tag:blogger.com,1999:blog-48028414786341472762026-06-06T09:57:00.593+05:30The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackersUnknownnoreply@blogger.comBlogger16502125tag:blogger.com,1999:blog-4802841478634147276.post-62026545078640186412026-06-06T09:49:28.689+05:302026-06-06T09:57:00.593+05:30

Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types - On-Prem Deployment Cisco SD-WAN Cloud-Pro Cisco SD-WAN Cloud (Cisco Managed) Cisco SD-WAN for Government (FedRAMP) "A

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-79301615429536103972026-06-05T23:35:30.490+05:302026-06-05T23:35:30.491+05:30

Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer "scrapes every secret it can find on a developer's machine, hides behind an eBPF kernel rootkit, and

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-21260913769267435172026-06-05T20:23:40.252+05:302026-06-05T20:23:40.252+05:30

Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites mimicking utilities, war-related updates, and a government news source: govlens[.]net, which

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-19978095818325153942026-06-05T18:03:38.889+05:302026-06-05T19:19:50.440+05:30

Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 (where "OP" stands for "opponent") that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework. ReliaQuest has assessed with moderate to high confidence that the espionage-focused activity is linked to China. "OP-512 was highly

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-90498368451148619052026-06-05T16:50:00.000+05:302026-06-05T16:50:00.110+05:30

Eighteen months ago, the AI SOC was a marketing line. Today it's a budget item. The category has crossed over from interesting to inevitable, with billions of dollars now flowing into AI-powered security operations platforms, agentic SOC tools, and AI co-pilots built into every layer of the security stack. The data shows SOCs are buying, deploying, and standing up AI capabilities at the fastest

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-32823073904417989142026-06-05T14:08:59.945+05:302026-06-05T14:08:59.946+05:30

Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, 1.9.12. A patch for the flaw was

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-29309837071195679212026-06-05T12:31:41.748+05:302026-06-05T12:31:41.749+05:30

Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff. Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming apps, and at least one operation that copies FIFA's login page well enough to take over real accounts. It is an obvious target. More than

Swati Khandelwalhttp://www.blogger.com/profile/06009796704238391750noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-59845136215329396182026-06-05T11:04:19.011+05:302026-06-05T11:04:19.012+05:30

The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. "Compromised business servers across the U.S., Europe, and Asia were quietly converted into SMTP proxies, verified for mail relay capability, and synced to a downstream consumer every five minutes," Hunt.io said in

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-79102055187404173322026-06-04T22:25:51.562+05:302026-06-04T22:25:51.563+05:30

Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway. The flaw is a server-side request forgery.

Swati Khandelwalhttp://www.blogger.com/profile/06009796704238391750noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-25768459147492502302026-06-04T20:45:26.561+05:302026-06-04T20:54:18.831+05:30

A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto the projects downstream that pull it. RyotaK of GMO

Swati Khandelwalhttp://www.blogger.com/profile/06009796704238391750noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-84851219572203541992026-06-04T20:40:00.000+05:302026-06-04T21:50:20.173+05:30

Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's Claude Mythos model was made available to a limited set of organizations as a technical preview, it was reported that an unauthorized group claimed that it had gained access within hours. The incident, if true, was

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-63239133684251260812026-06-04T19:30:49.704+05:302026-06-04T19:30:49.704+05:30

It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great. Read the whole thing before it ruins your week anyway. Unauthenticated

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-42952707400001165862026-06-04T17:52:25.463+05:302026-06-04T21:58:05.035+05:30

A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid operational tempo" and a continually evolving malware arsenal comprising known families like ValleyRAT (aka Winos 4.0) and Atlas RAT (aka AtlasCross RAT), as well as previously

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-37415007188952925182026-06-04T16:49:53.677+05:302026-06-04T21:57:32.021+05:30

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the two attack chains is

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-12553296274278629412026-06-04T15:21:28.192+05:302026-06-04T15:21:28.193+05:30

Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework. "The sites are well-designed and often look like legitimate project portals at a glance, sometimes referencing

Swati Khandelwalhttp://www.blogger.com/profile/06009796704238391750noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-41521533602635390812026-06-04T15:03:57.714+05:302026-06-04T15:03:57.715+05:30

Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black's Threat Hunter Team reported the campaign this week. This points to espionage, not a money grab:

Swati Khandelwalhttp://www.blogger.com/profile/06009796704238391750noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-64473227124279313072026-06-04T11:36:25.341+05:302026-06-04T11:36:25.341+05:30

The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by transnational

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-72014968063440879922026-06-04T00:41:15.805+05:302026-06-04T00:54:39.211+05:30

A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term memory. No malicious app on the phone is required. The assistant just had to treat a hostile

Swati Khandelwalhttp://www.blogger.com/profile/06009796704238391750noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-6109641689092528712026-06-03T23:28:00.000+05:302026-06-04T17:22:20.092+05:30

Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones," security researcher Ammar Askar said. GitHub supports a feature called GitHub.dev that runs as

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-24144315847524311562026-06-03T22:10:00.000+05:302026-06-04T17:21:52.975+05:30

Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases. Tracked as CVE-2026-23479, the flaw was introduced in Redis 7.2.0 and remained in every stable branch until the May 5 fixes, unnoticed for over two years.

Swati Khandelwalhttp://www.blogger.com/profile/06009796704238391750noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-42045114186690061262026-06-03T22:00:00.000+05:302026-06-04T17:23:02.424+05:30

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-39452302896669403012026-06-03T21:59:16.831+05:302026-06-03T21:59:16.831+05:30

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT. "Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely to treat as

Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-85202373153982482352026-06-03T20:26:46.087+05:302026-06-03T20:26:46.109+05:30

Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You don't control which bug lands. You control what it can reach once it does. That is a question about the shape of your network, and most teams have the shape wrong. HD Moore, creator of Metasploit

Unknownnoreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-69271129983514510762026-06-03T20:26:35.982+05:302026-06-03T20:26:35.982+05:30

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse the calendar, and send messages as that user. No password, no login screen, no permission prompt.

Swati Khandelwalhttp://www.blogger.com/profile/06009796704238391750noreply@blogger.comtag:blogger.com,1999:blog-4802841478634147276.post-91790624947501189712026-06-03T17:28:00.000+05:302026-06-03T17:28:00.107+05:30

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and beyond the reach of

Unknownnoreply@blogger.com