Snapchat parent bets on pricey Snap Specs with dual displays that place digital imagery into wearer’s field of vision This article has been indexed from Silicon UK Read the original article: Snap Debuts $2,195 Augmented Reality Glasses
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273. This vulnerability, categorized as CWE-306 (Missing Authentication for Critical Function), allows…
Joomla, LiteSpeed Vulnerabilities Exploited in Attacks
The flaws allow attackers to execute arbitrary PHP code and gain root privileges on shared hosting servers. The post Joomla, LiteSpeed Vulnerabilities Exploited in Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Athena coalition, Estonia’s quarantine, Arch hit with malware
Athena coalition looks to secure open source Estonia to quarantine Russian email domains Malicious package wave hits Arch Linux Get the show notes here: https://cisoseries.com/cybersecurity-news-athena-coalition-estonias-quarantine-arch-hit-with-malware/ Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question…
IT Security News Hourly Summary 2026-06-17 09h : 12 posts
12 posts were published in the last hour 7:2 : China AI Tops US In Survey, But Fails On Trust 7:2 : Hackers Inject Malicious JavaScript Into WordPress Sites to Deploy ErrTraffic ClickFix Lures 7:2 : Using Real-Time Network Monitoring…
China AI Tops US In Survey, But Fails On Trust
Survey finds people in many countries believe China leads AI race, including UK, France, but trust in Chinese models is far lower This article has been indexed from Silicon UK Read the original article: China AI Tops US In Survey,…
Hackers Inject Malicious JavaScript Into WordPress Sites to Deploy ErrTraffic ClickFix Lures
Hackers are injecting malicious JavaScript into compromised WordPress sites to deploy ErrTraffic-powered ClickFix lures, a campaign that achieved nearly 60% victim conversion rates an unprecedented figure in malware ecosystems. Threat actors exploit WordPress vulnerabilities to inject a single line of…
Using Real-Time Network Monitoring to Spot Suspicious Application Behavior on macOS
In this guide, we will see how real-time network monitoring helps you spot suspicious application behavior on macOS, why traditional defenses leave a visibility gap, and how a lightweight monitoring tool can close it without turning your Mac into a…
Hackers Using Claude and OpenAI’s Codex for Exploitation, and Data Exfiltration Activities
Hackers are increasingly abusing Anthropic’s Claude and OpenAI’s Codex agents to automate reconnaissance, exploitation, and data exfiltration, often by disguising real intrusions as “authorized red team” work. These AI coding assistants are being treated like full-fledged operators, dramatically lowering the…
3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs
SOCRadar has detected 30,000 compromised Fortinet firewalls that expose networks to hacking. The post 3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: 3 Recently…
The SOC’s visibility gap comes down to staffing
AI has settled into security operations centers faster than any earlier wave of technology. Around four in five practitioners report reaching for AI or machine learning tools in their daily work. The catch shows up one layer down. Roughly a…
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-48907 (CVSS…
China-Linked Hackers Stole Data For More Than A Year
Google security researchers uncover alleged China-linked group that exfiltrated messages from research institutions for months This article has been indexed from Silicon UK Read the original article: China-Linked Hackers Stole Data For More Than A Year
Mobile Firms Refused Permission For 20m Keighley Phone Mast
Planners say proposal by mobile infrastructure company for 66-foot 5G mast in centre of market town would be ‘stark’ and ‘intrusive’ This article has been indexed from Silicon UK Read the original article: Mobile Firms Refused Permission For 20m Keighley…
JetBrains Plugin Security Alert: 70,000+ Installs Linked to AI Key Theft
A coordinated supply chain attack targeting JetBrains IDE users has exposed over 70,000 developers to silent credential theft. The campaign involves at least 15 malicious plugins distributed via the JetBrains Marketplace, masquerading as AI-powered coding assistants built on models such…
Rokarolla Malware Abuses Android Accessibility Services to Steal Banking Credentials
Rokarolla, a new Android banking trojan named after its Command-and-Control (C2) infrastructure, that combines sophisticated social engineering, broad permissions abuse, and a flexible command set to harvest credentials from 217 targeted banking and cryptocurrency apps. Distributed via malicious websites that…
Microsoft AntiSSRF open-source library helps block server-side request forgery
AntiSSRF is an open-source code library from Microsoft that validates URLs and network connections to reduce server-side request forgery (SSRF) risks in web applications. It supports .NET and Node.js applications and is distributed under the MIT license. The library works…
Critical Chrome Flaws Let Attackers Execute Arbitrary Code – Update Immediately
Google has released an urgent Chrome security update addressing multiple critical vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update, now rolling out to users globally, upgrades Chrome to version 149.0.7827.155/.156 for Windows and macOS…
Malware Uses Deno Permission Flags to Run Commands and Proxy Internal Network Traffic
A recent intrusion demonstrates how threat actors are shifting toward scripting runtimes to evade traditional detection: attackers delivered a modular Remote Access Trojan (RAT) built on Deno, using social engineering to install a multi-process JavaScript implant that executes commands and…
Fortra Access Manager Security Flaw Exposes Systems to Command Injection
Fortra has reported a critical command injection vulnerability in its Core Privileged Access Manager (BoKS) platform, which could allow remote attackers to execute arbitrary commands with elevated privileges. This could potentially lead to a full system compromise. Tracked as CVE-2026-9862…
NVIDIA NeMo Security Flaw Exposes Systems to Command Injection Attacks
NVIDIA has disclosed multiple high-severity vulnerabilities in its NeMo Framework, including a critical command injection flaw that could allow attackers to execute arbitrary code on affected systems. These issues, outlined in the June 2026 security bulletin, impact NeMo versions up…
FishMonger’s arsenal upgraded: SprySOCKS for Windows
ESET researchers have discovered SprySOCKS for Windows, FishMonger’s backdoor weaponizing a kernel driver for advanced stealthiness This article has been indexed from WeLiveSecurity Read the original article: FishMonger’s arsenal upgraded: SprySOCKS for Windows
Product showcase: From phishing texts to risky Wi-Fi, Norton 360 Deluxe watches the gaps
Norton 360 Deluxe combines device security, scam detection, web protection, and VPN privacy in a single subscription that covers up to five devices. It is available for Windows, macOS, Android, and iOS. Setup and first impressions After downloading the app…
Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection
A critical security vulnerability tracked as CVE-2026-49468 has been disclosed in the LiteLLM framework, exposing deployments to authentication bypass attacks via Host header injection. The issue, published in the GitHub Advisory Database and classified under GHSA-4xpc-pv4p-pm3w, affects all LiteLLM versions…