Operation EndGame disrupted SocGholish, taking down 106 servers and cleaning 14,971 WordPress sites used to spread fake-update malware. On June 18, 2026, law enforcement agencies from the Netherlands, Canada, the United States, and Germany, coordinated through Europol, executed a joint…
HazyBeacon Weaponizes AWS Lambda Function URLs for Stealth Command-and-Control Relays
HazyBeacon, tracked as CL-STA-1020, is a stealthy cyber-espionage campaign targeting Southeast Asian government networks by abusing AWS Lambda Function URLs as covert command-and-control (C2) relays. Qualys Security researchers have observed attackers leveraging misconfigured serverless features and stolen cloud credentials to…
eFAQ Publishes Investigation Into Alleged Scam Activity and Coordinated Reputation Attacks
New York, USA, 19th June 2026, CyberNewswire This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: eFAQ Publishes Investigation Into Alleged Scam Activity and Coordinated Reputation Attacks
Critical WordPress Plugin Bug Could Allow File Deletion Attacks on 1 Million Sites
A serious security vulnerability has been uncovered in the widely used Avada (Fusion) Builder WordPress plugin. This flaw could enable unauthenticated attackers to delete arbitrary files and potentially compromise entire websites across more than one million installations. Identified as CVE-2026-8713…
Klue breach lead to Salesforce data theft, Huntress affected
Cybersecurity vendor Huntress was among multiple companies hit by a breach originating at Klue, a market intelligence platform used to integrate CRM and sales data across various business tools. Huntress published a detailed account of the incident on June 18,…
Everything’s bigger and better in Texas – even data breaches
Hunting and fishing license incident catches 3M residents This article has been indexed from www.theregister.com – Articles Read the original article: Everything’s bigger and better in Texas – even data breaches
CISA Urges Hardening Fortinet Devices Following FortiBleed Attack
CISA has issued an urgent advisory warning organizations to secure their Fortinet devices following reports of a large-scale credential exposure campaign known as “FortiBleed.” The alert comes after threat actors were found exploiting compromised credentials linked to tens of thousands…
INC Ransomware Uses Rust-Based Windows and Linux/ESXi Encryptors in New Attacks
INC ransomware has grown from a newcomer threat into one of the most dangerous ransomware operations worldwide. What began as an emerging criminal group in mid-2023 has claimed over 800 victims globally, placing it among the top ransomware groups this…
Hackers Abuse Third-Party Okendo Reviews Script to Spread SmartApeSG Malware Campaign
A newly discovered supply chain attack has put thousands of e-commerce websites at risk after a popular third-party reviews widget was quietly turned into a malware delivery tool. Threat actors behind the SmartApeSG campaign injected malicious JavaScript into the Okendo…
From Assistive to Agentic: The AI Shift That’s Redefining Threat Management
Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset data. But often, these tools are working in siloes, generating (overlapping) alerts and data. And yet, breach dwell…
Microsoft fixes Windows Server 2016 update failures
Microsoft has resolved a known issue that prevented Windows Server 2016 systems from successfully installing June 2026 security updates. This article has been indexed from CyberMaterial Read the original article: Microsoft fixes Windows Server 2016 update failures
Kodak confirms breach; ShinyHunters leak deadline passes
Eastman Kodak Company has confirmed it is investigating a security breach after the ShinyHunters extortion group publicly claimed responsibility for stealing more than 2.2 million records. This article has been indexed from CyberMaterial Read the original article: Kodak confirms breach;…
Google reCAPTCHA adds hand gesture verification
Google has expanded its reCAPTCHA verification system with a new hand gesture authentication method, offering an alternative to traditional image-based challenges like identifying traffic lights or crosswalks. This article has been indexed from CyberMaterial Read the original article: Google reCAPTCHA…
CMA fines Marks Electrical £720k for unauthorized opt-ins
UK appliance retailer Marks Electrical will pay a £720,000 fine and refund nearly 40,000 customers after the Competition and Markets Authority found the company automatically enrolled buyers in paid services without their consent. This article has been indexed from CyberMaterial…
Render hosts Localhost dev conference on AI-native infrastructure
Cloud infrastructure company Render hosted its inaugural Localhost developer conference in San Francisco, targeting engineers building AI-powered applications. This article has been indexed from CyberMaterial Read the original article: Render hosts Localhost dev conference on AI-native infrastructure
IT Security News Hourly Summary 2026-06-19 15h : 1 posts
1 posts were published in the last hour 12:34 : Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware
Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware
A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malicious trading and gambling tools appear trustworthy, Check Point researchers found. According to the researchers, the attackers packaged the malware as tools…
Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap
Apple has patched a year-old Bluetooth vulnerability that could have let nearby attackers listen through Beats Studio Buds’ microphone. This article has been indexed from Malwarebytes Read the original article: Apple patches Beats Studio Buds flaw that could turn earbuds…
Nintendo Confirms Third-Party Survey Data Breach, Says Customer Information Remains Secure
Nintendo of America has acknowledged that employee survey data was exposed through a security incident involving TinyPulse, a third-party platform used for internal feedback and engagement surveys. The company emphasized that its own systems were not compromised and that…
Forget Data Leakage: Shadow AI’s Real Threat Is Access Control
The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive data into public AI tools. Security teams responded with usage policies, domain blocks, and data loss prevention rules. That response made sense at the time.…
Anthropic’s Fable and the State of AI
On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from accessing it. Unable to differentiate between Americans…
Britain’s privacy watchdog quits after ‘poor judgment’ admission
John Edwards says his position had become ‘untenable’ following investigation into conduct including inappropriate attempts at humor This article has been indexed from www.theregister.com – Articles Read the original article: Britain’s privacy watchdog quits after ‘poor judgment’ admission
CryptoBandits Malware Doubles as a Backdoor, Abuses Tor
CryptoBandits uses a local SOCKS5 proxy for traffic routing, blending data theft with remote code execution. The post CryptoBandits Malware Doubles as a Backdoor, Abuses Tor appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
UEFI DBX Update Guidance Targets Vulnerable Vendor-Signed Boot Applications
A recently disclosed vulnerability inc, which affects UEFI applications signed by multiple vendors, has prompted urgent recommendations to update the UEFI Forbidden Signature Database (DBX). This issue, tracked as VU#457458 and published by CERT/CC on June 18, 2026, reveals a…