A proof-of-concept (PoC) exploit has been released for a critical Linux kernel vulnerability, CVE-2026-46316, that enables a guest-to-host escape in KVM environments on arm64 systems. The flaw, named “ITScape,” allows attackers to break out of a virtual machine and execute…
Tag: Cyber Security News
Hackers Abuse AWS CloudTrail and Google Cloud Logging to Evade Detection and Exfiltrate Logs
Cloud environments have quietly become one of the most targeted areas in modern cybersecurity. As organizations shift to the cloud, the services that track activity inside those environments have become a top priority for attackers. Logging services, which record every…
Microsoft Exchange Server 0-Day Vulnerability Exploited in Attacks Using Weaponized Email
Microsoft has confirmed active exploitation of a new zero‑day spoofing flaw in on‑premises Exchange Server, tracked as CVE‑2026‑42897. The flaw allows attackers to execute arbitrary JavaScript in Outlook Web Access (OWA) simply by sending a weaponized email that a victim…
China-Linked JDY Botnet Uses 1,500+ SOHO and IoT Devices for Rapid Vulnerability Exploitation
A China-linked network of compromised routers and smart devices has grown into one of the most capable reconnaissance tools tied to a nation-state threat group. Researchers have identified a major resurgence of a botnet known as JDY, which now controls…
Ivanti Endpoint Manager Mobile Vulnerability Enables Remote Code Execution Attacks
A high-severity vulnerability, CVE-2026-6973, in Ivanti Endpoint Manager Mobile (EPMM) could allow authenticated attackers to achieve remote code execution by injecting malicious Apache configuration directives. The flaw, assigned a CVSS score of 7.2, is classified as a configuration control vulnerability…
Anthropic’s Claude Fable 5 Jailbroken to Generate Stack Exploits
Anthropic launched Claude Fable 5 on June 9, 2026, as the first publicly available model in its new Mythos class, its most capable AI to date, excelling in software engineering, knowledge work, and vision benchmarks. Researcher “Pliny the Liberator” defeats…
OpenClaw AI Agent Leaks Sensitive Credentials in New Phishing Attack Simulation
AI agents are becoming a core part of how companies manage their inboxes, triaging messages, pulling up files, and even replying to emails on behalf of employees. What researchers have now confirmed is that these agents can be tricked just…
Hackers Infect npm Package dbmux With Malware to Fully Compromise Developer Systems
A malicious package targeting software developers has been discovered on npm, one of the most widely used package registries in the world. The package, named dbmux, was found to contain hidden malware capable of giving attackers complete control over any…
ServiceNow Confirms Vulnerability Allowing Unauthorized Access to Customer Instance Tables
ServiceNow has confirmed a security vulnerability that could allow unauthorized actors to query customer instance tables, raising concerns about potential data exposure across enterprise environments. The issue, disclosed through threat intelligence channels, involves improper access controls that may enable attackers…
Hackers Use Tax Phishing Emails to Deploy In-Memory Malware on Windows Systems
Hackers are using fake tax notification emails to trick Windows users into downloading dangerous multi-stage malware that runs entirely in memory, leaving almost no trace behind. The campaign, tracked as Operation TaxShadow, has been active since at least May 20, 2026,…
Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency
Hackers are turning everyday software searches into a trap. A sophisticated cryptojacking campaign is actively targeting users who search for popular PC utilities online, luring them into downloading malware-laced files that secretly mine cryptocurrency using their own GPU. The attackers…
Critical OpenSSL Vulnerabilities Enable Remote Code Execution Attacks
A security advisory from OpenSSL on June 9, 2026, warns of a critical vulnerability that could allow remote code execution when applications process specially crafted PKCS7 or S/MIME signed messages. The flaw, tracked as CVE‑2026‑45447, is a heap use‑after‑free bug in…
Windows RDP Vulnerabilities Allow Attacker to Expose Sensitive Data
Windows systems are impacted by two new Remote Desktop Protocol (RDP) information disclosure vulnerabilities, CVE-2026-42908 and CVE-2026-45639. Both issues were resolved in Microsoft’s security updates released on June 9, 2026. Both flaws stem from out-of-bounds reads in the RDP stack and are…
Slow Triage Is Raising Business Risk. Here’s How SOC Teams Cut Investigation Time
The longer it takes to confirm a threat, the longer the business stays exposed. Slow triage leaves SOC teams stuck between suspicious alerts and clear response decisions, giving malware, phishing attacks, and other threats more time to progress. For CISOs…
CISA Warns of Google Chromium 0-Day Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a newly discovered zero-day vulnerability in Google Chromium that is actively being exploited in the wild. The flaw, tracked as CVE-2026-11645, affects the Chromium V8 JavaScript…
Windows Collaborative Translation Framework 0-Day Vulnerability Allows Privilege Escalation
Windows administrators should quickly deploy Microsoft’s June 9, 2026 security updates to fix a newly disclosed zero‑day in the Windows Collaborative Translation Framework (CTFMON), tracked as CVE‑2026‑45586. The flaw allows a local attacker with low privileges to escalate to SYSTEM,…
Hackers Abuse TikTok and Instagram Reels to Spread Malware via Fake Free Software Tutorials
Cybercriminals are now turning to short-form video platforms as a new attack surface, using fake software tutorials on TikTok and Instagram Reels to push malware onto unsuspecting users. The tactic is simple but remarkably effective: create polished, convincing videos that…
Hackers Deploy MLTBackdoor Malware via Multi-Stage ClickFix Infection Chain
A newly discovered backdoor malware called MLTBackdoor is making waves in the cybersecurity community after being spotted in a carefully designed, multi-stage attack chain. Identified in May 2026, this threat stands out for its advanced ability to hide from security…
Windows BitLocker 0-Day Vulnerability Allows Attackers to Bypass Security Feature
Microsoft disclosed a new Windows BitLocker Security Feature Bypass vulnerability, tracked as CVE-2026-50507, on June 9, 2026, as part of its June Patch Tuesday security release. The flaw, rooted in a protection mechanism failure, allows an unauthorized attacker with physical access…
Anthropic Released Claude Fable 5, the First Model in Mythos Class
Anthropic has released Claude Fable 5, the first publicly available model in its new Mythos capability tier, a class powerful enough that the company says it ships with cybersecurity safeguards baked in from day one. Fable 5 sits above the…