Tag: attack
-
Microsoft Attributes Mastra AI Supply Chain Attack to North Korea
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mastra-ai-supply-chain-attack/
-
FortiBleed Campaign Targets FortiGate Devices to Harvest VPN and Admin Credentials
Tags: advisory, attack, authentication, credentials, cyber, data-breach, exploit, fortinet, threat, vpnFortinet has issued a security warning about ongoing credential-harvesting attacks targeting FortiGate devices in a campaign known as “FortiBleed.” Threat actors are exploiting weak authentication practices rather than any newly disclosed vulnerabilities. A PSIRT advisory released on June 19, 2026, by Carl Windsor indicates that the attackers are reusing previously exposed credentials from earlier incidents,…
-
AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network
A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up in. QiAnXin’s XLab calls it AryStinger and counts at least 4,300 infected routers, a total it says is still rising.The distinction matters. AryStinger exists for the stage of an attack…
-
Massive GitHub Attack Injects Malware into 10,000 Compromised Repositories
A large-scale malware distribution campaign utilizing GitHub repositories has been uncovered. This coordinated effort weaponized over 10,000 repositories to deliver Trojanized payloads. The activity was first identified on June 18, 2026, and highlights significant gaps in automated detection and monitoring of repositories on one of the world’s most widely used developer platforms. Massive GitHub Attack…
-
GlassWorm Uses Blockchain-Based C2 and Invisible Unicode to Steal Developer Secrets
A trio of coordinated campaigns a JetBrains fake AI assistant campaign, the GlassWorm self”‘propagating worm, and the compromised Nx Console Visual Studio Code extension made clear that IDE plugin ecosystems are now a primary attack surface for AI credential theft. Attackers have shifted from opportunistic phishing to targeted supply”‘chain techniques that exploit the broad privileges…
-
Fortinet Warns of Active FortiBleed Credential Theft Attacks on FortiGate Devices
Tags: advisory, attack, authentication, credentials, cyber, data-breach, exploit, fortinet, theft, threatFortinet has issued a security warning about ongoing credential-harvesting attacks targeting FortiGate devices in a campaign known as “FortiBleed.” Threat actors are exploiting weak authentication practices rather than any newly disclosed vulnerabilities. A PSIRT advisory released on June 19, 2026, by Carl Windsor indicates that the attackers are reusing previously exposed credentials from earlier incidents,…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 102
Tags: ai, android, attack, china, cyber, defense, intelligence, international, malware, supply-chain, threatSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter OptinMonster supply chain attack hits 1.2 million sites Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research Rokarolla : Android Banker with Complete Device…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 102
Tags: ai, android, attack, china, cyber, defense, intelligence, international, malware, supply-chain, threatSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter OptinMonster supply chain attack hits 1.2 million sites Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research Rokarolla : Android Banker with Complete Device…
-
Week in review: 74k Fortinet firewall credentials stolen, Splunk Enterprise RCE under active attack
Tags: attack, backdoor, breach, credentials, firewall, fortinet, Hardware, network, rce, remote-code-execution, WeeklyReviewHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: A hardware neural network backdoor that hides in plain sight Deep learning … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/21/week-in-review-74k-fortinet-firewall-credentials-stolen-splunk-enterprise-rce-under-active-attack/
-
Microsoft links Mastra AI supply chain attack to North Korean hackers
Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/
-
FortiBleed Exposes Global Credential-Spraying Operation
FortiBleed exposed a massive campaign that made billions of login attempts against Fortinet VPNs, compromising organizations worldwide. FortiBleed wasn’t a targeted hack. It was a factory. A multi-operator crew ran an industrial-scale attack against Fortinet FortiGate SSL VPN devices worldwide, and security researcher Volodymyr >>Bob<< Diachenko of SecurityDiscovery.com caught them only because they left their…
-
FortiBleed Exposes Global Credential-Spraying Operation
FortiBleed exposed a massive campaign that made billions of login attempts against Fortinet VPNs, compromising organizations worldwide. FortiBleed wasn’t a targeted hack. It was a factory. A multi-operator crew ran an industrial-scale attack against Fortinet FortiGate SSL VPN devices worldwide, and security researcher Volodymyr >>Bob<< Diachenko of SecurityDiscovery.com caught them only because they left their…
-
AutoJack Exploit Chain Hits Microsoft AutoGen Studio With Zero-Click RCE Attack
A critical exploit chain dubbed AutoJack that allows a single malicious web page to hijack Microsoft’s AutoGen Studio browsing agent and silently execute arbitrary code on the host machine, requiring no user interaction beyond submitting a URL. AutoJack targets AutoGen Studio, Microsoft Research’s open-source prototyping UI for multi-agent AI systems. The technique weaponizes the agent’s built-in web-browsing capabilities…
-
Klue OAuth breach victim list grows as Icarus hackers claim attack
Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers’ Salesforce environments, as the new “Icarus” extortion group publicly claims the attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/klue-oauth-breach-victim-list-grows-as-icarus-hackers-claim-attack/
-
HIPAA’s No Joke: Gag Gift Firm’s Health Plan Pays $450K Fine
Investigation of Spencer’s Gifts Ransomware Breach Unearths Data Privacy Violations. The employer-sponsored health plan of novelty merchandise retailer Spencer Gift has paid a $450,000 HIPAA penalty and agreed to implement a corrective action plan to resolve findings of a federal breach investigation into a 2021 attack by now-defunct ransomware gang Conti. First seen on govinfosecurity.com…
-
CVE-2026-48907 and LiteSpeed cPanel Plugin Flaws Come Under Active Attack
Security researchers and software vendors warn that attackers are actively exploiting vulnerabilities in both Joomla and the LiteSpeed cPanel plugin, posing significant risks to website administrators and shared hosting environments. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2026-48907-joomla-jce-litespeed-cpanel/
-
eFAQ Publishes Investigation Into Alleged Scam Activity and Coordinated Reputation Attacks
New York, USA, 19th June 2026, CyberNewswire First seen on hackread.com Jump to article: hackread.com/efaq-publishes-investigation-into-alleged-scam-activity-and-coordinated-reputation-attacks/
-
Experts Warn of ‘Mismatch’ in US Response to OT Hacking
Cross Sector Dependencies in OT Hinders Attack Response. A cyberattack of any significant scale against operational technology in America’s vital infrastructure and services would almost immediately overwhelm the online and offline resources available to responders, experts said this week. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/experts-warn-mismatch-in-us-response-to-ot-hacking-a-32026
-
Cybercrime Initial Access Service SocGholish Disrupted
Police Seize Evil Corp-Tied Group’s Servers, Clean Subverted WordPress Sites. Long-running initial access service provider SocGholish, tied to Russian cybercrime stalwart Evil Corp, has been disrupted by law enforcement, which seized 106 botnet servers and cleaned 15,000 legitimate WordPress sites subverted by the group to launch ClickFix attacks pushing malware downloaders. First seen on govinfosecurity.com…
-
Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)
CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/19/splunk-vulnerability-cve-2026-20253-exploited/
-
Webinar: How attackers bypass MFA and how defenders can respond
Modern phishing attacks, including Device Code phishing, can undermine MFA protections and grant attackers access to corporate accounts without stealing passwords. This webinar explores how behavioral AI can help security teams detect compromised accounts faster and automate response workflows. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webinar-how-attackers-bypass-mfa-and-how-defenders-can-respond/
-
eFAQ Publishes Investigation Into Alleged Scam Activity and Coordinated Reputation Attacks
New York, USA, June 19th, 2026, CyberNewswire eFAQ has published a documented investigation into a coordinated reputation attack campaign aimed at influencing brand perception in search results and how AI assistants surface and summarize information. The campaign followed a recognizable pattern. Dozens of accounts, most created days before publishing and most deleted shortly after […]…
-
Critical WordPress Plugin Bug Could Allow File Deletion Attacks on 1 Million Sites
A serious security vulnerability has been uncovered in the widely used Avada (Fusion) Builder WordPress plugin. This flaw could enable unauthenticated attackers to delete arbitrary files and potentially compromise entire websites across more than one million installations. Identified as CVE-2026-8713 and assigned a CVSS score of 9.1, the vulnerability affects all plugin versions up to…
-
SmartApeSG Hackers Abuse Okendo Reviews Widget in E-Commerce Supply Chain Attack
A supply-chain style compromise in the Okendo Reviews widget that enabled the SmartApeSG threat actor to deliver staged JavaScript loaders across a wide e-commerce surface. Okendo’s client-facing review widget is deployed by more than 18,000 brands and commonly appears on high-visibility pages homepages, product pages, and review submission screens so the injected code produced downstream…
-
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution.Steer the agent to load an attacker’s web page, and that page’s JavaScript can reach a privileged local service on the same machine and spawn a process on the host.No credentials, no sign-in…
-
Agentjacking attack exploits AI coding tools with fake error reports
First seen on scworld.com Jump to article: www.scworld.com/brief/agentjacking-attack-exploits-ai-coding-tools-with-fake-error-reports
-
Multimillion-Dollar Settlement Reached in MCNA Dental Hack
2023 LockBit Attack Affected Nearly 9M People, Including Children. MCNA Dental, one of the largest providers of U.S. government-sponsored dental benefits to children, has agreed to a proposed multimillion dollar settlement to resolve class action claims stemming from a 2023 LockBit ransomware attack and data theft that affected nearly 9 million people. First seen on…
-
Breach Roundup: ShinyHunters Leaks 26M MSG Records
Tags: attack, breach, cisa, cybersecurity, data, data-breach, email, leak, linux, ransomware, russia, supply-chainAlso, Arch Linux Attack, Estonia Quarantines Russian Emails, Joomla Flaw. This week, ShinyHunters leaked alleged Madison Square Garden data, a U.S. senator pressed CISA on regional staffing cuts, an Arch Linux supply-chain attack, Mackay Sugar began recovery from a ransomware attack, Novo Nordisk faced dueling breach claims – and more compelling cybersecurity news. First seen…
-
Operation Endgame Disrupts SocGholish Malware Network Tied to Ransomware Attacks
Operation Endgame disrupted the SocGholish malware network, taking down more than 100 servers and domains. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/operation-endgame-disrupts-socgholish-malware-network-tied-to-ransomware-attacks/
-
Hostile states launched nearly 200 attacks on UK infrastructure in 12 months, says NCSC chief
Hackers will use AI-enabled cyber capabilities to exploit known vulnerabilities in legacy technology at scale by 2028, says National Cyber Security Centre CEO Richard Horne First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644872/Hostile-states-launched-200-attacks-on-UK-infrastructure-in-five-months-says-NCSC-chief