16 posts were published in the last hour 19:2 : ShinyHunters claims it hacked 100 orgs by exploiting an Oracle PeopleSoft 0-day 19:2 : Red Hat Investigates npm Package Compromise After Malware Found in Official Repository 18:34 : CVE-2026-10520 Exploited:…
ShinyHunters claims it hacked 100 orgs by exploiting an Oracle PeopleSoft 0-day
University of Nottingham is first of many, Shiny tells The Reg This article has been indexed from www.theregister.com – Articles Read the original article: ShinyHunters claims it hacked 100 orgs by exploiting an Oracle PeopleSoft 0-day
Red Hat Investigates npm Package Compromise After Malware Found in Official Repository
Security researchers have identified malicious code in dozens of packages distributed through Red Hat’s official @redhat-cloud-services namespace on npm after attackers gained unauthorized access to the repository. The incident was first reported by researchers at Aikido Security, who found…
CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release
Attackers are exploiting the critical CVE-2026-10520 flaw in Ivanti Sentry, compromising many internet-exposed gateways shortly after patches were released. Threat actors have started exploiting a maximum-severity OS command injection flaw in Ivanti Sentry, tracked as CVE-2026-10520, that allows remote code…
Miasma worm spreads from Red Hat packages to Microsoft repositories
A rapidly developing software supply chain attack known as Miasma is one of the latest to move from targeting Red Hat npm packages to infecting numerous Microsoft GitHub repositories. Cloudsmith researchers described the Miasma attack, noting it began after the…
BMW advances humanoid robotics in vehicle production, testing AI-powered automation designed to improve efficiency and factory flexibility
In response to the increasing efforts of automotive manufacturers to modernize factory processes, BMW is exploring an innovative approach to industrial automation that goes beyond conventional robotics. As part of its Leipzig facility, the company is testing humanoid robots…
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender. “This was an accidental discovery, it took a total of 4 hours to…
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards,…
A tale of two eras
In this week’s newsletter, Amy reminisces on the tech toys of their childhood, inspired by a hilarious lesson about why your digital privacy shouldn’t be left on an open channel. This article has been indexed from Cisco Talos Blog Read…
Hackers Abuse SniperDz PhaaS Ecosystem for Brand Impersonation and Browser Hijacking
A sophisticated Phishing-as-a-Service (PhaaS) platform called SniperDz has been quietly enabling a wide range of online fraud that goes far beyond basic credential theft. The platform provides cybercriminals with a ready-made toolkit to run convincing scams at scale, targeting victims…
Critical Langflow Vulnerability Exploited to Execute Malicious Code
A critical security vulnerability in Langflow, tracked as CVE-2026-5027, is raising serious concerns after researchers confirmed that attackers can exploit the flaw to execute malicious code on affected systems. The issue stems from improper input validation in the application’s file…
GoFlateLoader Uses Massive PE Overlay to Deliver Lumma, Vidar, and StealC Infostealers
A new malware loader called GoFlateLoader has been quietly spreading across the internet, and what makes it stand out is not how complex it is but how effective a simple trick has made it. Written in the Go programming language,…
OceanLotus APT Compromises FireAnt MetaKit in Supply-Chain Attack on Stock Investors
A notorious hacking group has been caught targeting stock investors in Vietnam through a supply chain attack, hijacking a popular investment software platform to deliver a powerful backdoor. The operation, carried out by OceanLotus (also known as APT32), marks a…
CISA Requires Federal Agencies to Patch Critical Vulnerabilities Within 3 Days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 26-04, titled “Prioritizing Security Updates Based on Risk,” compelling all Federal Civilian Executive Branch (FCEB) agencies to remediate the most dangerous known exploited vulnerabilities within just…
Microsoft’s worst ‘Nightmare’ unleashes BitLocker bypass 0-day
Another day, another Windows exploit code This article has been indexed from www.theregister.com – Articles Read the original article: Microsoft’s worst ‘Nightmare’ unleashes BitLocker bypass 0-day
Akira Gang Claims Ransomware Attack at Convention Center, Extorts $250 Million
Akira gang extorts $250 million Akira, the infamous ransomware gang has extorted over $250 million from businesses globally. It is now blackmailing to leak 46 GBs of data allegedly extorted from the Buffalo Convention Center. The stolen data includes financial…
WordPress Malware Campaign Hides Payloads in Steam Profiles
WordPress malware campaign hides payloads in Steam profiles, marking one of the most unconventional cyberattacks in recent security history. Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control data, according…
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 1, 2026 to June 7, 2026)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not…
Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts
A joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine bait for illegal pharmacy and scam sites. This article has been indexed from Security Latest Read the original article: Drug Sites Hijacked…
Hackers Use BLUERABBIT Backdoor to Encrypt Files and Wipe Disks Across Windows Systems
A newly discovered backdoor called BLUERABBIT has been found targeting Windows systems with a dangerous mix of file encryption, disk wiping, and data theft. First observed in mid-to-late March 2026, the malware is believed to be the work of a…
Hackers Use Weaponized DMG Files to Target macOS Users With Infostealer Malware
Hackers are using weaponized DMG files to target macOS users with infostealer malware, exploiting the long-standing myth that Apple devices are safe from cyber threats. These attacks rely on fake software installers disguised as legitimate apps, tricking users into handing…
CISA Warns of Check Point Security Gateway Vulnerability Actively Exploited in Ransomware Attacks
CISA has added a critical vulnerability in Check Point Security Gateway to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in ransomware campaigns. The vulnerability, tracked as CVE-2026-50751, allows unauthenticated remote attackers to…
Claude Mythos Turning N-Days Into N-Hours With Rapid Working Exploit Creation
A new study has revealed that advanced large language models (LLMs), particularly Anthropic’s Claude Mythos Preview, are dramatically accelerating the development of N-day exploits, reducing timelines from weeks to just hours and significantly increasing risk during the patch gap. Unlike…
GitHub to Automate Disable npm Script Installs to Block Supply Chain Attacks
GitHub has announced a major security-focused update to the Node Package Manager (npm), introducing breaking changes in the upcoming npm v12 release to reduce software supply chain attack risks significantly. The update, expected in July 2026, will turn off automatic…