Check Point Research has uncovered active exploitation of CVE-2026-50751, a critical authentication bypass vulnerability (CVSS 9.3) in Check Point Remote Access VPN and Mobile Access deployments, with confirmed post-compromise activity linked to the Qilin ransomware gang. CVE-2026-50751 targets deployments configured…
IT Security News Hourly Summary 2026-06-08 21h : 6 posts
6 posts were published in the last hour 19:2 : Operation FlutterBridge Uses Fake Google Ads to Spread macOS Backdoor 18:32 : CISA Highlights Vital Resources to Help Event Attendees Stay Safe 18:32 : AI Policy Meets Operational Reality: White…
Operation FlutterBridge Uses Fake Google Ads to Spread macOS Backdoor
Operation FlutterBridge uses fake Google ads and shell companies to deploy FlutterShell, a new macOS backdoor targeting unsuspecting users. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Operation FlutterBridge…
CISA Highlights Vital Resources to Help Event Attendees Stay Safe
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from CISA Blog Read the original article: CISA Highlights Vital Resources to Help Event Attendees Stay Safe
AI Policy Meets Operational Reality: White House AI Cybersecurity Order Calls for Public-Private Coordination
As frontier AI models gain stronger cyber capabilities, public-private collaboration will be essential for improving AI-assisted defense, strengthening vulnerability response, and building critical infrastructure resilience. This article has been indexed from Industry Trends & Insights Read the original article:…
Meta claims NSO Group still targets WhatsApp users despite court order
Meta claims it disrupted spear-phishing attempts linked to NSO Group and is asking a US federal court to hold the spyware vendor in contempt for allegedly violating an injunction that bars it from targeting WhatsApp and its users. “We successfully…
Meta Deletes Face-Recognition System From Its Smart Glasses App After WIRED Report
The code WIRED identified is gone from the latest version of Meta AI, the companion app for the company’s smart glasses. Meta won’t say why or whether it’s coming back. This article has been indexed from Security Latest Read the…
Meta Rolls Out Paid Plans for Facebook, Instagram, and WhatsApp
Meta has announced a wide expansion of its subscription business, introducing new paid plans for Facebook, Instagram, and WhatsApp users while preparing additional premium offerings aimed at artificial intelligence users, content creators, and businesses. The move reflects the company’s…
Critical 7-Zip Vulnerability Exposes Millions of Systems to Potential Malware Attacks
A fresh disclosure highlights a security weakness in the popular 7-Zip tool, stirring unease within cyber defense circles due to its potential misuse for spreading harmful software. Though limited to outdated builds of this open compression program, the flaw…
Ad Tracking Puts US Troops at Risk on the Battlefield
The ad-tracking industry is facing fresh scrutiny after reports said commercial location data has been used to expose US soldiers in active war zones. US Central Command reportedly confirmed that it has received multiple threat reports about adversaries exploiting…
Gogs Zero-Day Vulnerability Raises Alarm Over Server Security
Researchers have discovered a zero-day vulnerability in Gogs, the widely used self-hosted Git repository management platform, that may allow authenticated users to escalate their privileges on vulnerable servers by leveraging this vulnerability to execute remote code. In addition to…
WhatsApp to Roll Out Username Feature, No Mobile Number Required
WhatsApp will launch a new feature where users can opt for usernames and connect with others without putting mobile numbers. The feature is similar to the famous messaging app Telegram and also Instagram. The new update will allow users to…
Meta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt Order
Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group. In addition, the tech giant said it’s filing a federal court contempt order against the company for violating a permanent injunction that barred…
TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)
This diary continues the Internet Storm Center's tracking of the TeamPCP supply chain campaign, first documented in the SANS white paper When the Security Scanner Became the Weapon and most recently in the handler diary Activity Through 2026-05-24. Since that…
Governing Claude Enterprise in Environments Where Inline Controls Can’t Go
TrendAI™ integrates Anthropic’s Claude Compliance API into TrendAI Vision One™ through two collectors that bring AI-aware visibility and detection to Claude Enterprise usage: one keeps all data inside the environment, while the other feeds TrendAI Vision One™ for deeper correlation…
Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open
Two separate Russia-aligned campaigns are still exploiting the WinRAR flaw CVE-2025-8088 against Ukrainian organizations nearly a year after it was patched, showing how unmanaged software keeps an exploited entry point open long after the fix ships. This article has been…
Critical Zcash Vulnerability Found and Fixed
If you’re a user—owner?—of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this…
Malspam Attack Uses Google DoubleClick Redirects to Deliver Fileless .NET Loader
Cybercriminals have found a new way to sneak malware past email security tools, and this time they are hiding behind a name that most systems trust without question. A recent malspam campaign has been caught using Google’s own DoubleClick ad-tracking…
New Pink Hacking Group Attacking Enterprise Users to Steal Cloud Storage Passwords
A newly identified extortion group called Pink has emerged as a serious threat to enterprise organizations, using social engineering tactics to steal cloud storage credentials and sensitive data. The group, tracked under the cluster code CL-CRI-1147, launched its dedicated data…
New Linux Kernel Vulnerability Lets Attackers Escalate Privileges to Root
A use-after-free vulnerability in the Linux kernel’s nftables subsystem has been disclosed, enabling unprivileged local attackers to escalate privileges to root on widely deployed distributions including Debian Bookworm, Debian Trixie, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. Tracked as CVE-2026-23111,…
Ransomware crims got a month-long head start on Check Point VPN 0-day that now has a fix
Scumbags, including a Qilin ransomware affiliate, began hitting this hole May 7 This article has been indexed from www.theregister.com – Articles Read the original article: Ransomware crims got a month-long head start on Check Point VPN 0-day that now has…
A Security Raises $37 Million for Autonomous Offensive Security Platform
The company founded by Yossi Torati, Omer Gull, and Yuval Itzchakov has emerged from stealth mode. The post A Security Raises $37 Million for Autonomous Offensive Security Platform appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Hackers Clone Ghidra, dnSpy and Other Tool Sites to Spread Malware
Hackers are cloning Ghidra, dnSpy, ILSpy and other free tool sites to spread Malware like RemusStealer, crypto clippers and loaders through fake downloads. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the…
AI brands as bait: How threat actors are using the AI hype in social engineering
As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. The post AI brands as bait: How threat actors are using the AI hype in social…