A newly disclosed stored cross-site scripting (XSS) vulnerability in Webmin has raised significant security concerns, as it allows attackers with limited privileges to target and potentially compromise root users. This vulnerability, tracked as CVE-2026-22678, affects Webmin versions before 2.641 and…
FortiBleed: The Broker Who Turned 73,000 Firewalls Into a Product Catalog
FortiBleed exposed valid credentials for 73,000+ Fortinet firewalls, revealing a large-scale access-brokering operation targeting organizations worldwide. In mid-June 2026, researcher Volodymyr “Bob” Diachenko found a live, exposed server containing working login credentials for tens of thousands of Fortinet firewalls, a…
U.S. CISA adds Ubiquiti UniFi OS and Lantronix EDS5000 plugin flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ubiquiti UniFi OS and Lantronix EDS5000 flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ubiquiti UniFi OS and Lantronix EDS5000 flaws to its Known Exploited…
StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader
Kaspersky researchers analyze a new global campaign dubbed StrikeShark that delivers Cobalt Strike Beacon via custom SharkLoader malware. This article has been indexed from Securelist Read the original article: StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader
Claude Fable 5 Wrote Windows Kernel Code in Rust in 38 Minutes
Anthropic’s Claude Fable 5 generated a complete, bootable NT-compatible Windows kernel written in Rust called ntoskrnl-rs from an empty directory in just 38 minutes of active model work, raising profound questions about AI-authored trust and the future of critical infrastructure…
Malicious AI Agent Skill Bypasses Security Scans and Seized Full Control of Over 26,000 Agents
A malicious AI “skill” created as part of a controlled security experiment has exposed critical weaknesses in modern AI agent ecosystems, successfully bypassing security scanners and compromising more than 26,000 agents across individual and enterprise environments. According to researcher Niv…
IT Security News Hourly Summary 2026-06-24 12h : 4 posts
4 posts were published in the last hour 9:37 : Cisco Unified Communications Manager Flaw Exposes Systems to SSRF Attacks and Root Access 9:36 : Google Workspace expands password reset alerts to all admins 9:36 : DoJ Seizes Huione Cloud…
Cisco Unified Communications Manager Flaw Exposes Systems to SSRF Attacks and Root Access
Cisco has disclosed a critical server-side request forgery (SSRF) vulnerability affecting its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). This vulnerability could enable unauthenticated remote attackers to write files to the underlying…
Google Workspace expands password reset alerts to all admins
Google’s Alert Center, a dashboard in the Google Admin console that displays security and administrative alerts and helps administrators identify, investigate, and respond to issues affecting their organization, is expanding the “Super Admin password reset” alert into the “Admin password…
DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering
The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked…
AI Is Making Attacks Cheaper, Faster and More Covert, Says ReliaQuest
New ReliaQuest study reveals the six ways AI is practically being used in attacks today This article has been indexed from www.infosecurity-magazine.com Read the original article: AI Is Making Attacks Cheaper, Faster and More Covert, Says ReliaQuest
Bajaj Auto Hit By Ransomware Attack
World’s biggest manufacturer of three-wheeled auto-rickshaws hit by ransomware attack that also affects tech subsidiary This article has been indexed from Silicon UK Read the original article: Bajaj Auto Hit By Ransomware Attack
Hackers Abuse Indian Tax Notice Lures to Deliver PE Loader and libsvcs.dll Payload
A targeted malware distribution campaign that abuses a counterfeit Indian Income Tax Department assessment notice to deliver a multi-stage Remote Access Trojan (RAT)-style payload. The threat actors hosted a fake tax-assessment portal on harivo[.]vip and used social-engineering lures official branding,…
One Railway Radio Outage Stopped Trains Across Germany and Nobody Knew Why
A nationwide GSM-R outage stopped trains across Germany, exposing how one aging communications system can still bring an entire rail network to a halt At 10:30 PM on Tuesday June 23, Deutsche Bahn told passengers something that had never happened…
Critical Cisco Unified CM and SME Flaw Enables Remote Attacker to Launch SSRF Attacks
Cisco has warned customers about a critical server-side request forgery (SSRF) flaw in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME) that allows remote, unauthenticated attackers to write files on the underlying OS…
How Attackers Exploit Privileged Access and How to Lock Them Out
Every major breach you read about has a quiet middle chapter that rarely makes the headline. The headline is the ransom note or the leaked customer database. The middle chapter the part that actually decided the outcome is almost always the same: an attacker found a…
FortiBleed Attack Hit 430,000+ FortiGate Firewalls, Stealing 110M+ Credentials
A large-scale, ongoing credential-harvesting campaign dubbed “FortiBleed” has silently compromised more than 430,000 FortiGate firewalls globally, siphoning over 110 million credentials directly from live network traffic since at least February 2026. The campaign came to light after security researcher Volodymyr…
GTA 6 Scam Websites Use AI-Generated Images and Fake Download Buttons to Lure Gamers
A fresh wave of scam websites is targeting gamers worldwide, using the massive hype around Grand Theft Auto VI to trick people into handing over their money. These fake pages promise something millions of players desperately want: early access to…
UK Museums Face Cybersecurity Risks, MPs Warn
Public Accounts Committee (PAC) warns that museums and galleries aren’t getting enough government support on cyber This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Museums Face Cybersecurity Risks, MPs Warn
Alibaba Sues Pentagon Over Military Blacklist
E-commerce giant files federal complaint saying designation as Chinese military company has irreparably damaged its reputation This article has been indexed from Silicon UK Read the original article: Alibaba Sues Pentagon Over Military Blacklist
Webinar Today: Modern Exposure Validation in the AI Era
The exploit timeline collapsed. Make sure your validation didn’t. The post Webinar Today: Modern Exposure Validation in the AI Era appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Webinar Today: Modern Exposure Validation…
PostCSS npm Typosquat: How to Check If Your Machine Is Compromised
Three malicious npm packages posing as PostCSS tools have been installing a Windows RAT on developer machines. Here is how to detect them and what to do if you find them. PostCSS npm Typosquat: How to Check If Your Machine…
DeepSeek Expands Staff In Coding Agent Push
Chinese AI start-up DeepSeek follows industry trend as it shifts focus to applied technologies such as coding agents This article has been indexed from Silicon UK Read the original article: DeepSeek Expands Staff In Coding Agent Push
Chinese Developers File Apple App Store Antitrust Complaint
Developers call for regulator to penalise Apple over failure to bring in third-party app stores in China, as it has done elsewhere This article has been indexed from Silicon UK Read the original article: Chinese Developers File Apple App Store…