Microsoft has disclosed a critical remote code execution vulnerability in its Office ecosystem that can be exploited through a malicious Excel file. The vulnerability, tracked as CVE-2025-60727, affects multiple versions of Microsoft Office and underscores the continued risk posed by…
Critical Dell Wyse Vulnerabilities Enable Remote Code Execution Attacks
Dell Technologies has released a critical security advisory addressing multiple vulnerabilities in its Wyse Management Suite (WMS), warning that attackers could exploit these flaws to execute arbitrary code on affected systems. The vulnerabilities affect Dell Wyse Management Suite versions before…
Hackers Exploiting Critical Oracle E-Business Suite Vulnerability Actively in Attacks
Threat actors are actively exploiting CVE-2026-46817, a critical unauthenticated remote takeover vulnerability in Oracle E-Business Suite (EBS), with live attack activity captured across honeypot infrastructure over the weekend of June 27–28, 2026. CVE-2026-46817 is a critical-severity flaw residing in the…
Public PoC Released for Deserialization RCE Vulnerability in Splunk Secure Gateway
A public proof-of-concept (PoC) exploit has been released for CVE-2026-20251, a high-severity remote code execution (RCE) vulnerability affecting Splunk Secure Gateway (SSG). The flaw, carrying a CVSS score of 8.8, allows a low-privileged authenticated attacker to execute arbitrary code on…
FCRF Launches India’s Largest Cybercrime Hackathon for 2026
The Future Crime Research Foundation (FCRF) has announced what is being positioned as India’s largest cybercrime hackathon, a move that reflects the growing urgency around digital threats in the country. With cyber fraud, phishing, ransomware, and AI-driven deception becoming…
Chromium extension uses AI‑related branding to redirect browser search
A malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI redirects browser search traffic using MV3 APIs and intermediary infrastructure. The post Chromium extension uses AI‑related branding to redirect browser search appeared first on Microsoft Security Blog. This…
In major privacy win, Supreme Court rules geofence warrants are protected by privacy rights
The Supreme Court’s decision to limit geofence warrants is a win for privacy advocates, who called their use unconstitutional but sought an outright ban. This article has been indexed from Security News | TechCrunch Read the original article: In major…
Factoring RSA Keys with Many Zeros
Interesting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys for known vulnerabilities.…
JSP webshells being dropped on unpatched PTC Windchill instances
The US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle management software platforms developed by PTC, to its Known Exploited Vulnerabilities (KEV) catalog. Entries in the KEV catalog don’t contain links…
Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks
The China-aligned espionage group Mustang Panda is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel. Acronis Threat Research Unit found active compromises inside Indian government networks, including machines…
WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private
WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional feature is designed to help users connect with someone…
IT Security News Hourly Summary 2026-06-29 18h : 16 posts
16 posts were published in the last hour 16:2 : WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy 16:2 : Iran-Linked Cyberattacks Against Israel Triple as Critical Infrastructure Faces Rising Threats 16:2 : China’s New AI Model Challenges…
WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy
An optional ‘username key’ adds another layer by requiring a secondary credential before someone can message users. The post WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Iran-Linked Cyberattacks Against Israel Triple as Critical Infrastructure Faces Rising Threats
Surging numbers of cyber intrusions tied to Iran have been logged by Israeli officials, revealing persistent digital hostilities despite lulls in physical warfare. The National Cyber Directorate notes attacks on critical systems now occur at almost three times the…
China’s New AI Model Challenges U.S. Cybersecurity Leaders
China’s latest open-weight artificial intelligence model is drawing attention within the cybersecurity community after independent evaluations indicated that it can rival some of the vulnerability detection capabilities of leading U.S. frontier AI systems. The findings are fueling renewed debate…
Insurance body confirms hackers posted Oracle PeopleSoft breach data
NAIC warned that some ratings agencies have suspended data feeds as a precaution. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Insurance body confirms hackers posted Oracle PeopleSoft breach data
Amazon Kindle E-Reader: Worth It, and How to Afford More Books?
See whether an Amazon Kindle is worth buying, how it compares with other e-readers, and practical ways to read more books without overspending each month today. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and…
Hackers Could Abuse WM_COPYDATA Callback Path to Execute Code Through Win32k Dispatch
A newly detailed injection technique has put Windows systems in the spotlight, revealing how attackers could abuse a deeply embedded part of the operating system to run malicious code inside another process without raising alarms. The method exploits the Windows…
ClawHub Skills Expose AI Agents to Remote Control Backdoors and Data Theft Attacks
AI-powered agents are no longer just answering questions. They now take actions, manage files, and run code on behalf of users. That shift has opened a dangerous new door, and attackers have already walked through it. Malicious skills targeting the…
Russia-Linked Turla Uses Compromised Infrastructure to Deploy STOCKSTAY in Ukraine Operations
Russia-linked threat group Turla has been quietly expanding its espionage arsenal with a new backdoor called STOCKSTAY, actively targeting government and military organizations in Ukraine since at least December 2022. The malware is built in .NET and communicates with operators…
OpenAI voluntarily limits new AI models at government’s request
The company said it was working with the government on a more formal process for reviewing model releases. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: OpenAI voluntarily limits new AI models at…
Beyond the perimeter: The shift to data-centric protection
<p>The traditional network perimeter has effectively disappeared, creating a major data security problem for CISOs and their teams.</p> <p>Organizations today operate across on-premises, multi-cloud, API and edge systems with no fixed boundaries. Data traverses SaaS platforms and cloud services, remote…
DOJ Seizes 400 Illegal FIFA World Cup Streaming Domains
The DOJ seized nearly 400 illegal World Cup streaming domains, warning that piracy sites also pose malware and phishing risks. The post DOJ Seizes 400 Illegal FIFA World Cup Streaming Domains appeared first on eSecurity Planet. This article has been…
119 Edge extensions promised useful tools, instead downloaded malware
Microsoft has removed over 100 Edge extensions that were delivering malware hidden in images. This article has been indexed from Malwarebytes Read the original article: 119 Edge extensions promised useful tools, instead downloaded malware