Tag: cybersecurity
-
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
Cybersecurity researchers have flagged a “coordinated malware campaign” on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys.”Every plugin poses as an AI coding assistant built on DeepSeek and other large language models, offering chat, commit messages, code review, bug finding, and unit tests,”…
-
Kodak confirms data breach claimed by ShinyHunters extortion gang
Kodak has confirmed that it’s working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company’s data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kodak-confirms-data-breach-claimed-by-shinyhunters-extortion-gang/
-
Kodak confirms data breach claimed by ShinyHunters extortion gang
Kodak has confirmed that it’s working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company’s data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kodak-confirms-data-breach-claimed-by-shinyhunters-extortion-gang/
-
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups
Tags: authentication, cisa, control, cve, cyber, cybersecurity, exploit, flaw, group, infrastructure, oracle, ransomware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273. This vulnerability, categorized as CWE-306 (Missing Authentication for Critical Function), allows unauthenticated attackers to gain full control of vulnerable PeopleSoft environments. According to CISA, this flaw…
-
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups
Tags: authentication, cisa, control, cve, cyber, cybersecurity, exploit, flaw, group, infrastructure, oracle, ransomware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273. This vulnerability, categorized as CWE-306 (Missing Authentication for Critical Function), allows unauthenticated attackers to gain full control of vulnerable PeopleSoft environments. According to CISA, this flaw…
-
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2026-48907 (CVSS score: 10.0), is a case of improper access control that could facilitate arbitrary First seen on…
-
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2026-48907 (CVSS score: 10.0), is a case of improper access control that could facilitate arbitrary First seen on…
-
Restore Fable and Mythos Access, Cybersecurity Leaders Urge
Experts Say White House Export Ban Risks Adoption Boost for China’s AI Alternatives. New export controls on artificial intelligence startup Anthropic’s Fable 5 and Mythos large language models, over their vulnerability-discovery capabilities, must be lifted, not least because Chinese models will soon offer equal capabilities, cybersecurity experts warned the Trump administration. First seen on govinfosecurity.com…
-
ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, BlueVoyant, and Huntress, respectively.Attacks involving BabaDeda Loader, observed in April 2026, have targeted education and financial organizations.”Earlier BabaDeda activity was known for First seen on thehackernews.com Jump to article: thehackernews.com/2026/06/clickfix-campaigns-expand-malware.html
-
It’s time to update incident response for the AI era
Your latest cybersecurity incident might not be a threat actor, but an internal AI agent doing what it’s authorized to do. Incident response must evolve to accommodate AI. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366644312/Its-time-to-update-incident-response-for-the-AI-era
-
It’s time to update incident response for the AI era
Your latest cybersecurity incident might not be a threat actor, but an internal AI agent doing what it’s authorized to do. Incident response must evolve to accommodate AI. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366644312/Its-time-to-update-incident-response-for-the-AI-era
-
Fortinet Warned as Three Critical FortiSandbox Bugs Come Under Attack
Three FortiSandbox flaws, including one patched last week, are being actively exploited, highlighting the shrinking window for defenders. Cybersecurity firm Defused Cyber confirmed it’s seen active exploitation of three vulnerabilities in Fortinet FortiSandbox within a 24-hour window. Two of them had patches sitting available since April. The third got fixed last week, which, apparently, wasn’t…
-
Quantencomputing in Europa: Warum Quantentechnologie für Wiederaufrüstung, Cybersecurity und KI entscheidend wird
Wichtig wird die Fähigkeit, unterschiedliche Rechenarchitekturen intelligent zu verbinden, Implementierungen zu vereinfachen und Einstiegshürden für Anwender zu senken. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/quantencomputing-in-europa-warum-quantentechnologie-fuer-wiederaufruestung-cybersecurity-und-ki-entscheidend-wird/a45506/
-
CISA warns of another cPanel plugin flaw exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an actively exploited vulnerability (CVE-2026-54420) in the LiteSpeed cPanel user-end plugin. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-another-actively-exploited-cpanel-plugin-flaw/
-
China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth
Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS.”The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS,” ESET said in a report shared with The Hacker News. “Both come with a hard-coded C&C [command-and-control] configuration and support communication over TCP, UDP, First…
-
U.S. CISA adds Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities (KEV) catalog. The two flaws added to the catalog are: CVE-2026-20262 is an arbitrary…
-
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026.The vulnerability in question is CVE-2026-54420 (CVSS score: 8.5), which has been described as a case of…
-
EU Cybersecurity Act 2.0: When good regulation goes bad
Over recent years we’ve witnessed the EU becoming increasingly serious about cybersecurity. After years of watching high profile breaches, many resulting from supply chain … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/16/eu-cybersecurity-act-2-0-regulation/
-
EU Cybersecurity Act 2.0: When good regulation goes bad
Over recent years we’ve witnessed the EU becoming increasingly serious about cybersecurity. After years of watching high profile breaches, many resulting from supply chain … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/16/eu-cybersecurity-act-2-0-regulation/
-
The rise of machine identities and agentic AI: Securing trust in the next era of digital autonomy
In the latest episode of Identity Insider, I sat down with Chris Hughes, a cybersecurity expert who’s involved in OWASP’s work on non-human and machine identity … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/16/delinea-securing-machine-identities-and-agentic-ai/
-
Conan O’Brien stars in new cybersecurity training series
First seen on scworld.com Jump to article: www.scworld.com/brief/conan-obrien-stars-in-new-cybersecurity-training-series
-
Wechselwirkung zwischen KI und Cybersecurity als zentrale Führungsfrage 2026
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/wechselwirkung-ki-cybersecurity-fuehrungsfrage-2026
-
The US government’s Anthropic models ban was never about an AI jailbreak
The Trump administration’s decision that forced Anthropic to pull its latest cybersecurity models could be reactionary, retaliatory, or both, but the message is clear: The AI industry isn’t immune from U.S. government interference. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/15/the-us-governments-anthropic-models-ban-was-never-about-an-ai-jailbreak/
-
Geopolitics Is Now a Cybersecurity Problem
UCL’s Melanie Garson on Anti-Fragility, Supply Chain Risk and AI Adoption. Geopolitical exposure has quietly moved to the front of the security agenda, and most organizations are only now realizing how little they understand about where their risks originate, says Melanie Garson, associate professor of international security at UCL. First seen on govinfosecurity.com Jump to…
-
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi).According to a report published by Proofpoint, the threat actor has been found orchestrating phishing campaigns using developer role recruitment or code review themes First seen on…
-
Cybersecurity experts don’t think Anthropic’s Fable 5 presents a unique threat
Dozens of practitioners said the decision to place export controls on the foreign use of Fable are misguided, and recent jailbreak reports don’t show the model providing unique hacking capabilities. First seen on cyberscoop.com Jump to article: cyberscoop.com/cybersecurity-experts-anthropic-fable-5-not-unique-ai-threat/
-
Cybersecurity experts blast US government for restricting Anthropic’s AI models
Chief information security officers and prominent researchers called a recent export-control ban “dangerous.” First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/anthropic-us-government-export-ban-mythos-fable/822909/

