Tag: attack
-
Windows version of SprySOCKS Linux malware used to attack govt orgs
Windows variants for the SprySOCKS Linux malware have been used in attacks targeting government organizations in at least four countries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/windows-version-of-sprysocks-linux-malware-used-to-attack-govt-orgs/
-
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT.”The attack email contained a message impersonating an MS account security alert,” the Genians Security Center (GSC) said. “It was designed to create concern over possible First seen on…
-
OptinMonster Plugin Vulnerability Exposes 1.2 Million WordPress Sites to Cyberattacks
A large-scale supply chain attack targeting the popular OptinMonster WordPress plugin has exposed more than 1.2 million websites to active compromise. The campaign also affects the TrustPulse and PushEngage plugins, both developed by Awesome Motive, significantly amplifying the attack surface across millions of WordPress deployments. The attackers tampered with legitimate JavaScript files delivered via Awesome…
-
Microsoft 365 Copilot Vulnerability Exposes Sensitive Data Through One-Click Attack
Microsoft 365 Copilot has been found vulnerable to a critical one-click data exfiltration attack chain dubbed “SearchLeak,” exposing sensitive enterprise data through a combination of AI-specific and traditional web vulnerabilities. Discovered by Varonis Threat Labs, the flaw, tracked as CVE-2026-42824 and rated critical, demonstrates how modern AI integrations can unintentionally expand attack surfaces by linking…
-
Copilot ‘SearchLeak’ Attack Allows 1-Click Data Theft
The critical, three-stage attack is now patched, but it’s part of a new group of AI prompt-injection issues that use hidden URLs and other variables. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/copilot-searchleak-attack-1-click-data-theft
-
OptinMonster WordPress plugin hacked in CDN supply-chain attack
WordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive-s content distribution network (CDN). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/optinmonster-wordpress-plugin-hacked-in-cdn-supply-chain-attack/
-
Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks
Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-fixes-sd-wan-vmanage-flaw-exploited-in-zero-day-attacks/
-
Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security Risks
How the Anubis ransomware group stole and leaked an Italian Adriatic port authority’s data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/anubis-ransomware-adriatic-port/
-
Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security Risks
How the Anubis ransomware group stole and leaked an Italian Adriatic port authority’s data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/anubis-ransomware-adriatic-port/
-
New attack turned Microsoft 365 Copilot into 1-click data theft tool
A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target’s mailbox, OneDrive, or SharePoint account through a specially crafted URL. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool/
-
Infinite Campus data breach affects 137,000 school staff accounts
The ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/infinite-campus-data-breach-affects-137-000-school-staff-accounts/
-
Webinar: How behavioral AI stops phishing and account takeovers
Modern phishing, BEC, and account takeover attacks increasingly bypass traditional email defenses and create operational strain for security teams. This webinar explores how behavioral AI can help automate detection, investigation, and remediation to reduce alert fatigue and accelerate response times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webinar-how-behavioral-ai-stops-phishing-and-account-takeovers/
-
Supply Chain Attack Hits Popular WordPress Plugins Through Awesome Motive CDN
Attackers compromised Awesome Motive CDN files, backdooring WordPress sites running OptinMonster, TrustPulse, and PushEngage. Sansec researchers discovered an active supply chain attack hitting WordPress sites running OptinMonster, TrustPulse, and PushEngage, three plugins operated by Awesome Motive, one of the largest WordPress plugin companies in the world. The malicious JavaScript wasn’t sitting on any victim’s server.…
-
Russia-Aligned Hackers Exploit Old WinRAR Vulnerability to Target Ukrainian Organizations
CVE-2025-8088, a WinRAR path traversal vulnerability patched in July 2025, remains a potent initial access vector for multiple intrusion sets targeting Ukraine. Analysis of attacks through April 2026 shows at least two distinct campaigns exploiting this vulnerability: a compiled-stealer chain attributed to an intrusion set we temporarily label SHADOW-EARTH-066 (tracked by CERT”‘UA as UAC”‘0226) and…
-
Open-source CI/CD abuse detector guards against stolen credential attacks
CI/CD Abuse Detector is an open-source project that uses a large language model to flag suspicious changes to continuous integration and continuous deployment pipelines, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/15/ci-cd-abuse-detector-open-source/
-
Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface Management
Torrance, United States / California, June 11th, 2026, CyberNewswire Criminal IP by AI SPERA, a cyber threat intelligence platform delivering decision-ready intelligence and attack surface visibility to security teams worldwide, participated in Infosecurity Europe 2026 at ExCeL London this week, marking the company’s second consecutive appearance at Europe’s leading cybersecurity event. Alongside live demonstrations of…
-
Week in review: Exploited Check Point VPN zero-day, Oracle PeopleSoft servers under attack
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: DockSec: Open-source AI-powered Docker security scanner DockSec is an OWASP … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/14/week-in-review-exploited-check-point-vpn-zero-day-oracle-peoplesoft-servers-under-attack/
-
Ukrainian Extradited from Ireland Pleads Guilty Over Role in Conti Ransomware Scheme
Ukrainian national Oleksii Lytvynenko pleaded guilty in the U.S. for his role in Conti ransomware attacks targeting victims worldwide. Oleksii Oleksiyovych Lytvynenko (44), a Ukrainian national extradited from Ireland to the U.S., has pleaded guilty to conspiracy to commit wire fraud for his involvement in the Conti ransomware operation. Prosecutors said he helped conduct attacks…
-
Extradited Ukrainian Man Admits Role in Conti Ransomware Attacks
Ukrainian national Oleksii Lytvynenko has pleaded guilty in the US to wire fraud conspiracy linked to Conti ransomware, which hit more than 1,000 victims and generated at least $150 million in ransom payments. First seen on hackread.com Jump to article: hackread.com/extradited-ukrainian-admits-conti-ransomware-attacks/
-
New Agentjacking Attack Hijacks AI Coding Agents to Execute Malicious Code
A newly disclosed Agentjacking attack class can silently weaponize AI coding agents against the very developers who rely on them, requiring no phishing, no server compromise, and no user interaction beyond a developer’s normal workflow of asking their AI assistant to investigate errors. Tenet Security’s Threat Labs developed and validated the technique, demonstrating how a…
-
ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw
Oracle still hasn’t patched the vulnerability the group has been using in its attacks since late May. First seen on cyberscoop.com Jump to article: cyberscoop.com/oracle-peoplesoft-zero-day-vulnerability-shinyhunters-extortion/
-
ShinyHunters Target Universities in Oracle PeopleSoft Zero-Day Attack
Google says ShinyHunters exploited Oracle PeopleSoft zero-day to steal data from 100+ organisations, with universities making up most victims. First seen on hackread.com Jump to article: hackread.com/shinyhunters-universities-oracle-peoplesoft-zero-day-attack/
-
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/
-
GitHub to Update npm to Thwart Software Supply Chain Attacks
NPM, part of GitHub, announced a new version of the npm package manager with several security improvements, including disabling install scripts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/github-update-npm-supply-chain/
-
GitHub to Update npm to Thwart Software Supply Chain Attacks
NPM, part of GitHub, announced a new version of the npm package manager with several security improvements, including disabling install scripts First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/github-update-npm-supply-chain/
-
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines.Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted using Sentry, an open-source error-tracking and performance-monitoring platform.”The attack First…
-
The Anubis Ransomware Attack on the Adriatic Port Authority
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/the-anubis-ransomware-attack-on-the-adriatic-port-authority
-
Researcher Uses AI to Hack Google, Earns $500,000 Bug Bounty
Tags: access, ai, api, attack, bug-bounty, control, cyber, flaw, framework, google, infrastructure, service, vulnerabilityResearcher Arvin Shivram has earned $500,000 in bug bounties from Google’s Vulnerability Reward Program (VRP) by deploying an AI-powered fuzzing framework against Google’s internal API infrastructure, uncovering critical access-control flaws across multiple high-impact services in under 3 months. The research began after Shivram was invited to bugSWAT Mexico in October 2025, which reignited his interest in Google’s attack surface. Recognizing that…
-
Researcher Uses AI to Hack Google, Earns $500,000 Bug Bounty
Tags: access, ai, api, attack, bug-bounty, control, cyber, flaw, framework, google, infrastructure, service, vulnerabilityResearcher Arvin Shivram has earned $500,000 in bug bounties from Google’s Vulnerability Reward Program (VRP) by deploying an AI-powered fuzzing framework against Google’s internal API infrastructure, uncovering critical access-control flaws across multiple high-impact services in under 3 months. The research began after Shivram was invited to bugSWAT Mexico in October 2025, which reignited his interest in Google’s attack surface. Recognizing that…
-
Solana FakeFix Campaign Plants Malicious npm, PyPI Packages to Steal Dev Secrets
Recent disclosure of the “Solana FakeFix” campaign exposes a coordinated supply-chain attack that abused package registries to steal developer secrets. The campaign comprises 16 malicious npm packages and 4 PyPI packages (25 packages in total when combined with related activity) that impersonated Solana tooling, lodged typosquatted names, and used install- and import-time execution to harvest…