INC ransomware has grown from a newcomer threat into one of the most dangerous ransomware operations worldwide. What began as an emerging criminal group in mid-2023 has claimed over 800 victims globally, placing it among the top ransomware groups this…
Tag: Cyber Security News
Hackers Abuse Third-Party Okendo Reviews Script to Spread SmartApeSG Malware Campaign
A newly discovered supply chain attack has put thousands of e-commerce websites at risk after a popular third-party reviews widget was quietly turned into a malware delivery tool. Threat actors behind the SmartApeSG campaign injected malicious JavaScript into the Okendo…
China-Linked Showboat Malware Uses Linux Persistence to Target Telecom Companies
A sophisticated China-linked malware framework has been quietly targeting telecom companies across the Middle East for nearly four years. Showboat is a Linux-based tool that stayed completely hidden from antivirus systems until April 2026, raising serious concerns about the security…
Hackers Use Weaponized Windows Shortcuts to Spread Crypto Clipper Across USB Drives
A newly discovered cryptocurrency clipper malware has been quietly stealing digital assets from victims since February 2026, spreading through a trick that most users would never suspect: weaponized Windows shortcut files on USB drives. The malware is not just a…
Node.js Fixes 12 Vulnerabilities, Including 2 High-Severity Authentication Bypasses
Node.js has released a new round of security updates addressing 12 vulnerabilities across its supported release lines, including two high-severity flaws that could lead to authentication bypass and denial-of-service (DoS) attacks. The updates impact Node.js versions 22.x, 24.x, and 26.x,…
CISA Warns of Splunk Enterprise Critical Function Vulnerability Actively Exploited in Attacks
CISA has issued a high-priority alert warning organizations about a critical vulnerability in Splunk Enterprise that is actively being exploited in the wild. The flaw, tracked as CVE-2026-20253, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, signaling immediate…
AI-Powered Public Surveillance and Biometric Data Collection Expand Government Monitoring
Governments are expanding their digital reach in ways unimaginable just a decade ago. A growing wave of AI-powered surveillance, biometric data collection, and commercial spyware is reshaping how states monitor citizens and visitors. The scale of this shift is drawing…
Authorities Dismantle SocGholish Malware Network — 106 Servers and 101 Domains Seized
Authorities have dismantled the criminal infrastructure behind SocGholish, one of the most persistent malware frameworks active since 2017, seizing 106 servers and 101 domains while remediating nearly 15,000 infected websites worldwide. The coordinated takedown was executed as part of Operation…
Hackers Breached Klue Integration to Steal Salesforce CRM Data via OAuth Tokens
Threat actors exploited a trusted third-party SaaS integration to silently harvest enterprise CRM data, marking the latest chapter in an escalating wave of OAuth-abuse attacks targeting Salesforce ecosystems. Researchers at ReliaQuest observed attackers leveraging a compromised Klue Battlecards integration, a…
New iPhone BootROM Vulnerability Exposes Apple SoCs to Full Chain-of-Trust Compromise
A novel BootROM vulnerability, dubbed usbliter8, affects Apple devices powered by A12, S4/S5, and A13 SoCs. The exploit chains a hardware-level bug in the Synopsys DWC2 USB controller with a firmware configuration flaw, enabling full application processor boot-chain compromise with…
Hackers Abuse Claude.ai Shared Chat Feature to Host the ClickFix Social Engineering Instructions
Hackers are increasingly exploiting trusted AI platforms to deliver sophisticated social engineering attacks, with a recent campaign abusing Claude.ai’s shared chat feature to host malicious ClickFix instructions. According to TrendAI Research, attackers deployed 106 unique malicious hostnames across six campaign…
Hackers Abuse Legitimate RMM Tools to Maintain Persistent Access and Evade Detection
Hackers have found a new way to get AI tools to do their dirty work without paying for it. Instead of using their own resources, attackers are hijacking exposed AI model servers and plugging them into automated hacking pipelines. The…
Hackers Abuse Microsoft Fondue.exe to Side-Load APPWIZ.cpl and Execute Malware
A newly uncovered attack campaign has brought a rarely scrutinized Windows executable into the spotlight. Threat actors are actively abusing Fondue.exe, a legitimate Microsoft utility built into the Windows operating system, to side-load a malicious control panel file named APPWIZ.cpl and silently deploy…
Hackers Can Leverage SQL Server 2025 AI Features to Exfiltrate Sensitive Data
Hackers are increasingly finding new ways to abuse legitimate enterprise features, and Microsoft SQL Server 2025’s newly introduced AI capabilities are now raising serious security concerns. SpecterOps researchers have demonstrated that these built-in features can be leveraged for stealthy data…
Multiple Vulnerabilities in Firefox 152 Enables Remote Code Execution Attacks
Mozilla has released Firefox 152 to address multiple high-severity vulnerabilities that could allow remote code execution (RCE) and sandbox escape attacks. The security advisory, published on June 16, 2026, highlights a wide range of flaws affecting core browser components and…
Evilginx AiTM Attack Captures Microsoft Credentials, MFA Tokens, and Authenticated Sessions
A growing wave of targeted phishing attacks is putting Microsoft users at serious risk, and the tool behind it is more sophisticated than most people realize. Security researchers have documented how Evilginx, an adversary-in-the-middle framework, is being used to silently…
Hackers Abuse PowerShell Commands to Deliver SmartRAT Through Brazilian Bank Phishing Page
A new cyberattack campaign has emerged, using cleverly crafted phishing pages and PowerShell tricks to deliver a dangerous piece of malware called SmartRAT. The attack targets Brazilian banking customers and combines social engineering with AI-generated web pages to make the…
F5 Patches NGINX Vulnerability That Enables Code Execution and DoS Attacks
F5 has released an out-of-band security advisory addressing multiple high-severity vulnerabilities in NGINX that could allow attackers to execute arbitrary code and launch denial-of-service (DoS) attacks across affected environments. The advisory, published on June 17, 2026, highlights several critical flaws…
Modern Data Protection Standards: How Organizations Are Strengthening Cybersecurity in 2026
Organizations today operate in an increasingly hostile cyber threat landscape where data protection has become a critical business requirement. While digital transformation delivers greater efficiency and accessibility, it also expands the attack surface that cybercriminals seek to exploit. As a…
Hackers Actively Exploiting WordPress SMTP Plugin With 100,000+ Installs to Access Sensitive Data
Hackers are actively abusing a sensitive information exposure flaw in the Gravity SMTP WordPress plugin, aggressively targeting over 100,000 sites to harvest configuration data and live email credentials. The vulnerability, tracked as CVE‑2026‑4020 and rated 5.3 (Medium), affects all Gravity…