Tag: infrastructure
-
EvilTokens: Neue Phishing-Kampagne verschafft sich Zugriff mit legitimen Mitteln
Was passiert, wenn bei einem Phishing-Angriff offizielle Infrastruktur genutzt wird, anstatt diese zu fälschen? EvilTokens markiert eine Weiterentwicklung des Phishing: Es werden nicht mehr Anmeldedaten gestohlen, sondern die Opfer dazu verleitet, legitime Sitzungen zu autorisieren. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/cybercrime/eviltokens-neue-phishing-kampagne-verschafft-sich-zugriff-mit-legitimen-mitteln/
-
Google exposes China espionage group that’s been lurking in networks undetected since 2023
The revelation mirrors an alarming pattern of Chinese espionage groups dropping backdoors into critical infrastructure to intercept research and steal data with national security implications. First seen on cyberscoop.com Jump to article: cyberscoop.com/google-unc6508-china-espionage-threat/
-
NewCore Launches With $66M to Rebuild Identity for AI Agents
Startup Targets Incumbents Doing Directories, Authentication, Federation and SSO. NewCore, founded by Dome9 creator Zohar Alon, emerged from stealth with $66 million to build security-first identity infrastructure designed to manage the explosion of autonomous AI agents, machine identities and cryptographic credentials expected across modern enterprises. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/newcore-launches-66m-to-rebuild-identity-for-ai-agents-a-31974
-
Die erste Fußball-WM im Zeitalter der KI-Agenten eine Bewertung der Sicherheitslage
Durch die Fußball-Weltmeisterschaft werden sich bald Milliarden von Menschen, Geräten und Transaktionen im digitalen Raum bewegen über Ticketverkauf, Zahlungen, Übertragungen, Stadionbetrieb und die Infrastruktur der Austragungsstädte hinweg. Das Ausmaß der Angriffsfläche ist beispiellos: temporäre Turnier-Netzwerke, die auf bestehende Umgebungen aufgesetzt werden, ein riesiges Ökosystem aus Lieferanten und Partnern sowie unzählige Abhängigkeiten, die echte Möglichkeiten […]…
-
Handala Hacking Group Claims Breach of California Water Service
The Handala hacking group claims it has targeted California Water Service, leaking 5GB of customer database and GPS network files in its latest infrastructure attack. First seen on hackread.com Jump to article: hackread.com/handala-hacking-group-california-water-service-breach/
-
Velvet Ant Hackers Backdoor OpenSSH and PAM to Spy on Critical Infrastructure Network
Tags: access, authentication, backdoor, china, cyber, hacker, infrastructure, Internet, network, spyA long-running, highly disciplined intrusion attributed to the China-nexus actor known as Velvet Ant has been revealed as a near-decade campaign of silent access that culminated in the replacement of core authentication components OpenSSH binaries and PAM modules across a segregated critical-infrastructure network. The intrusion chain began with compromises of internet-facing systems where the operator…
-
U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, oracle, technology, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle PeopleSoft Enterprise PeopleTools flaw, tracked as CVE-2026-35273 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Oracle PeopleSoft Enterprise PeopleTools is the underlying technology platform…
-
FBI takes down massive China-based cybercrime network that caused $1.9B in losses
Outsider provided phishing kits and infrastructure for cybercriminals to scam victims with lures claiming they missed packages, had unpaid tolls or parking violations. First seen on cyberscoop.com Jump to article: cyberscoop.com/outsider-cybercrime-network-takedown-china-fbi-google-lumen/
-
FBI takes down massive China-based cybercrime network that caused $1.9B in losses
Outsider provided phishing kits and infrastructure for cybercriminals to scam victims with lures claiming they missed packages, had unpaid tolls or parking violations. First seen on cyberscoop.com Jump to article: cyberscoop.com/outsider-cybercrime-network-takedown-china-fbi-google-lumen/
-
U.S. CISA adds Ivanti Sentry flaw to its Known Exploited Vulnerabilities catalog and urges patching by June 14
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Sentry flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Sentry flaw, tracked as CVE-2026-10520 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. Ivanti Sentry is a secure gateway appliance that sits between an organization’s internal…
-
GRU-Linked APT28 Uses MooBot Botnet and Compromised EdgeRouters for Cyber Operations
A notable operational pivot by the GRU-linked intrusion set APT28 (aka Fancy Bear, Sofacy, Forest Blizzard, Pawn Storm) that combines the MooBot botnet and compromised EdgeRouters to enable resilient cyber operations. This shift amplifies APT28’s long-standing focus on NATO, Ukrainian and critical-infrastructure targets by moving key capabilities from traditional cloud VPS and commodity hosting into…
-
CISA orders feds to patch actively exploited Ivanti flaw by Sunday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-gives-feds-3-days-to-patch-ivanti-flaw-exploited-in-attacks/
-
Authorities Seize AudiA6 Crypto Laundering Service Used by Cybercriminal Gangs
Tags: crypto, cyber, cybercrime, finance, infrastructure, international, network, ransomware, serviceAuthorities have dismantled a major cryptocurrency laundering infrastructure known as “AudiA6,” disrupting a critical financial backbone used by ransomware gangs and cybercriminal networks to legitimize illicit proceeds. The coordinated international operation, supported by Europol and Eurojust, targeted a service believed to have laundered more than EUR 336 million between 2022 and 2025, marking one of…
-
Digitale Wallet in Deutschland: Sicherheit muss vor Funktionsumfang kommen
Wer eine Wallet für Ausweis, Führerschein und weitere Nachweise bereitstellt, baut nicht einfach eine App sondern eine Infrastruktur für Vertrauen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/digitale-wallet-in-deutschland-sicherheit-muss-vor-funktionsumfang-kommen/a45457/
-
Researcher Uses AI to Hack Google, Earns $500,000 Bug Bounty
Tags: access, ai, api, attack, bug-bounty, control, cyber, flaw, framework, google, infrastructure, service, vulnerabilityResearcher Arvin Shivram has earned $500,000 in bug bounties from Google’s Vulnerability Reward Program (VRP) by deploying an AI-powered fuzzing framework against Google’s internal API infrastructure, uncovering critical access-control flaws across multiple high-impact services in under 3 months. The research began after Shivram was invited to bugSWAT Mexico in October 2025, which reignited his interest in Google’s attack surface. Recognizing that…
-
Researcher Uses AI to Hack Google, Earns $500,000 Bug Bounty
Tags: access, ai, api, attack, bug-bounty, control, cyber, flaw, framework, google, infrastructure, service, vulnerabilityResearcher Arvin Shivram has earned $500,000 in bug bounties from Google’s Vulnerability Reward Program (VRP) by deploying an AI-powered fuzzing framework against Google’s internal API infrastructure, uncovering critical access-control flaws across multiple high-impact services in under 3 months. The research began after Shivram was invited to bugSWAT Mexico in October 2025, which reignited his interest in Google’s attack surface. Recognizing that…
-
CISA Orders Federal Agencies to Patch Critical Vulnerabilities Within 3 Days
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive, BOD 26-04, mandating that federal civilian agencies remediate critical vulnerabilities within as little as 3 days, significantly tightening patching timelines in response to escalating cyber threats and rapid exploitation cycles. Announced on June 10, 2026, the directive introduces a risk-based vulnerability…
-
Vietnamese Digital Spies Look for Domestic Targets
Eset Says Threat Actor Redirected Efforts From Foreign Operations. Eset linked OceanLotus, also known as APT32, to a supply-chain attack on Vietnam’s FireAnt financial platform and a prolonged intrusion into a transport infrastructure company, suggesting the state-aligned threat actor is increasingly focused on gathering intelligence from domestic targets. First seen on govinfosecurity.com Jump to article:…
-
CISA orders federal agencies to >>patch smarter<<
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive that will change how the US federal government approaches … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/11/cisa-risk-based-vulnerability-management-government/
-
CISA tells govt agencies to patch critical exploited flaws in 3 days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-tells-govt-agencies-to-patch-critical-exploited-flaws-in-3-days/
-
OceanLotus Targets Stock Investors in FireAnt MetaKit Supply-Chain Hack
OceanLotus APT has executed a precision supply”‘chain operation that implanted its SPECTRALVIPER backdoor into FireAnt MetaKit, a popular Vietnamese market”‘data component. Telemetry collected from mid”‘2024 through early 2026 shows OceanLotus (aka APT32) conducting two distinct campaigns: a long”‘running espionage intrusion against a Vietnamese infrastructure and transport construction company, and a targeted supply”‘chain compromise of FireAnt…
-
OceanLotus Targets Stock Investors in FireAnt MetaKit Supply-Chain Hack
OceanLotus APT has executed a precision supply”‘chain operation that implanted its SPECTRALVIPER backdoor into FireAnt MetaKit, a popular Vietnamese market”‘data component. Telemetry collected from mid”‘2024 through early 2026 shows OceanLotus (aka APT32) conducting two distinct campaigns: a long”‘running espionage intrusion against a Vietnamese infrastructure and transport construction company, and a targeted supply”‘chain compromise of FireAnt…
-
OceanLotus Targets Stock Investors in FireAnt MetaKit Supply-Chain Hack
OceanLotus APT has executed a precision supply”‘chain operation that implanted its SPECTRALVIPER backdoor into FireAnt MetaKit, a popular Vietnamese market”‘data component. Telemetry collected from mid”‘2024 through early 2026 shows OceanLotus (aka APT32) conducting two distinct campaigns: a long”‘running espionage intrusion against a Vietnamese infrastructure and transport construction company, and a targeted supply”‘chain compromise of FireAnt…
-
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER.The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack…
-
CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats
“Defenders cannot afford to take weeks to patch,” one Cybersecurity and Infrastructure Security Agency official warned on Wednesday. First seen on wired.com Jump to article: www.wired.com/story/cisa-ai-vulnerability-directive/
-
CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector
Acting director Nick Andersen said a binding operational directive is en route for agencies, and that more specific discussions need to happen with critical infrastructure owners. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-cyber-risk-prioritization-vulnerability-directive/
-
Miasma Worm Compromises 73 Microsoft GitHub Repositories
The Miasma worm compromised 73 Microsoft GitHub repos, spreading via AI coding tools and stealing cloud credentials from developers and CI/CD systems. A self-replicating worm called Miasma has compromised 73 Microsoft GitHub repositories and forced GitHub staff to disable them. The affected repos include core Azure infrastructure like azure-functions-host and the entire Durable Task family…
-
Miasma Worm Compromises 73 Microsoft GitHub Repositories
The Miasma worm compromised 73 Microsoft GitHub repos, spreading via AI coding tools and stealing cloud credentials from developers and CI/CD systems. A self-replicating worm called Miasma has compromised 73 Microsoft GitHub repositories and forced GitHub staff to disable them. The affected repos include core Azure infrastructure like azure-functions-host and the entire Durable Task family…
-
Google DoubleClick Abused in New Malspam Campaign to Deliver .NET Loader
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google’s DoubleClick domain as a way to evade detection and ultimately deliver an unidentified .NET-based loader.”Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely to treat as suspicious,” First…
-
LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)
Tags: ai, attack, cisa, cybersecurity, exploit, infrastructure, injection, open-source, vulnerabilityA command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/09/litellm-vulnerability-under-active-attack-cisa-warns-cve-2026-42271/