This week’s roundup covers a major AI security model redeployment, several critical RCE vulnerabilities across popular tools, a landmark WhatsApp privacy update, and the latest Kali Linux release. Anthropic Confirms Claude Mythos 5 Redeployment Anthropic’s most powerful AI cybersecurity model…
Tag: Cyber Security News
Flipper Zero Firmware Development Continues With New Community Contribution Rules
Flipper Devices has responded to intense community backlash over perceptions that it had abandoned active development of the Flipper Zero firmware. In a statement addressing the controversy, the company announced it will allocate dedicated resources to firmware maintenance while overhauling…
T3MP3ST Security Framework Turns AI Coding Agents Into 0-Day Bug Hunters
A newly released open-source security framework called T3MP3ST is turning general-purpose AI coding agents like Claude Code, OpenAI’s Codex, and Hermes into autonomous red-teaming operators without requiring new API keys, cloud infrastructure, or additional billing. Built by researcher elder-plinius, T3MP3ST…
Microsoft Releases OOBE Cumulative Update for Windows 11, Versions 24H2 and 25H2
Microsoft has rolled out KB5095189, a new cumulative update targeting the Out-of-Box Experience (OOBE) for Windows 11, versions 24H2 and 25H2. Released on June 23, 2026, this update refines the initial setup flow that users encounter when configuring a new…
PamStealer Mimics Maccy Clipboard Manager Silently Harvests Data and Clipboard Contents
PamStealer is a newly identified macOS infostealer that disguises itself as the popular open-source clipboard manager “Maccy” while silently harvesting sensitive user data. Discovered by Jamf Threat Labs, the malware uses a stealthy two-stage infection chain designed to evade detection…
New “Bad Epoll” 0-Day Vulnerability Allows Root Access on Linux Servers and Android Devices
A newly disclosed Linux kernel flaw dubbed “Bad Epoll” (CVE-2026-46242) allows an unprivileged local user to escalate to root on Linux servers, desktops, and Android devices by exploiting a race condition and a use-after-free (UAF) in the kernel’s epoll subsystem.…
Multiple FatFs Vulnerabilities Expose Millions of Embedded Devices to Cyber Risks
Security researchers at runZero have disclosed seven new CVEs affecting FatFs, the ubiquitous lightweight FAT/exFAT filesystem driver used across embedded and IoT ecosystems. The vulnerabilities range from CVSS Medium to High, with no Critical-rated findings, but their reach is significant:…
Indian Govt Bans Apps Being Misused to Stop E-Rickshaws Remotely
The Indian government has directed Google and Apple to take down three mobile applications, BAT-BMS, Lossigy, and Epoch-i-ion, after they were allegedly misused to remotely disable e-rickshaws and other battery-operated three-wheelers mid-journey, putting passenger safety at risk. Authorities have also…
Top 10 Best Post-Quantum Cryptographic Solutions in 2026
Quantum computing has crossed the line from research curiosity to board-level risk. Once a cryptographically relevant quantum computer arrives — an event security planners call “Q-Day” — the public-key cryptography that protects banking, government, healthcare, and the entire internet (RSA,…
Nebula AI-Powered Penetration Testing Platform Automates Vulnerability Assessments
A new open-source security tool is bringing large language models directly into the penetration tester’s terminal. Nebula, developed by BerylliumSec, integrates state-of-the-art AI models into the command-line interface, allowing ethical hackers and security professionals to automate vulnerability assessments, generate exploit…
Alibaba to Ban Claude Code Over Alleged Embedded Backdoor Risks
Alibaba is reportedly set to ban Anthropic’s Claude Code from its internal workplace environments starting July 10, 2026, over alleged embedded backdoor risks. The company has not officially confirmed the decision and did not respond to media queries at the…
Hackers Abuse SEO Poisoning and Hidden HTML to Trick AI Agents Into Following Malicious Instructions
Artificial intelligence agents are quickly becoming the new front door to the internet, and attackers have noticed. A fresh wave of malicious websites is using search engine tricks and invisible code to feed false instructions directly into AI systems, turning…
Multiple Apache ActiveMQ Vulnerabilities Enable DoS Attacks and Lead to Crashes
Apache ActiveMQ users are advised to urgently update their deployments after three important vulnerabilities were disclosed, exposing messaging infrastructure to denial-of-service (DoS) attacks, broken isolation, and improper authorization risks. The issues, tracked as CVE-2026-53917, CVE-2026-54475, and CVE-2026-49877, affect core components…
Scammers Impersonate Trusted Brands in Gambling Ads to Drive Casino Traffic
Scammers are hijacking trusted brand names to push people toward online casinos unrelated to those companies. Instead of building fake bank sites or phishing emails, they exploit the trust people place in familiar logos. The scam starts simply. A consumer…
Hackers Use Fake Cisco AnyConnect and Google Update Installers to Drop SharkLoader
Cybersecurity researchers have uncovered a new malware loader called SharkLoader that is quietly slipping into networks by hiding inside fake software installers. The tool has been spotted delivering Cobalt Strike Beacon, a well known post exploitation framework, onto compromised machines.…
Hackers Abuse Blogspot and PowerShell Download Cradles to Deploy PureLog Steale
Hackers have found a clever way to sneak data-stealing malware onto victims’ computers by hiding their tracks inside a trusted platform, Google Blogspot. Researchers recently uncovered a campaign abusing this blogging service alongside native Windows tools to quietly install an…
FBI Warns TeamPCP Hackers Compromise Developer Tools in Large-Scale Supply Chain Attacks
A new wave of software supply chain attacks has put developers and security teams on high alert. The threat group behind it, known as TeamPCP, has been quietly slipping malicious code into trusted development and security tools used by companies…
Former MEP Investigating Spyware Abuses Has Phone Hacked With Pegasus
Stelios Kouloglou, a former Member of the European Parliament (MEP) who served on the committee investigating Pegasus spyware abuses, was himself repeatedly infected with NSO Group’s Pegasus spyware during his tenure, according to new forensic findings from the Citizen Lab.…
Your iphone Will Alert You in Real Time if You Are Falling Victim to a Scam
Apple is taking a major step toward combating social engineering attacks with a new feature in iOS 27 that can warn users in real time if they are likely being targeted by a scam. The new framework, called Trust Insights,…
Microsoft Exchange SSRF Vulnerability Details Released Along With Public PoC Exploit
Security researchers from HawkTrace have disclosed technical details of a high-severity server-side request forgery (SSRF) vulnerability in Microsoft Exchange, tracked as CVE-2026-45504. The flaw, which carries a CVSS score of 8.8, allows authenticated, low-privileged users to read arbitrary files from…