For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and…
Chaotic Eclipse Strikes Again: New Zero-Day Unlocks BitLocker in Four Hours of Research
GreatXML bypasses BitLocker via Defender offline scan artifacts, giving SYSTEM shell in Recovery Mode. No patch exists. Any machine that ran an offline scan is vulnerable. On June 10, security researcher Chaotic Eclipse (aka Nightmare Eclipse) published a new working…
Enhanced License Plate Tracking
The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers (ALPRs) that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique…
Children’s phones must block nude images by September, UK says
Apple and Google have three months to block nude images on children’s phones. They’re not allowed to collect any data while they do it. This article has been indexed from Malwarebytes Read the original article: Children’s phones must block nude…
FBI Seizes 13 Websites That Officials Say Were Used by China to Target and Recruit US Workers
The 13 websites purported to be affiliated with consulting companies that advertised job openings for current and former holders of security clearances The post FBI Seizes 13 Websites That Officials Say Were Used by China to Target and Recruit US…
Interpol Dismantles SniperDz Phishing-as-a-Service Platform
New revelations by Group-IB expose the full scale of the decade-old SniperDz phishing operation This article has been indexed from www.infosecurity-magazine.com Read the original article: Interpol Dismantles SniperDz Phishing-as-a-Service Platform
Weaponized DMG Files Deliver macOS Infostealer Malware
A recent surge in macOS-targeted campaigns shows threat actors favoring weaponized disk images (.dmg) as the primary delivery mechanism for infostealer malware. Attackers are leveraging convincing, branded DMG installers and social-engineering tricks to bypass Gatekeeper and trick users into executing…
May 2026 Cyber Attacks Statistics
During May 2026 I collected 165 events: Cyber Crime accounted for 73.8% of events, Malware remained the dominant weapon (48.8%) and Information & Communication was hit the most (37.6%) This article has been indexed from HACKMAGEDDON Read the original article:…
Hackers Abuse AWS CloudTrail and Google Cloud Logging to Evade Detection and Exfiltrate Logs
Cloud environments have quietly become one of the most targeted areas in modern cybersecurity. As organizations shift to the cloud, the services that track activity inside those environments have become a top priority for attackers. Logging services, which record every…
Splunk, Palo Alto Networks Patch Severe Vulnerabilities
The security defects could allow attackers to create or modify arbitrary files and access and modify protected resources. The post Splunk, Palo Alto Networks Patch Severe Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
FBI seizes 13 websites linked to alleged Chinese intelligence-gathering effort
Federal authorities have seized 13 internet domains allegedly used to target current and former U.S. government employees and military personnel with access to classified and sensitive information. The post FBI seizes 13 websites linked to alleged Chinese intelligence-gathering effort appeared…
Trust No Skill: Integrity Verification for AI Agent Supply Chains
Protect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage attack chains. The post Trust No Skill: Integrity Verification for AI Agent Supply Chains appeared first on Unit 42. This article has been…
BLUERABBIT Backdoor Encrypts Files, Wipes Windows Systems
A new Golang-based backdoor dubbed BLUERABBIT has been observed performing combined data theft, file encryption and destructive disk wiping against Windows hosts. First seen in mid-to-late March 2026 and suspected to target Israeli entities, BLUERABBIT implements a full-spectrum intrusion framework:…
Fortinet patched a new critical FortiSandbox flaw
Fortinet patched a critical FortiSandbox vulnerability that could let unauthenticated attackers remotely execute commands via crafted HTTP requests. Fortinet released security updates to address several vulnerabilities affecting FortiSandbox, FortiOS, FortiProxy, and FortiPortal. The most severe issue, tracked as CVE-2026-25089 (CVSS…
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure…
Extortion-Only Attacks Increase, With Data Theft Dominating Ransomware Claims
Extortion-only attacks are increasing as data theft drives most ransomware claims, with many organizations unable to stop stolen data from being exposed This article has been indexed from www.infosecurity-magazine.com Read the original article: Extortion-Only Attacks Increase, With Data Theft Dominating…
IT Security News Hourly Summary 2026-06-11 12h : 8 posts
8 posts were published in the last hour 10:2 : Canada Proposes Social Media Ban For Under 16s 10:2 : Judge Denies New Trial For Meta, Google After California Decision 10:2 : Hackers Use Residential Proxies Networks to Evade Detection…
Canada Proposes Social Media Ban For Under 16s
Proposed legislation would create digital regulator, allow platforms to apply for exemptions if they meet safety rules This article has been indexed from Silicon UK Read the original article: Canada Proposes Social Media Ban For Under 16s
Judge Denies New Trial For Meta, Google After California Decision
Judge denies argument by Meta, Google that Instagram, YouTube exempt from prosecution due to free speech laws This article has been indexed from Silicon UK Read the original article: Judge Denies New Trial For Meta, Google After California Decision
Hackers Use Residential Proxies Networks to Evade Detection
The impact of residential proxies across our customer base by compiling billions of DNS resolutions and the associated network telemetry. The Kimwolf Botnet inside our enterprise customer networks. Follow‑up analysis of billions of DNS resolutions across Infoblox Threat Defense Cloud customers reveals a…
‘GreatXML’ Zero-Day Exploit Bypasses BitLocker
The PoC exploits Microsoft Defender’s offline scan to spawn a SYSTEM shell when rebooting in Recovery Mode. The post ‘GreatXML’ Zero-Day Exploit Bypasses BitLocker appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: ‘GreatXML’…
Microsoft Exchange Server 0-Day Vulnerability Exploited in Attacks Using Weaponized Email
Microsoft has confirmed active exploitation of a new zero‑day spoofing flaw in on‑premises Exchange Server, tracked as CVE‑2026‑42897. The flaw allows attackers to execute arbitrary JavaScript in Outlook Web Access (OWA) simply by sending a weaponized email that a victim…
China-Linked JDY Botnet Uses 1,500+ SOHO and IoT Devices for Rapid Vulnerability Exploitation
A China-linked network of compromised routers and smart devices has grown into one of the most capable reconnaissance tools tied to a nation-state threat group. Researchers have identified a major resurgence of a botnet known as JDY, which now controls…
9 out of 10 people can no longer distinguish real from AI-generated content
Online fraud is becoming harder to distinguish from legitimate activity as AI-generated messages, voices, photos, reviews, and identities become more convincing. Nearly nine in ten adults say they can no longer tell what is real from AI-generated content, according to…