Hackers have found a new way to blind security teams before stealing passwords, and the technique is as thorough as it is alarming. A threat actor recently disabled Microsoft Defender, killed the Sysmon logging tool, and tore down a web…
Category: EN
FCC Announces Bans on Chinese Equipment Linked to Cybersecurity Risks
The U.S. Federal Communications Commission (FCC) has announced a sweeping ban on the import and sale of certain Chinese-made telecommunications equipment linked to cybersecurity risks and potential espionage. The decision, issued on June 26, 2026, targets devices from companies listed…
Critical JetBrains Vulnerabilities Enable Authentication Bypass and Code Execution Attacks
JetBrains has released security updates for a cluster of critical vulnerabilities that enable authentication bypass, account takeover, and remote code execution (RCE) across its on‑premise ecosystem, including Hub, YouTrack, IntelliJ‑based IDEs, Kotlin, GoLand, and TeamCity. These flaws put development and…
Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm
Anthropic said Tuesday night that its AI model called Claude Fable 5 is now widely available. The post Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Microsoft Warns: Fake Perplexity Extension Abused Chrome Search Features
Microsoft found a fake Perplexity AI Chrome extension that rerouted searches through attacker servers. Here’s what users should check now. The post Microsoft Warns: Fake Perplexity Extension Abused Chrome Search Features appeared first on TechRepublic. This article has been indexed…
New BioShocking Attack Tricks AI Browsers Into Leaking Credentials
LayerX found that BioShocking could trick AI browsers into leaking credentials by disguising malicious prompts as game rules. The post New BioShocking Attack Tricks AI Browsers Into Leaking Credentials appeared first on TechRepublic. This article has been indexed from Security…
Oracle E-Business Suite was under attack via critical flaw before the public exploit code was even released
Attackers appear to have reverse-engineered Big Red’s patch This article has been indexed from www.theregister.com – Articles Read the original article: Oracle E-Business Suite was under attack via critical flaw before the public exploit code was even released
CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability
CISA says threat actors are exploiting a recently patched SharePoint remote code execution vulnerability (CVE-2026-45659). The post CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials
Researchers show how context manipulation can cause agentic browsers to abandon safety guardrails and exfiltrate sensitive credentials. The post ‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability
A PoC exploit has been available since public disclosure, and the first exploitation attempts were observed last week. The post Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Sysdig Details JADEPUFFER, the First Documented Agentic Ransomware Operation
A new Sysdig report traces how an LLM agent abused a Langflow flaw, stole credentials, reached production MySQL, and destroyed Nacos config data in minutes flat. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and…
Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic
Adobe fixed multiple critical flaws, including max severity bugs in ColdFusion and Campaign Classic that could lead to remote code execution Adobe has released security updates for ColdFusion and Campaign Classic, fixing multiple critical vulnerabilities, including seven maximum-severity issues (CVSS…
WinRAR 7.23 Fixes Heap Overflow Vulnerability that Leads to Application Crashes
WinRAR 7.23 addresses a newly disclosed heap overflow vulnerability in the RAR5 recovery volume processing code, tracked as CVE-2026-14191. Closing a memory-corruption flaw that could be triggered by malicious recovery volume (.rev) data and potentially lead to application crashes or…
Medtronic Confirms Data Breach – Hackers Gained Access to Corporate IT Systems
Medical technology giant Medtronic Inc. has disclosed a cybersecurity incident involving unauthorized access to its corporate IT systems, potentially affecting sensitive personal and health-related information of patients using Medtronic medical devices. Medtronic detected unusual activity in certain corporate IT systems…
Multiple ClamAV Vulnerabilities Allow Remote Attacker to Cause a DoS Condition
Multiple high-severity vulnerabilities in Cisco’s ClamAV engine allow remote attackers to crash the antivirus scanning process, causing a denial-of-service (DoS) on affected Cisco Secure Endpoint Connector deployments. The flaws affect Windows, Linux, and macOS, with the highest impact on Windows,…
Browser-Only Ransomware Abuses Chrome File System Access API to Encrypt Android Photos
A new ransomware technique can now run entirely inside a web browser, with no app installation or root access required. It targets Android photo directories by abusing a legitimate Chrome feature meant for photo editing. The attack begins with something…
CISA Warns of Microsoft SharePoint Server Code Execution Vulnerability Exploited in Attacks
CISA has added a newly disclosed Microsoft SharePoint Server vulnerability, tracked as CVE-2026-45659, to its Known Exploited Vulnerabilities (KEV) Catalog, warning that the flaw is actively being exploited in real-world attacks. The vulnerability is a deserialization of untrusted data issue…
JetBrains Patches Critical Hub Authentication Bypass and Account Takeover Vulnerabilities
JetBrains has released patches for several critical vulnerabilities in JetBrains Hub that could allow for full authentication bypass, account takeover, and unauthorized privilege escalation across integrated JetBrains services. Administrators are urged to update their Hub instances immediately. Critical Hub Vulnerabilities…
Hackers Use Geofenced Webpages to Deliver Ousaban Banking Trojan in Spain and Portugal
A targeted phishing campaign delivering the Ousaban banking Trojan to users in Spain and Portugal, notable for its use of geofenced webpages, layered evasion techniques, and a modular delivery chain. The threat actor repurposes a playbook seen previously in Brazil…
“We’ve struck a chord with the new partner programme”
Specialist retailers and resellers are increasingly acting as IT security service providers and strategic partners for businesses. G DATA CyberDefense has therefore completely overhauled its partner programme. In future, it will reward not only turnover but also commitment. In this…