Rank One, whose board includes a former CIA deputy director and a former FBI science chief, supplied face recognition to Meta for internal development of its smart glasses app. This article has been indexed from Security Latest Read the original…
Supply Chain Attack Hits Popular WordPress Plugins Through Awesome Motive CDN
Attackers compromised Awesome Motive CDN files, backdooring WordPress sites running OptinMonster, TrustPulse, and PushEngage. Sansec researchers discovered an active supply chain attack hitting WordPress sites running OptinMonster, TrustPulse, and PushEngage, three plugins operated by Awesome Motive, one of the largest…
UK Government Finds 400+ Vulnerabilities in AI Hackathons
Government departments find hundreds of vulnerabilities after testing frontier models This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Government Finds 400+ Vulnerabilities in AI Hackathons
SHADOWBYT3$ Allegedly Claims Nintendo Breach and Theft of Sensitive Data
Threat intelligence sources have flagged a potential cybersecurity incident involving Nintendo after threat actor “SHADOWBYT3$” allegedly claimed responsibility for breaching internal systems and exfiltrating sensitive data. The claim surfaced on June 13, 2026, via underground monitoring channels and was later…
Threat Actor Malware Platform Exposed via Unlocked PHP Installation Page
A misconfigured PHP installation page exposed the internal infrastructure of a live malware distribution platform, allowing a security researcher to gain unintentional administrative access to a threat actor’s dashboard. What initially appeared to be a fake software download site turned…
Palo Alto Warns of GlobalProtect VPN Vulnerability Actively Exploited in the Wild
Palo Alto Networks Unit 42 has issued an urgent warning about active exploitation of CVE-2026-0257, a critical authentication bypass vulnerability affecting the GlobalProtect portal and gateway components of PAN-OS software. The flaw allows unauthenticated remote attackers to circumvent security controls…
WinRAR Vulnerability Exploited by Russian Hackers to Deploy GIFTEDCROOK Stealer
Russian hackers are exploiting a known flaw in WinRAR to quietly steal passwords, session cookies, and sensitive files from Ukrainian organizations. The vulnerability, tracked as CVE-2025-8088, was patched in July 2025, yet multiple Russia-aligned groups are still weaponizing it nearly…
SecSuite – AI-powered Tool for OSINT, Web and API Security Testing
A new open-source security platform called SecSuite, developed under the TheSecuredAnalyst project, has been released, combining OSINT reconnaissance, web vulnerability scanning, API security assessment, compliance checking, and AI-powered analysis into a single unified toolkit. Available on GitHub at 53cur3dL34rn/security-suite, the tool targets security professionals,…
Maine Disables Data Breach Portal Due to Fake Submissions
Someone posted fake VRChat and Discord data breach reports on the system, prompting the Maine AG to take action. The post Maine Disables Data Breach Portal Due to Fake Submissions appeared first on SecurityWeek. This article has been indexed from…
Maine Takes Breach Reporting Portal Offline After Fake Entries
The Office of the Maine Attorney General has suspended its breach reporting portal This article has been indexed from www.infosecurity-magazine.com Read the original article: Maine Takes Breach Reporting Portal Offline After Fake Entries
Palo Alto Warns GlobalProtect VPN Flaw Is Being Actively Exploited
Palo Alto Networks has issued an urgent warning after confirming active exploitation of a GlobalProtect VPN vulnerability, tracked as CVE-2026-0257, impacting PAN-OS deployments with specific configurations. The flaw, which affects the GlobalProtect portal and gateway components, enables an authentication bypass…
Oxford physicists just made Schrödinger’s cat even stranger
Oxford physicists have created an entirely new type of Schrödinger’s cat-like quantum state using components that are themselves highly quantum in nature. The advance could open new possibilities for more resilient quantum computers and deeper insights into the strange rules…
Evil MSI Background: BASE64 Statistical Analysis, (Mon, Jun 15th)
I like it when a fellow handler posts a diary entry about images with malicious content. Last one is Xavier: “The Evil MSI Background is Back!”. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the…
How to spot and avoid financial scam ads on social media
Financial scam ads are no longer confined to shady corners of the internet. They are showing up on some of the world’s most visited websites… The post How to spot and avoid financial scam ads on social media appeared first…
PromptSnatcher Browser Extensions Abuse AI Platforms to Capture Full Chat Conversations
PromptSnatcher (internal identifier: Panel 231) is a modern, stealthy data collection operation embedded inside two browser extensions that masquerade as ad‑blockers while harvesting full chat conversations and account metadata from major AI platforms. The extensions deliver genuine ad‑blocking and cookie‑banner…
Infostealers, AI, and a 90% Affiliate Cut Fuel The Gentlemen group’s Rise
The Gentlemen ransomware used infostealer credentials, AI tools, and affiliates to hit 483 victims across 66 countries in under a year. The Gentlemen surfaced as a ransomware operation in September 2025 and by June 13, 2026 had listed 483 victims…
A week in security (June 8 – June 14)
A list of topics we covered in the week of June 8 to June 14 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (June 8 – June 14)
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
Palo Alto Networks has revealed that it has observed “active exploitation” of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication…
Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts
Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations. “These accounts promoted fake offers, including free mobile internet packages,…
Feds ban Fable, Maine portal disabled, ShinyHunters exploits Oracle
Feds require Anthropic to ban ‘foreign national’ access to Fable, Mythos Maine disables data breach notification portal after fake disclosures ShinyHunters extorts universities through exploiting an unpatched Oracle flaw Get the show notes here: Huge thanks to our sponsor, ThreatLocker…
South Korea Fines Coupang Record £300m Over Data Breach
Data protection authority imposes maximum fine on e-commerce giant after breach exposes personal data of two-thirds of country’s population This article has been indexed from Silicon UK Read the original article: South Korea Fines Coupang Record £300m Over Data Breach
IT Security News Hourly Summary 2026-06-15 09h : 9 posts
9 posts were published in the last hour 6:34 : Waymo ‘Siren’ Continues To Wake Up East London Residents 6:34 : Russia-Aligned Hackers Exploit Old WinRAR Vulnerability to Target Ukrainian Organizations 6:34 : Berkadia – 305,216 breached accounts 6:34 :…
Waymo ‘Siren’ Continues To Wake Up East London Residents
Car from Google sister company continues to get stuck in dead-end road in Spitalfields, a month after firm took action to fix issue This article has been indexed from Silicon UK Read the original article: Waymo ‘Siren’ Continues To Wake…
Russia-Aligned Hackers Exploit Old WinRAR Vulnerability to Target Ukrainian Organizations
CVE-2025-8088, a WinRAR path traversal vulnerability patched in July 2025, remains a potent initial access vector for multiple intrusion sets targeting Ukraine. Analysis of attacks through April 2026 shows at least two distinct campaigns exploiting this vulnerability: a compiled-stealer chain…