Italian engineer allegedly used corporate information on Google searches to place bets on Polymarket, netting $1.2m This article has been indexed from Silicon UK Read the original article: Google Engineer Charged With Insider Trading
Critical StrongDM Flaw Exposes Users to Authentication Token Theft and Reuse
A critical security vulnerability tracked as CVE-2026-4387 has been disclosed in StrongDM, allowing attackers to steal and reuse authentication tokens to gain unauthorized access to infrastructure. The issue, discovered by SpecterOps researcher Hope Walker, affects StrongDM desktop and CLI environments…
Hackers Use Spearphishing to Deploy AZUREVEIL Adaptix C2 Agent
Hackers are actively deploying a sophisticated malware framework dubbed AZUREVEIL, an Adaptix-based command-and-control (C2) agent, through a targeted spearphishing campaign aimed at government and enterprise sectors in the Czech Republic and Taiwan. The attack begins with a malicious ZIP archive delivered…
Oracle’s First Monthly Patches Resolve 77 Vulnerabilities
Oracle’s monthly Critical Security Patch Update (CSPU) rollouts are meant to deliver critical fixes faster. The post Oracle’s First Monthly Patches Resolve 77 Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Oracle’s…
Meta AI hands over Instagram access, Dutch police dismantle botnet, RedHat packages backdoored
Meta AI hands over Instagram account access Dutch police dismantle huge botnet RedHat packages get backdoored Get the show notes here: https://cisoseries.com/meta-ai-hands-over-instagram-access-dutch-police-dismantle-botnet-redhat-packages-backdoored/ Huge thanks to our episode sponsor, Vanta Your team just added its 67th AI tool. And unfortunately, also…
IT Security News Hourly Summary 2026-06-02 09h : 5 posts
5 posts were published in the last hour 7:3 : Man Fined After Claiming Littering Video Was AI-Generated 7:3 : Anthropic Files Confidentially For US IPO 7:2 : RSA extends passwordless authentication to Linux environments 6:32 : SolyxImmortal Malware Steals…
Man Fined After Claiming Littering Video Was AI-Generated
York resident fined £1,023 after he claimed video of him dropping cigarette ends into the street was deepfake This article has been indexed from Silicon UK Read the original article: Man Fined After Claiming Littering Video Was AI-Generated
Anthropic Files Confidentially For US IPO
Anthropic joins expected trio of massive flotations this year, along with SpaceX and OpenAI, amid booming growth This article has been indexed from Silicon UK Read the original article: Anthropic Files Confidentially For US IPO
RSA extends passwordless authentication to Linux environments
RSA has expanded its passwordless authentication capabilities to Linux environments, advancing its goal of delivering secure, password-free access for every user in every environment. Linux is ubiquitous in enterprise infrastructure, powering servers, developer workstations, and critical operational environments across industries…
SolyxImmortal Malware Steals Passwords, Cookies, Files, and Keystrokes
A newly analyzed Python-based information stealer named SolyxImmortal is actively targeting sensitive user data, including browser credentials, cookies, documents, screenshots, and keystrokes. The malware uses common Python libraries and multi-threading techniques to run multiple surveillance and data theft operations simultaneously,…
GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure
Malware on approximately 2,000 WordPress sites hid C2 instructions in Steam profile comments using invisible Unicode. GoDaddy researchers spotted a command-and-control infrastructure for a malware campaign abusing Valve’s Steam gaming platform. The experts discovered malware on approximately 1,980 WordPress sites…
TP-Link Router Security Bug Enables Remote Command Execution Attacks
TP-Link has disclosed a high-severity security flaw in its Archer BE450 and Archer BE7200 Wi‑Fi routers that could allow remote command execution once an attacker gains admin access. The vulnerability, tracked as CVE-2026-5509, is rated 8.5 (High) under CVSS v4.0,…
PHANTOMPULSE RAT Uses UAC Bypass to Hijack Windows Systems
New technical details about PHANTOMPULSE, a sophisticated remote access trojan (RAT) used in multi-stage intrusions targeting Windows environments. The malware represents the final payload in an attack chain previously linked to Obsidian plugin abuse and in-memory loaders, but this latest…
Zero trust physical security needs trust decisions at the edge
In this interview with Help Net Security, Chuck Davis, VP, Global Information Security at Hikvision, explains how zero trust applies to physical security systems like cameras and door controllers. He breaks down how to make trust decisions at the edge…
Red Hat Cloud Services npm Packages Hijacked in Credential-Theft Malware Campaign
A large-scale software supply chain attack has compromised multiple official npm packages under the @redhat-cloud-services scope, exposing thousands of developers and CI/CD environments to credential theft. Security researchers at Aikido confirmed that 96 malicious versions across 32 packages were published…
Nimbus Manticore APT Uses Fake Jobs to Deliver Custom Malware
A newly observed cyber campaign linked to the Iran-aligned threat group Nimbus Manticore (also tracked as UNC1549 and Smoke Sandstorm) is targeting aerospace and defense organizations using a deceptive recruitment workflow that delivers custom malware through a sophisticated sideloading chain.…
Meta’s AI Bot Misused by Hackers to Take Over Instagram Accounts
Attackers have exploited a critical vulnerability in Meta’s AI-powered Instagram support chatbot to hijack user accounts without needing passwords, phishing, or malware. Instead of bypassing security through technical exploits, hackers simply manipulated the chatbot via natural-language requests. Meta’s AI Bot…
Why you need BAS and autonomous pentesting together
Most security teams know the drill: A new autonomous penetration testing tool gets deployed, and the first run is genuinely impressive. The dashboard surfaces critical findings, maps lateral movement paths nobody had documented before, and exposes a legacy service account…
Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
Password manager Dashlane has disclosed that “fewer than” 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party. On May 31, 2026, the company said an “external” threat actor…
U.S. Lawmakers Press Telecom Providers for More Action Against Growing Scam Epidemic
A congressional committee is seeking answers from some of the largest telecommunications providers in the United States as financial losses linked to scams continue to rise across the country. The inquiry comes from the Joint Economic Committee, whose leadership…
This AI model backdoor attack stays hidden until you customize the model
Most teams that deploy AI start with a backbone model. They download a large pre-trained system, adapt it to a specific task, and put it into production. The download step carries a security question: the origin of the model. A…
Cybersecurity jobs available right now: June 2, 2026
Agentic Safety and Ecosystem Architect, Trust and Safety Google | USA | On-site – View job details As an Agentic Safety and Ecosystem Architect, Trust and Safety, you will define safety controls and permission models for autonomous agents on Android,…
IT Security News Hourly Summary 2026-06-02 06h : 1 posts
1 posts were published in the last hour 4:2 : Hackers Use Meta’s AI Bot to Reset Passwords and Hijack Instagram Accounts
Hackers Use Meta’s AI Bot to Reset Passwords and Hijack Instagram Accounts
A critical logic flaw in Meta’s AI-powered Instagram support chatbot allowed attackers to bypass two-factor authentication entirely, not by cracking codes, but by simply asking the bot to hand over access. Over the weekend, high-value “OG” Instagram handles, dormant institutional…