Author: [email protected] (The Hacker News)

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the … Read More “FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads  – The Hacker News” »

A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a “rapid operational tempo” and a continually evolving malware arsenal comprising known families like ValleyRAT (aka Winos 4.0) and Atlas RAT (aka AtlasCross RAT), … Read More “China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa  – The Hacker News” »

Five Eyes warns that Chinese spies are using fake job ads on LinkedIn, Indeed, and Upwork to target military staff and steal sensitive data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google’s DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT. “Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely … Read More “Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT  – The Hacker News” »

Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black’s Threat Hunter Team reported the campaign this … Read More “Hackers Spied on a Stock Exchange Executive’s Outlook Mailbox for Five Months  – The Hacker News” »

Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework. “The sites are well-designed and often look like legitimate project portals at a glance, sometimes referencing  – Read More  – … Read More “Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted  – … Read More “CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog  – The Hacker News” »

The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The “Disruption Week” operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by … Read More “DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets  – The Hacker News” »

Authorities in Europe arrested 29 alleged cybercriminals and took down more than 27,000 illegal streaming URLs that pirated major sporting events, films and TV programming, Europol said Wednesday. The continent-wide collaboration, led by Bulgaria and the European Union’s police agency, allowed authorities to dismantle nine organized crime groups supporting the illicit streaming networks, officials said. … Read More “European authorities crack down on illegal streaming networks  – CyberScoop” »

A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren’t. And when a journalist tried to warn the company, it was lawyers who responded. Meanwhile, a paper from Cornell suggests that prompt injection – the … Read More “Smashing Security podcast #470: This AI security flaw might be impossible to fix  – GRAHAM CLULEY” »

Proofpoint says TA4922, a suspected China aligned cybercrime group, is targeting UK and European organisations with tax, payroll and benefits themed malware campaigns.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Restore data from an iCloud backup without the necessity of resetting your iPhone. Discover proven methods to get back your photos, messages, contacts, and many more things in a very easy way.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases. Tracked as CVE-2026-23479, the flaw was introduced in Redis 7.2.0 and remained in every stable … Read More “Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)  – The Hacker News” »

Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases. Tracked as CVE-2026-23479, the flaw was introduced in Redis 7.2.0 and remained in every stable … Read More “Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)  – The Hacker News” »

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user’s token and get it, then read email, open files, browse the calendar, and send messages as … Read More “Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag  – The Hacker News” »

A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini’s voice assistant on Android and made it open a victim’s connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term memory. No malicious app on the phone is … Read More “WhatsApp, Slack Notifications Could Hijack Google Gemini on Android  – The Hacker News” »

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user’s token and get it, then read email, open files, browse the calendar, and send messages as … Read More “Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag  – The Hacker News” »

Department of Homeland Security Secretary Markwayne Mullin told Congress Wednesday that the Cybersecurity and Infrastructure Security Agency would ideally have 2,800 personnel, up from approximately 2,200 now and down from 3,400 before the second Trump administration began. President Donald Trump has pushed to dramatically reduce personnel numbers at the agency, something that has drawn criticism … Read More “DHS Secretary Markwayne Mullin pinpoints optimal CISA staffing levels  – CyberScoop” »

Alcasec, the “Robin Hood of Spanish Hackers,” is jailed for 31 months after admitting to stealing and selling Spanish citizens’ banking data.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user’s GitHub token. “Just by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones,” security researcher Ammar Askar said. … Read More “One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens  – The Hacker News” »

Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and “patch everything in time” stopped working years ago. Stop betting the org on winning that race. You don’t control which bug lands. You control what it can reach once it does. That is a question about the shape of your … Read More “Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore  – The Hacker News” »

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and beyond the reach of  – Read … Read More “Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)  – The Hacker News” »

Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user’s NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool’s ms-screensketch: URI handler, the newly flagged issue resides in the search: URI handler, per Huntress. CVE-2026-33829 refers to a spoofing vulnerability … Read More “Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes  – The Hacker News” »

Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. “The vulnerable behavior exists in each server’s default HTTP/2 configuration,” the company said, adding it was discovered by OpenAI Codex by chaining  – … Read More “New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare  – The Hacker News” »

Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims’ systems. The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active since January 2026 and impersonates Minecraft clients and mods to infect users. In all, 3820  … Read More “Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content  – The Hacker News” »

Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation. Tracked as CVE-2025-48595 (CVSS score: 8.4), the security flaw has been described as a case of privilege escalation without requiring any … Read More “Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited  – The Hacker News” »

Fake ChatGPT desktop app ads pushed password-stealing malware by abusing trusted AI links, hiding from scanners, and tricking users into downloads.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The vulnerability, CVE-2024-21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access to take control of susceptible servers. It was  – Read … Read More “Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation  – The Hacker News” »

The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then … Read More “Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine  – The Hacker News” »

The Trump administration issued a revised executive order Tuesday focused on artificial intelligence, offering a significantly pared-back vision for the federal government’s role vetting AI systems compared to a draft version that was spiked weeks ago. The order keeps in place the administration’s largely voluntary framework for companies to engage with the federal government around … Read More “Trump administration releases scaled-back AI executive order  – CyberScoop” »

The Pentagon is focusing on integrating cyber into all its operations, and wants to make sure it integrates security into artificial intelligence usage from the outset, the Defense Department’s top cyber policy official said Tuesday. Recent conflicts have made clear how important cyber is, said Katherine Sutton, assistant secretary for cyber policy and principal cyber … Read More “DOD wants to integrate cyber in all operations, and integrate security into AI  – CyberScoop” »

Hackers abused Meta’s AI support bot to hijack major Instagram accounts, bypassing security checks as videos showed the flaw before Meta fixed the issue.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More