Tag: Internet
-
Velvet Ant Hackers Backdoor OpenSSH and PAM to Spy on Critical Infrastructure Network
Tags: access, authentication, backdoor, china, cyber, hacker, infrastructure, Internet, network, spyA long-running, highly disciplined intrusion attributed to the China-nexus actor known as Velvet Ant has been revealed as a near-decade campaign of silent access that culminated in the replacement of core authentication components OpenSSH binaries and PAM modules across a segregated critical-infrastructure network. The intrusion chain began with compromises of internet-facing systems where the operator…
-
Von Backups bis Updates Umfrage zur Datensicherheit bei deutschen Internet-Nutzern
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/backups-updates-umfrage-datensicherheit-deutsche-internet-nutzer
-
Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts
Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations.”These accounts promoted fake offers, including free mobile internet packages, financial compensation, and government subsidy programs,” Group-IB First seen on thehackernews.com Jump to article: thehackernews.com/2026/06/sniper-dz-scams-target-mena-users-via.html
-
Kriminelle verkaufen Daten von 4,9 Millionen Wise-Kunden
Ein Hacker bietet im Internet 4,9 Millionen Kundendaten der Finanzplattform Wise zum Verkauf an. Betroffen sind vor allem Nutzer aus Spanien. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/49-millionen-wise-kunden-darknet
-
21,786 Home Cameras, No Password, No Warning
21,786 live cameras stream with zero authentication. Cheap gear is the real risk, webcamXP open 46% of the time. Your home router is the broadcast tower. In May 2026, Mysterium VPN queried a public internet-wide device index to count every camera and recorder that answers the open internet. They found more than three million reachable…
-
CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release
Tags: cve, data-breach, exploit, flaw, injection, Internet, ivanti, remote-code-execution, threat, updateAttackers are exploiting the critical CVE-2026-10520 flaw in Ivanti Sentry, compromising many internet-exposed gateways shortly after patches were released. Threat actors have started exploiting a maximum-severity OS command injection flaw in Ivanti Sentry, tracked as CVE-2026-10520, that allows remote code execution with root privileges. >>An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote…
-
CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release
Tags: cve, data-breach, exploit, flaw, injection, Internet, ivanti, remote-code-execution, threat, updateAttackers are exploiting the critical CVE-2026-10520 flaw in Ivanti Sentry, compromising many internet-exposed gateways shortly after patches were released. Threat actors have started exploiting a maximum-severity OS command injection flaw in Ivanti Sentry, tracked as CVE-2026-10520, that allows remote code execution with root privileges. >>An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote…
-
FBI seizes 13 websites linked to alleged Chinese intelligence-gathering effort
Federal authorities have seized 13 internet domains allegedly used to target current and former U.S. government employees and military personnel with access to classified and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/11/fake-consulting-websites-target-us-security-clearance-holders-china/
-
Max severity Ivanti Sentry vulnerability now exploited in attacks
Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/max-severity-ivanti-sentry-vulnerability-now-exploited-in-attacks/
-
China-Linked JDY Botnet Hijacks 1,500+ IoT Devices for Rapid Exploits
A significant resurgence of the JDY botnet, a covert reconnaissance network tied to China-nexus threat activity. Once a component of the larger KV-botnet ecosystem, JDY has expanded to more than 1,500 compromised small office/home office (SOHO) and Internet of Things (IoT) devices and now functions as a high-performance, centrally controlled scanner that accelerates vulnerability discovery…
-
Apache HTTP Server 2.4.68 Patches Multiple Security Vulnerabilities
Apache has released HTTP Server version 2.4.68, addressing multiple security vulnerabilities across core modules and widely deployed components, reinforcing the importance of timely patching in internet-facing infrastructure. The update resolves a mix of memory safety issues, privilege escalation flaws, denial-of-service conditions, and input validation weaknesses affecting versions ranging from 2.4.0 through 2.4.67. While several issues…
-
Gogs patches critical zero-day enabling remote code execution
Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/gogs-patches-critical-zero-day-enabling-remote-code-execution/
-
Internet Explorer WebBrowser Control Abuse Lets Attackers Convert Clicks Into RCE
Internet Explorer’s legacy WebBrowser control can be abused to turn seemingly harmless user clicks into full remote code execution (RCE), even on systems that no longer use Internet Explorer as a standalone browser. Although Microsoft officially ended support for IE, the Trident engine and WebBrowser ActiveX control remain embedded in numerous Windows applications built with…
-
China-Linked OP-512 Targets IIS Servers With Unique Web Shell Framework
A suspected China-linked espionage cluster dubbed OP-512 after rapidly correlating many low-fidelity events into a single high-priority incident that human analysts then validated. OP-512 compromised an Internet Information Services (IIS) server and deployed a custom web shell framework built to evade signature-based detection. Each web shell instance is cryptographically unique, restricts access with layered encryption,…
-
China-Linked Espionage Cluster Deploys Custom ASPX/ASHX Shells on IIS
A previously disclosed China-linked threat cluster, tracked as OP-512, has been observed deploying a purpose-built web shell framework to compromise Internet Information Services (IIS) servers. Identified by ReliaQuest, the espionage operation targeted a Windows Server 2016 environment running an end-of-life .NET Framework 4.0. Telemetry revealed the threat actors established access 75 days prior to the…
-
Exposed Fuel Tank Gauges Under Attack in the US
Threat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/exposed-fuel-tank-gauges-attack-us
-
New CISA Warning: Hackers Are Targeting Fuel Tank Monitoring Systems
CISA warns attackers are targeting internet-exposed Automatic Tank Gauge systems used in fuel storage. Here’s what operators should fix now. The post New CISA Warning: Hackers Are Targeting Fuel Tank Monitoring Systems appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisa-atg-systems-fuel-storage-cyberattacks/
-
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework.ReliaQuest has assessed with moderate to high confidence that the espionage-focused activity is linked to China.”OP-512 was highly likely conducting espionage through a First seen on thehackernews.com…
-
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework.ReliaQuest has assessed with moderate to high confidence that the espionage-focused activity is linked to China.”OP-512 was highly likely conducting espionage through a First seen on thehackernews.com…
-
CISA Urges OT Operators to Plan for Worst Case Scenarios
Does No Internet Also Mean No Water or Lights?. The latest initiative from the U.S. cyber defense agency aimed at operational technology operators is a little bit different. It’s not advice about how to keep hackers out. It’s not really about cybersecurity at all. CI Fortify is about what to do when cybersecurity fails. First…
-
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories
It got stupid again.The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great.Read the whole thing before…
-
Comodo Internet Security 0-Day Flaw Triggers Windows System Crashes
A remotely exploitable zero-day vulnerability in Comodo Internet Security’s kernel-level firewall driver allows attackers to crash Windows systems with a single IPv6 packet, and the vendor has yet to respond. Security researcher Marcus Hutchins publicly disclosed a critical zero-day vulnerability in Comodo Internet Security on June 3, 2026, after multiple attempts to reach the vendor…
-
DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets
The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans.The “Disruption Week” operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by transnational…
-
Automated Bots Overtake Human Users in Global Internet Traffic for the First Time
Automated bots have officially overtaken human users in global internet traffic for the first time, marking a major shift in how the web is accessed and used. Recent data from Cloudflare Radar shows that bots now generate 57.5% of all HTTP requests to HTML pages. In comparison, human activity has dropped to 42.5%. The trend…
-
CISA warns of cyberattacks targeting fuel tank monitoring systems
CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-cyberattacks-targeting-fuel-tank-monitoring-systems/
-
Tankfüllstandsmesser in Tankstellen öffentlich über das Internet erreichbar
Mitte Mai hat CNN über einen Verdacht von US-Behörden berichtet. Demnach sollen Akteure, die mit dem Iran in Verbindung stehen, automatische Tankfüllstandsmesser (Automatic-Tank-Gauges, ATGs) an Tankstellen in den USA angegriffen haben. Dadurch konnten die Angreifer auf Geräte zugreifen, die über das Internet erreichbar und nicht durch Passwörter geschützt waren, und angezeigte Werte verändern. Zwar konnten…
-
Spain arrests suspected hacker for publishing personal data of police, prosecutors and cyber officials
Police described the incident as a large-scale disclosure of sensitive personal information that posed a threat to both the affected individuals and the institutions they serve. The data was allegedly posted on multiple internet platforms. First seen on therecord.media Jump to article: therecord.media/spain-arrests-suspected-hacker-for-publishing-data-on-sensitive-government-workers
-
AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.
AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and indiscriminate exploitation observed across the internet is now measured in hours, not days.The industry’s…
-
Internet Starts to Return in Iran After 3-Month Blackout
Some internet connectivity is returning in Iran after nearly 90 days offline, web monitoring groups say. But it isn’t clear if the reconnection is permanent. First seen on wired.com Jump to article: www.wired.com/story/internet-in-iran-starts-to-return-after-3-month-blackout/
-
CERT-In Mandates 12-Hour Patch Deadline for Internet-Facing Vulnerabilities
India’s national cyber security agency CERT-In has issued a new blueprint that tells organizations to fix critical vulnerabilities in internet”‘facing and “crown”‘jewel” systems within 12 hours of discovery, as AI”‘driven attackers slash exploitation timelines. The guidance marks one of India’s most aggressive expectations yet on patching speed for exposed infrastructure. CERT-In’s 38″‘page document, titled “Blueprint…