SAP fixes critical flaws in NetWeaver and Commerce Cloud
SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. [...]
Intelligence Feed
Curated cybersecurity reporting and advisories. Headlines link to original sources.
Items
147
Last update
Jun 9, 2026, 09:06 PM (UTC)
No matching results
Try a different keyword, or switch the source filter back to “All sources”.
Microsoft Patches 200 Vulnerabilities
Three of the vulnerabilities fixed with the latest Patch Tuesday updates were publicly disclosed before Microsoft addressed them. The post Microsoft Patches 200 Vulnerabilities appeared first on SecurityWeek.
Microsoft releases Windows 10 KB5094127 extended security update
Microsoft has released the Windows 10 KB5094127 extended security update, which fixes the June 2026 Patch Tuesday vulnerabilities and adds new functionality to monitor the rollout of updated Secure Boot certificates that replace those expiring this month. [...…
Adobe Patches 123 Vulnerabilities
Nearly half of the security holes, most allowing arbitrary code execution, have been fixed in Adobe’s Experience Manager product. The post Adobe Patches 123 Vulnerabilities appeared first on SecurityWeek.
Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws
Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws and three publicly disclosed zero-day vulnerabilities. [...]
Windows 11 KB5094126 & KB5093998 cumulative updates released
Microsoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]
Meta to Use Off-Site Business Data for Feed and AI Personalization
Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads. "Businesses often share information about people'…
Anthropic Launches Claude Fable 5: Mythos-Class AI With Cybersecurity Guardrails
The AI giant also announced that Project Glasswing partners are being given access to the upgraded Mythos 5. The post Anthropic Launches Claude Fable 5: Mythos-Class AI With Cybersecurity Guardrails appeared first on SecurityWeek.
OpenSSL Patches High-Severity Vulnerability Found With AI
A total of 18 vulnerabilities have been patched in the latest OpenSSL releases, including many that were potentially discovered by AI. The post OpenSSL Patches High-Severity Vulnerability Found With AI appeared first on SecurityWeek.
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability…
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protec…
XBOW tests Anthropic's Mythos Preview for offensive security
Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit discovery, reverse engineering, and live-site validation. [...]
GitHub disables Microsoft repos pushing password-stealing malware
Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. [...]
75% of Firms Deploy Vulnerable Code Amid Pressure on CISOs, Report Finds
Checkmarx report warns that business pressure is among the reason security leaders let security compliance slip
Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation
Public LLM models with safeguards turned off can also build working exploits, increasing patch gap risks. The post Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation appeared first on SecurityWeek.
AI Coding Adoption Hits 97% but Governance Lags Behind
Most dev teams use AI coding assistants but only 30% have full governance in place
New Veeam vulnerability exposes backup servers to RCE attacks
Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. [...]
Critical phpBB Flaw Lets Attackers Hijack Any Account with One Request
Critical phpBB authentication bypass lets attackers hijack any account with one request
New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications
Atsign’s AI Architect applies cryptographic protections to agentic software development, aiming to prevent attackers from exploiting vulnerabilities by making application identities effectively invisible. The post New Platform Uses Cryptographic Invisibility t…
2026 CISO Compensation Data: Salaries, Bonuses, Equity
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 9, 2026 – Read the report The 2026 CISO Report from Cybersecurity Ventures in partnership with Sophos examines the latest compensation data for CISOs. According to Glas…
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu (aka…
SAP Patches Critical NetWeaver, Commerce Vulnerabilities
The flaws could lead to the disclosure of sensitive information, memory corruption, and disruption of normal system usage. The post SAP Patches Critical NetWeaver, Commerce Vulnerabilities appeared first on SecurityWeek.
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounter…
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory a…
Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks
The most recent variants of the self-propagating attacks are named Miasma and Hades. The post Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks appeared first on SecurityWeek.
The Hidden Security Risk in Modern Networks: The Work Between Tools
Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort. But the same challenges persist. Outages sti…
Will AI Kill the Bug Bounty Industry?
Anthropic's Mythos is accelerating vulnerability discovery to machine speed, forcing the bug bounty industry and offensive security teams to adapt to a future where finding flaws is no longer the hard part. The post Will AI Kill the Bug Bounty Industry? appear…
French govt messaging service breached in account hijacking attack
DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government's encrypted messaging platform. [...]
Google Releases Patch for Chrome Vulnerability Exploited in the Wild
The flaw, CVE-2026-11645, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You open the page, leave the tab si…
Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks
The authentication bypass vulnerability allows attackers to establish VPN connections without a valid password. The post Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks appeared first on SecurityWeek.
Check Point Warns Critical Auth Bypass Bug Exploited in the Wild
Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and spli…
Infosecurity Europe: Why JLR’s CISO Enforced In-Person Password Resets Following Cyber-Attack
Speaking at Infosecurity Europe, Ashish Shrestha, former CISO at Jaguar Land Rover revealed why he wanted over 30,000 employees to change their passwords in the immediate aftermath of the incident
CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day
CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. [...]
WhatsApp Discovers NSO Group-Linked Spearphishing Attempts
Meta’s WhatsApp demands contempt ruling after users report NSO Group-linked phishing
Google patches new Chrome zero-day flaw exploited in the wild
Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. [...]
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026…
NFCShare Android malware spreads via fake banking app updates on GitHub
New variants of the NFCShare Android malware are being distributed as fake updates for legitimate banking apps hosted on GitHub. [...]
SoFi confirms third-party data breach at Hong Kong subsidiary
SoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information. [...]
New Apple feature automatically changes your compromised passwords
At WWDC 26, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. This works in Safari, and it's rolling out with iOS 27. [...]
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages
Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets. [...]
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel's nf_tables packet-filtering code…
WhatsApp says it disrupted new NSO spyware phishing attacks
WhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attacks. [...]
Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order
Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group. In addition, the tech giant said it's filing a federal court contempt order against the company for violating a permanent injunction that barred it…
North Korean Hackers Use Fake Coding Tasks to Steal Crypto
North Korean actor UNK_DeadDrop targeted developers with fake coding tasks to steal crypto
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 (CVSS score:…
OpenAI Unveils ChatGPT Account Security Controls
OpenAI brings Lockdown Mode and Active Sessions to ChatGPT to curb prompt injection data theft
AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload
Phishing has always been a numbers game. AI has turned it into a volume machine. Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect…
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
Monday again. The weekend was meant to be quiet. It wasn't. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked. A chatbot got fooled. A bot token got leaked inside the malware. The sa…
WireBadger Malicious Cable Detector For Penetration Testers And Red Teams
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 8, 2026 – WireBadger production information USB technology was designed for convenience and universal compatibility. When a cable or device connects, computers and mobi…
The Hardest Fork
Mythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why. I get it. But I've seen the findings, and they're bad. These aren't "whoops, this line right here is wrong, and that's RCE." They're novel combinations of a few do…
Infosecurity Europe: Prompt Injection Remains Unsolved, OWASP Researcher Warns
At Infosecurity Europe 2026, OWASP’s Ariel Fogel warned that prompt injection remains an “unresolved problem” within generative AI architecture
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems. The activity has been attributed by…
Two-Thirds of Open Source Community Unaware of Cyber Resilience Act
No excerpt available. Open the source for full details.
Infosecurity Europe: How DSIT Protects Thousands of UK Orgs from Cyber Vulnerabilities
The Department of Science, Innovation and Technology details how a combination of hands-on human advice and technology systems keeps government agencies safe
Meta AI Bug Exposes Over 20,000 Instagram Accounts
Meta confirms an AI tool vulnerability led to unauthorized access to Instagram accounts after a failure in email verification during password reset
UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026. The activity has be…
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in an attempt to tackle software supply chain threats. "When a…
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is primarily designed for people and organizations that handle sensitive data…
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the…
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitatio…
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Googl…
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples,…
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available
Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment ty…
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to…
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave…
Virginia Is For Cyber
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 5, 2026 – Listen to the podcast Virginia is home to the second largest cybersecurity industry in the country, with around 88,000 cybersecurity workers, according to Cyb…
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 (where "OP" stands for "opponent") that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework. Re…
Infosecurity Europe: Practical Lessons From Lloyds' Agentic AI Security Playbook
Lloyds Banking Group shared its approach for securing agentic AI workflows, with a mix of hands on experimentation and cross functional governance
Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver
Eighteen months ago, the AI SOC was a marketing line. Today it's a budget item. The category has crossed over from interesting to inevitable, with billions of dollars now flowing into AI-powered security operations platforms, agentic SOC tools, and AI co-pilot…
Infosecurity Europe: OWASP Introduces Agentic AI Security Maturity Framework
The OWASP agentic AI security framework helps organizations assess governance maturity vs adoption and adjust governance as needed
Infosecurity Europe: AI Coding Tools Need Built-In Security for Agentic Development Era
Ox Security field CTO, Boaz Barzel, makes the case for vibe security to tackle AI agent coding risks
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 (CVS…
Infosecurity Europe: Reactive Security Is Failing Healthcare Organizations, Experts Warn
A perfect storm of legacy devices, hyper connectivity and human fatigue is bad news for the healthcare sector, warns Cyber Salus
FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins
Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff. Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming a…
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. "Compromised business servers across the U.S., Europe, and Asia were quietly…
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's…
Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflo…
Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It
Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's Claude Mythos model was made available to a limited set of organizations as a tec…
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories
It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better t…
Chinese-Speaking Actor TA4922 Widens Its Global Reach
Newly named Chinese-speaking actor TA4922 expands from East Asia into Europe and Africa
Infosecurity Europe: AI Adoption Creates New Opportunities for Attackers to Distribute Malware, Microsoft Warns
Microsoft Detection and Response Team (DART) details how it has uncovered malicious AI applications as cyber criminals manipulate organizations adopting AI tools
Infosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New Benchmark
A Bugcrowd researcher has unveiled ExploitBench, an independent benchmark of AI models for vulnerability exploitation
Scam Compound Trafficking Victim To Cybercrime Whistleblower: Mohammad Muzahir’s Story
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 4, 2026 – Listen to the podcast Popular radio host Kim Komando tells Mohammad Muzahir’s Story on the Komando.com blog. Muzahir grew up in Kashmir, India, the eighth of…
Infosecurity Europe: How Proton Fights Against Cybercriminals Using Its Services
Proton uses machine learning models to detect abuse of its services – especially email addresses used by cybercriminals
China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa
A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid operational tempo" and a continually evolving…
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously rep…
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the…
Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months
Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal clou…
Infosecurity Europe: How Businesses Can Prepare for a Cybersecurity Crisis with Effective Plans
Cybersecurity and business leaders with experience of dealing with major incidents from within the NCSC and at JLR detail what you need to prioritize if your organization is hit by a cyber-attack
Infosecurity Europe: Ukraine’s Experience Highlights the Need for Preparation and Resilience in Cybersecurity
Former Ukrainian foreign minister, Dmytro Kuleba, urges Infosecurity Europe attendees to fight the good fight
Infosecurity Europe: Raise Security Concerns with Procurement Now, Because Quantum Can’t Wait
Forescout VP of security intelligence, Rik Ferguson, warns that Q-day is fast approaching
DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets
The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation…
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom c…
Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and writ…
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases. Tracked as CVE-2026…
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active…
Google DoubleClick Abused in New Malspam Campaign to Deliver .NET Loader
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver an unidentified .NET-based loader. "Before the victim ever reaches attacker-controlled infrastructure…
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore
Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You don't control which bug lands. You control what it can reach…
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user's token and get it,…
Infosecurity Europe: Vulnerability Management Innovator Konvu Wins Cyber Startup Award
Inaugural Infosecurity Europe Cyber Startup Award Winner Impresses Panel with Ability Help Prioritize Vulnerabilities in AI era
500 Ransomware Statistics For 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 3, 2026 – Read the full story from Bright Defense Ransomware has existed for more than 35 years and remains the fastest-growing category of cybercrime, showing no signs…
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous system…
Trump Signs Order Inviting Voluntary Review of Frontier AI Models
Trump's executive order invites voluntary pre-release review of frontier AI models
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool's ms-screensketch: URI handler, the ne…
Infosecurity Europe: How to Get Boards to Prioritize Cyber Risk Quantification
Cybersecurity leaders major companies discuss how they got support from the board on cyber risk
Anthropic Expands Mythos Access to 150 More Organizations
Anthropic widens Project Glasswing access to 150 more firms as patching becomes the bottleneck
Infosecurity Europe: Patch Responsibility Remains Up for Grabs as AI Unearths Decades of Flaws
The emergence of AI models capable to autonomously find and fix vulnerabilities at scale is having a significant impact on patching management, experts say
Infosecurity Europe: Execs Must Treat Cyber Threats as Statecraft, ISACA Expert Say
Private firms are being targeted by nation-state groups for reasons beyond finance, argued ISACA’s Bharat Thakrar
Infosecurity Europe: AI-Powered Cybercrime Tools Surge on Dark Web
Halcyon’s Cynthia Kaiser lifts the lid on the dark web market for AI cybercrime tools
Infosecurity Europe: NCSC Urges Immediate Action to Boost Resilience as Uncertainty Persists
NCSC director of operations, Paul Chichester, says it’s time to future-proof cybersecurity today
Infosecurity Europe: Cybersecurity Teams Which Don’t Leverage AI are "Doomed to Fail"
Humans still need to be part of cyber defense, but refusing to deploy AI is no longer optional against AI-enhanced cyber threats, warns Dataminr’s Joe Slowik
Infosecurity Europe: Bayer Reinvents Security Awareness Training to Counter AI Threats
Bayer’s security awareness training now focuses on psychological approaches rather than technical methods for detecting social engineering
ESPN Journalist Dan Wetzel On Matt Weiss Hacking Allegations
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 2, 2026 – Listen to the podcast In Dec. 2025, ESPN reported that former University of Michigan co-offensive coordinator and quarterbacks coach Matt Weiss, 42, was indic…
Threat Actor Uses AI to Build EDR Evasion Tools
A threat actor used AI coding tools to build and test EDR evasion malware, Sophos finds
Infosecurity Europe: UK Firms Prioritize AI Threat Preparedness as Cyber Risks Evolve
UK organizations are prioritizing AI-driven cybersecurity as 43% cite AI-powered attacks as their top risk, prompting significant investment in advanced threat defense
Attackers Hijack Red Hat npm Scope to Steal Cloud Secrets
Attackers backdoored 32 packages in Red Hat's official npm scope to steal cloud and CI secrets
Infosecurity Europe: Business Leaders Lack Understanding of Threat Intelligence, Study Warns
A new Silobreaker and SANS Institute paper examines the ‘Intelligence-Stakeholder Gap’ and what organizations must do to achieve business buy-in on threat intelligence
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta's "AI…
Critical Flowise Flaw Gives Attackers Full Server Control
Obsidian publishes PoC for a 1-click Flowise RCE that can fully compromise self-hosted servers
Infosecurity Europe: Tabletop Exercise to Test How CISOs Respond to Major Supermarket Cyber-Attack
Semperis is set to bring ‘Enter the War Room: A Tabletop Experience’ to Infosecurity Europe to help cybersecurity leaders prepare to face real incidents
Infosecurity Europe: AI SOCs Will Still Need SOC Analysts, Security Vendors Say
Top cybersecurity vendors said AI won't replace entry-level – only routine ticket-taking and triage
FSB Group Gamaredon Hides Worm in Windows Data Streams
FSB-linked Gamaredon concealed a fileless worm in NTFS data streams to spy on Ukraine targets
Attackers Abuse Shared Content for ChatGPT Phishing Campaign
Push Security says threat actors are delivering malware hosted on chatgpt.com/s/ domain
Palo Alto Warns High-Severity Bug Is Being Actively Exploited
A vulnerability in Palo Alto Networks’ PAN-OS software is being exploited in attacks
Infosecurity Europe: OWASP Forms New Agentic Research Council
OWASP’s new Agentic Research Council will aim to connect academic work to operational realities on agentic AI security
Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems
Threat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person to gain direct access to victim systems
Chris Lamprecht: The First Person In History To Be Legally Banned From The Internet
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 28, 2026 – Listen to the podcast A 1997 WIRED story reported on Chris Lamprecht, the first person to be legally banned from using the Internet. When U.S. District Court…
Infosecurity Europe: CyCOS Project Expands to Support UK SMEs as CIISec Takes Over
From a research-driven pilot, the Cybersecurity Communities of Support (CyCOS) is about to be handed over to CIISec
Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies
ESET’s 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globe
AI-Generated npm Malware Leaks Its Own GitHub Token
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
When Your SOC Analyst is Also a Bot: AI Agents, MCP, and Many Automation Opportunities in Your Security Operations
From AI Experiments to Autonomous Operations – Christophe Briguet, Sr. Director of Product Management – AI & Security Analytics, Stellar Cyber San Jose, Calif. – Apr. 28, 2026 Something shifted in early 2026. Not gradually — more like flipping a switch. For ye…
Attackers Move Past Typosquatting to Realistic Package Impersonation
Most malicious open source packages now mimic real code rather than rely on typosquatting
Sri Lanka CERT Reports Sharp Rise In Phishing And Ransomware Incidents
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 28, 2026 – Read the full story in Daily Mirror Hilmy Cader warns that the intensity and sophistication of cybercrime, now supercharged by the pervasive use of Generativ…
Microsoft Condemns "Uncoordinated" Zero Day Disclosures
Microsoft warned the disclosure of several unpatched vulnerabilities without notice has put “customers at unnecessary risk”
New Threat Actor Jinx-0164 Targets Crypto Developers on macOS
New actor Jinx-0164 hit crypto developers with fake recruiter lures and macOS malware
Infosecurity Europe: Cybersecurity Staff Prefer CISOs With Real Attack Response Experience, Study Reveals
ISC2 survey of cybersecurity professionals suggests that staff want their information security leaders to have experienced reacting to a significant cyber incident
GCHQ Chief Urges Action as AI Reshapes Cyber Threats
GCHQ director urges urgent business cyber action as AI and quantum reshape the threat
CrowdStrike, Google Take Down Glassworm Botnet
Operators of the malicious Glassworm botnet have been targeting software developers since at least early 2025
Infosecurity Europe: Why Burnout in Cybersecurity Demands Risk-Based Response
Cybermindz warns that cybersecurity burnout is a growing risk, urging organizations to move beyond wellness initiatives and adopt a measurable, risk-based approach to workforce stress
All Major LLMs Exposed to Multi-Turn Manipulation, Warn Researchers
No excerpt available. Open the source for full details.
CISOs Turnover Persists As AI Makes Cybersecurity More Crucial Than Ever
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 27, 2026 –Read the full story Immense stress has infected the brains of CISOs (chief information security officers) with malware, and too many of them are looking to ca…
Thousands of Fake FIFA Domains Target World Cup Fans
Group-IB uncovered Ghost Stadium phishing and 4300 fake FIFA World Cup domains targeting fans
68% of UK Firms Plan to Increase Cyber Spending as AI Risks Rise
UK firms plan higher cyber spending as AI adoption raises security concerns
PureLogs Variant Steals Data via Purchase Order Lures
FortiGuard Labs detailed a PureLogs campaign using JavaScript, PowerShell and process hollowing
Page 1 of 1 0 results