Let’s Encrypt has unveiled a new approach to securing the web against future quantum threats: Merkle Tree Certificates (MTCs), a post-quantum–ready certificate model designed to maintain the speed and reliability of today’s TLS ecosystem. As the industry moves closer to…
Cisco SD-WAN Security Flaw Actively Exploited for Root-Level Command Execution
Cisco has disclosed a high-severity vulnerability in its Catalyst SD-WAN Manager that is actively being exploited in the wild, allowing attackers to execute arbitrary commands with root-level privileges on affected systems. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score…
Dashlane Details How Hackers Managed to Download Encrypted Password Vaults
Dashlane has disclosed that threat actors successfully brute-forced two-factor authentication (2FA) protections to register unauthorized devices and download encrypted password vaults belonging to fewer than 20 personal plan users, with a completed investigation confirming no broader impact on its internal…
Microsoft Edge Vulnerability Allows Remote Attackers to Execute Arbitrary Code
Microsoft has released a security update addressing a critical vulnerability in Microsoft Edge that could allow remote attackers to execute arbitrary code on vulnerable systems. Tracked as CVE-2026-45495 and reported by Orange Tsai of DEVCORE, the flaw carries a CVSS…
Let’s Encrypt Unveils Merkle Tree Certificates to Secure the Web Against Quantum Threats
Let’s Encrypt has announced its roadmap for post-quantum Web PKI, centering on a novel approach called Merkle Tree Certificates (MTCs), a design that delivers quantum-resistant authentication without bloating TLS handshakes or breaking the web’s performance expectations. Traditional X.509 certificate chains…
Cisco SD-WAN Vulnerability Exploited in the Wild to Execute Arbitrary Commands as Root User
Cisco has disclosed a high-severity vulnerability in its Catalyst SD-WAN Manager that is actively being exploited in the wild, allowing attackers to execute arbitrary commands with root privileges. The issue, tracked as CVE-2026-20245, carries a CVSS score of 7.8 and…
June 2026 Patch Tuesday forecast: Where are the CVEs?
My forecast from last month was only partly right. After the Anthropic Mythos announcements and the deluge of newly discovered vulnerabilities from vendors like Mozilla, Microsoft’s updates were standard fare, 65 CVEs reported in Windows 11 and 58 in Windows…
Malicious Python Package Mimics Parsimonious Parser
A sophisticated typosquatting attack targeting Python developers through a malicious package named “parsimonius” on the Python Package Index (PyPI). The rogue package was engineered to impersonate the legitimate parsimonious parsing library, a well-known tool for building recursive descent parsers in…
AgentGG: Open-source agentic SAST scanner
Static analysis tools have spent years matching source code against known-bad patterns and handing engineers long lists of candidate issues to triage by hand. AgentGG approaches the same job with AI agents that read the code, follow imports, walk the…
Chinese APT VerdantBamboo Targets Appliances with BRICKSTORM Malware
BRICKSTORM is a modular remote access trojan (RAT) originally seen in Golang and later in Rust. It uses a wssoft library with pluggable “tasks” for shell commands, a Socks5 proxy, and a simple web server for file listing. An incident…
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026
The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet. The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 appeared first on SecurityWeek. This article has been indexed from…
Thieves can pull off keyless car theft in under a minute and here’s how to stop them
A keyless car can be stolen in under a minute. Two people, a pair of cheap radio amplifiers, and a fob sitting on a hallway table inside the house. That is enough. No broken glass. No alarm. No sound. Most…
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. “Compromised business servers across the U.S., Europe, and Asia were quietly…
VECT 2.0 Ransomware Breaks Files Beyond Its Own Recovery
VECT 2.0 ransomware can leave victims with files that even the attacker’s own decryptor cannot reliably restore. While researchers previously exposed a cross-platform design flaw that discards nonces for earlier parts of large files, our Windows-focused analysis shows additional implementation…
Microsoft Edge Vulnerability Lets Remote Attackers Execute Arbitrary Code
Microsoft has disclosed three critical vulnerabilities in its Edge browser, all discovered during the Pwn2Own competition and reported by security researcher Orange Tsai of DEVCORE Research Team. The flaws, tracked as CVE-2026-45492, CVE-2026-45494, and CVE-2026-45495, were publicly disclosed on June…
AI agent governance gets harder when agents outnumber your people
In this Help Net Security video, Amit Gautam, CTO at Abluva, explains the security risks that autonomous AI agents bring into enterprise environments. He opens with a real case: a reconciliation agent at a financial services firm had legitimate access…
Dashlane Reveals How Hackers Downloaded Encrypted Password Vaults
Dashlane has disclosed the findings of a recent security investigation, confirming that a limited number of users were impacted by a targeted brute-force attack against its device registration system. The company emphasized that its internal infrastructure was not breached and…
Most pros have seen AI hallucinations in IT operations
Autonomous AI is taking action inside enterprise IT environments. Software is restarting services, isolating risky devices, and applying patches without waiting for a human to approve the step. The capability is spreading at the same time IT professionals are reporting…
New HTTP/2 Bomb Attack, Trump’s AI Security Reviews, Android Zero-Day & The Patching Crisis
A newly disclosed attack called HTTP/2 Bomb can crash major web servers in seconds using a single computer and a modest internet connection. Researchers say the attack combines two known techniques into a powerful memory-exhaustion exploit affecting widely used platforms…
New infosec products of the week: June 5, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Asimily, depthfirst, Diligent, Hyland, MazeBolt, and Noma. Asimily turns device risk into automated network policy Asimily has launched Segmentation Orchestration, enabling connected-device risk intelligence to…
IT Security News Hourly Summary 2026-06-05 06h : 2 posts
2 posts were published in the last hour 4:2 : HexStrike AI RED-TEAM With 127 Security Tools and BOAZ Red Team Integration 4:2 : ClawHub, Cisco, Vercel’s Malicious Skill Detector Bypassed to upload Malicious Skills
HexStrike AI RED-TEAM With 127 Security Tools and BOAZ Red Team Integration
A fork of the original HexStrike AI project has been released as HexStrike AI v6.0, an advanced Model Context Protocol (MCP)-based cybersecurity automation framework that merges 127 professional security tools with BOAZ, a multi-layered, EDR/AV payload evasion engine built for real-world…
ClawHub, Cisco, Vercel’s Malicious Skill Detector Bypassed to upload Malicious Skills
AI skill scanners from ClawHub, Cisco, and Vercel’s skills. The platform can be bypassed with minimal effort, allowing malicious skills to be uploaded and distributed through public marketplaces. The findings highlight a growing supply chain risk in agent ecosystems, where…
ISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960, (Fri, Jun 5th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, June 5th, 2026…