A notorious hacking group has been caught targeting stock investors in Vietnam through a supply chain attack, hijacking a popular investment software platform to deliver a powerful backdoor. The operation, carried out by OceanLotus (also known as APT32), marks a…
CISA Requires Federal Agencies to Patch Critical Vulnerabilities Within 3 Days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 26-04, titled “Prioritizing Security Updates Based on Risk,” compelling all Federal Civilian Executive Branch (FCEB) agencies to remediate the most dangerous known exploited vulnerabilities within just…
Microsoft’s worst ‘Nightmare’ unleashes BitLocker bypass 0-day
Another day, another Windows exploit code This article has been indexed from www.theregister.com – Articles Read the original article: Microsoft’s worst ‘Nightmare’ unleashes BitLocker bypass 0-day
Akira Gang Claims Ransomware Attack at Convention Center, Extorts $250 Million
Akira gang extorts $250 million Akira, the infamous ransomware gang has extorted over $250 million from businesses globally. It is now blackmailing to leak 46 GBs of data allegedly extorted from the Buffalo Convention Center. The stolen data includes financial…
WordPress Malware Campaign Hides Payloads in Steam Profiles
WordPress malware campaign hides payloads in Steam profiles, marking one of the most unconventional cyberattacks in recent security history. Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control data, according…
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 1, 2026 to June 7, 2026)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not…
Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts
A joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine bait for illegal pharmacy and scam sites. This article has been indexed from Security Latest Read the original article: Drug Sites Hijacked…
Hackers Use BLUERABBIT Backdoor to Encrypt Files and Wipe Disks Across Windows Systems
A newly discovered backdoor called BLUERABBIT has been found targeting Windows systems with a dangerous mix of file encryption, disk wiping, and data theft. First observed in mid-to-late March 2026, the malware is believed to be the work of a…
Hackers Use Weaponized DMG Files to Target macOS Users With Infostealer Malware
Hackers are using weaponized DMG files to target macOS users with infostealer malware, exploiting the long-standing myth that Apple devices are safe from cyber threats. These attacks rely on fake software installers disguised as legitimate apps, tricking users into handing…
CISA Warns of Check Point Security Gateway Vulnerability Actively Exploited in Ransomware Attacks
CISA has added a critical vulnerability in Check Point Security Gateway to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the flaw in ransomware campaigns. The vulnerability, tracked as CVE-2026-50751, allows unauthenticated remote attackers to…
Claude Mythos Turning N-Days Into N-Hours With Rapid Working Exploit Creation
A new study has revealed that advanced large language models (LLMs), particularly Anthropic’s Claude Mythos Preview, are dramatically accelerating the development of N-day exploits, reducing timelines from weeks to just hours and significantly increasing risk during the patch gap. Unlike…
GitHub to Automate Disable npm Script Installs to Block Supply Chain Attacks
GitHub has announced a major security-focused update to the Node Package Manager (npm), introducing breaking changes in the upcoming npm v12 release to reduce software supply chain attack risks significantly. The update, expected in July 2026, will turn off automatic…
Google can be liable for false AI Overviews, court rules
“AI can make mistakes” isn’t a good enough legal defense for defamatory or incorrect AI Overviews, a German court has ruled. This article has been indexed from Malwarebytes Read the original article: Google can be liable for false AI Overviews,…
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin…
Decade-Long SniperDz Phishing Network Disrupted in Operation Ramz
Group-IB, INTERPOL and Algerian Police dismantle decade-old SniperDZ phishing network used to steal credentials, with its alleged developer arrested. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Decade-Long SniperDz…
Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts, Report Finds
A joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine bait for illegal pharmacy and scam sites. This article has been indexed from Security Latest Read the original article: Drug Sites Hijacked…
Brickcom Cameras
View CSAF Summary Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to gain unauthorized access to live video feeds, retrieve sensitive visual information from affected premises, and obtain administrative control of the device. The following versions of…
Naxclow IoT Platform
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to impersonate devices, intercept or manipulate communications, harvest sensitive credentials at scale, or gain unauthorized access. The following versions of Naxclow IoT Platform are affected: Smart Doorbell X3…
Yarbo Android/iOS Mobile Application and Cloud Infrastructure
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain hard-coded credentials, gain access to telemetry data, and potentially send operational commands to the robot fleet. The following versions of Yarbo Android/iOS Mobile Application and Cloud…
CISA orders federal agencies to “patch smarter”
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive that will change how the US federal government approaches vulnerability management. The directive arrives as the patching problem has become nearly unmanageable, driven by a surge…
IT Security News Hourly Summary 2026-06-11 18h : 9 posts
9 posts were published in the last hour 16:5 : Check Point Joins OpenAI’s Trusted Access for Cyber Program and Daybreak Initiative 16:4 : 2.4M+ VRChat users’ data accessed following cloud breach 15:32 : Cybercriminals Abuse Chinese-Language Guarantee Marketplaces to…
Check Point Joins OpenAI’s Trusted Access for Cyber Program and Daybreak Initiative
The model behind a security workflow shapes how fast a threat is caught, how accurately an incident is investigated, and how much a defender can trust the result. We treat that choice with care. Today we’re taking a clear step…
2.4M+ VRChat users’ data accessed following cloud breach
No disclosure via official channels, no offer of identity theft monitoring, no problem This article has been indexed from www.theregister.com – Articles Read the original article: 2.4M+ VRChat users’ data accessed following cloud breach
Cybercriminals Abuse Chinese-Language Guarantee Marketplaces to Trade Stolen Credentials
A network of Chinese-language online marketplaces operating on Telegram has quietly become one of the most powerful financial engines behind global cybercrime. These platforms, known as “guarantee” or dānbǎo (担保) marketplaces, use an escrow-based trust model to help criminals buy and sell…