Hackers are increasingly finding new ways to abuse legitimate enterprise features, and Microsoft SQL Server 2025’s newly introduced AI capabilities are now raising serious security concerns. SpecterOps researchers have demonstrated that these built-in features can be leveraged for stealthy data…
Multiple Vulnerabilities in Firefox 152 Enables Remote Code Execution Attacks
Mozilla has released Firefox 152 to address multiple high-severity vulnerabilities that could allow remote code execution (RCE) and sandbox escape attacks. The security advisory, published on June 16, 2026, highlights a wide range of flaws affecting core browser components and…
Peter Todd Warns Zcash Privacy Tech Is Too Risky for Bitcoin Consensus Layer
Bitcoin developer Peter Todd has warned that Zcash-style privacy technology is too risky to integrate into Bitcoin’s consensus layer, arguing that the cryptographic complexity behind Zcash’s shielded transactions introduces unacceptable operational risk for Bitcoin’s base protocol. His comments erupted…
New Apple Ad Blocker Filtr Expands Protection Beyond Browsers on iPhone, iPad and Mac
Filtr, a fresh ad-blocking app, extends privacy for Apple device owners. Instead of limiting itself to web browsers, it stops advertisements inside mobile and desktop applications too. Created by Kaylee Serena Calderolla – known for developing Wipr, a tool…
IT Security News Hourly Summary 2026-06-18 18h : 7 posts
7 posts were published in the last hour 15:31 : Google told researcher ‘Nice catch!’ Then denied bug bounty for flaw it still hasn’t fixed 15:7 : F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution 15:7 : INC Ransomware…
Google told researcher ‘Nice catch!’ Then denied bug bounty for flaw it still hasn’t fixed
EXCLUSIVE ‘Working as intended’ for the win … again This article has been indexed from www.theregister.com – Articles Read the original article: Google told researcher ‘Nice catch!’ Then denied bug bounty for flaw it still hasn’t fixed
F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution
F5 released emergency updates for critical NGINX flaws (CVE-2026-42530, CVE-2026-42055) that could enable unauthenticated code execution. F5 has issued out-of-band patches for multiple NGINX vulnerabilities, including two critical flaws, respectively tracked as CVE-2026-42530 and CVE-2026-42055 (CVSS 9.2). The bugs affect…
INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims since August 2023. “The disruption of LockBit and the shutdown…
Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026. “The clipper in this campaign relies on Windows Script Host and ActiveX-driven logic to launch a bundled Tor proxy and poll a hidden-service…
ICO Cautions Healthcare Worker After Princess of Wales Incident
Hospital insider escapes criminal prosecution after attempting to sell royal’s medical records This article has been indexed from www.infosecurity-magazine.com Read the original article: ICO Cautions Healthcare Worker After Princess of Wales Incident
Fake GitHub Stars and AI Videos Mask a Crypto Clipper
A Rust crypto clipper hides behind fake GitHub stars and AI-narrated YouTube videos This article has been indexed from www.infosecurity-magazine.com Read the original article: Fake GitHub Stars and AI Videos Mask a Crypto Clipper
Nation-state rivals linked to majority of consequential attacks targeting critical UK sites
The nation’s top cybersecurity official warned that business leaders, authorities need to rethink how they protect critical infrastructure from state-sponsored adversaries. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Nation-state rivals linked to…
Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned
SocGholish, an operation that’s been delivering malware to users via fake software updates, has suffered a major blow: the international law enforcement coalition behind Operation Endgame has taken down 106 of its servers and domains, and cleaned up nearly 15,000…
Cyber Briefing: 2026.06.18
Zero-day to zero balance: why unpatched content management plugins and legacy blockchain protocols are the fastest route to a full network compromise right now. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.06.18
Meta Faces Privacy Questions After Secret Face Recognition Code Discovery
The concept of facial recognition in consumer wearables remained largely a theoretical discussion for many years confined to research laboratories, privacy concerns, and product development. Having now discovered that Meta had quietly embedded facial recognition-related code within its Meta AI…
DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic
Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure. According to findings from Broadcom-owned Symantec and Carbon Black, the…
Evilginx AiTM Attack Captures Microsoft Credentials, MFA Tokens, and Authenticated Sessions
A growing wave of targeted phishing attacks is putting Microsoft users at serious risk, and the tool behind it is more sophisticated than most people realize. Security researchers have documented how Evilginx, an adversary-in-the-middle framework, is being used to silently…
Hackers Abuse PowerShell Commands to Deliver SmartRAT Through Brazilian Bank Phishing Page
A new cyberattack campaign has emerged, using cleverly crafted phishing pages and PowerShell tricks to deliver a dangerous piece of malware called SmartRAT. The attack targets Brazilian banking customers and combines social engineering with AI-generated web pages to make the…
F5 Patches NGINX Vulnerability That Enables Code Execution and DoS Attacks
F5 has released an out-of-band security advisory addressing multiple high-severity vulnerabilities in NGINX that could allow attackers to execute arbitrary code and launch denial-of-service (DoS) attacks across affected environments. The advisory, published on June 17, 2026, highlights several critical flaws…
Modern Data Protection Standards: How Organizations Are Strengthening Cybersecurity in 2026
Organizations today operate in an increasingly hostile cyber threat landscape where data protection has become a critical business requirement. While digital transformation delivers greater efficiency and accessibility, it also expands the attack surface that cybercriminals seek to exploit. As a…
Microsoft working on a fix for RoguePlanet, a flaw that grants full PC control
Microsoft says it’s working on a fix for an unpatched Defender vulnerability that can give attackers the highest level of access on Windows. This article has been indexed from Malwarebytes Read the original article: Microsoft working on a fix for…
Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push
The deal values industrial cybersecurity giant Dragos at $3.25 billion, and runZero and NetRise will operate under Dragos. The post Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push appeared first on…
DragonForce Ransomware Abused Microsoft Teams to Hide Malware Activity
DragonForce ransomware abused Microsoft Teams relay systems to hide a custom backdoor, steal files and encrypt systems at a US services firm. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original…
F5 Patches NGINX Vulnerability Enabling Code Execution and DoS Attacks
F5 has released an out-of-band security notification addressing multiple high‑severity vulnerabilities in NGINX components that can enable remote code execution (RCE) and denial‑of‑service (DoS) attacks in certain configurations, urging customers to patch or upgrade affected deployments immediately. On June 17,…