Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in Europe and Asia. The campaign uses photo-themed ZIP archives and fake image shortcut files to deliver a persistent Node.js implant and evade detection. The post Photo ZIP…
CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure
Government entities and critical infrastructure were targeted for espionage in SE Asia by attackers using a hybrid toolkit, including custom TinyRCT backdoor. The post CL-STA-1062 Targets Southeast Asian Governments and Critical Infrastructure appeared first on Unit 42. This article has…
Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs
Spotted in intrusions targeting insurance, education, IT, and professional services sectors This article has been indexed from www.theregister.com – Articles Read the original article: Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-12569 PTC Windchill and FlexPLM Improper Input Validation Vulnerability CVE-2026-20230 Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability These…
IT Security News Hourly Summary 2026-06-26 00h : 5 posts
5 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-06-25 21:36 : FortiBleed Turns FortiGate Access Into Enterprise Credential Theft 21:36 : Tata Electronics Confirms Data Breach After 630GB Leak Claim Targets Apple and…
IT Security News Daily Summary 2026-06-25
170 posts were published in the last hour 21:36 : FortiBleed Turns FortiGate Access Into Enterprise Credential Theft 21:36 : Tata Electronics Confirms Data Breach After 630GB Leak Claim Targets Apple and Tesla 21:10 : Operation Endgame Disrupts StealC Malware…
FortiBleed Turns FortiGate Access Into Enterprise Credential Theft
Arctic Wolf found FortiBleed uses stolen FortiGate credentials to gain enterprise access. The post FortiBleed Turns FortiGate Access Into Enterprise Credential Theft appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: FortiBleed…
Tata Electronics Confirms Data Breach After 630GB Leak Claim Targets Apple and Tesla
Tata Electronics confirmed a data breach after hackers claimed to steal 630GB of data, including alleged Apple supplier and Tesla documents. Tata Electronics, a major supplier to Apple and Tesla, has confirmed a cybersecurity breach weeks after stolen data was…
Operation Endgame Disrupts StealC Malware Infrastructure
Operation Endgame disrupted StealC infrastructure and seized millions of stolen credentials through a coordinated public-private effort. The post Operation Endgame Disrupts StealC Malware Infrastructure appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original…
Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues
Former employee accuses company of prioritizing pending IPO over client security This article has been indexed from www.theregister.com – Articles Read the original article: Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues
Curl Fixes a 25-Year-Old Bug in Its Largest CVE Release Yet
Curl fixed 18 vulnerabilities, including a 25-year-old bug, with issues spanning auth bypass, memory safety, and host validation in libcurl. Curl maintainers addressed eighteen vulnerabilities with a single update, and one of them goes back 25 years. That’s not a…
Polymarket says hackers stole users’ funds
The prediction market giant Polymarket said it’s refunding users who had funds stolen due to a third party breach. This article has been indexed from Security News | TechCrunch Read the original article: Polymarket says hackers stole users’ funds
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 15, 2026 to June 21, 2026)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not…
Interpol: Cybercrime Hits 30% of Recorded Crime in Surveyed APAC Countries
Interpol’s latest Asia and South Pacific cybercrime assessment shows how phishing, ransomware, DDoS attacks, infostealers, and AI-enabled scams are raising security risks across APAC. The post Interpol: Cybercrime Hits 30% of Recorded Crime in Surveyed APAC Countries appeared first on…
Denmark Ordered to Pay $12M Over Huawei Equipment Removal
A Danish court ordered the state to compensate TDC NET after the removal of Huawei fiber-network equipment, raising questions about telecom security costs. The post Denmark Ordered to Pay $12M Over Huawei Equipment Removal appeared first on TechRepublic. This article…
Beware of “Parcel Expert” job offers: They’re parcel mule scams
Most parcel mule scams start with fake job offers that trick victims into handling stolen goods. This article has been indexed from Malwarebytes Read the original article: Beware of “Parcel Expert” job offers: They’re parcel mule scams
IT Security News Hourly Summary 2026-06-25 21h : 5 posts
5 posts were published in the last hour 18:34 : Cisco Unified CM SSRF Flaw Is Being Exploited to Drop Webshells 18:34 : Russia Used Cellebrite Tool to Hack Activist’s iPhone Despite Contract Cancellation 18:6 : Beyond IOCs: AI-enabled threat…
Cisco Unified CM SSRF Flaw Is Being Exploited to Drop Webshells
CVE-2026-20230, an SSRF in Cisco Unified CM’s WebDialer component, is being actively exploited via Tor to chain file writes into persistent webshells. Patches exist for release 14; a COP patch covers release 15 until September. Cisco Unified CM SSRF Flaw…
Russia Used Cellebrite Tool to Hack Activist’s iPhone Despite Contract Cancellation
Russian authorities deployed Cellebrite’s Universal Forensic Extraction Device (UFED) to breach the iPhone of opposition politician Andrey Pivovarov in June 2021, months after the Israeli surveillance firm publicly announced it had terminated all contracts with Russian customers, according to a…
Beyond IOCs: AI-enabled threat intelligence
In this week’s newsletter, Martin considers how AI will help threat intelligence by creating an easily queryable data source of intelligence reports. This article has been indexed from Cisco Talos Blog Read the original article: Beyond IOCs: AI-enabled threat intelligence
The New MCP Specification: What Security Teams Must Prepare For
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: The New MCP Specification: What Security Teams Must Prepare For
Sharing SBOMs Securely Without Giving Too Much Away
SBOMs Create Transparency, But Not Without Risk The Software Bill of Materials, or SBOM, has changed meaning in recent years. It used to be seen as a technical tool for internal inventory management. It is now required as evidence due…
Fake GTA 6 Early Access Websites Target Gamers with Malware and Crypto Scams
GTA 6 scams are luring fans with fake early access, crypto payments and malware downloads. Learn why PC and Android gamers face the biggest risks online today. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI…
What CISOs should know about AI runtime security
<p>CISOs recognize the cybersecurity implications of AI, but many remain focused on preventing AI-enabled data loss and compliance breaches. Few are paying attention to the full scope of AI-related cybersecurity yet.</p> <p>Runtime security focuses on protecting running models from compromise.…