News Archive

06 July 2026
software vulnerability
Gitea Docker Flaw Faces Active Probing
Attackers are scanning for vulnerable Gitea Docker instances to gain remote access.
Read More →
cyber espionage
Fake File Converters Spread Espionage Malware
China-linked hackers use counterfeit converter websites to infect targeted Windows systems.
Read More →
data exfiltration
rojPix Breaches Air-Gapped Networks
Image-based malware covertly steals data from isolated systems without network connectivity.
Read More →
05 July 2026
supply compromise
Fake npm Packages Target Developers
North Korean packages impersonate Rollup tools to steal credentials and enable remote access.
Read More →
linux vulnerability
Bad Epoll Flaw Grants Linux Root
New Linux kernel vulnerability enables local users to gain root privileges.
Read More →
malware framework
Avalon Malware Framework Targets Enterprises
Modular malware framework enables stealthy persistence, credential theft, and remote command execution.
Read More →
04 July 2026
cyber extortion
U.S. Paid Million-Dollar Extortion Demand
Government entity paid attackers to prevent publication of stolen sensitive data.
Read More →
supply compromise
North Korea Expands Supply Chain Attacks
Malicious packages and extensions target developers across multiple software ecosystems.
Read More →
embedded vulnerability
Embedded Filesystem Bugs Threaten Millions
Unpatched FatFs flaws expose embedded devices to memory corruption and code execution.
Read More →
03 July 2026
MacOS malware
PamStealer Targets Apple Silicon Macs
Fake Maccy sites deliver stealthy infostealer validating stolen passwords before data theft.
Read More →
Cyber espionage
Armored Likho Targets Government Networks
Advanced malware campaign strengthens persistence and espionage against government organizations.
Read More →
Cyber espionage
Pegasus Spyware Hits EU Investigator
European lawmaker probing spyware abuses became a Pegasus surveillance target.
Read More →
02 July 2026
Threat roundup
AI Compute Hijacking Leads Weekly Threats
Weekly bulletin highlights AI abuse, Apple flaw, ransomware, and emerging attack techniques.
Read More →
Cyber espionage
Gmail OAuth Attack Evades Authentication
ToddyCat malware abuses OAuth to silently hijack Gmail accounts through trusted browser sessions.
Read More →
AI exploitation
AI Agent Exploits Langflow Automatically
Autonomous agent chained Langflow flaw into full server compromise without human intervention.
Read More →
01 July 2026
AI vulnerability
Cursor Flaws Enable Prompt Injection Attacks
Critical vulnerabilities let prompt injections execute malicious actions and expose developer environments.
Read More →
Banking malware
Ousaban Targets Iberian Banking Users
Brazilian banking trojan uses stealthy phishing and geofencing to hijack financial accounts.
Read More →
Software update
Adobe Fixes Critical Commerce Flaws
Seven maximum-severity vulnerabilities could enable remote code execution on Commerce servers.
Read More →
30 June 2026
AI security
Hundreds Of iOS Apps Leak AI Keys
Researchers found widespread LLM credential exposure across AI-powered iOS applications.
Read More →
Crypto malware
Langflow Flaw Powers Crypto Mining
Attackers exploit Langflow vulnerability to deploy Monero miners on exposed AI servers.
Read More →
Crypto malware
Fake CAPTCHA Spreads Crypto Clipper
Silent Swap campaign hijacks clipboard wallets through deceptive verification pages.
Read More →
29 June 2026
Scam infrastructure
Scam Network Exploits Uni-App Framework
Over 236,000 fraudulent sites abused a legitimate framework to power global scams.
Read More →
Cyber espionage
Gamaredon Expands Ukraine Cyber Campaigns
Russian APT enhances malware, phishing, and cloud abuse against Ukrainian government targets.
Read More →
malware loader
SharkLoader Deploys Cobalt Strike
New loader exploits public flaws to compromise governments and enterprise networks.
Read More →
28 June 2026
AI vulnerability
Amazon Q Flaw Exposes Cloud Credentials
Malicious repositories executed code and stole developer credentials through AI workspace configuration.
Read More →
cyber espionage
Russian Smishing Campaign Targets Officials
Fake support messages steal messaging credentials from government and military personnel.
Read More →
malware loader
SharkLoader Deploys Cobalt Strike
New loader exploits public flaws to compromise governments and enterprise networks.
Read More →
27 June 2026
Software vulnerability
CISA Flags Exploited PTC Flaw
Active attacks prompted urgent patching of critical Windchill remote code execution vulnerability.
Read More →
AI regulation
OpenAI Restricts GPT-5.6 Rollout
Government-requested limits delay public access to advanced AI cybersecurity capabilities.
Read More →
Cyber espionage
FBI Warns Signal Backup Keys Targeted
Russian hackers steal Signal recovery keys to hijack encrypted messaging accounts.
Read More →
26 June 2026
Cyber espionage
Chinese APT Unleashes New Backdoor
New malware maintains stealthy persistence across compromised enterprise and government networks.
Read More →
Linux vulnerability
Linux Kernel Flaw Grants Root Access
New Pedit COW exploit enables local privilege escalation through cached binary poisoning.
Read More →
Network vulnerability
Cisco Zero-Day Granted Root Access
Attackers chained Cisco SD-WAN vulnerabilities to obtain persistent root-level access.
Read More →
25 June 2026
Supply compromise
Popular Ad Blocker Turned Malicious
Compromised Chrome extension secretly hijacked browsers and redirected millions of user requests.
Read More →
Ransomware access
Stealthy Backdoor Aids Ransomware Access
Mistic backdoor strengthens initial access for ransomware groups through stealthy enterprise intrusions.
Read More →
AI malware
AI-Evading Malware Targets macOS
Gaslight malware uses prompt injection to disrupt AI-assisted malware analysis and detection.
Read More →
24 June 2026
Network compromise
FortiBleed Exposes Thousands Of Firewalls
Massive campaign leaked working FortiGate credentials, enabling global firewall compromise risks.
Read More →
Cybercrime disruption
DoJ Strikes Major Cybercrime Marketplace
U.S. seized Huione infrastructure used to launder billions from scams and cybercrime.
Read More →
Supply vulnerability
CI/CD Flaws Expose Hundreds Of Repositories
Cordyceps vulnerabilities allow attackers to hijack workflows and compromise software supply chains.
Read More →
23 June 2026
Malware delivery
Fake Office Files Spread Malware
WhatsApp campaign delivers VBScript malware through deceptive Office document attachments.
Read More →
Supply security
GitHub Blocks Workflow Supply Attacks
Updated Actions checkout mitigates malicious branch and workflow manipulation techniques.
Read More →
AI exploitation
Autonomous AI Removes Human Bottlenecks
Agentic AI enables attacks with minimal human input, accelerating cyber operations.
Read More →
22 June 2026
IoT malware
Legacy Routers Become Stealth Recon Nodes
AryStinger malware hijacks old routers for scanning, proxying, and attacker concealment.
Read More →
Malware delivery
Malicious SVG Files Deliver OxLoader
New OxLoader campaign abuses SVG images to deploy malware and evade detection.
Read More →
Mobile security
Google Tightens Android App Trust
Unverified developers face installation blocks across millions of Android devices.
Read More →
21 June 2026
software update
Apple Fixes Wireless Eavesdropping Risk
Beats Studio Buds flaw enabled nearby attackers to access audio streams and pairing.
Read More →
Software vulnerability
F5 Fixes Critical NGINX Flaws
Severe vulnerabilities expose NGINX environments to denial-of-service and memory corruption risks.
Read More →
hardware vulnerability
USB Exploit Bypasses Modern Defenses
Unpatchable USB attack breaks isolation protections and enables stealthy hardware compromise.
Read More →
20 June 2026
Supply compromise
North Korea Hits AI Supply Chain
Sapphire Sleet compromised Mastra packages to steal developer secrets and crypto wallets.
Read More →
Software vulnerability
WordPress SMTP Flaw Under Attack
Active exploitation exposes email credentials and sensitive configuration data on websites.
Read More →
Supply compromise
Klue Breach Hits Security Firms
Supply-chain compromise exposed customer data from cybersecurity companies using Klue platforms.
Read More →
19 June 2026
AI security
Agentic AI Reshapes Cyber Operations
Autonomous AI links intelligence, validation, and response into continuous security workflows.
Read More →
Network vulnerability
CISA Urges Fortinet Emergency Patching
Active exploitation forces immediate action against critical Fortinet vulnerabilities affecting enterprises.
Read More →
Malware disruption
Operation Endgame Hits Malware Networks
Global operation disrupted SocGholish infrastructure and weakened major cybercrime ecosystems.
Read More →
18 June 2026
AI security
Hidden AI Agents Create Access Risks
Orphaned AI agents retain privileges, exposing sensitive systems and data to misuse.
Read More →
threat roundup
Trusted Platforms Become Attack Vectors
AI chats, npm packages, and phishing campaigns abused legitimate services for attacks.
Read More →
crypto malware
Clipboard Malware Steals Crypto Funds
Windows Clipper malware hijacks copied wallet addresses to redirect cryptocurrency payments.
Read More →
17 June 2026
Software vulnerability
Joomla Flaw Under Active Attack
CISA warns attackers are exploiting critical Joomla JCE vulnerability enabling remote code execution.
Read More →
Supply compromise
Malicious JetBrains Plugins Steal AI Keys
Fake AI coding plugins exfiltrate developer API keys from trusted IDE environments.
Read More →
supply compromise
144 NPM Packages Backdoored
Supply-chain attack compromised AI framework packages, exposing developers and production environments.
Read More →
16 June 2026
Mobile malware
New Android Malware Targets Banking Data
RokaRolla steals credentials, financial information, and device data from Android users.
Read More →
Threat intelligence
Hidden Infrastructure Powers Most Attacks
Survey found anonymized infrastructure enables attackers while defenders remain largely reactive.
Read More →
Network vulnerability
Fortinet Flaws Fuel Active Attacks
Attackers exploit multiple Fortinet vulnerabilities to gain access and compromise networks.
Read More →
15 June 2026
Software vulnerability
Decade-Old phpBB Flaw Fixed
Authentication bypass vulnerability remained hidden for years, exposing forum accounts to compromise.
Read More →
Phishing scam
Fake Facebook Offers Fuel Scams
Fraudsters impersonate trusted entities to steal credentials from MENA region users.
Read More →
Network vulnerability
Palo Alto Flaw Under Active Attack
Exploited PAN-OS vulnerability allows unauthorized VPN access to enterprise networks.
Read More →
14 June 2026
Phishing disruption
FBI Disrupts Massive AI Phishing Network
Authorities dismantled AI-powered phishing infrastructure linked to over one million malicious URLs.
Read More →
insider threat
Insider Hacker Sentenced To Prison
Former employee jailed after cyberattacks disrupted school district systems and operations.
Read More →
privacy concern
Meta Expands Biometric Tracking Ambitions
Meta explores facial recognition capabilities, raising privacy and surveillance concerns globally.
Read More →
13 June 2026
AI regulation
U.S. Halts Access To Advanced AI
Government ordered Anthropic to suspend powerful AI models for foreign nationals worldwide.
Read More →
software vulnerability
Splunk Flaw Enables Code Execution
Low-privileged users can gain remote code execution through vulnerable Splunk components.
Read More →
supply compromise
Arch Repository Hit By Massive Supply Chain Attack
Over 400 AUR packages distributed malware stealing credentials and compromising Linux systems.
Read More →
12 June 2026
phishing disruption
INTERPOL Dismantles Major Phishing Platform
Global operation shut down SniperDz infrastructure and arrested its alleged developer.
Read More →
AI security
AgentJacking Turns AI Into Attackers
New attack hijacks coding agents into executing malicious commands through trusted error reports.
Read More →
security strategy
MDR Evolves For AI-Powered Threats
Security providers shift MDR beyond detection toward prevention, automation, and resilience.
Read More →
11 June 2026
supply security
GitHub Blocks Risky NPM Script Execution
npm will require explicit approval before running install scripts commonly abused in attacks.
Read More →
ransomware activity
Ransomware Gang Claims Hundreds Victims
The Gentlemen ransomware operation reported widespread attacks across multiple industries worldwide.
Read More →
cyber espionage
OceanLotus Targets Vietnamese Investors
State-linked hackers deployed malware through investment-themed lures targeting financial communities.
Read More →
10 June 2026
cyber espionage
Chinese Botnet Expands Military Targeting
JDY botnet grew rapidly, focusing reconnaissance against military and critical infrastructure networks.
Read More →
software update
Critical Enterprise Flaws Patched
Ivanti, Fortinet, and SAP released fixes for high-risk vulnerabilities affecting enterprises.
Read More →
AI vulnerability
Langflow Flaw Enables Full Takeover
Unpatched vulnerability allows remote code execution and complete compromise of AI workflows.
Read More →
09 June 2026
cyber espionage
WinRAR Flaw Fuels Russian Espionage
Russia-aligned groups exploit patched WinRAR vulnerability to deploy malware against Ukrainian targets.
Read More →
backup vulnerability
Veeam Backup Servers Face Critical RCE
Authenticated domain users can execute code on vulnerable backup infrastructure.
Read More →
supply compromise
Microsoft Supply Chain Breach Hits AI Developers
Compromised repositories delivered credential-stealing malware through trusted Microsoft developer tools.
Read More →
08 June 2026
cyber espionage
Linux Malware Expands Beyond Linux
Chinese-linked hackers deployed BSD malware variant to broaden stealthy cross-platform espionage operations.
Read More →
cyber extortion
Hackers Blend Vishing With Physical Intrusions
UNC3753 used fake IT support calls and onsite visits for rapid data theft.
Read More →
network vulnerability
Check Point VPN Flaw Under Attack
Attackers actively exploit critical VPN vulnerability to gain unauthorized network access.
Read More →
07 June 2026
account security
Instagram Flaw Exposed Account Recovery
AI-assisted recovery weakness enabled unauthorized password reset and account takeover attempts.
Read More →
mobile spyware
Android Spyware Targets Arabic Communities
Asin spyware spreads through fake apps targeting journalists and researchers in Arabic regions.
Read More →
AI security
ChatGPT Adds High-Security Lockdown Mode
New mode limits risky features to reduce prompt injection and data theft.
Read More →
06 June 2026
security tooling
OWASP Launches Developer Security Scanner
CVE Lite CLI helps developers detect and remediate dependency vulnerabilities before deployment.
Read More →
AI security
AI Agent Finds 21 Zero-Days
Autonomous AI uncovered 21 vulnerabilities across widely used open-source software projects.
Read More →
software vulnerability
CISA Flags Exploited SolarWinds Flaw
Active attacks prompted CISA to prioritize immediate patching of critical SolarWinds vulnerabilities.
Read More →
05 June 2026
software vulnerability
Laravel Email Validation Flaw Disclosed
CRLF injection bug enables outbound email manipulation and potential mail relay abuse.
Read More →
linux vulnerability
Linux CIFSwitch Flaw Grants Root
Kernel vulnerability enables local users to escalate privileges and obtain root access.
Read More →
AI development
Google Challenges AI Coding Leaders
Antigravity 2.0 introduces autonomous coding agents competing directly with Claude and Codex.
Read More →
04 June 2026
AI security
Agentic AI Reshapes Cyber Defense
Autonomous AI boosts security operations but introduces governance, trust, and control risks.
Read More →
vulnerability management
Cisco Accelerates Vulnerability Disclosures
AI-driven bug discovery forces faster disclosures and proactive security response strategies.
Read More →
AI regulation
U.S. Advances AI Regulation Effort
Lawmakers proposed framework governing AI safety, transparency, accountability, and national security.
Read More →
03 June 2026
malware delivery
Google Domain Abused For Malware Delivery
Attackers leveraged DoubleClick redirects to evade detection and deploy remote access malware.
Read More →
AI security
AI Unearths Hidden RCE Flaw
Autonomous AI discovered a two-year-old remote code execution vulnerability missed by researchers.
Read More →
windows vulnerability
Windows Flaw Leaks Authentication Hashes
Unpatched Windows Search URI bug exposes NTLMv2 hashes through malicious link interactions.
Read More →
02 June 2026
security strategy
EDR Alone Is No Longer Enough
Organizations combine hardening and MDR to improve resilience against AI-powered attacks.
Read More →
AI exploitation
AI Shrinks Exploitation Timelines Dramatically
AI accelerates vulnerability weaponization, reducing defenders’ remediation windows from days to hours.
Read More →
cyber espionage
SideCopy Expands Regional Espionage Campaign
Pakistan-linked hackers targeted Afghan finance entities using phishing and Xeno RAT malware.
Read More →
01 June 2026
cybersecurity recap
Cyber Threats Escalate Across Platforms
Linux flaws, PAN-OS exploits, AI attacks, and phishing campaigns intensified globally.
Read More →
cyber espionage
China-Linked Cyberattacks Intensify Globally
Chinese-aligned groups expanded espionage campaigns targeting governments, infrastructure, and strategic
Read More →
security business
MSP Security Market Expands Rapidly
Rising cyber threats drive MSP adoption, identity security growth, and AI-powered protection.
Read More →