A 21-year-old man known online as “Snoopy” was sentenced to 18 months in prison for his role in a scheme that hacked user accounts on a fantasy sports and betting website and sold access to them, causing hundreds of thousands…
IT Security News Hourly Summary 2026-06-25 12h : 19 posts
19 posts were published in the last hour 10:3 : Introduction to COM usage by Windows threats 10:3 : Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools 10:3 : API Security Demystified: Which Tools…
Introduction to COM usage by Windows threats
Component Object Model (COM) is a fundamental Windows technology used by legitimate applications for object activation, inter-process communication, automation and language-independent component reuse. Those same qualities make it useful to threat actors. This article has been indexed from Cisco Talos…
Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools
Kaspersky researchers analyze the threat landscape for SMBs in 2026: the rise of attacks involving fake AI tools, phishing schemes, and data sold on the dark web. This article has been indexed from Securelist Read the original article: Inside the…
API Security Demystified: Which Tools Actually Protect Your APIs (And Where the Gaps Are)
Introduction Quick answer: No single tool secures an API. API security is a layered discipline. Secure-coding analyzers and SCA scanners catch code and dependency flaws; DAST tests running APIs; API gateways and IAM enforce authentication and rate limits; a WAF…
OpenClaw Skill Marketplace Exposes AI Agents to Supply Chain Malware and Financial Fraud
A wave of malicious skills targeting the OpenClaw AI agent marketplace has exposed a dangerous new frontier in software supply chain security. Attackers are using the ClawHub skill marketplace to push harmful code into AI agent environments, stealing data and…
Elite network says it was hacked after members’ personal data was left exposed
Personal data belonging to politicians, military leaders, and executives was left publicly accessible in what looks like a security misconfiguration. This article has been indexed from Malwarebytes Read the original article: Elite network says it was hacked after members’ personal…
Flare unveils new CTI capabilities and Okta support
Flare has announced the expanded capabilities for Flare CTI, and an Okta integration within its Identity Exposure Management (IEM) offering. These updates extend Flare’s identity expertise into tactical threat intelligence use cases and agentic workflows to reshape security operations. As…
SpyCloud automates threat investigations with new Research Agent
SpyCloud has announced the launch of SpyCloud Research Agent, a conversational AI investigation agent now available in its Cybercrime Investigations console. Cybercrime investigations have a tax: hours of manual pivot work that experienced analysts run by instinct and junior analysts…
Hackers Abuse Cloudflare-Hosted AWS Phishing Domains to Steal Console Logins
A concise but sophisticated phishing campaign that targeted AWS console users by abusing Cloudflare-hosted domains to deliver adversary-in-the-middle (AiTM) credential theft. Each domain served an almost identical clone of the AWS console sign-in page and implemented a server-driven flow that…
25-Year-Old Vulnerability Patched in Curl
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities. The post 25-Year-Old Vulnerability Patched in Curl appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: 25-Year-Old Vulnerability…
Forescout brings PQC visibility to IT, OT, IoT, and IoMT environments
Forescout has announced the launch of its Post-Quantum Cryptography (PQC) Readiness and Encryption Hygiene Dashboards. The new dashboards are designed to help organizations identify, prioritize, and manage quantum risk across information technology (IT), operational technology (OT), Internet of Things (IoT),…
YesWeHack automates penetration testing with AI-powered agents
YesWeHack announces Agentic Pentest, an on-demand solution using autonomous AI agents to test organisations’ assets and deliver same-day findings. Shaped by YesWeHack’s extensive offensive security experience, Agentic Pentest helps organisations identify vulnerabilities, test their real-world exploitability and uncover attack paths…
Entrust uses biometrics to verify users during high-risk transactions
Entrust has introduced a new approach to preventing account takeover. As attackers increasingly target high-risk moments like account recovery, device changes, and large transactions, organizations need to modernize authentication from verifying access to verifying the real human behind the transaction.…
Seemplicity AI Analysts focus remediation on exploitable risks
Seemplicity has launched AI Analysts for exposure management and response. The autonomous agents replace manual vulnerability triage by working directly within remediation workflows to conduct structured, evidence-based exploitability investigations. The old playbook is broken. AI-generated exploits have collapsed the window…
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026. According to Symantec and Carbon Black’s Threat Hunter Team,…
Breaking the MSP Echo Chamber: The Power of Community
MSPs spend too much time talking to other MSPs and not enough time talking to the people they’re supposed to serve. That’s Paul Croker’s view of some of the channel’s biggest growth problems. While most industry events bring technology…
Google Wallet adds TSA Touchless ID for faster airport screening
Google Wallet has joined the Transportation Security Administration’s (TSA) PreCheck Touchless ID program, allowing travelers to pass through security checkpoints using the TSA’s facial comparison technology. The system verifies identity by matching a live photo taken at a checkpoint with…
Bitdefender RealCheck analyzes videos for deepfakes and fraud
Bitdefender has announced the launch of Bitdefender RealCheck, a standalone solution that helps consumers evaluate the authenticity of video content circulating across digital platforms and whether it carries malicious intent, such as financial fraud, credential theft, or defamation. As deepfakes…
Stellar Cyber improves threat detection and data onboarding in new updates
Stellar Cyber has announced continued momentum across Stellar Cyber 6.5 and 6.6. The releases advance the company’s AI-driven, human-augmented SOC vision with governed AI workflows, improved Auto Triage visibility, sharper detections, stronger platform health monitoring, expanded integrations, and faster self-service…
WhatsApp will warn users before they message a potential scammer
WhatsApp is rolling out a warning screen on Android and iOS that appears before users open chats with unfamiliar phone numbers. Meta hopes that this new feature will help users avoid scammers. WhatsApp chats warning screen (Source: WABetaInfo) “WhatsApp now…
Danish Fibre Provider Wins Pay-Out Over Huawei Removal
TDC NET awarded 80m kroner in compensation over order to rip out Huawei fibre-optic networking equipment on national security grounds This article has been indexed from Silicon UK Read the original article: Danish Fibre Provider Wins Pay-Out Over Huawei Removal
Key Researchers Leave Google For Anthropic, OpenAI
Reported departure of Jonas Adler and Alexander Pritzel follows those of star researchers John Jumper, Noam Shazeer This article has been indexed from Silicon UK Read the original article: Key Researchers Leave Google For Anthropic, OpenAI
Qualcomm Signs Up Meta For Upcoming Data Centre CPUs
Facebook parent Meta to use upcoming Qualcomm processors to power servers, as chipmaker seeks data centre market share This article has been indexed from Silicon UK Read the original article: Qualcomm Signs Up Meta For Upcoming Data Centre CPUs