Collecting Cyber-News from over 60 sources

Tag: access

Attackers obtained encrypted password vaults from some Dashlane user accounts

Jun 5, 2026 2:42 PM

Tags: access, attack, password, threat

Dashlane has disclosed new details about a brute-force attack that let a threat actor access some customer accounts and copy encrypted vaults. Dashlane said it found no … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/05/dashlane-brute-force-attack-vaults-customer-accounts/
Chinese APT VerdantBamboo Targets Appliances with BRICKSTORM Malware

Jun 5, 2026 8:42 AM

Tags: access, apt, china, cyber, incident response, linux, malware, network

BRICKSTORM is a modular remote access trojan (RAT) originally seen in Golang and later in Rust. It uses a wssoft library with pluggable “tasks” for shell commands, a Socks5 proxy, and a simple web server for file listing. An incident response engagement that began after suspicious network traffic was observed from a Linux-based virtual machine…
Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It

Jun 4, 2026 7:43 PM

Tags: access, ai, cybersecurity, defense, group, infrastructure, network, unauthorized

Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic’s Claude Mythos model was made available to a limited set of organizations as a technical preview, it was reported that an unauthorized group claimed that it had gained access…
Chinese spies are using LinkedIn to lure Westerners into sharing sensitive information

Jun 4, 2026 5:42 PM

Tags: access, advisory, china, jobs, linkedin

The advisory warns that Chinese spies are using public job search platforms to recruit people with access to non-public information. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/04/chinese-spies-are-using-linkedin-to-lure-westerners-into-sharing-sensitive-information/
Five Eyes warn Chinese spies are using job sites to recruit insiders

Jun 4, 2026 4:42 PM

Tags: access, china, government, intelligence, jobs, military

The alert warned that Chinese intelligence officers are posing as recruiters and consultants for front companies based outside China in order to target Five Eyes government and military personnel “and anyone with access to classified or privileged information.” First seen on therecord.media Jump to article: therecord.media/five-eyes-warns-chinese-spies-are-using-job-sites-to-recruit-insiders
OAuth marketplace apps keep access after publishers vanish

Jun 4, 2026 2:42 PM

Tags: access, email, github, google, marketplace

Installing an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/04/oauth-marketplace-apps-audit/
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets

Jun 4, 2026 1:42 PM

Tags: access, detection, exploit, flaw, malware, spy, threat, ukraine, vulnerability, windows

Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Telegram. Sekoia’s Threat Detection & Research team dropped a YARA rule in late December 2025 to hunt for new initial access vectors, and by January 2026 it had already generated a dozen…
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets

Jun 4, 2026 1:42 PM

Tags: access, detection, exploit, flaw, malware, spy, threat, ukraine, vulnerability, windows

Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Telegram. Sekoia’s Threat Detection & Research team dropped a YARA rule in late December 2025 to hunt for new initial access vectors, and by January 2026 it had already generated a dozen…
Stock Exchange Executive’s Outlook Targeted in Credential Theft Attack

Jun 4, 2026 12:42 PM

Tags: access, attack, credentials, cyber, email, espionage, microsoft, theft

A prolonged and highly targeted espionage campaign has been uncovered involving the compromise of a senior executive’s Microsoft Outlook account at a major global stock exchange, highlighting the strategic value of executive-level email access in modern cyber operations. The activity, which persisted for approximately five months between October 2025 and March 2026, demonstrates a disciplined…
JINX-0164 Targets Crypto Firms With macOS Malware

Jun 4, 2026 10:42 AM

Tags: access, crypto, cyber, endpoint, group, macOS, malware, social-engineering, software, threat

A series of targeted intrusions against cryptocurrency organizations, attributing the activity to a newly identified threat actor tracked as JINX-0164. The campaign combines advanced social engineering, custom macOS malware, and deep access into development and CI/CD environments, enabling attackers to pivot from individual developer endpoints to critical software distribution systems. The group primarily targets developers…
DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

Jun 4, 2026 9:42 AM

Tags: access, crypto, cyber, email, fraud, government, Internet, network

The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans.The “Disruption Week” operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by transnational…
Anthropic grants Mythos access to 150 more organizations, plans wider release

Jun 4, 2026 5:44 AM

Tags: access

First seen on scworld.com Jump to article: www.scworld.com/news/anthropic-grants-mythos-access-to-150-more-organizations-plans-wider-release
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

Jun 3, 2026 11:43 PM

Tags: access, cybersecurity, detection, google, infrastructure, rat, tool

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google’s DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT.”Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely to…
Instagram is alerting users who were targeted by hackers during AI chatbot attacks

Jun 3, 2026 6:42 PM

Tags: access, ai, attack, hacker

Hackers appeared to take over victims’ accounts even after Meta said it fixed its AI-powered support chatbot, which granted hackers access to victims’ accounts. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/03/instagram-is-alerting-users-who-were-targeted-by-hackers-during-ai-chatbot-attacks/
Malware campaign targeting Minecraft users infects over 116,000 systems

Jun 3, 2026 3:42 PM

Tags: access, malware, service, threat

A Malware-as-a-Service (MaaS) operation named WeedHack is targeting Minecraft users and allows threat actors to gain remote access to victims’ screens, webcams, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/03/weedhack-minecraft-malware-campaign/
Zscaler und Alstom Ein Jahrzehnt gemeinsamer Zero-Trust-Transformation

Jun 3, 2026 2:42 PM

Tags: access, ai, infrastructure, network, zero-trust

Zscaler baut die Partnerschaft mit Alstom aus, einem weltweit führenden Unternehmen für intelligente und nachhaltige Mobilität. Aufbauend auf einer zehnjährigen Zusammenarbeit hat Alstom mit Zscaler den Übergang von perimeterbasierter Sicherheit zu einem einheitlichen Zero-Trust-Network-Access (ZTNA)-Ansatz vollzogen. Dieser Wandel hat die komplexe Legacy-Infrastruktur reduziert und den Cyberschutz gestärkt, um sich wandelnden Geschäftsanforderungen und einer KI-gestützten Bedrohungslandschaft…
Ivanti ITSM Flaw Could Allow Attackers to Escalate to Admin Access

Jun 3, 2026 1:42 PM

Tags: access, cloud, control, cve, cvss, cyber, flaw, ivanti, vulnerability

Ivanti has patched a high-severity vulnerability in its Ivanti Neurons for ITSM platform that could allow authenticated attackers to escalate privileges and gain full administrative access to affected systems. Tracked as CVE-2026-9614, the flaw is classified as an improper access control issue (CWE-284) and carries a CVSS score of 8.8. The vulnerability affects both cloud…
Anthropic Expands Mythos Access to 150 More Organizations

Jun 3, 2026 12:43 PM

Tags: access, update

Anthropic widens Project Glasswing access to 150 more firms as patching becomes the bottleneck First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/anthropic-glasswing-expansion/
1-Click GitHub Vulnerability Enables OAuth Token Theft

Jun 3, 2026 9:42 AM

Tags: access, cyber, exploit, flaw, github, malicious, theft, vulnerability

A newly disclosed vulnerability in GitHub’s browser-based editor, GitHub.dev, allows attackers to steal powerful OAuth tokens with just a single click, giving them read and write access to private repositories. The flaw exploits how Visual Studio Code (VSCode) webviews handle keyboard events and message passing, enabling a malicious repository to execute attacker-controlled actions inside the…
Agent Threat Rules: Open detection rule format for AI agent security threats

Jun 3, 2026 7:42 AM

Tags: access, ai, detection, framework, injection, threat, tool

AI agents run inside coding assistants, MCP servers, and multi-agent frameworks, and the access that makes them useful also opens paths to prompt injection, tool poisoning, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/03/agent-threat-rules-ai-detection/
Project Glasswing Grows as Anthropic Extends Claude Mythos Preview Program

Jun 3, 2026 7:42 AM

Tags: access, ai, cyber, intelligence, software

Anthropic has expanded its Project Glasswing initiative, significantly scaling access to its Claude Mythos Preview model as part of a broader effort to strengthen global software security. The program, first launched in April 2026 with around 50 organizations, has now grown to include approximately 200 partners worldwide, marking a major shift in how artificial intelligence…
ConnectSecure, TD SYNNEX expand cybersecurity access for MSPs and resellers

Jun 3, 2026 5:42 AM

Tags: access, cybersecurity, msp

First seen on scworld.com Jump to article: www.scworld.com/brief/connectsecure-td-synnex-expand-cybersecurity-access-for-msps-and-resellers
Veeam’s new DataAI Command Platform connects data, access, identities, and AI

Jun 3, 2026 5:42 AM

Tags: access, ai, data, veeam

First seen on scworld.com Jump to article: www.scworld.com/news/veeams-new-dataai-command-platform-connects-data-access-identities-and-ai
Anthropic Expands Mythos to Global Critical Infrastructure

Jun 3, 2026 5:42 AM

Tags: access, cyber, cybersecurity, defense, healthcare, infrastructure

Project Glasswing Expansion Reaches Power, Healthcare, Telecom and Water Operators. Anthropic expanded Project Glasswing to 150 additional organizations across more than 15 countries, granting critical infrastructure operators, NATO and cybersecurity agencies controlled access to Claude Mythos Preview as the company seeks broader cyber defense coverage while limiting misuse risks. First seen on govinfosecurity.com Jump to…
TCS and Mistral AI Sign Strategic Partnership

Jun 2, 2026 11:42 PM

Tags: access, ai, india, service

TCS to Build and Deploy Custom AI Models Using Mistral Forge. Tata Consultancy Services struck a strategic partnership with Mistral AI, making it the first global systems integrator to deliver Mistral Forge to enterprise clients, the Indian and French companies announced this week. The deal hands TCS access to Paris-based Mistral’s frontier models. First seen…
TCS and Mistral AI Sign Strategic Partnership

Jun 2, 2026 11:42 PM

Tags: access, ai, india, service

TCS to Build and Deploy Custom AI Models Using Mistral Forge. Tata Consultancy Services struck a strategic partnership with Mistral AI, making it the first global systems integrator to deliver Mistral Forge to enterprise clients, the Indian and French companies announced this week. The deal hands TCS access to Paris-based Mistral’s frontier models. First seen…
Securing AI Agents Before They Go Rogue Is Next to Impossible

Jun 2, 2026 10:42 PM

Tags: access, ai

High-autonomy agents with broad permissions and unfettered access are a recipe for disaster, and enterprises need to act now before they become the next horror story. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/securing-ai-agents-rogue
White House unveils pared-back AI executive order

Jun 2, 2026 9:42 PM

Tags: access, ai, cybersecurity, risk

The order notes that federal access to the models should be subject to “appropriate confidentiality, cybersecurity, insider-risk, and intellectual-property protection, use, and nondisclosure requirements.” First seen on therecord.media Jump to article: therecord.media/white-house-unveils-ai-executive-order
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

Jun 2, 2026 9:42 PM

Tags: access, control, cve, cybersecurity, exploit, flaw, infrastructure, kev, network, oracle, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.The vulnerability, CVE-2024-21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access to take control of susceptible servers. It was First seen on…
Trump signs EO seeking early government access to powerful AI models

Jun 2, 2026 8:42 PM

Tags: access, ai, government

The directive represents an about-face for an administration that previously repudiated government AI reviews. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/trump-ai-security-executive-order/821755/