apple

Apple Compresses Patch Cycle After AI Uncovers Four WebKit Flaws

On June 29, 2026, Apple released iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2, addressing over 30 vulnerabilities.…

Jul 04, 2026views - 1.5k

malware

ToddyCat's Umbrij Malware Steals Gmail OAuth Tokens by Abusing Enterprise Browsers

The Umbrij malware automates OAuth 2.0 token theft via the Chrome DevTools Protocol, bypassing passwords and MFA on corporate Gmail ac…

Jul 02, 2026views - 1.2k

ransomware

AI-Generated Ransomware Attacks via Browser: No Payload, Just Chrome Permissions

Check Point analyzed a DeepSeek-generated sample that encrypts local files by abusing Chrome's File System Access API. No exploit, no…

Jul 01, 2026views - 862

CYBERSECEXPLOIT

CISA Confirms: BlueHammer Now Exploited by Ransomware

CISA has elevated CVE-2026-33825 to a confirmed ransomware vector. Microsoft has not updated its advisory, creating an intelligence ga…

Jun 30, 2026views - 1.3k

CYBERSEC

Microsoft Removes 119 Edge Extensions Hiding Malware in Images and Fonts

Microsoft purged 119 Edge extensions that concealed StegoAd malware inside PNG, WebP, and WOFF2 font files, reaching a combined instal…

Jun 29, 2026views - 819

aiCVE

CVE-2026-12957: Cloud Credential Theft via Amazon Q Developer

A high-severity vulnerability (CVSS 8.5) in the Amazon Q Developer extension for VS Code allowed automatic execution of malicious MCP…

Jun 27, 2026views - 1.4k

CYBERSEC

SBU and FBI Expose Russian Social-Engineering Campaign Targeting Signal and WhatsApp Accounts

Ukraine's SBU and the FBI disclosed a long-running Russian operation that uses morning-timed SMS phishing to steal verification codes…

Jun 27, 2026views - 1.3k

cloud

Unit 42 Uncovers Universal Bucket Hijacking Across Multiple Clouds

Unit 42/Palo Alto Networks research: globally unique bucket names in Google Cloud, AWS, and Azure allow data-flow hijacking without co…

Jun 27, 2026views - 1.3k

malware

Edgecution: Malicious Edge Extension Bypasses Sandbox via Native Messaging

Zscaler ThreatLabz documents a campaign where the Edgecution extension abuses Chrome's Native Messaging API to escape the browser sand…

Jun 25, 2026views - 1.2k

VULN

macOS: Standard Users Disable EDR/MDM Without Admin Rights

A privilege escalation technique on macOS exploits CDHash caching and NIB injection to silently disable enterprise security tools. App…

Jun 24, 2026views - 995

malware

ClickFix macOS: When Users Bypass Gatekeeper Themselves

Microsoft has documented the latest evolution of ClickFix campaigns on macOS: operators have ditched manual DMG installers for Termina…

Jun 23, 2026views - 951

CYBERSECZERO-DAY

Microsoft Confirms RoguePlanet Zero-Day: Defender Becomes Attack Vector

CVE-2026-50656: Microsoft confirms zero-day vulnerability in Defender that elevates privileges to SYSTEM. Patch in development, public…

Jun 23, 2026views - 1.6k