Tag: threat
-
Critical Wazuh Flaw Enables Threat Actors to Alter Alerts and Remove Logs
A critical security flaw in Wazuh Manager could allow unauthenticated threat actors to tamper with alerts, delete forensic evidence, and execute arbitrary OpenSearch operations by exploiting an input validation weakness in the platform’s new inventory synchronization pipeline. Tracked under GitHub advisory GHSA-ff9g-85jq-r3g3, the vulnerability affects Wazuh Manager version 5.0.0-beta1 and carries a maximum CVSS score…
-
Threat Actor Malware Platform Exposed Through Unlocked PHP Installer Page
A misconfigured PHP-based malware distribution platform has been exposed after a security researcher inadvertently gained administrative access via an unlocked installation page, highlighting critical operational security failures in the active threat actor’s infrastructure. The incident, documented on June 11, 2026, began with routine threat intelligence monitoring on X (formerly Twitter), where a suspicious software download…
-
Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface Management
Torrance, United States / California, June 11th, 2026, CyberNewswire Criminal IP by AI SPERA, a cyber threat intelligence platform delivering decision-ready intelligence and attack surface visibility to security teams worldwide, participated in Infosecurity Europe 2026 at ExCeL London this week, marking the company’s second consecutive appearance at Europe’s leading cybersecurity event. Alongside live demonstrations of…
-
New Agentjacking Attack Hijacks AI Coding Agents to Execute Malicious Code
A newly disclosed Agentjacking attack class can silently weaponize AI coding agents against the very developers who rely on them, requiring no phishing, no server compromise, and no user interaction beyond a developer’s normal workflow of asking their AI assistant to investigate errors. Tenet Security’s Threat Labs developed and validated the technique, demonstrating how a…
-
Malicious 152 Chrome Extensions Caught Spoofing Google Organic Search Traffic
A massive, coordinated network of 152 malicious Google Chrome browser extensions has been dismantled after researchers caught the operation generating fake organic Google search traffic. Socket’s Threat Research Team discovered the operation spanning 38 separate Chrome Web Store publisher accounts and tracing back to three primary brand backends: tabplugins[.]com, yowgames[.]com, and chromewallpaper[.]com. Disguised as benign…
-
Flashpoint Gives MSSPs, Security Teams a Deep Dive into Identity-Based Threats
First seen on scworld.com Jump to article: www.scworld.com/news/flashpoint-gives-mssps-security-teams-a-deep-dive-into-identity-based-threats
-
How autonomous defense and remediation stands up to AI cyber threats
First seen on scworld.com Jump to article: www.scworld.com/perspective/how-autonomous-defense-and-remediation-stands-up-to-ai-cyber-threats
-
AI in cyberdefense: Learning from threat actors’ playbooks
At the Gartner Cybersecurity and Risk Management Summit 2026, security professionals learned how to use AI to counter the AI-fueled cyberattacks directed against them. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366644163/AI-in-cyberdefense-Learning-from-threat-actors-playbooks
-
Iran-Linked Handala Breached a California Water Utility. It Could Have Done Worse, and It Knows That.
Pro-Iran group Handala breached Cal Water via an exposed GPS tool, reaching billing data for 2M customers. 5GB leaked. On June 11, 2026, the Iran-linked threat group Handala posted a claim on its blog that it had compromised California Water Service, known as Cal Water, and published a 5GB proof-of-concept data dump to back it…
-
The Cyber Express Weekly Roundup: AI Security Controls, Major Patch Releases, Public Sector Audits, and Emerging Online Scams
Tags: ai, control, cyber, cybercrime, cybersecurity, governance, government, risk, risk-management, scam, technology, threat, update, vulnerabilityThis week’s cybersecurity developments highlight a growing emphasis on proactive security measures, governance oversight, and risk management across both public and private sectors. From large-scale vulnerability remediation efforts and AI security enhancements to government-led technology reviews and event-driven cybercrime campaigns, organizations continue to face a complex threat landscape. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/tce-weekly-roundup-cybersecurity-ai/
-
Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign
Tags: advisory, breach, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, update, vulnerability, zero-dayShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran…
-
Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign
Tags: advisory, breach, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, update, vulnerability, zero-dayShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran…
-
Rethinking MDR as Attackers and Defenders Embrace AI
For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn’t staff around the clock, couldn’t hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now.The threat landscape has changed faster than the MDR model…
-
Tchap Messenger Hack Exposes Data of Over 73,000 French Government Employees
A suspected cyberattack targeting Tchap, the secure messaging platform used by French government agencies, has reportedly exposed sensitive data belonging to more than 73,000 government employees. According to threat intelligence reports shared by the ThreatMon monitoring account, a threat actor claims to have exfiltrated approximately 13.5 GB of internal data, covering nearly three years of…
-
CISA Orders Federal Agencies to Patch Critical Vulnerabilities Within 3 Days
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive, BOD 26-04, mandating that federal civilian agencies remediate critical vulnerabilities within as little as 3 days, significantly tightening patching timelines in response to escalating cyber threats and rapid exploitation cycles. Announced on June 10, 2026, the directive introduces a risk-based vulnerability…
-
Fake Windows and Office Activation Videos Spread Infostealers on TikTok and Instagram
Short-form video platforms such as TikTok and Instagram Reels have become an increasingly effective vector for distributing infostealers, as threat actors leverage polished tutorial-style clips to trick Windows users into running malicious code. Attackers create accounts with Windows-like naming and branding, then post short, high-production-value videos that mimic authentic support or how-to content. The posts…
-
Oracle PeopleSoft Zero-Day RCE Vulnerability Exploited by ShinyHunters
Tags: cve, cvss, cyber, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, vulnerability, zero-dayA newly disclosed zero-day vulnerability in Oracle PeopleSoft is being actively exploited by the ShinyHunters threat group, according to a joint investigation by Mandiant and Google Threat Intelligence Group (GTIG). Tracked as CVE-2026-35273 with a critical CVSS score of 9.8, the flaw affects the Environment Management component and enables unauthenticated remote code execution. Researchers confirmed…
-
Vietnamese Digital Spies Look for Domestic Targets
Eset Says Threat Actor Redirected Efforts From Foreign Operations. Eset linked OceanLotus, also known as APT32, to a supply-chain attack on Vietnam’s FireAnt financial platform and a prolonged intrusion into a transport infrastructure company, suggesting the state-aligned threat actor is increasingly focused on gathering intelligence from domestic targets. First seen on govinfosecurity.com Jump to article:…
-
CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release
Tags: cve, data-breach, exploit, flaw, injection, Internet, ivanti, remote-code-execution, threat, updateAttackers are exploiting the critical CVE-2026-10520 flaw in Ivanti Sentry, compromising many internet-exposed gateways shortly after patches were released. Threat actors have started exploiting a maximum-severity OS command injection flaw in Ivanti Sentry, tracked as CVE-2026-10520, that allows remote code execution with root privileges. >>An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote…
-
CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release
Tags: cve, data-breach, exploit, flaw, injection, Internet, ivanti, remote-code-execution, threat, updateAttackers are exploiting the critical CVE-2026-10520 flaw in Ivanti Sentry, compromising many internet-exposed gateways shortly after patches were released. Threat actors have started exploiting a maximum-severity OS command injection flaw in Ivanti Sentry, tracked as CVE-2026-10520, that allows remote code execution with root privileges. >>An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote…
-
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and Medusa (aka Venomous Mantis).According to a detailed report First seen on…
-
FIFA World Cup expected to face extensive criminal, hacktivist cyber threats
Researchers warn that thousands of malicious domains are already in place, as fans and tournament organizers face potential attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/fifa-world-cup-criminal-hacktivist-cyber-threat/822638/
-
Phishing mittels Kalendereinladung
Angreifer nutzen zunehmend Kalendereinladungen, um E-Mail-Sicherheitsmaßnahmen zu umgehen. Dieser Angriffsvektor hat in den letzten sechs Monaten um 49 Prozent zugenommen. Das Threat-Labs-Team von KnowBe4 wirft einen Blick hinter die Kulissen und liefert eine detaillierte Analyse. Sie beleuchten die technischen Grundlagen und taktischen Veränderungen von Multi-Vektor-Angriffen, die auf den Kalender abzielen. Modernes Phishing geht inzwischen weit…
-
Why AI-driven threats are exposing the limits of MSP security stacks
AI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automation, and recovery are becoming essential. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/why-ai-driven-threats-are-exposing-the-limits-of-msp-security-stacks/
-
Most Cybersecurity Teams Struggle to Find Time for Training on New Cyber Threats
Organizations are aware of the challenges that new technologies like AI bring: but cybersecurity staff struggle to make time for the required training during working hours First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cybersecurity-training-time/
-
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER.The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack…
-
Hackers Use Residential Proxies Networks to Evade Detection
The impact of residential proxies across our customer base by compiling billions of DNS resolutions and the associated network telemetry. The Kimwolf Botnet inside our enterprise customer networks. Follow”‘up analysis of billions of DNS resolutions across Infoblox Threat Defense Cloud customers reveals a more systemic problem: in 2026 more than 65% of customers queried domains associated with residential…
-
KI-Effizienz und der Umbruch digitaler Geschäftsmodelle
Der Cloudflare Threat Report geht dabei über eine reine Sicherheitsanalyse hinaus er offenbart einen grundlegenden Strukturwandel der digitalen Architektur. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ki-effizienz-und-der-umbruch-digitaler-geschaeftsmodelle/a45438/

