Microsoft has confirmed active exploitation of a new zero‑day spoofing flaw in on‑premises Exchange Server, tracked as CVE‑2026‑42897. The flaw allows attackers to execute arbitrary JavaScript in Outlook Web Access (OWA) simply by sending a weaponized email that a victim…
China-Linked JDY Botnet Uses 1,500+ SOHO and IoT Devices for Rapid Vulnerability Exploitation
A China-linked network of compromised routers and smart devices has grown into one of the most capable reconnaissance tools tied to a nation-state threat group. Researchers have identified a major resurgence of a botnet known as JDY, which now controls…
9 out of 10 people can no longer distinguish real from AI-generated content
Online fraud is becoming harder to distinguish from legitimate activity as AI-generated messages, voices, photos, reviews, and identities become more convincing. Nearly nine in ten adults say they can no longer tell what is real from AI-generated content, according to…
New “Agentjacking” Attacks Could Hijack AI Coding Agents
Tenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary code This article has been indexed from www.infosecurity-magazine.com Read the original article: New “Agentjacking” Attacks Could Hijack AI Coding Agents
China Warns Of Malicious AI Agent Extensions
Hackers deploying extensions that trick AI agents into downloading, deploying crypto-mining tools on users’ systems This article has been indexed from Silicon UK Read the original article: China Warns Of Malicious AI Agent Extensions
Researchers Uncover BTMOB Malware Capable of Taking Over Android Phones
In the Android threat landscape, a new malware operation has been rapidly expanding, reducing the barriers to entry for cybercriminals while simultaneously enhancing their offensive capabilities significantly. Security researchers have identified BTMOB, an Android remote access trojan (RAT) derived…
Check Point expands MSP platform with with AI governance and unified security bundles
Check Point has announced a major expansion of its Managed Service Provider (MSP) platform, designed to help MSPs secure AI adoption, streamline operations and simplify managed security delivery. The announcement brings together three strategic innovations under a single MSP vision:…
Met Police Warns Of Cuts After Mayor Blocks £50m Palantir Deal
Metropolitan Police Commissioner says force may have to cut front-line services after Mayor of London bars Palantir contract This article has been indexed from Silicon UK Read the original article: Met Police Warns Of Cuts After Mayor Blocks £50m Palantir…
Kainos To Hire Hundreds In Northern Ireland
Northern Ireland’s largest software company expects to create 341 roles over next three years amid rising demand for AI services This article has been indexed from Silicon UK Read the original article: Kainos To Hire Hundreds In Northern Ireland
Amazon Opening Pair Of Warehouses In Northamptonshire
Seattle e-commerce giant opens warehouse in Northampton, plans another for Kettering this autumn, amid broader investment This article has been indexed from Silicon UK Read the original article: Amazon Opening Pair Of Warehouses In Northamptonshire
JDY Botnet Evolves After KV Takedown, Targets Military Networks
JDY botnet scans SOHO/IoT devices globally to map services and targets, especially US military networks. Lumen’s Black Lotus Labs reported the resurgence of the JDY botnet, a covert reconnaissance network tied to Chinese state-sponsored hacking groups including Volt Typhoon. The…
University of Nottingham Confirms Breach After Hackers Leak Data
The ShinyHunters hacker group has taken credit for the attack, leaking more than 450,000 email addresses and other information. The post University of Nottingham Confirms Breach After Hackers Leak Data appeared first on SecurityWeek. This article has been indexed from…
IDnow launches Trust Platform to help regulated firms move from KYC to continuous trust
IDnow has announced the launch of the IDnow Trust Platform, designed to help regulated organisations orchestrate identity verification, fraud prevention, biometric authentication, and qualified digital trust services throughout the customer lifecycle. “The identity industry is entering its biggest transformation since…
APT28, an evolution of tradecraft
Context Sekoia’s Threat Detection & Research (TDR) team has been tracking APT28 for several years. The intrusion set, also known as Fancy Bear, Forest Blizzard, Sofacy, Pawn Storm or Sednit and publicly attributed to the GRU’s Unit 26165, is one…
Cybercriminals Exploit Chinese Guarantee Markets to Sell Stolen Credentials
Chinese-language “guarantee” marketplaces hosted mainly on Telegram have become a core conduit for buying, selling, and laundering stolen credentials and a wide range of criminal services. These platforms modeled explicitly on consumer escrow systems such as Alipay’s 担保交易 (dānbǎo jiāoyì)…
Big Patch Tuesday, ‘Nightmare Eclipse’ drops Windows 0-day, Claude Fable restricted at Microsoft
Patch Tuesday for the books ‘Nightmare Eclipse’ drops Windows 0-day Claude Fable restricted at Microsoft Get the show notes here: https://cisoseries.com/cybersecurity-news-big-patch-tuesday-nightmare-eclipse-drops-windows-0-day-claude-fable-restricted-at-microsoft/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a…
Cyber-Attack Disrupts Exams At Bucks School
Great Marlow School closes for most students after suspected hack affects ICT system, leading to delay for internal exams This article has been indexed from Silicon UK Read the original article: Cyber-Attack Disrupts Exams At Bucks School
Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader
Two closely related espionage campaigns targeting Cambodian government organizations that abuse a legitimate VMware-signed binary to sideload a custom loader dubbed NIGHTFORGE, which in turn deploys a Havoc Demon implant in memory. TRU attributes both operations to a previously unreported…
Every employee’s password was stored in a single Excel file
The CEO thought this was the best way to deal with some email issues This article has been indexed from www.theregister.com – Articles Read the original article: Every employee’s password was stored in a single Excel file
Microsoft Patches Exploited Exchange Server Vulnerability
The company warned about zero-day attacks exploiting the Exchange Server vulnerability CVE-2026-42897 on May 14. The post Microsoft Patches Exploited Exchange Server Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Microsoft Patches…
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub has announced what it said are “breaking changes” coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the “npm…
IT Security News Hourly Summary 2026-06-11 09h : 4 posts
4 posts were published in the last hour 6:34 : China-Linked JDY Botnet Hijacks 1,500+ IoT Devices for Rapid Exploits 6:34 : GitLab Patches Multiple Vulnerabilities Allowing Account Takeover 6:34 : Hackers Exploit AWS CloudTrail and Google Cloud Logging to…
China-Linked JDY Botnet Hijacks 1,500+ IoT Devices for Rapid Exploits
A significant resurgence of the JDY botnet, a covert reconnaissance network tied to China-nexus threat activity. Once a component of the larger KV-botnet ecosystem, JDY has expanded to more than 1,500 compromised small office/home office (SOHO) and Internet of Things…
GitLab Patches Multiple Vulnerabilities Allowing Account Takeover
GitLab has released security updates for GitLab CE/EE and EE that patch multiple vulnerabilities, including several high‑impact flaws that could lead to account takeover, data exposure, and denial of service if left unpatched. Administrators are strongly advised to upgrade to…