This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open. The noise is not all noise, either. Forums are talking, researchers…
OpenAI Reveals GPT-5.6 Sol Cybersecurity Model, Restricts Early Access
OpenAI is previewing its GPT-5.6 Sol model to a vetted few at the US government’s request This article has been indexed from www.infosecurity-magazine.com Read the original article: OpenAI Reveals GPT-5.6 Sol Cybersecurity Model, Restricts Early Access
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
Key Takeaways This case was first reported to customers in a threat brief released in July 2025 and in a public flash alert in August 2025 in partnership with Swisscom B2B CSIRT, which observed another intrusion tied to the same…
Straiker Raises $64 Million for AI Security Platform
The startup’s platform can identify AI agents and provide visibility into their access, behavior, and risks. The post Straiker Raises $64 Million for AI Security Platform appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
New Attack Abuses Claude Code and Harmless-Looking Repositories to Hijack Developer Machines
Indirect prompts hidden in a repository can lead to Claude Code spawning a reverse shell on the developer’s machine. The post New Attack Abuses Claude Code and Harmless-Looking Repositories to Hijack Developer Machines appeared first on SecurityWeek. This article has…
Telegram-Based Millenium RAT Campaign Infects 60,000 Devices
Group-IB says Millenium RAT, now rewritten in C++, has hit 62,289 devices in 160+ countries This article has been indexed from www.infosecurity-magazine.com Read the original article: Telegram-Based Millenium RAT Campaign Infects 60,000 Devices
Cyber Briefing: 2026.06.29
Nation-state espionage, ruthless RaaS groups, and critical blockchain consensus failures: The new pressure points threatening global networks. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.06.29
AI may be good at finding security vulnerabilities, but it can’t beat human stupidity
You don’t need Mythos or GPT-5.5-Cyber to find a vuln to exploit when the world’s password habits are so sloppy This article has been indexed from www.theregister.com – Articles Read the original article: AI may be good at finding security…
Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack
The ShinyHunters extortion group claims to have stolen 3.1 TB of data from the organization. The post Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Cybersecurity Firm Cyberbit Shuts Down Israel Operations
Cyberbit is closing its Israeli operations and laying off local staff as the former Elbit Systems spin-off grows mainly in the US after buying RangeForce. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More…
PrivacyHawk Enterprise helps organizations find shadow IT and minimize third-party cyber risk
PrivacyHawk has announced the general availability of PrivacyHawk Enterprise, a solution that identifies and eliminates the shadow IT accounts, abandoned SaaS subscriptions, and forgotten third-party services quietly exposing organizations to breach risk. Every organization has an invisible attack surface. Shadow…
236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers
New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App. The templates power bogus cryptocurrency exchanges, multi-language pig-butchering operations, WhatsApp phishing…
Netflix Requires Unique Email Addresses for Each Profile, Adding Login Steps to Shared Accounts
Netflix has started requiring almost every profile on a subscription to be linked to its own email address and login. Thank you for being a Ghacks reader. The post Netflix Requires Unique Email Addresses for Each Profile, Adding Login Steps…
AI Is Changing Cyber Careers. NICE 2026 Showed What Students Need Next
The 2026 NICE Conference & Expo in Philadelphia was an inspiring reminder of why cyber security education matters so deeply, and why the work we do through SecureAcademy is so important. Bringing together educators, government leaders, industry experts, and nonprofit organizations, the…
Hackers Use Rokarolla Banking Trojan to Intercept SMS Codes and Steal Crypto Credentials
A newly discovered Android banking trojan called Rokarolla has been making waves across the cybersecurity community, targeting victims by posing as well-known, trusted applications. The malware goes after banking and cryptocurrency users with a level of sophistication that puts it…
UNC1151 Ghostwriter Hackers Target Belarusian Politician in Gmail Phishing Campaign
A well-known hacker group called UNC1151, also widely known as Ghostwriter, has been caught running a targeted phishing campaign against a prominent Belarusian pro-democracy politician. The group, which has long been tied to the interests of the Belarusian government and,…
Millenium RAT Rewritten in C++ Infects 62,000+ Devices Across 160 Countries
A remote access trojan known as Millenium RAT has been quietly spreading across the globe, and the numbers are hard to ignore. Over 62,000 devices have been compromised across more than 160 countries, with no signs of slowing down. More…
DCloud Uni-App Scam Network Powers RainbowEx-Style Crypto Fraud and WhatsApp Phishing
A Chinese open-source development framework has become the silent engine behind one of the largest scam networks ever documented. Known as DCloud Uni-App, the cross-platform toolkit was designed for legitimate app development but has been repurposed by cybercriminals to run…
LLM-Generated Mythic Agents Enable Disposable Red-Team Tooling From Prompt to Deployment
Red teamers and offensive security researchers have entered a new era where AI can write functional attack tools from a single sentence. A concept known as “disposable tooling” is now taking shape, and the implications for defenders are real. At…
Microsoft keeps Windows Server 2022 hotpatching alive into 2027
In the Azure Edition, of course This article has been indexed from www.theregister.com – Articles Read the original article: Microsoft keeps Windows Server 2022 hotpatching alive into 2027
IT Security News Hourly Summary 2026-06-29 15h : 4 posts
4 posts were published in the last hour 12:32 : Adding some Automation to the favicon.ico method of Host Recon, (Mon, Jun 29th) 12:32 : Splunk Secure Gateway RCE Vulnerability Lets Low-Privileged Attackers Execute Arbitrary Code 12:31 : StegoAd: How…
Adding some Automation to the favicon.ico method of Host Recon, (Mon, Jun 29th)
I'm in the throes of target host recon for another pentest, and thought I'd share some workflow / automation stuff. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Adding some Automation to…
Splunk Secure Gateway RCE Vulnerability Lets Low-Privileged Attackers Execute Arbitrary Code
A newly disclosed high-severity vulnerability in Splunk Secure Gateway (SSG) allows low-privileged authenticated users to achieve remote code execution (RCE) on affected systems, significantly increasing the attack surface for enterprise Splunk deployments. This vulnerability, tracked as CVE-2026-20251, has been assigned…
StegoAd: How 119 Fake Browser Extensions Stole Credentials and Ran Ad Fraud for Two Years
Microsoft shut down the StegoAd campaign, which used 119 malicious Edge extensions, hit 2.6M installs, and ran undetected for two years. Microsoft just shut down one of the more technically clever malicious extension campaigns it’s ever documented. The operation, named…