Cato AI Labs found the pair…
Infosecurity Magazine Jul 1, 2026, 02:30 PM (UTC)
Read
Securonix said the Veil#Drop campaign abuses Google Blogspot to deliver PureLog Stealer in memory
BleepingComputer Jul 1, 2026, 02:01 PM (UTC)
Read
Threat intelligence is only as useful as the context behind it. Criminal IP explains how its integration enriches threat indicators in OpenCTI with risk scoring, infrastructure intelligence, and phishing analysis. [...]
The Hacker News Jul 1, 2026, 01:56 PM (UTC)
Read
A recently disclosed critical security flaw impacting Progress Kemp LoadMaster is seeing active exploitation attempts, according to an advisory from eSentire's Threat Response Unit (TRU). The Canadian cybersecurity company said it identified exploitation attem…
Infosecurity Magazine Jul 1, 2026, 01:45 PM (UTC)
Read
FortiGuard says the Brazilian banking trojan Ousaban is targeting Spain and Portugal via phishing
Cybersecurity Ventures Jul 1, 2026, 01:15 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jul. 1, 2026 – Watch the YouTube video “Black Hat USA 2026 is where CISOs come to gain the intelligence and insights that inform the toughest decisions they make,” says Suzy…
The Hacker News Jul 1, 2026, 12:59 PM (UTC)
Read
Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs…
The Hacker News Jul 1, 2026, 11:30 AM (UTC)
Read
Organizations have never had greater awareness of cyber risk. Yet turning that awareness into operational resilience has never been more challenging. The 2026 Bitdefender Cybersecurity Assessment confirms this is the case, as this year's findings reveal a seri…
SecurityWeek Jul 1, 2026, 11:27 AM (UTC)
Read
Seven of the security defects have a maximum severity rating of 10/10 and could lead to arbitrary code execution. The post Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities appeared first on SecurityWeek.
SecurityWeek Jul 1, 2026, 11:20 AM (UTC)
Read
Citrix urges customers to patch NetScaler after fixing six vulnerabilities, including the HTTP/2 Bomb flaw and a high-severity CitrixBleed-style information disclosure bug. The post Citrix Patches NetScaler Vulnerabilities, Including New ‘HTTP/2 Bomb’ Attack a…
Infosecurity Magazine Jul 1, 2026, 11:00 AM (UTC)
Read
The new classifier in Fable 5 blocks the jailbreak technique that prompted the US export controls “in over 99% of cases”
The Hacker News Jul 1, 2026, 10:41 AM (UTC)
Read
Microsoft on Tuesday said it's accelerating its quantum safe security roadmap, stating technology advances in quantum computing are making it essential to replace existing encryption standards sooner than previously expected. "Advances in quantum research and…
Infosecurity Magazine Jul 1, 2026, 10:00 AM (UTC)
Read
Microsoft has brought forward its timelines for transitioning to post-quantum cryptography (PQC)
Infosecurity Magazine Jul 1, 2026, 09:00 AM (UTC)
Read
Aflac Japan has notified regulators that policy details and personal and banking information have been compromised
The Hacker News Jul 1, 2026, 07:20 AM (UTC)
Read
Large language models keep inventing web addresses that do not exist. Attackers have started buying those made-up domains before anyone else can, then hosting phishing pages on them to catch traffic that AI tools point their way. Palo Alto Networks' Unit 42 ca…
The Hacker News Jul 1, 2026, 06:46 AM (UTC)
Read
Anthropic is putting Claude Fable 5 back online worldwide. On June 30, the U.S. Commerce Department lifted the export controls it had imposed on Fable and its more tightly controlled sibling Mythos 5 about two and a half weeks earlier. Fable 5 returns to users…
The Hacker News Jul 1, 2026, 05:46 AM (UTC)
Read
Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising dozens of accounts in the process. The activity, per Huntress, originates from an IPv6 address…
The Hacker News Jul 1, 2026, 05:32 AM (UTC)
Read
ClickFix, the trick that fools people into running malware by hand, has quietly grown a back office. New research shows the malicious commands behind its fake "prove you're human" pages are now handed out by API-driven servers that give each visitor the same m…
The Hacker News Jul 1, 2026, 03:54 AM (UTC)
Read
Citrix on Tuesday released security updates to address multiple flaws in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-servic…
The Hacker News Jun 30, 2026, 05:46 PM (UTC)
Read
New Microsoft research shows how attackers can hijack AI agents that act on a user's behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider. The trick is that the agent never breaks a rule. E…
The Hacker News Jun 30, 2026, 05:45 PM (UTC)
Read
A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline. Researchers at QiAnXin's XLab have tracked…
Infosecurity Magazine Jun 30, 2026, 04:00 PM (UTC)
Read
Nissan says employees' data was stolen via the Oracle PeopleSoft zero-day campaign
The Hacker News Jun 30, 2026, 03:47 PM (UTC)
Read
Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code exec…
The Hacker News Jun 30, 2026, 03:40 PM (UTC)
Read
Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction. The cryptocurrency clipper activity has been codenamed…
Infosecurity Magazine Jun 30, 2026, 03:34 PM (UTC)
Read
Attackers exploited a critical SimpleHelp RMM bug to deploy TaskWeaver and Djinn Stealer malware
The Hacker News Jun 30, 2026, 02:26 PM (UTC)
Read
The safety check that is supposed to stop an AI coding agent from running a dangerous command can be walked straight past using a shell trick that has been public for decades. New research from Adversa AI, which is named the bypass GuardFall, found it works ag…
The Hacker News Jun 30, 2026, 01:49 PM (UTC)
Read
Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic. In many cases, the path in was visible just by watching what the app sent: a plaintext API key, a reusable to…
Cybersecurity Ventures Jun 30, 2026, 12:37 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 30, 2026 – Watch the YouTube video Anvilogic is on a mission to make advanced detection accessible to every security team, enabling them to detect across hybrid, multi-…
Infosecurity Magazine Jun 30, 2026, 12:00 PM (UTC)
Read
ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users
The Hacker News Jun 30, 2026, 11:30 AM (UTC)
Read
The FIFA World Cup 2026 opened on June 11. By that date, according to Check Point Research, the fraud infrastructure targeting it had already been built, staged, and partially deployed. Threat actor activity was pre-planned, months out, across three sectors an…
The Hacker News Jun 30, 2026, 11:18 AM (UTC)
Read
An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer. The intrusion involves the exploitation of CVE-2026-4855…
Infosecurity Magazine Jun 30, 2026, 10:30 AM (UTC)
Read
A wave of phishing emails sent to Booking.com partner accommodations in Japan in May led to blockchain-hosted malware
Infosecurity Magazine Jun 30, 2026, 09:30 AM (UTC)
Read
SonicWall records 264,000 events in first five months of 2026 as UK hospitals come under siege
The Hacker News Jun 30, 2026, 09:27 AM (UTC)
Read
Two researchers have found six security flaws in AirDrop and Quick Share, the wireless features that beam files between nearby devices with no cables or shared network. An attacker within wireless range, with just a laptop and no prior connection, can crash th…
The Hacker News Jun 30, 2026, 08:37 AM (UTC)
Read
Convince an AI browser that it is playing a game, and it can hand over your login details. That is the finding behind BioShocking, a technique from security firm LayerX that tricked six AI browsers and assistants into copying a user's credentials and sending t…
Infosecurity Magazine Jun 30, 2026, 08:00 AM (UTC)
Read
Report Fraud data reveals that more than half of 323 UK ransomware victims last year were SMEs
The Hacker News Jun 30, 2026, 07:38 AM (UTC)
Read
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to Z…
The Hacker News Jun 30, 2026, 05:04 AM (UTC)
Read
A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication…
The Hacker News Jun 29, 2026, 04:09 PM (UTC)
Read
WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional feature is designed to help users connect with someone on the serv…
The Hacker News Jun 29, 2026, 03:40 PM (UTC)
Read
Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redire…
The Hacker News Jun 29, 2026, 03:30 PM (UTC)
Read
Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Code…
The Hacker News Jun 29, 2026, 03:03 PM (UTC)
Read
The China-aligned espionage group Mustang Panda is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel. Acronis Threat Research Unit found active comp…
Infosecurity Magazine Jun 29, 2026, 03:00 PM (UTC)
Read
OpenAI is previewing its GPT-5.6 Sol model to a vetted few at the US government's request
The Hacker News Jun 29, 2026, 02:41 PM (UTC)
Read
This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open. The noise is not all noise, either. Forums are talking, researchers are finding easy cracks, and def…
Infosecurity Magazine Jun 29, 2026, 02:30 PM (UTC)
Read
Group-IB says Millenium RAT, now rewritten in C++, has hit 62,289 devices in 160+ countries
Cybersecurity Ventures Jun 29, 2026, 12:35 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 29, 2026 – Read the report Forrester forecasts that worldwide information security spending will reach $200 billion in 2026, while Gartner projects $240 billion for 202…
The Hacker News Jun 29, 2026, 11:57 AM (UTC)
Read
New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App. The templates power bogus cryptocu…
The Hacker News Jun 29, 2026, 11:42 AM (UTC)
Read
Today’s encrypted data, such as credentials, may no longer remain confidential in the future because the public-key cryptography protecting it will soon be broken by quantum computers. Although no machine today can break elliptic curve cryptography or RSA, qua…
The Hacker News Jun 29, 2026, 11:40 AM (UTC)
Read
A Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025. Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing cam…
Infosecurity Magazine Jun 29, 2026, 10:00 AM (UTC)
Read
An attacker has exploited a zero day in Oracle Peoplesoft to gain access to the IT systems of the NAIC, the standard-setting association for the US federal insurance system
Infosecurity Magazine Jun 29, 2026, 09:15 AM (UTC)
Read
Experts warn the Jaguar Land Rover breach bears hallmarks of Kremlin-backed hackers, citing novel ransomware, strategic timing and efforts to obscure attribution
The Hacker News Jun 29, 2026, 08:32 AM (UTC)
Read
Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud. The company calls it StegoAd, a ma…
Infosecurity Magazine Jun 29, 2026, 08:15 AM (UTC)
Read
The FBI claims Russian spies are targeting Signal backup keys
The Hacker News Jun 29, 2026, 07:06 AM (UTC)
Read
A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug aff…
The Hacker News Jun 29, 2026, 05:36 AM (UTC)
Read
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution pat…
The Hacker News Jun 27, 2026, 05:27 PM (UTC)
Read
The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military…
The Hacker News Jun 27, 2026, 12:19 PM (UTC)
Read
OpenAI on Friday released three versions of GPT-5.6, called Sol, Terra, and Luna, as a limited preview to a small number of companies as part of an ongoing engagement with the U.S. government. While Sol is the latest flagship model and the most powerful, Terra…
The Hacker News Jun 26, 2026, 07:38 PM (UTC)
Read
The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step: they now coax targets into handing over their Signal Backup Recovery Key. Hand it over once, and the attacker can restor…
The Hacker News Jun 26, 2026, 06:17 PM (UTC)
Read
A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts. Kaspersky, which is tracking the activity under the…
Cybersecurity Ventures Jun 26, 2026, 12:11 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 26, 2026 – Watch the YouTube video The 2026 CISO Report from Cybersecurity Ventures in partnership with Sophos reports that in Jan. 2026, the U.S. Cybersecurity and Inf…
Infosecurity Magazine Jun 26, 2026, 10:30 AM (UTC)
Read
A China-linked threat group has been targeting critical infrastructure in Southeast Asia with a new custom backdoor called TinyRCT
Infosecurity Magazine Jun 26, 2026, 08:00 AM (UTC)
Read
The UK Cyber Monitoring Centre reviews the Canvas breach affecting 160 UK universities, highlighting data theft risks and financial impacts of cyber incidents
Infosecurity Magazine Jun 25, 2026, 02:15 PM (UTC)
Read
A high-severity flaw in Cisco Catalyst SD-WAN Manager disclosed in early June was exploited as early as March
Infosecurity Magazine Jun 25, 2026, 01:00 PM (UTC)
Read
Digital Citizens Alliance report claims that millions of Americans may have unwittingly had IP connections used by cybercriminals
Cybersecurity Ventures Jun 25, 2026, 12:16 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 25, 2026 – Listen to the podcast SlashGear reports that a hacker in Germany was stunned to find he had complete control of a robotic lawnmower. Weighing over 200 pounds…
Infosecurity Magazine Jun 25, 2026, 12:00 PM (UTC)
Read
Cobalt study finds 20-percentage-point drop in number of organizations relying solely on AI automation for testing
Infosecurity Magazine Jun 25, 2026, 11:30 AM (UTC)
Read
New CISA guidance shows federal agencies how to use SASE to move from legacy TIC 2.0 to zero trust
Infosecurity Magazine Jun 25, 2026, 11:00 AM (UTC)
Read
macos-xpc-flaw-disable-edr-mdm-standard-user-xm-cyber
Infosecurity Magazine Jun 25, 2026, 10:45 AM (UTC)
Read
Analysis of ransomware incidents by researchers at Black Kite found that attacks have risen by over 50% in the last year, with supply chain attacks increasing
Infosecurity Magazine Jun 24, 2026, 04:05 PM (UTC)
Read
LayerX tricked AI browsers including ChatGPT Atlas and Comet into bypassing their guardrails
Infosecurity Magazine Jun 24, 2026, 03:25 PM (UTC)
Read
Operation Endgame seized around 50 domains and nearly 200 active IP-based servers associated with the infostealers
Infosecurity Magazine Jun 24, 2026, 02:00 PM (UTC)
Read
SentinelLabs found a North Korea-linked macOS backdoor using prompt injection on AI triage tools
Infosecurity Magazine Jun 24, 2026, 12:45 PM (UTC)
Read
Customers of the affected Japanese email services are “strongly advised” to change their email passwords
Cybersecurity Ventures Jun 24, 2026, 12:23 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 24, 2026 – Read the full story from BreackLock AEV, BAS, and penetration testing each answer a different security question. Adversarial Exposure Validation (AEV) maps w…
Infosecurity Magazine Jun 24, 2026, 12:00 PM (UTC)
Read
An NCC Group report warns state-backed hackers are attempting to hide activity by posing as ransomware groups and deploying commercially available malware
Infosecurity Magazine Jun 24, 2026, 09:30 AM (UTC)
Read
New ReliaQuest study reveals the six ways AI is practically being used in attacks today
Infosecurity Magazine Jun 24, 2026, 08:40 AM (UTC)
Read
Public Accounts Committee (PAC) warns that museums and galleries aren’t getting enough government support on cyber
Krebs on Security Jun 23, 2026, 04:12 PM (UTC)
Read
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members…
Infosecurity Magazine Jun 23, 2026, 03:00 PM (UTC)
Read
JFrog found an npm package impersonating postcss-selector-parser to drop a multi-stage Windows RAT
Infosecurity Magazine Jun 23, 2026, 02:15 PM (UTC)
Read
OpenAI expanded Daybreak with a full GPT-5.5-Cyber release to help defenders patch software flaws
Infosecurity Magazine Jun 23, 2026, 02:00 PM (UTC)
Read
All US federal agencies will have to complete their post-quantum cryptography transition by 2031, according to a new Trump Executive Order
Infosecurity Magazine Jun 23, 2026, 01:00 PM (UTC)
Read
Cybercriminals launch fake GTA 6 pre-order sites offering early access for crypto payments
Cybersecurity Ventures Jun 23, 2026, 12:24 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 23, 2026 – Listen to the podcast Richard Seewald, founder and Managing Partner at Evolution Equity Partners, joins Steve Morgan, founder of Cybersecurity Ventures, for…
Infosecurity Magazine Jun 23, 2026, 09:29 AM (UTC)
Read
Two young British men have pleaded guilty to hacking Transport for London as part of a Scattered Spider plot
Infosecurity Magazine Jun 23, 2026, 08:30 AM (UTC)
Read
The Five Eyes Alliance has published a rare call to action for organizations facing AI threats
Infosecurity Magazine Jun 22, 2026, 03:00 PM (UTC)
Read
ESET details GentleKiller, the EDR-killer framework the Gentlemen ransomware gang gives affiliates
Infosecurity Magazine Jun 22, 2026, 02:00 PM (UTC)
Read
Apple BootROM exploit exposes unpatchable USB flaw on A12 and A13 devices
Cybersecurity Ventures Jun 22, 2026, 12:19 PM (UTC)
Read
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 22, 2026 – Visit MidnightInTheWarRoom.com Cybersecurity Ventures predicted that cybercrime would cost the world $10.5 trillion in 2025, according to a post on Public Se…
Infosecurity Magazine Jun 22, 2026, 11:30 AM (UTC)
Read
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers
Infosecurity Magazine Jun 22, 2026, 10:15 AM (UTC)
Read
At least four cybersecurity firms confirmed they have been affected by a breach of business intelligence platform Klue via Salesforce integration
Infosecurity Magazine Jun 22, 2026, 09:20 AM (UTC)
Read
The UK’s data protection regulator the information commissioner has resigned after his position became “untenable”
Infosecurity Magazine Jun 22, 2026, 08:30 AM (UTC)
Read
The NCSC has released guidance for Fortinet customers impacted by the FortiBleed threat campaign
Infosecurity Magazine Jun 19, 2026, 11:00 AM (UTC)
Read
Working with frontier AI models, this new platform aims to help discovering, prioritizing, validating and remediating code vulnerabilities
Infosecurity Magazine Jun 19, 2026, 10:15 AM (UTC)
Read
SocGholish malware has been removed from 15,000 sites associated with Evil Corp hackers
Infosecurity Magazine Jun 19, 2026, 09:00 AM (UTC)
Read
Half of cybersecurity leaders lack confidence in detecting threats on Slack, Teams and other non-email platforms, despite growing attacker focus
Krebs on Security Jun 18, 2026, 05:37 PM (UTC)
Read
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple securi…