Short-form video platforms such as TikTok and Instagram Reels have become an increasingly effective vector for distributing infostealers, as threat actors leverage polished tutorial-style clips to trick Windows users into running malicious code. Attackers create accounts with Windows-like naming and…
The assembly line behind 1.5 million malicious domains
Attackers registered roughly 1.5 million malicious domains during the first five months of 2026. The registration patterns resemble industrial output. Most of the domains were created by attackers, put to use within weeks, and concentrated among a small set of…
ZeroFox releases AI Analytics to bring answers directly to security teams
ZeroFox launched ZeroFox AI Analytics, a new platform capability that gives security teams real-time visibility into the signals, patterns, and trends shaping their external threat landscape. ZeroFox AI Analytics gives security teams the ability to move beyond static reports and…
Oracle PeopleSoft Zero-Day RCE Vulnerability Exploited by ShinyHunters
A newly disclosed zero-day vulnerability in Oracle PeopleSoft is being actively exploited by the ShinyHunters threat group, according to a joint investigation by Mandiant and Google Threat Intelligence Group (GTIG). Tracked as CVE-2026-35273 with a critical CVSS score of 9.8,…
Solana FakeFix Campaign Plants Malicious npm, PyPI Packages to Steal Dev Secrets
Recent disclosure of the “Solana FakeFix” campaign exposes a coordinated supply-chain attack that abused package registries to steal developer secrets. The campaign comprises 16 malicious npm packages and 4 PyPI packages (25 packages in total when combined with related activity)…
AI sovereignty makes data centers strategic targets for cyber operations
Data centers built for frontier AI draw hundreds of megawatts of electricity and large volumes of cooling water from fixed locations with known addresses. Each one concentrates tens of thousands of graphics processors, liquid cooling systems, and high-density power equipment…
What makes or breaks cyber-readiness for SMBs
A company that’s expecting a cyberattack but hasn’t actively prepared for it risks making the hardest decisions at the worst possible moment This article has been indexed from WeLiveSecurity Read the original article: What makes or breaks cyber-readiness for SMBs
OceanLotus: From external espionage to domestic targeting
A shift in operational pattern of the infamous Vietnam-aligned APT group This article has been indexed from WeLiveSecurity Read the original article: OceanLotus: From external espionage to domestic targeting
Product showcase: Avast One turns scam screenshots into actionable security advice
Avast One Free combines privacy, security, identity monitoring, and performance tools in a single platform. The app is available for Windows, macOS, Android, and iOS. Checking the device for security and privacy issues After installing it from the App Store,…
Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters
Mandiant and Google Threat Intelligence Group (GTIG) have issued a critical warning after identifying an active compromise-and-extortion campaign targeting Oracle PeopleSoft infrastructure, attributed to the notorious threat actor UNC6240, also known as ShinyHunters. The campaign exploited CVE-2026-35273, a critical unauthenticated…
Microsoft Teams for Android Vulnerability Allows Attackers to Disclose Sensitive Data
Microsoft has disclosed a significant security vulnerability in Microsoft Teams for Android that could allow an authenticated attacker to expose sensitive information over a network. The flaw, tracked as CVE-2026-42835, was officially released on June 9, 2026, and has been…
New infosec products of the week: June 12, 2026
Here’s a look at the most interesting products from the past week, featuring releases from AISLE, Drata, Elastic, Filigran, IDnow, and Ridge Security. RidgeBot 7.0 automates Active Directory attack simulations for security validation Ridge Security has announced the release of…
Europe’s digital identity wallet gets its first set of standards
People across the European Union already use their phones for banking, travel, and government services. The European Digital Identity Wallet will bring those activities into one application, and the European Telecommunications Standards Institute (ETSI) has released the first standards that…
Anthropic Warns AI Risks Are Real, RoguePlanet Zero-Day Drops, Crypto Laundering Takedown
Anthropic is calling for governments to have the authority to stop deployment of advanced AI systems that pose unacceptable risks. CEO Dario Amodei points to the company’s Mythos cybersecurity model as proof that AI has become a matter of national…
IT Security News Hourly Summary 2026-06-12 00h : 7 posts
7 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-06-11 21:7 : France’s Tchap Breach: 650,000 Messages, 73,000 Accounts Exposed 21:7 : CISA Warning: LiteLLM Flaw Could Expose Enterprise AI Gateways 21:7 : Microsoft…
IT Security News Daily Summary 2026-06-11
165 posts were published in the last hour 21:7 : France’s Tchap Breach: 650,000 Messages, 73,000 Accounts Exposed 21:7 : CISA Warning: LiteLLM Flaw Could Expose Enterprise AI Gateways 21:7 : Microsoft Restricts Claude Fable 5 Access Amid AI Safety…
France’s Tchap Breach: 650,000 Messages, 73,000 Accounts Exposed
Meta description: French officials are investigating a Tchap breach after an attacker claimed that 650,000 messages and 73,000 accounts were exposed via a hijacked account. The post France’s Tchap Breach: 650,000 Messages, 73,000 Accounts Exposed appeared first on TechRepublic. This…
CISA Warning: LiteLLM Flaw Could Expose Enterprise AI Gateways
CISA’s LiteLLM warning shows why AI gateways and agents need service account governance, scoped access, credential rotation, and audit trails. The post CISA Warning: LiteLLM Flaw Could Expose Enterprise AI Gateways appeared first on TechRepublic. This article has been indexed…
Microsoft Restricts Claude Fable 5 Access Amid AI Safety Review
Microsoft reportedly limited internal use of Claude Fable 5 while legal teams review Anthropic’s 30-day data-retention policy. The post Microsoft Restricts Claude Fable 5 Access Amid AI Safety Review appeared first on TechRepublic. This article has been indexed from Security…
South Korea Drops a $409M Fine on Coupang in Historic Data Breach Ruling
South Korea fined Coupang $409 million after regulators said weak security controls led to a massive breach affecting 37.5 million accounts. The post South Korea Drops a $409M Fine on Coupang in Historic Data Breach Ruling appeared first on TechRepublic.…
ShinyHunters hacked 100+ orgs by exploiting an Oracle PeopleSoft 0-day
University of Nottingham is first of many, Shiny tells The Reg This article has been indexed from www.theregister.com – Articles Read the original article: ShinyHunters hacked 100+ orgs by exploiting an Oracle PeopleSoft 0-day
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google’s Mandiant attributes it to the group it tracks as…
Oracle warns of security bug that hackers abused to breach 100+ companies
The tech giant warned of a security flaw that a cybercrime gang said it’s exploiting as part of a mass-hacking campaign. Google said it notified more than 100 organizations that had potentially vulnerable servers. This article has been indexed from…
SIG report: AI-generated code is linked to twice the security risk and rising technical debt
AI-supported coding has progressed from experimental to the norm in organizations, yet technical debt, security risks, and costs could be piling up much faster than anyone realizes. This is one of the key takeaways from the Software Improvement Group (SIG)…