A dual U.S.-Estonian citizen accused of belonging to the notorious Scattered Spider hacking collective has been extradited from Finland to face federal charges in the Northern District of Illinois, the Department of Justice announced Tuesday. Peter Stokes, 19, was arrested…
FortiBleed Password Stealing Attack Linked to INC and Lynx Ransomware Operations
FortiBleed credential-harvesting campaign, which has compromised more than 430,000 FortiGate firewalls worldwide, is directly feeding two active ransomware-as-a-service operations, INC Ransom and Lynx. SOCRadar’s Threat Research Unit identified an operator with access to FortiBleed infrastructure actively logged into negotiation panels…
GitHub’s new tool helps prevent costly open-source license violations
GitHub’s Open Source Program Office (OSPO) uses the new GitHub License Compliance feature, now in public preview, to manage thousands of open-source dependencies and identify dependencies whose licenses require review. The feature is available to GitHub Advanced Security customers and…
ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, July 2nd, 2026…
Healthcare Cybersecurity Threats Persist in 2026
SonicWall found healthcare remains the top cybersecurity target, with rising malware, ransomware, and medical IoT threats. The post Healthcare Cybersecurity Threats Persist in 2026 appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original…
Code Injection in Perforce Helix Core (CVE-2026-6902)
Executive Summary In this article, we disclose our latest findings we made on Perforce protocol P4 (Helix Core) between command line client and server, and reveal how a threat actor could leverage it to conduct attacks. This security issue affects P4 (Helix Core) before P4 (Helix Core) 2025.2 Patch 2, was patched and was attributed a…
Claude Sonnet 5.0 heads straight down the middle of the road to dodge controversy
Safer, cheaper, and nothing to do with cybersecurity This article has been indexed from www.theregister.com – Articles Read the original article: Claude Sonnet 5.0 heads straight down the middle of the road to dodge controversy
EvilTokens device-code phishing kit totally more evil than we all thought
It’s a ‘complete BEC operations environment,’ Talos researcher says This article has been indexed from www.theregister.com – Articles Read the original article: EvilTokens device-code phishing kit totally more evil than we all thought
IT Security News Hourly Summary 2026-07-02 00h : 3 posts
3 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-07-01 21:6 : The Cost of Non-Compliance: Why AI Governance Is the New Enterprise Imperative 21:6 : TLS certificate lifetime changes: What CISOs must do…
IT Security News Daily Summary 2026-07-01
157 posts were published in the last hour 21:6 : The Cost of Non-Compliance: Why AI Governance Is the New Enterprise Imperative 21:6 : TLS certificate lifetime changes: What CISOs must do now 20:34 : Oracle E-Business Suite Flaw Under…
The Cost of Non-Compliance: Why AI Governance Is the New Enterprise Imperative
AI governance helps enterprises control tool use, reduce compliance risk, protect customer data, and avoid fines as teams adopt AI faster than policy. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the…
TLS certificate lifetime changes: What CISOs must do now
<p>Organizations that rely on manual TLS certificate lifecycle management are racing against the clock. The 200-day certificate timeline, which took effect in March 2026, means the first wave of certificate renewals will arrive within a matter of months.</p> <p>”People will…
Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed
Oracle E-Business Suite flaw CVE-2026-46817 is under active attack, with about 950 vulnerable internet-facing instances still exposed. This week, Defused Cyber researchers warned that a critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited. The flaw…
Fake Perplexity Chrome extension spies on your searches
A fake Perplexity Chrome extension secretly monitored searches. If you installed “Search for perplexity ai,” you need to remove it manually. This article has been indexed from Malwarebytes Read the original article: Fake Perplexity Chrome extension spies on your searches
Somebody told DeepSeek to build in-browser ransomware and it gleefully complied
‘The original incomplete DeepSeek sample can be transformed into a fully functional attack with minimal effort,’ Check Point researcher tells The Reg This article has been indexed from www.theregister.com – Articles Read the original article: Somebody told DeepSeek to build…
19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges
A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1. Peter Stokes, 19, a dual U.S. and…
Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters
Argo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component’s internal network port. Synacktiv, which found the bug,…
Secure Amazon container workloads using container attribute-based rules in AWS Network Firewall
Today, you can use AWS Network Firewall to protect traffic flowing to and from containerized applications on Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Container Service (Amazon ECS) clusters. If you run AI and machine learning (ML) workloads…
Microsoft Uncovers Widespread Hotel Phishing Campaign in Japan
Microsoft and Trend Micro found hotel phishing attacks using fake guest complaints and photo links to target staff in Japan. The post Microsoft Uncovers Widespread Hotel Phishing Campaign in Japan appeared first on TechRepublic. This article has been indexed from…
Aflac Data Breach: Over 4M Customers in Japan May Be at Risk
Aflac says a data breach in Japan may affect 4.38 million customers and agents, exposing personal, policy, and some banking information. The post Aflac Data Breach: Over 4M Customers in Japan May Be at Risk appeared first on TechRepublic. This…
Cisco Talos Exposes ARToken Microsoft 365 Phishing Kit
Cisco Talos uncovered ARToken, a Microsoft 365 phishing platform built for persistent access and BEC attacks. The post Cisco Talos Exposes ARToken Microsoft 365 Phishing Kit appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
Phishing Tactics Target Session Tokens and Deliver Malware
Barracuda found phishing attacks increasingly abuse Microsoft authentication, session tokens, and fileless malware. The post Phishing Tactics Target Session Tokens and Deliver Malware appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article:…
IT Security News Hourly Summary 2026-07-01 21h : 6 posts
6 posts were published in the last hour 19:4 : VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer 19:4 : SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT 18:34 : Ransomware-Proof Backup: 7 Strategies for Enterprise IT Teams…
VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer
Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEIL#DROP by Securonix. It’s suspected that the initial payloads are…