Fileless Phantom Stealer Targets Browser Credentials
Dark Reading
In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques designed to frustrate detection.
-
-
Security Community Slams US Ban on Exporting Mythos, Fable
Dark Reading
An open letter signed by dozens of security experts asked the government to reverse export restrictions on Anthropic's Claude Fable 5 and Mythos 5 models.
-
Malicious JetBrains Marketplace plugins steal AI API keys from developers
Bleeping Computer
At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. [...]
-
SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection
FishMonger, a China-nexus threat group, has deployed an undocumented version of the Linux backdoor against government targets in Honduras, Taiwan, Thailand, and Pakistan.
-
New Rokarolla Android malware targets 217 banking, crypto apps
A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands. [...]
-
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
The Hacker News
A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving infrastr...
-
Steam Workshop abused to spread malware via Wallpaper Engine app
Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages. [...]
-
ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec,...
-
Rokarolla Android Trojan Levels Up to Full Device Control, Persistence
The emerging malware, spread via fake TikTok and Chrome downloads, demonstrates an evolution by combining banking fraud with extensive device surveillance and remote control.
-
'Lorem Ipsum' Malware Pivots to ClickFix Delivery
New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and data extortion group Vice Society.
-
UK to require ID or face scan before you can make social media accounts
Opening a new social media account in the UK will soon mean proving you're over 16 with an ID upload or a facial age scan, under a government ban on under-16s taking effect in spring 2027. Security ex...
-
GhostTree Attack Abused Recursive Windows Junctions to Hide Malware
GhostTree uses recursive NTFS junctions to generate vast numbers of valid Windows file paths. Varonis explains how the technique could cause Microsoft Defender folder scans to never complete, leaving...
-
FTC warns of record $3.5 billion losses to imposter scams in 2025
The U.S. Federal Trade Commission (FTC) warned that Americans lost $3.5 billion to imposter scams in 2025, with reported losses nearly tripling since 2020. [...]
-
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together,...
-
“Free World Cup stream” sites are serving scams, not football
Malwarebytes Labs
We found dozens of fake World Cup streaming sites using football as bait to funnel visitors through a malicious advertising network.
-
Cardiac patients’ medical data stolen and held to ransom
Cardiac monitoring provider iRhythm has been hit by a data theft followed by an extortion attempt.
-
Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP
CISA Advisories
View CSAF Summary Successful exploitation of this vulnerability could cause a denial-of-service condition that may result in a major nonrecoverable fault (MNRF). The following versions of Rockwell Aut...
-
Rockwell Automation RSLinx
View CSAF Summary Successful exploitation of this vulnerability can lead to a denial of service, where the application will become unresponsive and will not recover on its own. The following versions...
-
Rockwell Automation FLEX I/O EtherNet/IP Adapters
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, account takeover, and cause loss of availability. The following versions of Rock...
-
Rockwell Automation FactoryTalk Analytics PavilionX
View CSAF Summary Successful exploitation of this vulnerability could result in an attacker executing privileged operations. The following versions of Rockwell Automation FactoryTalk Analytics Pavilio...
-
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-48907 Widget Factory Joomla Content Editor Improper Acces...
-
Rockwell Automation CompactLogix
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition. The following versions of Rockwell Automation CompactLogix are affect...
-
Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive
Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosys...
-
CISA warns of another cPanel plugin flaw exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an actively exploited vulnerability (CVE-2026-54420) in t...
-
Deepfake posting sites depicting famous women taken down by feds
Thanks to Uncle Sam, anyone trying to find nonconsensual intimate deepfakes on CFake.com and SOCFake.com will be disappointed.
-
Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed expl...
-
Ransomware gang abuses Microsoft Teams relays to hide malicious traffic
DragonForce ransomware used a custom malware named 'Backdoor.Turn' to hide command-and-control traffic inside Microsoft Teams relay infrastructure. [...]
-
China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth
Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. "The Windows variants discovered are internally...
-
Critical Fortinet FortiSandbox flaws now exploited in attacks
Attackers are now exploiting several critical vulnerabilities in Fortinet's FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. [...]
-
Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk
Securelist (Kaspersky)
Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform's built-in service for players to create and share custom content. The attackers are primarily targe...
-
Windows version of SprySOCKS Linux malware used to attack govt orgs
Windows variants for the SprySOCKS Linux malware have been used in attacks targeting government organizations in at least four countries. [...]
-
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware...
-
iRhythm discloses data breach, says hackers stole patient info
Digital healthcare company iRhythm Holdings has disclosed a data breach after hackers stole patients' personal and health information stored on third-party-hosted business applications. [...]
-
Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw
Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262, c...
-
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civ...
-
-
The Intelligence No One Else Has: Inside Recorded Future’s Proprietary Collection Engine
Recorded Future
Learn how Recorded Future’s proprietary collection engine empowers organizations to move beyond reactive security. Discover the power of our four unique intelligence source types—technical, undergroun...
-
DOJ seizes CFAKE, SOCFAKE deepfake nude sites under TAKE IT DOWN Act
The U.S. Department of Justice announced Friday that it has seized the CFAKE.com and SOCFAKE.com websites, which allegedly hosted nonconsensual AI-generated nude images and videos of women, in what ap...
-
Inside a malicious infrastructure delivering EtherRAT, phishing pages, and malicious software
We found EtherRAT malware being distributed by a website with a strange homepage. Following the trail, we discovered a vast network of malicious infrastructures, distributing malware, malicious docume...
-
SimpleHelp bug lets hackers create rogue remote support accounts
A vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) authentication protoco...
-
Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was...
-
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, Hexagon...
-
HTTP/2 Bomb Attacks Put Telcos, Healthcare Orgs at Risk
The denial-of-service (DoS) exploit takes advantage of two features in HTTP/2 that were designed to save Internet bandwith, not power massive amplification attacks.
-
Copilot 'SearchLeak' Attack Allows 1-Click Data Theft
The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.
-
OptinMonster WordPress plugin hacked in CDN supply-chain attack
WordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive-s content distribution network (CDN). [...]
-
Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks
Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges. [...]
-
China-Nexus Actor Spies on US Researchers Undetected for a Year
Google discovered and disrupted the sprawling campaign, which stole RedCAP credentials to breach numerous institutions and exfiltrate sensitive data.
-
Most CISOs Report Pressure to Bury Bad Security News
Executive leaders may not be saying it aloud, but business objectives and priorities don't always promote timely disclosures.
-
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely...
-
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat La...
-
The Beginning of the End of Social Engineering
AI-native operating systems are shifting the responsibility to stay vigilant against social engineering cyberattacks from the user onto the system itself.
-
Claude Fable 5 and Mythos 5 “abruptly disabled” after US gov. ban
Anthropic has been ordered by the US government to cut off its newest Claude Fable 5 and Mythos 5 models for fear of abuse.
-
Deepfake porn sites are going offline (re-air) (Lock and Code S07E12)
This week on the Lock and Code podcast, we revisit an episode from 2024 with David Chiu that shows the progress made against deepfake porn.
-
⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phish...
-
US Cracks Down on Anthropic AI Models Amid Abuse Concerns
Anthropic abruptly suspended all access to Fable 5 and Mythos 5 after receiving an export control directive that banned foreign nationals from using the technology.
-
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-20262 Cisco Catalyst SD-WAN Manager Directory or Path T...
-
The Onboarding Password Mistake That Creates Unnecessary Risk
Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary...
-
152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic
Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family. The cluster s...
-
Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites
An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites. When a site admini...
-
A week in security (June 8 – June 14)
A list of topics we covered in the week of June 8 to June 14 of 2026
-
Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts
Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politici...
-
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portal...
-
-
Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vu...
-
U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals
Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend ac...
-
ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed
A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.
-
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a...
-
Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing
Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Ameri...
-
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as V...
-
Stolen iPhones could soon be worth a lot less to thieves
Apple and the Met Police are working together to make stolen iPhones harder to reset, resell, and profit from.
-
Claude Fable 5 Doesn't Change the Mythos Security Story
Stay cool: Mythos 5 is an upgrade over Mythos Preview while Fable 5 is Mythos "made safe for general use," Anthropic explains.
-
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Age...
-
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-35273 Oracle PeopleSoft Enterprise PeopleTools Missing Au...
-
Rethinking MDR as Attackers and Defenders Embrace AI
For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to...
-
LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution
Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGrap...
-
Fake verification pages are stealing Steam accounts from players
A convincing fake FACEIT verification page is stealing Steam accounts by using a fake login window that looks completely legitimate.
-
SentinelOne + Claude: Integrations for AI Visibility, Governance, and Defense
SentinelOne
Learn how SentinelOne empowers modern enterprises to safely adopt Claude with Prompt Security, AI SIEM, and Wayfinder Frontier AI.
-
INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator
An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday. The effort, codenamed Operation Ramz, took...
-
Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs
Authorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, said the dismantling of...
-
Why AI Projects Stall and How CIOs Can Respond
CrowdStrike
-
Phishing Attack Volume Down 20%, But Risk Still Rising
Hackers are valuing quality over quantity, using AI to upgrade their phishing attacks rather than multiply them.
-
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hard...
-
Max-Severity Ivanti Flaw Exploited 24 Hours After Disclosure
Initial methods suggest attackers had likely mapped out Ivanti's asset landscape upfront and acted quickly once the exploit became public.
-
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data thro...
-
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender....
-
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leverag...
-
Google can be liable for false AI Overviews, court rules
"AI can make mistakes" isn't a good enough legal defense for defamatory or incorrect AI Overviews, a German court has ruled.
-
Segmentation Works for OT If Operators Are Paying Attention
Even the best segmentation strategy will fall apart without constant oversight and disciplined operations.
-
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason is...
-
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories
It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a public repo, a $5,000-a-mon...
-
Yarbo Android/iOS Mobile Application and Cloud Infrastructure
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain hard-coded credentials, gain access to telemetry data, and potentially send operational commands to...
-
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-10520 Ivanti Sentry OS Command Injection Vulnerability T...
-
Brickcom Cameras
View CSAF Summary Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to gain unauthorized access to live video feeds, retrieve sensitive visual information...
-
Naxclow IoT Platform
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to impersonate devices, intercept or manipulate communications, harvest sensitive credentials at scale, or ga...
-
VRChat says reported data breach never happened
We explain what data was exposed, the potential risks, and the steps you should take now.
-
AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.
For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward en...
-
Children’s phones must block nude images by September, UK says
Apple and Google have three months to block nude images on children's phones. They're not allowed to collect any data while they do it.
-
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The camp...
-
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat...
-
-
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success
North Korea's gross domestic product (GDP) has grown, in part because of the nation's state-sponsored cybercrime groups, which target financial firms and other businesses.
-
Recorded Future Launches Impact and Metrics Dashboard
See the business value of your intelligence program in one live, continuously updated dashboard, built for the conversations that matter most with the executives who own budget and strategy.
-
Cyber-Enabled Maritime Sanctions Evasion
Discover how Iranian and Russian shadow fleets use a vast network of fake maritime websites and fraudulent documents to evade international sanctions
-
CISA Rewrites Federal Patching Requirements for AI Threat Era
The new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred.
-
Bug Bounty Research Triggers ServiceNow Security Alert
Security research inadvertently led organizations to believe they were being breached through their ServiceNow instances.
-
_MUNGKHOOD_STUDIO_shutterstock.jpg?width=720&quality=80&disable=upscale)
AI Risk Worries Insurers & Businesses Alike
As companies adopt AI, many insurance firms are explicitly excluding AI risks, while others are forging ahead to create the right framework. What risks can firms reasonably manage?
-
Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet
The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft.
-
Free Spotify Premium hacks on social media are spreading infostealers
Cybercriminals are turning TikTok and Instagram Reels into malware delivery platforms, using free software tutorials to spread infostealers.
-
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO [sm...
-
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security f...
-
Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE
A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings fr...
-
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitati...
-
Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days
June 2026 is the largest Patch Tuesday in history, fixing 206 vulnerabilities and three publicly disclosed zero-days.
-
88% of people struggle to tell what’s real online
As AI-generated scams, deepfakes, and impersonation spread, a new Malwarebytes report finds people increasingly unsure what to trust online.
-
Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar
Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report loo...
-
Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs
Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the...
-
Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards
On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability...
-
ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. "On June 5, 2026, ServiceNow applied a s...
-
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet....
-
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could re...
-
-
2026 FIFA World Cup: What Public Safety Officials Need to Know
Prepare for the 2026 FIFA World Cup with expert analysis of the physical and cyber threat landscape. Discover key mitigation strategies for host city officials to ensure public safety
-
China's Noncombatant Evacuation Operations: 2005–2025
Explore the Insikt Group study on 37 Chinese noncombatant evacuation operations (NEOs) from 2005–2025, revealing how China leverages SOEs and civilian resources for its overseas interests
-
The Invisible Battlefield: How Cyberwar Is Reshaping Everyday Life
Former National Cyber Director Chris Inglis warns that cyberattacks threaten hospitals, utilities, and essential services.
-
Blame AI: Patch Tuesday Hits Record 206 CVEs
Voluminous patch updates could soon be the norm, as artificial intelligence accelerates the speed and scale of vulnerability discovery.
-
Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address
“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's being actively abused in the wild.
-
Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories
The attacks stemmed from a GitHub account that was also compromised in a previous Miasma attack on Microsoft last month.
-
Meta to Use Off-Site Business Data for Feed and AI Personalization
Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond tar...
-
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carrie...
-
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.
-
Meta’s face-recognition code raises new concerns about smart glasses
As smart glasses become more capable, concerns about face recognition, covert recording, and biometric surveillance are growing.
-
Scammers love Meta, according to Lloyds Bank
Facebook, Instagram, and WhatsApp account for more than two thirds of fraud reports made by Lloyds customers.
-
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-7473 Arista Extensible Operating System Incomplete Co...
-
Siemens KACO Blueplanet Inverters
View CSAF Summary KACO blueplanet Inverters contain multiple vulnerabilities that could allow an attacker to derive the credentials from the devices serial number and misuse them to gain unauthorized...
-
Schneider Electric EcoStruxure Panel Server
View CSAF Summary Schneider Electric is aware of its vulnerability in its EcoStruxure Panel Server offer. The EcoStruxure Panel Server is a high performance, modular gateway with enhanced cybersecurit...
-
Schneider Electric Modicon Network Managed Switches
View CSAF Summary Schneider Electric is aware of a RADIUS protocol vulnerability affecting its Modicon Network Managed Switch product. The Modicon Network Managed Switch product provides connectivity...
-
Update Chrome: Google patches actively exploited vulnerability and 73 others
Google's latest Chrome update fixes 74 security vulnerabilities, including one under active attack.
-
-
-
Russia’s Defense-Based Economy Risks Forcing Putin to Fight Wars
Western sanctions have tied Russia's elite patronage to the defense sector. Learn why this creates a domestic imperative for Putin to pursue perpetual war
-
AI Slop Will Kill Cybersecurity Storytelling If We Let It
AI-generated content threatens credibility in cybersecurity. This "Ask the Expert" column explores why human oversight matters and how to maintain authentic narratives.
-
Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks
The financially motivated group is combining vishing, IT impersonation, and in-person office intrusions to steal data and extort victims.
-
Check Point VPN Flaw Exploited Since Early May
A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident.
-
Iran Signed a Ceasefire — Its Hackers Didn't
An extension of the Geneva Conventions could impose restrictions on cyberwarfare under ceasefire conditions and close a major loophole in international conflict.
-
'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud
The latest attacks, which hit 37 PyPI wheels and 19 code packages, show a continued evolution of the persistent software supply chain threat.
-
Americans lost nearly $900 million to AI-powered scams, FBI says
Deepfakes, voice cloning, and other AI-powered scams cost Americans nearly $900 million in 2025, says the 2025 FBI Internet Crime Report.
-
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-42271 BerriAI LiteLLM Command Injection Vulnerability C...
-
Pirated PC games are delivering password-stealing malware
Cybercriminals are hiding malware in cracked and repacked games, infecting more than 400,000 devices worldwide.
-
-
May 2026 CVE Landscape
In May 2026, Insikt Group® identified 41 high-impact vulnerabilities that should be prioritized for remediation, all of which had a Very Critical Recorded Future Risk Score. This represents a 11% incr...
-
[webapps] OpenEMR 7.0.2 - Arbitrary File Read
Exploit DB
OpenEMR 7.0.2 - Arbitrary File Read
-
Exposed Fuel Tank Gauges Under Attack in the US
Threat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption.
-
Adaptive, Agentic AI Worms Loom as Next Enterprise Threat
AI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say.
-
Trump AI Order Seeks Voluntary Frontier Model Testing
The White House's executive order establishes voluntary framework for early government access to frontier models while investing in federal security.
-
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-28318 SolarWinds Serv-U Uncontrolled Resource Consumption...
-
3 Principles to Safely Scale Agentic AI
-
Why Holistic Sourcing Wins: The Numbers Behind the Recorded Future Advantage
Recorded Future’s Intelligence Graph® uses holistic sourcing across 1M+ sources for complete threat intelligence and proactive defense.
-
[webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection
WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection
-
Rust-Written IronWorm Hits NPM Supply Chain
Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel.
-
China's TA4922 Expands Cybercrime Attacks Globally
One of the world's most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia.
-
4 Critical Threats Where Attackers Have the Advantage
Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections.
-
Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs
Organizations are growing serious about which nation's rules apply to their data. Experts point to geopolitical tensions as a main contributing factor.
-
Hitachi Energy ITT600 Explorer
View CSAF Summary Hitachi Energy is aware of vulnerabilities that affect ITT600 Explorer product versions listed in this document. These vulnerabilities can be exploited to carry out Denial of Service...
-
Hitachi Energy MACH HiDraw
View CSAF Summary Hitachi Energy is aware of a buffer overflow vulnerability that affects MACH HiDraw product versions listed in this document. Successful exploitation of this vulnerability could lead...
-
Hitachi Energy RTU500
View CSAF Summary Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. If exploited, these vulnerabilities primarily impact product availability, wit...
-
B&R PPT30 Operating System
View CSAF Summary B&R is aware of a vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploits this vulnerability could make the OPC-UA server...
-
NAVTOR NavBox
View CSAF Summary Successful exploitation of this vulnerability could allow a local attacker to gain unauthorized access to SOAP methods, resulting in a disruption of operations. The following version...
-
-
Pakistan Spies on Afghan Finance Ministry With Xeno RAT
Despite broadly connected digital infrastructure, standard fare TTPs are enough to cause trouble for Afghanistan's porous cybersecurity.
-
Threats to the 2026 FIFA World Cup
Threat assessment for the 2026 FIFA World Cup (US, Mexico, Canada) covering organized crime, AI-powered cyber fraud, state espionage, and political influence operations.
-
Remembering Sir Alex Younger
A personal tribute to Sir Alex Younger, former head of MI6, on the friendship, lessons, and clarity he brought to Recorded Future and to those who knew him.
-
Attackers Use AI to Automate EDR Evasion Testing
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
-
Tropical Blend: Cyber & Politics Ramp Up Across Latin America
China-linked espionage groups have attacked at least a dozen nations in the region, gathering information on maritime shipping, oil production, and other geopolitical interests.
-
Cyber Insurance Rates Are Dropping, but Exclusions Widen
Cyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix.
-
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover
A disabled security setting meant to protect authentication across Android versions of key apps like Word, PowerPoint, and Excel paved the way for attackers to steal logins and data.
-
Malicious Notifications Could Trick Google Gemini Users
A prompt injection flaw in Google Gemini's voice assistant let attackers hide malicious commands in notifications, enabling social engineering and more.
-
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-45247 Mirasvit Full Page Cache Warmer Deseriali...
-
Global Stock Exchange Hit by Monthslong Email Campaign
A threat actor got a near-continuous view into an influential finance executive's email inbox, thanks to clever use of legitimate, native Windows tools.
-
Argamal: Malware hidden in hentai games
Kaspersky researchers analyze new Argamal RAT distributed via infected hentai games and allowing the attacker to control the target machine.
-
Zoom CISO: AI as a Security Enabler, Not Role-Replacer
Zoom CISO Sandra McLeod discusses the challenges of securing a global communication platform, the promise of AI-driven security workflows, and her advice for aspiring cybersecurity leaders.
-
FBI-Flagged Phishing Kit Kali365 Expands Its Reach
Once targeting just Microsoft 365, the phishing-as-a-service platform now aims at AWS, Okta, and Russian platforms, while relying on device code phishing.
-
DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks
A sneaky, wide-scale IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones that deliver malware.
-
China Uses Dual-Method Cyberattack on Czech Orgs
China is stealing data from high-value targets via a sneaky, double-layer spear-phishing campaign that includes the Azureveil malware.
-
Securing AI Agents Before They Go Rogue Is Next to Impossible
High-autonomy agents with broad permissions and unfettered access are a recipe for disaster, and enterprises need to act now before they become the next horror story.
-
Wardriving assessment across Mexico: Preparing for the 2026 World Cup
In the lead-up to the 2026 FIFA World Cup, Kaspersky GReAT experts conducted a wardriving assessment in Mexico City, Monterrey, and Guadalajara to evaluate Wi-Fi hotspot security configurations and po...
-
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2022-0492 Linux Kernel Improper Authentication Vulnerab...
-
CISA and Partners Urge Hardening Automatic Tank Gauge Systems
CISA and Partners Urge Hardening Automatic Tank Gauge Systems Overview The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Age...
-
Iran Expands Handala Brand to Physical Threats
Iran's MOIS expands its Handala brand to hybrid cyber and physical threat operations, recruiting proxies to conduct attacks, espionage, and sabotage against US and Israeli interests
-
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-21182 Oracle WebLogic Server Unspecified Vulnerabili...
-
Containers on fire: from container escapes to supply chain attacks
We break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks.
-
[webapps] Drupal Core 10.5.5 - Error-Based SQL Injection
Drupal Core 10.5.5 - Error-Based SQL Injection
-
[webapps] WordPress OrderConvo 14 - Path Traversal
WordPress OrderConvo 14 - Path Traversal
-
[remote] Notepad++ 8.9.6 - Arbitrary Code Execution
Notepad++ 8.9.6 - Arbitrary Code Execution
-
[webapps] YAMCS yamcs-core 5.12.7 - No Rate Limiting
YAMCS yamcs-core 5.12.7 - No Rate Limiting
-
[webapps] YAMCS yamcs-core 5.12.7 - User Enumeration
YAMCS yamcs-core 5.12.7 - User Enumeration
-
[webapps] YAMCS yamcs-core 5.12.7 - LDAP Injection
YAMCS yamcs-core 5.12.7 - LDAP Injection
-
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-0257 Palo Alto Networks PAN-OS Authentication Bypass Vuln...
-
What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant
What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Kaspersky Container Security with the KIRA AI...
-
[remote] Microsoft - NTLMv2 Hash Capture
Microsoft - NTLMv2 Hash Capture
-
[webapps] MikroORM 7.0.13 - SQL Injection
MikroORM 7.0.13 - SQL Injection
-
[webapps] Prodigy Commerce 3.3.0 - Local File Inclusion
Prodigy Commerce 3.3.0 - Local File Inclusion
-
[webapps] Langflow 1.3.0 - Remote Code Execution
Langflow 1.3.0 - Remote Code Execution
-
[webapps] Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
-
[local] ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
-
[local] ZTE Routers - Unauthenticated Denial of Service
ZTE Routers - Unauthenticated Denial of Service
-
[local] ZTE ZXHN H188A V6 - Authentication Bypass
ZTE ZXHN H188A V6 - Authentication Bypass
-
[local] ZTE H298A / H108N - Unauthenticated Credential Exposure
ZTE H298A / H108N - Unauthenticated Credential Exposure
-
[local] Linux Kernel - Local Privilege Escalation
Linux Kernel - Local Privilege Escalation
-
[webapps] MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
-
[remote] Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
-
[webapps] CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
-
[remote] strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow
strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow
-
[dos] strongSwan 5.9.13 - DoS
strongSwan 5.9.13 - DoS
-
ABB Busch-Welcome 2 Wire Door Opener Actuator
View CSAF Summary ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could gain physical, unauthorize...
-
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
View CSAF Summary Successful exploitation of this vulnerability could result in an attacker gaining administrator access to the device. The following versions of Jinan USR IOT Technology Limited (PUSR...
-
Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years
Our experts continue to track attacks targeting consumers of pirated content, both books and movies. 2026 saw the discovery of new target sites with tens of millions of visitors, while the miner gaine...
-
[local] Linux Kernel - Local Privilege Escalation
Linux Kernel - Local Privilege Escalation
-
[webapps] Casdoor 3.54.1 - Arbitrary File Write via Path Traversal
Casdoor 3.54.1 - Arbitrary File Write via Path Traversal
-
[webapps] EspoCRM 9.3.3 - SSRF
EspoCRM 9.3.3 - SSRF
-
[webapps] scramble - Remote Code Execution
scramble - Remote Code Execution
-
[hardware] MeiG Smart FORGE_SLT711 - OS Command Injection
MeiG Smart FORGE_SLT711 - OS Command Injection
-
[local] Realtek rtl819x - Local Privilege
Realtek rtl819x - Local Privilege
-
[webapps] OpenCATS 0.9.7.4 - SQL Injection
OpenCATS 0.9.7.4 - SQL Injection
-
[webapps] Grav CMS 2.0.0-beta.2 - Remote Code Execution
Grav CMS 2.0.0-beta.2 - Remote Code Execution
-
[webapps] Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service
Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service
-
[hardware] D-Link DSL2600U - 'rom-0' Admin Password Disclosure
D-Link DSL2600U - 'rom-0' Admin Password Disclosure
-
[webapps] Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover
Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover
-
[webapps] cPanel - CRLF Injection
cPanel - CRLF Injection
-
[local] Linux Kernel 6.8 - Local Privilege Escalation
Linux Kernel 6.8 - Local Privilege Escalation
-
Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload
Cloud Atlas attacks the public sector and diplomatic structures of Russia and Belarus, using ReverseSocks, SSH, and Tor for persistence in infected systems and its new tool, PowerCloud.
-
The Vulnerability Flood Is Now a Board Conversation. Here's How to Lead It.
Boards are asking about AI-driven vulnerability discovery. The leaders who answer that question well will come out with more credibility and more resources. Here's how to be one of them.
-
[webapps] Cockpit 359 - RCE
Cockpit 359 - RCE
-
[webapps] BookStack 25.12.1 - Denial of Service
BookStack 25.12.1 - Denial of Service
-
[local] Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path
Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path
-
[webapps] solaredge - (CSRF-OOB-Injection)
solaredge - (CSRF-OOB-Injection)
-
[webapps] FUXA 1.2.9 - RCE
FUXA 1.2.9 - RCE
-
Sentinels League 2026: Live Rankings for the Threat Hunting World Championship
Sentinels League 2026 brings global threat hunters together to battle across AI, Endpoint, Cloud, and SIEM surfaces for $100K in prizes and more.
-
How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102).
-
Turn Blind Trust into Verified Control with Prompt Security for Agentic AI
Prompt for Agentic AI Security empowers organizations with proactive governance, meaning security teams can deploy agents with confidence.
-
At Mythos Speed: A Defender's Playbook for the AI Vulnerability Surge in 2026
Frontier AI models like Mythos are making vulnerability discovery fast and cheap. Here's how defenders use threat intelligence and agentic processing to prioritize and act at the same speed.
-
SHub Reaper | macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain
SHub Reaper bypasses Apple's Terminal mitigation, steals credentials and documents, and plants a persistent backdoor for continued access after infection.
-
Breaking the Black Box: A Case Study in Red-Teaming a Government Education AI
In a new red-teaming exercise, social engineering moved to advanced tunneling attacks, revealing a critical lesson in today's AI security.
-
IT threat evolution in Q1 2026. Mobile statistics
This report contains mobile threat statistics for Q1 2026, along with noteworthy discoveries and quarterly trends: new versions of SparkCat and Triada.
-
IT threat evolution in Q1 2026. Non-mobile statistics
The report presents key trends and statistics on malware that targeted personal computers running Windows and macOS, as well as Internet of Things (IoT) devices, during Q1 2026.