171 posts were published in the last hour 21:31 : New website names and shames companies that still don’t offer passkeys to users 21:7 : Operation Endgame Disrupts StealC, Amadey and SocGholish Malware Networks 21:7 : Malicious Edge Extension Uses…
New website names and shames companies that still don’t offer passkeys to users
According to a new site, 24% of the most popular websites in the world don’t offer support for passkeys, which are considered the most secure way to log in to apps and services. This article has been indexed from Security…
Operation Endgame Disrupts StealC, Amadey and SocGholish Malware Networks
Operation Endgame disrupts StealC malware infrastructure, seizing millions of stolen credentials and targeting servers used in global cybercrime campaigns. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Operation Endgame…
Malicious Edge Extension Uses Chrome Native Messaging to Execute Code on Victim Systems
A new and deceptive malware campaign has been uncovered, one that turns an everyday browser extension into a dangerous tool for system compromise. Security researchers have identified a threat that uses a malicious Microsoft Edge extension to break out of…
Restrict AWS Management Console access to expected networks with sign-in resource-based policies and RCPs
Amazon Web Services (AWS) recently announced support for resource-based policies and resource control policies (RCPs) for AWS Sign-In. By using resource-based policies and RCPs, you can restrict access to the AWS Management Console sign-in and aws login CLI sessions to…
Your Biggest Identity Problem Isn’t Your Employees Anymore; It’s Everything Else
I used to open identity audits by asking a CISO how many users were on their network. These days, I ask a different question first: how many non-human identities do you have, and when was the last time anyone counted?…
The next phase of endpoint security starts with simplicity
For years, enterprise endpoints were expected to handle everything locally, including productivity, collaboration, storage, and security, while supporting increasingly complex operating systems and applications. But as more workloads have moved into cloud-delivered environments, that model has started to break down.…
CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms
Learn how CNAPP platforms are helping organizations prioritize exploitable risks, reduce exposure, and operationalize security across the application lifecycle. The post CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms appeared first on Microsoft Security Blog. This article…
From Prompt Testing to AI Red Teaming at Enterprise Scale
Anyone can try to break a chatbot. That is part of what makes AI red teaming feel accessible. Open a model, write a strange prompt, ask for something the system should refuse, reframe the request, and see what happens. Sometimes…
Klue supply chain breach exposes Salesforce data at several security firms
A supply chain attack targeting Klue, a competitive intelligence platform, has lead to the theft of Salesforce data from multiple entities, including several cybersecurity vendors. Klue disclosed that threat actors had gained unauthorized access to part of its integration infrastructure…
AI, OAuth, and Other Platform APIs in the Core
This is the second follow-up to June 5’s release post. It covers the platform APIs that moved into the framework core this release. There are two headline pieces (AI/LLM and the modern OAuth/OIDC stack) and two smaller pieces (WiFi/connectivity and share-sheet…
Europol Disrupts StealC and Amadey Malware Infrastructure in Operation Endgame
Operation Endgame disrupted malware services like StealC and Amadey that enable ransomware, fraud, and attacks on critical infrastructure. Between June 15 and 19, 2026, Europol coordinated a two-week law enforcement operation involving agencies from Canada, Denmark, Germany, the Netherlands, the…
IT Security News Hourly Summary 2026-06-24 21h : 6 posts
6 posts were published in the last hour 18:32 : As Q-Day looms, 90% of systems are unprepared for PQC 18:31 : EvilTokens Hides Its Attack Flow in the Browser, Exposing Static Analysis Gaps 18:31 : Tata Electronics Confirms Cybersecurity Incident,…
As Q-Day looms, 90% of systems are unprepared for PQC
<p>Cybersecurity executives have a long way to go before they are ready for a quantum computing world, researchers warn — and they’re likely running out of time.</p> <p>A new <a target=”_blank” href=”https://www.forescout.com/blog/pqc-adoption-gaps-90-percent-of-systems-are-still-not-quantum-safe/” rel=”noopener”>report</a> from Forescout Research Vedere Labs found that…
EvilTokens Hides Its Attack Flow in the Browser, Exposing Static Analysis Gaps
EvilTokens is drawing attention in phishing investigations for abusing Microsoft Device Code authentication and hiding key parts of its attack flow from static URL analysis. In a recent analysis, the phishing page was found encrypted in the initial HTML response and appeared only after browser-side…
Tata Electronics Confirms Cybersecurity Incident, Says Business Operations Remain Unaffected
Tata Electronics has acknowledged that it recently experienced a cybersecurity incident affecting certain parts of its IT infrastructure. However, the company stated that the event did not disrupt its business activities or day-to-day operations. Addressing the incident, a company…
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026. The…
Microsoft uses AI to link two malware operations in racketeering suit
200+ C2 servers linked to StealC and Amadey shut down This article has been indexed from www.theregister.com – Articles Read the original article: Microsoft uses AI to link two malware operations in racketeering suit
When Information Becomes the Attack Surface – Understanding AI Agent Traps
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. The post When Information Becomes the Attack Surface – Understanding AI Agent Traps appeared first on SecurityWeek. This article has been…
Authorities Disrupt Stealer Malware StealC and Amadey Infrastructure in Global Operation
Europol and law enforcement partners across multiple countries have dealt a significant blow to the cybercriminal ecosystems powering StealC, Amadey, and SocGholish malware, three widely deployed tools in the modern “cybercrime-as-a-service” supply chain. Announced as part of Operation Endgame, the…
Hackers Exploiting Cisco Catalyst SD-WAN Manager 0-Day Flaw to Gain Root-Level Access
A sophisticated threat actor is actively targeting SD-WAN infrastructure at a major service provider. The campaign culminated in the exploitation of a zero-day privilege escalation vulnerability, now tracked as CVE-2026-20245 (CVSS 7.8), in Cisco Catalyst SD-WAN Manager, enabling attackers to…
PixelSmash flaw turns video files into attack tools
Researchers have found a critical FFmpeg flaw that could let attackers use a malicious video file to compromise vulnerable systems. This article has been indexed from Malwarebytes Read the original article: PixelSmash flaw turns video files into attack tools
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. “The main common goal was to disrupt the ‘assembly lines’ cybercriminals…
Madison Square Garden Hack Exposes 26 Million Visitor Records
Madison Square Garden faces a 26M-record hack tied to visitor data, facial recognition, and security records from its venue operations, with fallout from the leak. The post Madison Square Garden Hack Exposes 26 Million Visitor Records appeared first on TechRepublic.…