Collecting Cyber-News from over 60 sources

Tag: hacker

Tata Electronics Confirms Data Breach After 630GB Leak Claim Targets Apple and Tesla

Jun 26, 2026 12:16 AM

Tags: apple, breach, cyberattack, cybersecurity, data, data-breach, hacker, leak

Tata Electronics confirmed a data breach after hackers claimed to steal 630GB of data, including alleged Apple supplier and Tesla documents. Tata Electronics, a major supplier to Apple and Tesla, has confirmed a cybersecurity breach weeks after stolen data was advertised on a hacker forum. Tata Electronics confirmed a cyberattack affected parts of its IT…
Breach Roundup: How Hackers Exploited a Cisco SD-WAN Flaw

Jun 26, 2026 12:16 AM

Tags: breach, cisco, cloud, data, data-breach, exploit, flaw, hacker, leak, mandiant, ransomware, risk

Also, Three Ubiquiti Flaws Under Exploitation. This week, Mandiant detailed a Cisco SD-WAN hack as attackers exploited Ubiquiti flaws. London Hydro disclosed a customer data breach, researchers flagged cross-cloud bucket hijacking risks an INC ransomware leak, Texas and Gravity SMTP incidents. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/breach-roundup-how-hackers-exploited-cisco-sd-wan-flaw-a-32080
Nathan Austad Pleads Guilty in DraftKings Hacking Scheme, Gets 18 Months

Jun 25, 2026 5:16 PM

Tags: access, attack, breach, credentials, group, hacker, hacking, password

Third DraftKings hacker gets 18 months in prison for a 2022 credential-stuffing attack that compromised 1,600 accounts and stole $600,000. Nathan Austad, the third person sentenced over the 2022 DraftKings credential-stuffing attack, received 18 months in prison. The group used usernames and passwords stolen from other breaches to access about 1,600 accounts and steal roughly…
Hacker gets 18 months for attack that compromised 60,000 betting accounts

Jun 25, 2026 5:16 PM

Tags: attack, hacker

A 21-year-old man known online as >>Snoopy<< was sentenced to 18 months in prison for his role in a scheme that hacked user accounts on a fantasy sports and betting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/25/hacker-sentenced-draftkings-credential-stuffing-attac/
Scoring AI hackers when there is no answer key

Jun 25, 2026 5:16 PM

Tags: ai, cyber, hacker

AI models are solving more and more of the offensive-cyber tests built to measure them. Once a model solves most of a benchmark, that benchmark runs out of room and says … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/25/ai-offensive-cyber-evaluations-benchmark/
DraftKings hacker ‘Snoopy’ sentenced to 18 months in prison

Jun 25, 2026 5:16 PM

Tags: hacker, hacking

A 21-year-old using the alias “Snoopy” was sentenced to 18 months in prison for his role in hacking DraftKings accounts in the November 2022 cyberattack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/draftkings-hacker-snoopy-sentenced-to-18-months-in-prison/
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access

Jun 25, 2026 5:16 PM

Tags: access, attack, cisco, cve, exploit, hacker, mandiant, vulnerability, zero-day

New details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to create rogue root accounts on targeted devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mandiant-reveals-how-cisco-sd-wan-zero-day-attacks-gained-root-access/
Hackers Abuse Cloudflare-Hosted AWS Phishing Domains to Steal Console Logins

Jun 25, 2026 5:16 PM

Tags: credentials, cyber, email, hacker, login, mfa, phishing

A concise but sophisticated phishing campaign that targeted AWS console users by abusing Cloudflare-hosted domains to deliver adversary-in-the-middle (AiTM) credential theft. Each domain served an almost identical clone of the AWS console sign-in page and implemented a server-driven flow that dynamically branched into email, SMS, or authenticator-app MFA challenges, enabling real-time capture of second factors.…
Microsoft WinRE Vulnerability Allows Hackers to Bypass UEFI/BIOS Password Enforcement

Jun 25, 2026 5:16 PM

Tags: access, control, cve, cyber, firmware, hacker, microsoft, password, unauthorized, vulnerability, windows

A newly disclosed vulnerability in the Microsoft Windows Recovery Environment (WinRE) could allow attackers to bypass UEFI and BIOS password protections, exposing systems to unauthorized access even when firmware-level security controls are active. This issue, tracked under CERT/CC VU#226679 and associated with CVE-2026-45585, affects Windows 10 and Windows 11 systems that use WinRE for recovery…
Malicious hackers exploit Cisco zero-day for highest access level at communications service provider

Jun 25, 2026 5:16 PM

Tags: access, cisco, communications, exploit, hacker, malicious, mandiant, service, zero-day

Mandiant detailed the incident in a blog post Wednesday, but it’s unclear who was behind it or if they managed to get broad visibility into the victim’s internal traffic. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisco-sd-wan-zero-day-exploit-communications-provider/
Smashing Security podcast #473: How a hacker could have Rickrolled the entire World Cup

Jun 25, 2026 5:16 PM

Tags: finance, hacker, scam

A polite caller from your bank says there is a problem with your account. Don’t worry – they’ll send someone round to help. They’ll even take your cards away to keep them safe. The scam has run rampant, until Dutch police plastered blurred photos of 100 suspects across billboards, supermarkets, and TikTok, with a two-week…
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited Months Before Disclosure

Jun 25, 2026 5:16 PM

Tags: cisco, cve, exploit, flaw, google, hacker, mandiant, threat, vulnerability, zero-day

Hackers exploited Cisco Catalyst SD-WAN flaw CVE-2026-20245 as a zero-day months before disclosure, enabling privileged command execution. Google-owned Mandiant reported that an unknown threat actor exploited Cisco Catalyst SD-WAN vulnerability CVE-2026-20245 (CVSS base score of 7.8) as a zero-day at least two months before it was publicly disclosed. The flaw allows an authenticated attacker with…
CISA warns of max severity Ubiquiti flaws exploited in attacks

Jun 24, 2026 5:35 PM

Tags: attack, cisa, cybersecurity, exploit, flaw, hacker, infrastructure

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-max-severity-ubiquiti-flaws-exploited-in-attacks/
Hackers Use Microsoft Teams-Themed Lures to Deploy Legitimate Remote Access Software

Jun 24, 2026 2:34 PM

Tags: access, cyber, hacker, microsoft, phishing, software, tool, unauthorized

An active phishing campaign that impersonates Microsoft Teams to trick victims into downloading a legitimately signed remote access tool (RAT) preconfigured for unauthorized access. Attackers deliver Teams-themed lures notifications about meeting transcripts, missed recordings, or “download transcript” prompts linking to convincing landing pages that mimic collaboration and productivity services. The offered downloads are pitched as…
Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Cyber Espionage

Jun 24, 2026 2:34 PM

Tags: cyber, espionage, group, hacker, iran, malware, ransomware

An NCC Group report warns state-backed hackers are attempting to hide activity by posing as ransomware groups and deploying commercially available malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iranlinked-muddywater-poses-as/
Neue Top-10-Rangliste enttarnt globale Hacker-Netzwerke

Jun 24, 2026 11:34 AM

Tags: hacker

Eine neue Rangliste zeigt: Cyberkriminelle attackieren verstärkt Lieferketten und nutzen Miet-Infrastrukturen mit bis zu 89 Prozent Marktanteil. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/hacker-netzwerke-globale-rangliste
Hackers Abuse Indian Tax Notice Lures to Deliver PE Loader and libsvcs.dll Payload

Jun 24, 2026 11:34 AM

Tags: access, cyber, hacker, india, malware, social-engineering, threat

A targeted malware distribution campaign that abuses a counterfeit Indian Income Tax Department assessment notice to deliver a multi-stage Remote Access Trojan (RAT)-style payload. The threat actors hosted a fake tax-assessment portal on harivo[.]vip and used social-engineering lures official branding, tax terminology, legal references, penalties, and a “Download Assessment Order & Workings” prompt to persuade…
Hackers Abuse UI Spoofing and Hidden iFrames to Push Malicious Installer Downloads

Jun 24, 2026 10:35 AM

Tags: cyber, hacker, malicious, social-engineering, software, windows

A sophisticated Browser-in-the-Browser (BitB) campaign that combines UI spoofing, concealed iframes and multiple anti-analysis checks to coerce victims into manually installing malware. The operation uses highly convincing fake browser windows layered over legitimate pages to simulate stalled document loads and “out of date” software dialogs, social-engineering users into downloading an executable and running it themselves.…
Hackers Exploit RAR Vulnerability to Drop Startup VBS in Ukraine UAV Malware Campaign

Jun 24, 2026 9:34 AM

Tags: cyber, espionage, exploit, hacker, malware, startup, ukraine, vulnerability, windows

A newly observed espionage campaign targeting Ukraine’s unmanned aerial vehicle (UAV) ecosystem leverages a RAR archive exploit to install a persistent VBS loader, which then retrieves a Windows payload linked to an emergent actor the researcher calls GhostShell (Malwarebox ID MB-0009). The initial artifact is an archive named Besomar_documentation.rar, distributed with decoy PDF files mimicking…
Hackers Exploit RAR Vulnerability to Drop Startup VBS in Ukraine UAV Malware Campaign

Jun 24, 2026 9:34 AM

Tags: cyber, espionage, exploit, hacker, malware, startup, ukraine, vulnerability, windows

A newly observed espionage campaign targeting Ukraine’s unmanned aerial vehicle (UAV) ecosystem leverages a RAR archive exploit to install a persistent VBS loader, which then retrieves a Windows payload linked to an emergent actor the researcher calls GhostShell (Malwarebox ID MB-0009). The initial artifact is an archive named Besomar_documentation.rar, distributed with decoy PDF files mimicking…
Hackers Exploit RAR Vulnerability to Drop Startup VBS in Ukraine UAV Malware Campaign

Jun 24, 2026 9:34 AM

Tags: cyber, espionage, exploit, hacker, malware, startup, ukraine, vulnerability, windows

A newly observed espionage campaign targeting Ukraine’s unmanned aerial vehicle (UAV) ecosystem leverages a RAR archive exploit to install a persistent VBS loader, which then retrieves a Windows payload linked to an emergent actor the researcher calls GhostShell (Malwarebox ID MB-0009). The initial artifact is an archive named Besomar_documentation.rar, distributed with decoy PDF files mimicking…
Cyberangriff auf Klue: Hacker erbeutet Daten von Lastpass-Nutzern

Jun 24, 2026 9:34 AM

Tags: cyberattack, hacker

Bei einem Cyberangriff auf das Unternehmen Klue sind Daten unzähliger Salesforce-Kunden abgeflossen. Auch Lastpass-Nutzer sind betroffen. First seen on golem.de Jump to article: www.golem.de/news/cyberangriff-auf-klue-hacker-erbeutet-daten-von-lastpass-nutzern-2606-210107.html
Ukrainian hackers reportedly breach Russian Glaz/Groza combat control system

Jun 24, 2026 6:34 AM

Tags: breach, control, hacker, russia, ukraine

First seen on scworld.com Jump to article: www.scworld.com/brief/ukrainian-hackers-reportedly-breach-russian-glaz-groza-combat-control-system
Tata Electronics confirms cyberattack as hackers leak data

Jun 23, 2026 11:34 PM

Tags: cyberattack, data, hacker, leak

Tata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/tata-electronics-confirms-cyberattack-as-hackers-leak-data/
Dialog Claims It Was Hacked. A Misconfigured Website Left Its Members Exposed

Jun 23, 2026 10:33 PM

Tags: access, breach, data-breach, group, hacker

The private events group, cofounded by Peter Thiel, says a “criminal” hacker is behind a breach that exposed members’ personal details. WIRED found no evidence a break-in was needed to access the files. First seen on wired.com Jump to article: www.wired.com/story/dialog-hack-website-misconfiguration/
Klue says hackers stole credential from 2022 that led to customer data breaches

Jun 23, 2026 10:33 PM

Tags: breach, credentials, data, hacker

It’s unclear why Klue had not revoked the credential after the limited pilot, which hackers then used to breach a system holding keys for accessing customers’ data. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/23/klue-says-hackers-stole-credential-from-2022-that-led-to-customer-data-breaches/
Hacker kapern GitHub mit 10.000 Fake-Projekten

Jun 23, 2026 9:33 PM

Tags: ai, crypto, github, hacker

Über 10.000 gefälschte Repositories auf GitHub verteilen Krypto-Trojaner. Experten vermuten, dass die Kampagne gezielt autonome KI-Agenten ins Visier nimmt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/hacker-kapern-github
Password manager maker LastPass says hackers stole customer support case data during Klue breach

Jun 23, 2026 5:33 PM

Tags: breach, data, data-breach, hacker, password

This is the second data breach to affect LastPass customers in recent years, after one of the password manager’s tech partners was recently breached. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/23/password-manager-maker-lastpass-says-hackers-stole-customer-support-case-data-during-klue-breach/
LastPass confirms data breach in Klue supply chain attack

Jun 23, 2026 4:33 PM

Tags: attack, breach, data, data-breach, hacker, supply-chain

LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company’s OAuth tokens in the Klue supply chain attack earlier this month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/
Hacker hijacks Brazil’s national alert system, sending >>misanthropy<< to millions of phones

Jun 23, 2026 3:33 PM

Tags: attack, hacker, phone

Emergency alert systems work because people believe them. Every time one of these systems issues a false alert – whether through negligence or a deliberate attack – trust erodes. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/hacker-hijacks-brazils-national-alert-system