A coordinated supply chain attack targeting JetBrains IDE users has exposed over 70,000 developers to silent credential theft. The campaign involves at least 15 malicious plugins distributed via the JetBrains Marketplace, masquerading as AI-powered coding assistants built on models such…
Rokarolla Malware Abuses Android Accessibility Services to Steal Banking Credentials
Rokarolla, a new Android banking trojan named after its Command-and-Control (C2) infrastructure, that combines sophisticated social engineering, broad permissions abuse, and a flexible command set to harvest credentials from 217 targeted banking and cryptocurrency apps. Distributed via malicious websites that…
Microsoft AntiSSRF open-source library helps block server-side request forgery
AntiSSRF is an open-source code library from Microsoft that validates URLs and network connections to reduce server-side request forgery (SSRF) risks in web applications. It supports .NET and Node.js applications and is distributed under the MIT license. The library works…
Critical Chrome Flaws Let Attackers Execute Arbitrary Code – Update Immediately
Google has released an urgent Chrome security update addressing multiple critical vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update, now rolling out to users globally, upgrades Chrome to version 149.0.7827.155/.156 for Windows and macOS…
Malware Uses Deno Permission Flags to Run Commands and Proxy Internal Network Traffic
A recent intrusion demonstrates how threat actors are shifting toward scripting runtimes to evade traditional detection: attackers delivered a modular Remote Access Trojan (RAT) built on Deno, using social engineering to install a multi-process JavaScript implant that executes commands and…
Fortra Access Manager Security Flaw Exposes Systems to Command Injection
Fortra has reported a critical command injection vulnerability in its Core Privileged Access Manager (BoKS) platform, which could allow remote attackers to execute arbitrary commands with elevated privileges. This could potentially lead to a full system compromise. Tracked as CVE-2026-9862…
NVIDIA NeMo Security Flaw Exposes Systems to Command Injection Attacks
NVIDIA has disclosed multiple high-severity vulnerabilities in its NeMo Framework, including a critical command injection flaw that could allow attackers to execute arbitrary code on affected systems. These issues, outlined in the June 2026 security bulletin, impact NeMo versions up…
FishMonger’s arsenal upgraded: SprySOCKS for Windows
ESET researchers have discovered SprySOCKS for Windows, FishMonger’s backdoor weaponizing a kernel driver for advanced stealthiness This article has been indexed from WeLiveSecurity Read the original article: FishMonger’s arsenal upgraded: SprySOCKS for Windows
Product showcase: From phishing texts to risky Wi-Fi, Norton 360 Deluxe watches the gaps
Norton 360 Deluxe combines device security, scam detection, web protection, and VPN privacy in a single subscription that covers up to five devices. It is available for Windows, macOS, Android, and iOS. Setup and first impressions After downloading the app…
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection
A critical security vulnerability tracked as CVE-2026-49468 has been disclosed in the LiteLLM framework, exposing deployments to authentication bypass attacks via Host header injection. The issue, published in the GitHub Advisory Database and classified under GHSA-4xpc-pv4p-pm3w, affects all LiteLLM versions…
Navigating SEC, NIS2, and DORA incident disclosure timelines under pressure
In this Help Net Security video, Rick Goud, Global Field CTO at Kiteworks, discusses how to handle SEC, NIS2, and DORA disclosure timelines during a security incident. He opens with a 3.47 a.m. call: the team cannot confirm whether customer…
UNC3753 Uses Screen-Sharing Sessions and RMM Tools to Exfiltrate Sensitive Legal Data
A sophisticated cybercriminal group has been quietly targeting law firms and professional services organizations across the United States since the beginning of 2026. The campaign is financially motivated and relies heavily on deception rather than technical exploits. Victims are manipulated…
The checklist problem behind critical infrastructure cyber safety
An asset owner can meet major federal cyber compliance standards and still run equipment that lacks the engineering to withstand an attack or a failure. New research from George Mason University examines how United States cyber policy defines reasonable care…
Scam Losses Surge – Cybersecurity Today
Cybersecurity Today host David Shipley reports that the FTC says Americans lost $3.5 billion to imposter scams in 2025—nearly triple 2020—with social media tied to $2.1 billion in losses and total fraud reaching about $16 billion, while the FBI estimates…
Cyberattack sees crops kept in the ground
Bitter harvest for Australia’s Mackay Sugar, attacked in peak cane crushing season This article has been indexed from www.theregister.com – Articles Read the original article: Cyberattack sees crops kept in the ground
ISC Stormcast For Wednesday, June 17th, 2026 https://isc.sans.edu/podcastdetail/9976, (Wed, Jun 17th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, June 17th, 2026…
Ghostwriter Hackers Abuse Gmail Admin-Themed Emails to Steal Credentials and 2FA Codes
A state-linked hacker group known as Ghostwriter has launched a wave of targeted phishing attacks aimed at Gmail users, disguising malicious emails as official security alerts from Google. The campaign is designed to trick recipients into handing over their login…
ClickFix Campaign Uses EtherHiding and GULoader to Infect Windows Users via Fake CAPTCHA
A new cyberattack campaign is targeting Windows users through fake CAPTCHA pages, combining three techniques to slip past standard security defenses without raising alarms. The campaign, first observed in April 2026, begins on a compromised European small-business website and ends…
New OnionDrop Loader Campaign Uses gainmsg C2 to Deliver LegionLoader Payloads
A newly identified loader campaign is raising serious concerns across the cybersecurity community. Threat researchers have uncovered an active operation using a sophisticated multi-stage loader called OnionDrop, which is being used to deliver harmful payloads, including the well-known LegionLoader, to…
Infinite Campus: Salesforce Breach Exposed 137,000 Staff Records
Infinite Campus says a Salesforce breach exposed data tied to 137,000 school staff accounts, raising phishing and SaaS security concerns. The post Infinite Campus: Salesforce Breach Exposed 137,000 Staff Records appeared first on TechRepublic. This article has been indexed from…
Apple plans to change its Hide My Email privacy feature that could make it less effective
In the coming weeks, Apple will move anonymously generated emails addresses to a different domain. This article has been indexed from Security News | TechCrunch Read the original article: Apple plans to change its Hide My Email privacy feature that…
IT Security News Hourly Summary 2026-06-17 00h : 1 posts
1 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-06-16
IT Security News Daily Summary 2026-06-16
157 posts were published in the last hour 20:34 : Leak Exposes Members of Peter Thiel’s Secretive ‘Dialog’ Society 20:34 : Python dev saved from disaster by intuition…and AI 20:9 : AI is Not Solving Cybersecurity Burnout Yet, New ISSA…
Leak Exposes Members of Peter Thiel’s Secretive ‘Dialog’ Society
More than 200 of the world’s elites registered for a retreat whose agenda runs from panels on cult-building and sex to prepping for World War III. An associated app offers matchmaking. This article has been indexed from Security Latest Read…