A dangerous new variant of the SHub Stealer malware has emerged, targeting Mac users in ways that are smarter and harder to detect than before. The updated build, now called Reaper, spreads through fake websites that impersonate popular software, luring…
Tag: Cyber Security News
Chinese APT VerdantBamboo Uses BRICKSTORM Malware to Compromise Firewalls and Appliances
A Chinese state-linked hacking group has been quietly living inside corporate networks for well over a year, using a custom malware toolkit to compromise firewalls, storage systems, and network appliances without ever tripping an alarm. The group, tracked as VerdantBamboo,…
Agentic AI Red Teaming Reveals Zero-Click Human-in-the-Loop Bypass Attack Chains
Artificial intelligence systems are changing the way software operates, but they are also introducing new security risks that many organizations are not fully prepared for. Agentic AI, which refers to AI that can plan and carry out multi-step tasks on…
VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore
A new ransomware strain called VECT 2.0 is raising serious concerns among security professionals, and for a troubling reason — even if a victim pays the ransom, the attacker’s own decryptor may not fully restore their files. This is not…
Dashlane Details How Hackers Managed to Download Encrypted Password Vaults
Dashlane has disclosed that threat actors successfully brute-forced two-factor authentication (2FA) protections to register unauthorized devices and download encrypted password vaults belonging to fewer than 20 personal plan users, with a completed investigation confirming no broader impact on its internal…
Microsoft Edge Vulnerability Allows Remote Attackers to Execute Arbitrary Code
Microsoft has released a security update addressing a critical vulnerability in Microsoft Edge that could allow remote attackers to execute arbitrary code on vulnerable systems. Tracked as CVE-2026-45495 and reported by Orange Tsai of DEVCORE, the flaw carries a CVSS…
Let’s Encrypt Unveils Merkle Tree Certificates to Secure the Web Against Quantum Threats
Let’s Encrypt has announced its roadmap for post-quantum Web PKI, centering on a novel approach called Merkle Tree Certificates (MTCs), a design that delivers quantum-resistant authentication without bloating TLS handshakes or breaking the web’s performance expectations. Traditional X.509 certificate chains…
Cisco SD-WAN Vulnerability Exploited in the Wild to Execute Arbitrary Commands as Root User
Cisco has disclosed a high-severity vulnerability in its Catalyst SD-WAN Manager that is actively being exploited in the wild, allowing attackers to execute arbitrary commands with root privileges. The issue, tracked as CVE-2026-20245, carries a CVSS score of 7.8 and…
HexStrike AI RED-TEAM With 127 Security Tools and BOAZ Red Team Integration
A fork of the original HexStrike AI project has been released as HexStrike AI v6.0, an advanced Model Context Protocol (MCP)-based cybersecurity automation framework that merges 127 professional security tools with BOAZ, a multi-layered, EDR/AV payload evasion engine built for real-world…
ClawHub, Cisco, Vercel’s Malicious Skill Detector Bypassed to upload Malicious Skills
AI skill scanners from ClawHub, Cisco, and Vercel’s skills. The platform can be bypassed with minimal effort, allowing malicious skills to be uploaded and distributed through public marketplaces. The findings highlight a growing supply chain risk in agent ecosystems, where…
Hackers Use Fake Claude Code Install Page to Deliver Fileless .NET Infostealer
Hackers are exploiting the excitement around AI coding tools by targeting users who search for Claude Code installation guides. An active campaign uses fake installer pages to silently steal credentials from unsuspecting victims. The attackers use SEO poisoning to push…
Hackers Use Malicious Ads to Deliver FlutterShell Backdoor on macOS Systems
A new and rapidly spreading malware campaign is putting macOS users at serious risk. Threat actors are using Google Ads to push fake desktop applications that secretly install a powerful backdoor on infected machines. The campaign, dubbed Operation FlutterBridge, marks…
binding.gyp Supply Chain Attack Compromises Dozens of npm Packages Across Maintainer Accounts
A self-replicating worm has been quietly spreading across the npm registry using a method most security teams do not watch for. Instead of hiding inside package.json scripts, the attacker weaponized a tiny configuration file called binding.gyp to trigger malicious code…
Hackers Impersonate Ghidra, dnSpy, and SpiderFoot to Spread Malware via Fake Download Sites
Hackers are creating convincing fake websites that impersonate popular security tools to trick users into downloading malware. Instead of obvious phishing pages, these sites look almost identical to real project portals, complete with professional designs and links pointing to actual…
IronWorm Supply Chain Attack Uses Malicious npm Packages to Steal Developer Secrets
A newly discovered malware campaign called IronWorm has been silently targeting software developers through poisoned npm packages, stealing credentials, API keys, and even cryptocurrency wallet recovery phrases. The attack is built to spread itself through trusted developer workflows, making it…
Cybercriminals Shift From Fake Login Pages to Infostealer Malware in Phishing Attacks
Phishing attacks have always been one of the most common ways cybercriminals steal personal and business data. But something has quietly changed about how these attacks work. Instead of tricking people into typing passwords on fake websites, attackers are now…
Anthropic’s Claude Oceanus-v1-p Opens to Red Team Testing, but Distribution is Compromised
A next-generation Anthropic model has surfaced in restricted testing channels, but early distribution was already compromised before the evaluation formally began. References to claude-oceanus-v1-p began circulating among researchers on June 3, 2026, after the model identifier appeared inside Anthropic’s Claude…
CISA Warns of critical Magento Cache Warmer RCE flaw Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical remote code execution vulnerability affecting the Mirasvit Full Page Cache Warmer extension for Magento, tracked as CVE-2026-45247. The flaw, stemming from insecure deserialization of…
Stock Exchange Executive’s Outlook Account Targeted to Exfiltrate Credentials
A senior executive at a major global stock exchange had their Microsoft Outlook account silently compromised for five straight months, with attackers carefully siphoning emails in small batches to avoid detection. The intrusion ran from October 2025 through at least…
Payouts King Ransomware Evades EDR With Obfuscation and Direct System Calls
A new ransomware group known as Payouts King has quietly been building a reputation since it first appeared in April 2025. While it spent most of last year flying under the radar, early 2026 brought a noticeable spike in activity…