Cybersecurity News from Across the Internet
Threat actors are deploying an updated SHub Stealer variant named Reaper that exploits the native macOS Script Editor to bypass OS-level protections and compromise cryptocurrency assets. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Microsoft reopened some wounds and has reignited debate over the past couple weeks about vulnerability disclosure and the sometimes adversarial dynamic it creates between security researchers and vendors. The latest controversy ensued when Microsoft threatened criminal legal action against a security researcher who publicly disclosed a series of zero-day vulnerabilities with proof-of-concept exploits. Microsoft insisted … Read More “Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away – CyberScoop” »
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco’s PSIRT says it has not seen the flaw used in attacks yet. The PoC … Read More “Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public – The Hacker News” »
A vulnerability has been discovered in Cisco products that could allow for Server-Side Request Forgery. Cisco Unified Communications Manager (Unified CM) / Cisco Unified Communications Manager Session Management Edition (Unified CM SME) is Cisco’s central, software-based call control and session management platform for enterprise communication. Successful exploitation of this vulnerability could allow for Server-Side Request … Read More “A Vulnerability in Cisco Products Could Allow for Server-Side Request Forgery – Cyber Security Advisories – MS-ISAC” »
Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework. ReliaQuest has assessed with moderate to high confidence that the espionage-focused activity is linked to China. “OP-512 was highly likely conducting espionage through a – Read … Read More “New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework – The Hacker News” »
Eighteen months ago, the AI SOC was a marketing line. Today it’s a budget item. The category has crossed over from interesting to inevitable, with billions of dollars now flowing into AI-powered security operations platforms, agentic SOC tools, and AI co-pilots built into every layer of the security stack. The data shows SOCs are buying, … Read More “Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver – The Hacker News” »
The OWASP agentic AI security framework helps organizations assess governance maturity vs adoption and adjust governance as needed – Read More –
Lloyds Banking Group shared its approach for securing agentic AI workflows, with a mix of hands on experimentation and cross functional governance – Read More –
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, … Read More “Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites – The Hacker News” »
Ox Security field CTO, Boaz Barzel, makes the case for vibe security to tackle AI agent coding risks – Read More –
A perfect storm of legacy devices, hyper connectivity and human fatigue is bad news for the healthcare sector, warns Cyber Salus – Read More –
Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff. Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming apps, and at least one operation that copies FIFA’s login page well enough to take … Read More “FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins – The Hacker News” »
The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. “Compromised business servers across the U.S., Europe, and Asia were quietly converted into SMTP proxies, verified for mail relay capability, and synced to a downstream consumer … Read More “PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network – The Hacker News” »
Posted by Matteo Beccati on Jun 04 ======================================================================== Revive Adserver Security Advisory REVIVE-SA-2026-002 ———————————————————————— https://www.revive-adserver.com/security/revive-sa-2026-002 ———————————————————————— Date: 2026-06-03 Risk Level: Medium to High Applications affected: Revive Adserver Versions… – Read More – Full Disclosure
House Democrats criticized a draft Republican Department of Homeland Security spending bill Thursday that they said would cut funding for the Cybersecurity and Infrastructure Security Agency by $250 million. Republicans said the bill provides $2.4 billion for CISA, and that among its focuses are “improving cybersecurity resilience,” in the words of House Appropriations Chairman Tom … Read More “Hill Dems hammer GOP for $250M CISA budget cut – CyberScoop” »
Hackers have been hijacking Instagram accounts at scale by exploiting Meta’s AI support chatbot. And, as if that weren’t bad enough, the technique required no technical skill whatsoever. Read more in my article on the Fortra blog. – Read More – GRAHAM CLULEY
Government agencies, cybersecurity companies and threat researchers are pouring resources into studying how fast-developing AI tools can be wielded by malicious actors to hack into victim organizations. But as agentic AI becomes more embedded in business infrastructure, there’s also a high possibility that a breach could be caused by an insider guiding the tool, whether … Read More “Your AI agent could become your biggest insider threat – CyberScoop” »
Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic’s Claude Mythos model was made available to a limited set of organizations as a technical preview, it was reported that an unauthorized group claimed that it had gained access … Read More “Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It – The Hacker News” »
Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic’s Claude Mythos model was made available to a limited set of organizations as a technical preview, it was reported that an unauthorized group claimed that it had gained access … Read More “Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It – The Hacker News” »
iFood confirms a data breach affecting 1.2 million customers in Brazil, while hackers on BreachForums claim the actual theft is much larger. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Critical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accounts – Read More –
North Korean Lazarus Group targets npm developers with brandjacking packages that mimic trusted tools, drop malware and put credentials at risk. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great. Read the whole … Read More “ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories – The Hacker News” »
Troy West was in Warsaw when his dinner was interrupted by his phone. But he was happy about it. West, associate director of cybersecurity for autonomous offensive security company XBOW, had just learned that a trial version of the company’s platform had found a vulnerability that led to a full takedown of a development environment … Read More “Inside the race to adapt to an AI-powered security world – CyberScoop” »
From SIM swap protection to remote provisioning, eSIMs are quickly replacing physical SIM cards. Here’s why the shift matters for security and convenience. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
A security researcher found a flaw in Anthropic’s Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic’s own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto … Read More “Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories – The Hacker News” »
Microsoft Detection and Response Team (DART) details how it has uncovered malicious AI applications as cyber criminals manipulate organizations adopting AI tools – Read More –
Newly named Chinese-speaking actor TA4922 expands from East Asia into Europe and Africa – Read More –
Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the … Read More “FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads – The Hacker News” »
A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a “rapid operational tempo” and a continually evolving malware arsenal comprising known families like ValleyRAT (aka Winos 4.0) and Atlas RAT (aka AtlasCross RAT), … Read More “China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa – The Hacker News” »
Proton uses machine learning models to detect abuse of its services – especially email addresses used by cybercriminals – Read More –
A Bugcrowd researcher has unveiled ExploitBench, an independent benchmark of AI models for vulnerability exploitation – Read More –
Five Eyes warns that Chinese spies are using fake job ads on LinkedIn, Indeed, and Upwork to target military staff and steal sensitive data. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google’s DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT. “Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely … Read More “Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT – The Hacker News” »
Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black’s Threat Hunter Team reported the campaign this … Read More “Hackers Spied on a Stock Exchange Executive’s Outlook Mailbox for Five Months – The Hacker News” »
Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework. “The sites are well-designed and often look like legitimate project portals at a glance, sometimes referencing – Read More – … Read More “Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS – The Hacker News” »
Cybersecurity and business leaders with experience of dealing with major incidents from within the NCSC and at JLR detail what you need to prioritize if your organization is hit by a cyber-attack – Read More –
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted – … Read More “CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog – The Hacker News” »
Former Ukrainian foreign minister, Dmytro Kuleba, urges Infosecurity Europe attendees to fight the good fight – Read More –
Attackers are compromising open-source packages to spread malware. Cyber defenders are asked to review dependencies to reduce risks – Read More – All Feed
Forescout VP of security intelligence, Rik Ferguson, warns that Q-day is fast approaching – Read More –
The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The “Disruption Week” operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by … Read More “DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets – The Hacker News” »
The phrase “quantum readiness” has entered the enterprise security vocabulary fast, faster, in most cases, than a clear understanding… The post Quantum Readiness Explained: What It Actually Means for Enterprises appeared first on JISA Softech Pvt Ltd. – Read More – JISA Softech Pvt Ltd
Authorities in Europe arrested 29 alleged cybercriminals and took down more than 27,000 illegal streaming URLs that pirated major sporting events, films and TV programming, Europol said Wednesday. The continent-wide collaboration, led by Bulgaria and the European Union’s police agency, allowed authorities to dismantle nine organized crime groups supporting the illicit streaming networks, officials said. … Read More “European authorities crack down on illegal streaming networks – CyberScoop” »
A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren’t. And when a journalist tried to warn the company, it was lawyers who responded. Meanwhile, a paper from Cornell suggests that prompt injection – the … Read More “Smashing Security podcast #470: This AI security flaw might be impossible to fix – GRAHAM CLULEY” »
Proofpoint says TA4922, a suspected China aligned cybercrime group, is targeting UK and European organisations with tax, payroll and benefits themed malware campaigns. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Restore data from an iCloud backup without the necessity of resetting your iPhone. Discover proven methods to get back your photos, messages, contacts, and many more things in a very easy way. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases. Tracked as CVE-2026-23479, the flaw was introduced in Redis 7.2.0 and remained in every stable … Read More “Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479) – The Hacker News” »
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases. Tracked as CVE-2026-23479, the flaw was introduced in Redis 7.2.0 and remained in every stable … Read More “Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479) – The Hacker News” »
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user’s token and get it, then read email, open files, browse the calendar, and send messages as … Read More “Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag – The Hacker News” »
![[REVIVE-SA-2026-002] Revive Adserver Vulnerabilities – Full Disclosure](https://attackfeed.com/wp-content/uploads/2026/06/fulldisclosure-img-tPlr7M.png "[REVIVE-SA-2026-002] Revive Adserver Vulnerabilities")
