New technical details about PHANTOMPULSE, a sophisticated remote access trojan (RAT) used in multi-stage intrusions targeting Windows environments. The malware represents the final payload in an attack chain previously linked to Obsidian plugin abuse and in-memory loaders, but this latest…
Zero trust physical security needs trust decisions at the edge
In this interview with Help Net Security, Chuck Davis, VP, Global Information Security at Hikvision, explains how zero trust applies to physical security systems like cameras and door controllers. He breaks down how to make trust decisions at the edge…
Red Hat Cloud Services npm Packages Hijacked in Credential-Theft Malware Campaign
A large-scale software supply chain attack has compromised multiple official npm packages under the @redhat-cloud-services scope, exposing thousands of developers and CI/CD environments to credential theft. Security researchers at Aikido confirmed that 96 malicious versions across 32 packages were published…
Nimbus Manticore APT Uses Fake Jobs to Deliver Custom Malware
A newly observed cyber campaign linked to the Iran-aligned threat group Nimbus Manticore (also tracked as UNC1549 and Smoke Sandstorm) is targeting aerospace and defense organizations using a deceptive recruitment workflow that delivers custom malware through a sophisticated sideloading chain.…
Meta’s AI Bot Misused by Hackers to Take Over Instagram Accounts
Attackers have exploited a critical vulnerability in Meta’s AI-powered Instagram support chatbot to hijack user accounts without needing passwords, phishing, or malware. Instead of bypassing security through technical exploits, hackers simply manipulated the chatbot via natural-language requests. Meta’s AI Bot…
Why you need BAS and autonomous pentesting together
Most security teams know the drill: A new autonomous penetration testing tool gets deployed, and the first run is genuinely impressive. The dashboard surfaces critical findings, maps lateral movement paths nobody had documented before, and exposes a legacy service account…
Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
Password manager Dashlane has disclosed that “fewer than” 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party. On May 31, 2026, the company said an “external” threat actor…
U.S. Lawmakers Press Telecom Providers for More Action Against Growing Scam Epidemic
A congressional committee is seeking answers from some of the largest telecommunications providers in the United States as financial losses linked to scams continue to rise across the country. The inquiry comes from the Joint Economic Committee, whose leadership…
This AI model backdoor attack stays hidden until you customize the model
Most teams that deploy AI start with a backbone model. They download a large pre-trained system, adapt it to a specific task, and put it into production. The download step carries a security question: the origin of the model. A…
Cybersecurity jobs available right now: June 2, 2026
Agentic Safety and Ecosystem Architect, Trust and Safety Google | USA | On-site – View job details As an Agentic Safety and Ecosystem Architect, Trust and Safety, you will define safety controls and permission models for autonomous agents on Android,…
IT Security News Hourly Summary 2026-06-02 06h : 1 posts
1 posts were published in the last hour 4:2 : Hackers Use Meta’s AI Bot to Reset Passwords and Hijack Instagram Accounts
Hackers Use Meta’s AI Bot to Reset Passwords and Hijack Instagram Accounts
A critical logic flaw in Meta’s AI-powered Instagram support chatbot allowed attackers to bypass two-factor authentication entirely, not by cracking codes, but by simply asking the bot to hand over access. Over the weekend, high-value “OG” Instagram handles, dormant institutional…
ISC Stormcast For Tuesday, June 2nd, 2026 https://isc.sans.edu/podcastdetail/9954, (Tue, Jun 2nd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, June 2nd, 2026…
Why Encrypted File Sharing Is Essential for Modern Businesses
Consider the history of any recent corporate scandal, and it is quite possible to guess what the story… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Why Encrypted File…
Fake Claude Code Installers Deliver Credential-Stealing Malware
Fake Claude Code sites are using malicious install commands to steal AI credentials, API keys, and cryptocurrency. The post Fake Claude Code Installers Deliver Credential-Stealing Malware appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
IT Security News Hourly Summary 2026-06-02 00h : 2 posts
2 posts were published in the last hour 22:3 : Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week 21:55 : IT Security News Daily Summary 2026-06-01
Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week
TeamPCP? Or copycat malware dev? This article has been indexed from www.theregister.com – Articles Read the original article: Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week
IT Security News Daily Summary 2026-06-01
147 posts were published in the last hour 20:2 : Election interlopers register 5K+ domains, hope to catch some voting phish 19:34 : Google Chrome’s New Feature Takes Aim at Cookie Theft, Account Hijacking 19:5 : IT Security News Hourly…
Election interlopers register 5K+ domains, hope to catch some voting phish
Hacking voting machines is so 2017. Phishing, impersonation pose the real election risks This article has been indexed from www.theregister.com – Articles Read the original article: Election interlopers register 5K+ domains, hope to catch some voting phish
Google Chrome’s New Feature Takes Aim at Cookie Theft, Account Hijacking
Chrome’s DBSC update binds login sessions to user devices, making stolen session cookies harder to reuse in account hijacking attacks. The post Google Chrome’s New Feature Takes Aim at Cookie Theft, Account Hijacking appeared first on TechRepublic. This article has…
IT Security News Hourly Summary 2026-06-01 21h : 4 posts
4 posts were published in the last hour 19:4 : Hackers hijacked Instagram accounts by tricking Meta AI support chatbot into granting access 19:4 : Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm 18:32 : WP…
Hackers hijacked Instagram accounts by tricking Meta AI support chatbot into granting access
Several users on social media reported having their Instagram accounts hacked over the weekend. Meta’s own support chatbot was blamed for allowing hackers to hijack accounts. This article has been indexed from Security News | TechCrunch Read the original article:…
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. “This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics…
WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites
The security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations. The post WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…