Jue. Jun 18th, 2026
Trending News: The Scripts on Your Checkout Page Are Now a PCI DSS ProblemMicrosoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in DevelopmentCrypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal CommentsJunior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went OfflineAdversarial Exposure Validation Turns Security Visibility into Confident PrioritizationThe Top 10 Attack Surface Exposures in 2026Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats144 Mastra npm Packages Compromised via Hijacked Contributor AccountCISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code ExecutionGoogle Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket SquattingClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update LuresNew Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet FundsChina-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth94% of Incidents Involve Anonymized Infrastructure. Teams Are Still ReactiveAttackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last WeekFake Microsoft Alerts Used to Deploy North Korean NarwhalRAT MalwareCISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege EscalationCisco Releases Security Updates for Actively Exploited SD-WAN Manager FlawChinese Hackers Abused Google Workspace Rules to Steal Research and Defense EmailsNorth Korean Hackers Are Turning Developer Tools Into Malware Delivery ChannelsLiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway ServersChrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and MoreOne-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA CodesPopular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on SitesThe Onboarding Password Mistake That Creates Unnecessary Risk152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake TrafficPalo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN FlawSniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser AlertsCritical Splunk Enterprise Flaw Lets Attackers Run Code Without AuthenticationU.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign NationalsChina-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a DecadeGoogle Sues Chinese Smishing Network Accused of Using Gemini AI in PhishingOver 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF RootkitOver 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF RootkitRethinking MDR as Attackers and Defenders Embrace AIAgentjacking Attack Tricks AI Coding Agents Into Running Malicious CodeINTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests AdministratorLangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code ExecutionEuropol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware GangsShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach UniversitiesNew GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML FilesNew Attacks Trick OpenClaw AI Agent Into Running Code and Leaking SecretsThe Gentlemen Ransomware Claims 478 Victims, Can Spread Like a WormWorm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New StoriesWinners Announced Across 95 CategoriesAI Broke Vulnerability Management. That’s Why CISOs Are Moving Budget to BAS.OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt AttackGitHub to Disable npm Install Scripts by Default to Stop Supply Chain AttacksCISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active ExploitationUnpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCEChina-Linked JDY Botnet Expands to 1,500+ Devices for Cyber ReconnaissanceIvanti, Fortinet, and SAP Release Patches for Multiple Critical VulnerabilitiesMicrosoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE BugsYour Automated Pentest Looks Clean. See What It Missed in This Expert WebinarAnthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber SafeguardsServiceNow Flaw Exploited to Gain Unauthorized Access to Customer InstancesMicrosoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated WindowsSix Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoSVeeam Backup & Replication RCE Flaw Lets Domain Users Run Remote CodeMeta to Use Off-Site Business Data for Feed and AI Personalization19 Packages Poisoned to Auto-Run Bun Credential StealerMicrosoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe ContinuesChrome V8 Zero-Day CVE-2026-11645 Exploited in the WildResearchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight ModelsWinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in UkraineNew FROST Attack Lets Websites Track What Sites and Apps You Open via SSD TimingThe Hidden Security Risk in Modern Networks: The Work Between ToolsLiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCEOne-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now PublicMeta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt OrderCritical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 SetupsInstagram Account Hacks, Android Zero-Day, GitHub Worm and MoreThe Hardest ForkHow to Reduce Tier 1 OverloadVerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux AppliancesUNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion CampaignVS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain AttacksNew ChatGPT Lockdown Mode Limits Tools That Could Enable Data ExfiltrationMiasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain AttackCISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV CatalogFree Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AIAI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 BugsCisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch AvailableIronWorm and New Miasma Worm Variant Hit npm in Supply Chain AttacksAndroid Spyware Asin Targets Arabic Users via Fake News, PDF and War Map AppsNew Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell FrameworkOnly 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to DeliverHackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over SitesFake Sites, Banking Malware, and Stolen LoginsPCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay NetworkAgentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize ItCisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes PublicClaude Code GitHub Action Flaw Let One Malicious Issue Hijack RepositoriesAI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New StoriesFlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube AdsChina-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South AfricaHackers Spied on a Stock Exchange Executive’s Outlook Mailbox for Five MonthsFake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDSCISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV CatalogDoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets
Chicago 12, Melborne City, USA
Jue. Jun 18th, 2026
Trending News: The Scripts on Your Checkout Page Are Now a PCI DSS ProblemMicrosoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in DevelopmentCrypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal CommentsJunior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went OfflineAdversarial Exposure Validation Turns Security Visibility into Confident PrioritizationThe Top 10 Attack Surface Exposures in 2026Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats144 Mastra npm Packages Compromised via Hijacked Contributor AccountCISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code ExecutionGoogle Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket SquattingClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update LuresNew Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet FundsChina-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth94% of Incidents Involve Anonymized Infrastructure. Teams Are Still ReactiveAttackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last WeekFake Microsoft Alerts Used to Deploy North Korean NarwhalRAT MalwareCISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege EscalationCisco Releases Security Updates for Actively Exploited SD-WAN Manager FlawChinese Hackers Abused Google Workspace Rules to Steal Research and Defense EmailsNorth Korean Hackers Are Turning Developer Tools Into Malware Delivery ChannelsLiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway ServersChrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and MoreOne-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA CodesPopular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on SitesThe Onboarding Password Mistake That Creates Unnecessary Risk152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake TrafficPalo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN FlawSniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser AlertsCritical Splunk Enterprise Flaw Lets Attackers Run Code Without AuthenticationU.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign NationalsChina-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a DecadeGoogle Sues Chinese Smishing Network Accused of Using Gemini AI in PhishingOver 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF RootkitOver 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF RootkitRethinking MDR as Attackers and Defenders Embrace AIAgentjacking Attack Tricks AI Coding Agents Into Running Malicious CodeINTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests AdministratorLangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code ExecutionEuropol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware GangsShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach UniversitiesNew GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML FilesNew Attacks Trick OpenClaw AI Agent Into Running Code and Leaking SecretsThe Gentlemen Ransomware Claims 478 Victims, Can Spread Like a WormWorm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New StoriesWinners Announced Across 95 CategoriesAI Broke Vulnerability Management. That’s Why CISOs Are Moving Budget to BAS.OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt AttackGitHub to Disable npm Install Scripts by Default to Stop Supply Chain AttacksCISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active ExploitationUnpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCEChina-Linked JDY Botnet Expands to 1,500+ Devices for Cyber ReconnaissanceIvanti, Fortinet, and SAP Release Patches for Multiple Critical VulnerabilitiesMicrosoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE BugsYour Automated Pentest Looks Clean. See What It Missed in This Expert WebinarAnthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber SafeguardsServiceNow Flaw Exploited to Gain Unauthorized Access to Customer InstancesMicrosoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated WindowsSix Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoSVeeam Backup & Replication RCE Flaw Lets Domain Users Run Remote CodeMeta to Use Off-Site Business Data for Feed and AI Personalization19 Packages Poisoned to Auto-Run Bun Credential StealerMicrosoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe ContinuesChrome V8 Zero-Day CVE-2026-11645 Exploited in the WildResearchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight ModelsWinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in UkraineNew FROST Attack Lets Websites Track What Sites and Apps You Open via SSD TimingThe Hidden Security Risk in Modern Networks: The Work Between ToolsLiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCEOne-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now PublicMeta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt OrderCritical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 SetupsInstagram Account Hacks, Android Zero-Day, GitHub Worm and MoreThe Hardest ForkHow to Reduce Tier 1 OverloadVerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux AppliancesUNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion CampaignVS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain AttacksNew ChatGPT Lockdown Mode Limits Tools That Could Enable Data ExfiltrationMiasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain AttackCISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV CatalogFree Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AIAI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 BugsCisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch AvailableIronWorm and New Miasma Worm Variant Hit npm in Supply Chain AttacksAndroid Spyware Asin Targets Arabic Users via Fake News, PDF and War Map AppsNew Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell FrameworkOnly 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to DeliverHackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over SitesFake Sites, Banking Malware, and Stolen LoginsPCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay NetworkAgentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize ItCisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes PublicClaude Code GitHub Action Flaw Let One Malicious Issue Hijack RepositoriesAI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New StoriesFlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube AdsChina-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South AfricaHackers Spied on a Stock Exchange Executive’s Outlook Mailbox for Five MonthsFake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDSCISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV CatalogDoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets
Chicago 12, Melborne City, USA

Etiqueta Unpatched

Other Story

Uncategorized

The Scripts on Your Checkout Page Are Now a PCI DSS Problem

The Scripts on Your Checkout Page Are Now a PCI DSS Problem
Uncategorized

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
Uncategorized

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments
Uncategorized

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
Uncategorized

Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization

Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization
Uncategorized

The Top 10 Attack Surface Exposures in 2026

The Top 10 Attack Surface Exposures in 2026