Archive
All articles, newest first. Page 5.
Rust Crypto Clipper Campaign Weaponizes Fake Reputation on VirusTotal and GitHub
A threat actor distributed a Rust-based crypto clipper for Windows and macOS by fabricating trust signals across GitHub, SourceForge,…
AI Agents Used to Breach 14 Companies: Over 1,000 Sessions Recovered
A low-skill attacker leveraged local Claude and Codex agents to compromise at least 14 organizations, bypassing guardrails through nar…
MySQL Exposed at 26%: The 2026 Top 10 Attack Surface Exposures
Intruder's 2026 ASM Index reveals exposed databases and admin panels as primary vectors. Time-to-exploit has collapsed to a single day…
CISA Adds Joomla JCE to KEV: Pre-Auth RCE, CVSS 10.0
CISA added CVE-2026-48907 to the Known Exploited Vulnerabilities catalog on June 16, 2026, confirming active exploitation of a pre-aut…
RoguePlanet: Unpatched Zero-Day in Microsoft Defender Enables SYSTEM Escalation
RoguePlanet is a zero-day vulnerability in Microsoft Defender with no CVE assigned and no patch available as of June 17, 2026. It allo…
The Gentlemen: How LLMs and Automation Are Reshaping Ransomware
CERT-AGID maps The Gentlemen's use of LLMs: 500 victims in under a year, negotiation platform built in three days, self-replicating wo…
Malicious JetBrains Plugins Steal AI API Keys: 70,000 Downloads
A coordinated campaign of 15 malicious plugins on the JetBrains Marketplace exfiltrates AI API keys from developers' IDEs. Roughly 70,…
FortiSandbox: Three Critical Vulnerabilities Under Active Exploitation, Defused Cyber Says
Threat intelligence firm Defused Cyber observed active exploitation of three critical pre-authentication flaws in Fortinet FortiSandbo…
Rokarolla: The Android Trojan That Turns Your Phone Into a Digital Prison
Discovered by Zimperium zLabs, the Rokarolla trojan deploys 137 commands and fake overlays to isolate victims, steal banking credentia…
Lorem Ipsum Pivots to ClickFix After Fox Tempest Takedown
BlueVoyant reports the Lorem Ipsum malware abandoned signed Microsoft Teams installers for ClickFix tactics on compromised WordPress s…
GhostTree: The NTFS Attack That Freezes EDR
Varonis Threat Labs disclosed GhostTree, an evasion technique that neutralizes Windows Defender using recursive NTFS junctions — no el…
Vertex AI SDK: Cross-Tenant Bucket Squatting Enabled RCE
Google Cloud Vertex AI SDK versions 1.139.0 through 1.140.0 were vulnerable to cross-tenant bucket squatting leading to remote code ex…
DragonForce Weaponizes Microsoft Teams TURN Relays for Stealth C2
The DragonForce ransomware group deployed Backdoor.Turn, the first documented in-the-wild malware to abuse Microsoft Teams' legitimate…
Cisco SD-WAN, CVE-2026-20262: Internal Discovery, External Exploitation
Cisco disclosed CVE-2026-20262, a path traversal vulnerability in Catalyst SD-WAN Manager actively exploited in the wild. It requires…
SprySOCKS Returns to Windows: Kernel Rootkit and Government Targeting
ESET discovered Windows variants of the SprySOCKS backdoor—previously Linux-only—equipped with a kernel rootkit and used against gover…
Malware on Steam Workshop: Animated Wallpapers Steal Credentials
Dozens of malicious wallpapers on Steam Workshop have infected thousands of users, delivering backdoors, Steam account theft, and hidd…
iRhythm: Patient Health Data Stolen via Social Engineering
iRhythm Holdings disclosed a data breach in which attackers exfiltrated PHI and PII from third-party business applications through soc…
LiteSpeed cPanel: Two CVEs Added to KEV Catalog, Shared Hosting at Risk
CISA adds two distinct LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalog: root privilege escalation on shar…
North Korea Targets Developers: When the IDE Becomes the Attack Surface
North Korean state actors abused VS Code, npm, GitHub, and Hugging Face to distribute malware to developers. The UNK_DeadDrop campaign…
Conti Developer Sentenced: Why Loaders Are the RaaS Achilles' Heel
Ukrainian Conti ransomware developer Oleksii Lytvynenko pleaded guilty in U.S. federal court after extradition from Ireland. The case…
Chinese APT UNC6508: A Year of Espionage on REDCap Servers
Google exposes UNC6508: over a year of REDCap server compromise at U.S. and Canadian medical and military institutions using InfiniteR…
Anthropic Disables Fable 5 and Mythos 5 on US Directive Restricting Foreign Access
On June 12, 2026, at 5:21 p.m. ET, Anthropic received a US government directive ordering the immediate suspension of all access to Fab…
Infinite Campus: 137,123 Staff Emails Exposed in Salesforce Breach
ShinyHunters compromised an Infinite Campus employee's Salesforce account on March 18, 2026. After a failed extortion attempt, 137,123…
The Gentlemen: LLMs Accelerate the Ransomware Attack Cycle
CERT-AGID reveals that The Gentlemen ransomware group uses LLMs to build platforms in three days and customize extortion. Technical cl…