Oracle has released a patch for CVE-2026-35273, but it has not said whether it’s a zero-day exploited in ShinyHunters attacks. The post Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks appeared first on SecurityWeek. This article has been indexed…
Fake Spotify Premium tutorials on TikTok and Instagram Reels spread malware
Cybercriminals are using TikTok and Instagram Reels videos to spread Vidar, an infostealer malware, through fake downloads for popular paid software, according to ReversingLabs. The researchers uncovered two campaigns behind the activity, each using a different approach to draw in…
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories
It’s been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there’s a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing…
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason is simple. Cybersecurity is full of work that deserves recognition…
Cybercriminals Use Fake AI Guides and Dev Tools to Spread AsyncRAT Malware
Fake AI guides hide a multi-stage chain that drops AsyncRAT, with signs of AI-assisted coding This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybercriminals Use Fake AI Guides and Dev Tools to Spread AsyncRAT Malware
Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware
Hackers are using fake Claude Code guide and AI PDFs to spread AsyncRAT malware via Windows attack using PowerShell and Defender exclusions. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original…
OceanLotus Targets Stock Investors in FireAnt MetaKit Supply-Chain Hack
OceanLotus APT has executed a precision supply‑chain operation that implanted its SPECTRALVIPER backdoor into FireAnt MetaKit, a popular Vietnamese market‑data component. Telemetry collected from mid‑2024 through early 2026 shows OceanLotus (aka APT32) conducting two distinct campaigns: a long‑running espionage intrusion…
When Your AI Agent’s Memory Becomes a Security Liability
Key Findings: Check Point Research identified a critical vulnerability chain in LangGraph, an open-source framework from the creators of LangChain that enables developers to build complex, stateful, and controllable AI agent workflows using LLMs; they have approximately 46.5 million monthly downloads, making it one of the most widely…
South Korea hits Coupang with $400M+ fine for data breach that affected millions
South Korean authorities issued the record-breaking fine following a data breach that affected over 30 million customers. This article has been indexed from Security News | TechCrunch Read the original article: South Korea hits Coupang with $400M+ fine for data…
Threat Actors Weaponize AI Hype to Deliver AsyncRAT
FortiGuard Labs analyzes a multi-stage malware campaign that uses fake AI-themed documents, hidden PowerShell scripts, AutoHotkey loaders, and process injection to deploy AsyncRAT and maintain remote access. This article has been indexed from FortiGuard Labs Threat Research Read the…
CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk
The new BOD 26-04 requires agencies to review and update vulnerability management policies with a focus on KEV catalog entries. The post CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk appeared first on SecurityWeek. This article has…
EN, SentinelLabs - We are hunters, reversers, exploit developers, and tinkerers shedding light on the world of malware, exploits, APTs, and cybercrime across all platforms.
LABScon25 Replay | Keynote: Steps to an Ecology of Cyber
Decades of piling complexity onto non-standardized stacks have left security unsteerable. Juan Andrés Guerrero-Saade makes the case for a new approach. This article has been indexed from SentinelLabs – We are hunters, reversers, exploit developers, and tinkerers shedding light on…
Breaking Free Of The Cyber Insurance Market’s Moment Of Frustration
Cyber insurance is experiencing a prolonged “moment of frustration.” Insurers face volatile cycles, pricing pressures and inconsistent growth. A recent report by Munich Re found the global cyber insurance market totaled $15.3 billion in 2024, and is expected… The post Breaking Free Of The Cyber Insurance Market’s Moment…
The Hidden Security Risks of Poor Software Testing
Poor Software Testing can expose hidden flaws, vulnerable dependencies and weak controls, increasing breach risks, downtime and costly fixes after release. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article:…
GreatXML Zero-Day Enables BitLocker Bypass Through Windows Defender Offline Scan
A newly disclosed zero-day vulnerability dubbed “GreatXML” is raising serious concerns across the Windows security ecosystem, as it enables a practical BitLocker bypass by abusing the Windows Defender Offline Scan mechanism and Windows Recovery Environment (WinRE). The issue, published by…
GoFlateLoader Hides Infostealers in Massive PE Overlay
GoFlateLoader, a widespread Golang loader that has become a go-to delivery mechanism for multiple infostealers including Lumma, Vidar, StealC, Amatera and Remus. GoFlateLoader’s design is intentionally unspectacular: its code implements a straightforward in-memory manual PE loader, lacking anti-debugging, anti-VM, API…
OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month
Researchers say the OnyxC2 malware targets more than 200 applications and extensions while evading detection through encrypted payloads, DLL sideloading, and in-memory execution techniques. The post OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month appeared first on SecurityWeek.…
Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert
A zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being exploited in the wild, Charles Carmakal, CTO at cybersecurity firm Mandiant, part of Google Cloud, warned today. The warning comes a day after Oracle published an out-of-band security alert about…
Episource Cyberattack Affects 6.7M Individuals
Episource LLC, a medical coding and risk adjustment services provider owned by UnitedHealth Group’s Optum division, has disclosed a cyberattack that compromised the protected health information of 6,725,572 individuals. This article has been indexed from CyberMaterial Read the original article:…
Check Point expands MSP platform with AI governance
Check Point has announced a significant expansion of its Managed Service Provider platform, introducing three strategic capabilities designed to address the challenges MSPs face in securing AI adoption and delivering managed security services. This article has been indexed from CyberMaterial…
IT Security News Hourly Summary 2026-06-11 15h : 17 posts
17 posts were published in the last hour 13:5 : FBI Seizes 13 Domains in Chinese Intelligence Op 13:4 : AI Coding Adoption at 97% but Governance Lags 12:32 : Multiple Splunk Enterprise Vulnerabilities Allow Attackers to Execute Malicious Script…
FBI Seizes 13 Domains in Chinese Intelligence Op
Federal authorities have taken down 13 internet domains allegedly connected to a Chinese intelligence-gathering operation targeting U.S. This article has been indexed from CyberMaterial Read the original article: FBI Seizes 13 Domains in Chinese Intelligence Op
AI Coding Adoption at 97% but Governance Lags
Nearly all software development teams have adopted AI coding assistants, but a critical governance gap is preventing organizations from realizing the full productivity benefits these tools promise. This article has been indexed from CyberMaterial Read the original article: AI Coding…
Multiple Splunk Enterprise Vulnerabilities Allow Attackers to Execute Malicious Script
Multiple high and critical vulnerabilities in Splunk Enterprise could allow attackers to execute malicious scripts, exfiltrate sensitive data, and perform unauthorized file operations, according to a series of security advisories released on June 10, 2026. The most severe flaw, tracked…