A forum discussion titled “Hacking for Profit. Working method” has provided cybersecurity researchers with a unique look into how underground communities educate aspiring hackers on vulnerability exploitation and monetization. While the original post is neither highly technical nor extensive,…
What Businesses Should Know Before Migrating Their CMS
Plan your CMS migration with clean content audits, SEO safeguards, tested data transfer, integrations, staff training, and a safe launch rollback plan with care. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read…
Hackers Abuse Claude.ai Shared Chat Feature to Host the ClickFix Social Engineering Instructions
Hackers are increasingly exploiting trusted AI platforms to deliver sophisticated social engineering attacks, with a recent campaign abusing Claude.ai’s shared chat feature to host malicious ClickFix instructions. According to TrendAI Research, attackers deployed 106 unique malicious hostnames across six campaign…
Hackers Abuse Legitimate RMM Tools to Maintain Persistent Access and Evade Detection
Hackers have found a new way to get AI tools to do their dirty work without paying for it. Instead of using their own resources, attackers are hijacking exposed AI model servers and plugging them into automated hacking pipelines. The…
Hackers Abuse Microsoft Fondue.exe to Side-Load APPWIZ.cpl and Execute Malware
A newly uncovered attack campaign has brought a rarely scrutinized Windows executable into the spotlight. Threat actors are actively abusing Fondue.exe, a legitimate Microsoft utility built into the Windows operating system, to side-load a malicious control panel file named APPWIZ.cpl and silently deploy…
Hackers Can Leverage SQL Server 2025 AI Features to Exfiltrate Sensitive Data
Hackers are increasingly finding new ways to abuse legitimate enterprise features, and Microsoft SQL Server 2025’s newly introduced AI capabilities are now raising serious security concerns. SpecterOps researchers have demonstrated that these built-in features can be leveraged for stealthy data…
Multiple Vulnerabilities in Firefox 152 Enables Remote Code Execution Attacks
Mozilla has released Firefox 152 to address multiple high-severity vulnerabilities that could allow remote code execution (RCE) and sandbox escape attacks. The security advisory, published on June 16, 2026, highlights a wide range of flaws affecting core browser components and…
Peter Todd Warns Zcash Privacy Tech Is Too Risky for Bitcoin Consensus Layer
Bitcoin developer Peter Todd has warned that Zcash-style privacy technology is too risky to integrate into Bitcoin’s consensus layer, arguing that the cryptographic complexity behind Zcash’s shielded transactions introduces unacceptable operational risk for Bitcoin’s base protocol. His comments erupted…
New Apple Ad Blocker Filtr Expands Protection Beyond Browsers on iPhone, iPad and Mac
Filtr, a fresh ad-blocking app, extends privacy for Apple device owners. Instead of limiting itself to web browsers, it stops advertisements inside mobile and desktop applications too. Created by Kaylee Serena Calderolla – known for developing Wipr, a tool…
IT Security News Hourly Summary 2026-06-18 18h : 7 posts
7 posts were published in the last hour 15:31 : Google told researcher ‘Nice catch!’ Then denied bug bounty for flaw it still hasn’t fixed 15:7 : F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution 15:7 : INC Ransomware…
Google told researcher ‘Nice catch!’ Then denied bug bounty for flaw it still hasn’t fixed
EXCLUSIVE ‘Working as intended’ for the win … again This article has been indexed from www.theregister.com – Articles Read the original article: Google told researcher ‘Nice catch!’ Then denied bug bounty for flaw it still hasn’t fixed
F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution
F5 released emergency updates for critical NGINX flaws (CVE-2026-42530, CVE-2026-42055) that could enable unauthenticated code execution. F5 has issued out-of-band patches for multiple NGINX vulnerabilities, including two critical flaws, respectively tracked as CVE-2026-42530 and CVE-2026-42055 (CVSS 9.2). The bugs affect…
INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims since August 2023. “The disruption of LockBit and the shutdown…
Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026. “The clipper in this campaign relies on Windows Script Host and ActiveX-driven logic to launch a bundled Tor proxy and poll a hidden-service…
ICO Cautions Healthcare Worker After Princess of Wales Incident
Hospital insider escapes criminal prosecution after attempting to sell royal’s medical records This article has been indexed from www.infosecurity-magazine.com Read the original article: ICO Cautions Healthcare Worker After Princess of Wales Incident
Fake GitHub Stars and AI Videos Mask a Crypto Clipper
A Rust crypto clipper hides behind fake GitHub stars and AI-narrated YouTube videos This article has been indexed from www.infosecurity-magazine.com Read the original article: Fake GitHub Stars and AI Videos Mask a Crypto Clipper
Nation-state rivals linked to majority of consequential attacks targeting critical UK sites
The nation’s top cybersecurity official warned that business leaders, authorities need to rethink how they protect critical infrastructure from state-sponsored adversaries. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Nation-state rivals linked to…
Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned
SocGholish, an operation that’s been delivering malware to users via fake software updates, has suffered a major blow: the international law enforcement coalition behind Operation Endgame has taken down 106 of its servers and domains, and cleaned up nearly 15,000…
Cyber Briefing: 2026.06.18
Zero-day to zero balance: why unpatched content management plugins and legacy blockchain protocols are the fastest route to a full network compromise right now. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.06.18
Meta Faces Privacy Questions After Secret Face Recognition Code Discovery
The concept of facial recognition in consumer wearables remained largely a theoretical discussion for many years confined to research laboratories, privacy concerns, and product development. Having now discovered that Meta had quietly embedded facial recognition-related code within its Meta AI…
DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic
Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure. According to findings from Broadcom-owned Symantec and Carbon Black, the…
Evilginx AiTM Attack Captures Microsoft Credentials, MFA Tokens, and Authenticated Sessions
A growing wave of targeted phishing attacks is putting Microsoft users at serious risk, and the tool behind it is more sophisticated than most people realize. Security researchers have documented how Evilginx, an adversary-in-the-middle framework, is being used to silently…
Hackers Abuse PowerShell Commands to Deliver SmartRAT Through Brazilian Bank Phishing Page
A new cyberattack campaign has emerged, using cleverly crafted phishing pages and PowerShell tricks to deliver a dangerous piece of malware called SmartRAT. The attack targets Brazilian banking customers and combines social engineering with AI-generated web pages to make the…
F5 Patches NGINX Vulnerability That Enables Code Execution and DoS Attacks
F5 has released an out-of-band security advisory addressing multiple high-severity vulnerabilities in NGINX that could allow attackers to execute arbitrary code and launch denial-of-service (DoS) attacks across affected environments. The advisory, published on June 17, 2026, highlights several critical flaws…