Ivanti has disclosed a high-severity vulnerability in its Ivanti Neurons for ITSM platform that could allow attackers with valid credentials to escalate privileges and gain full administrative access. The flaw, tracked as CVE-2026-9614, affects both cloud and on-premises deployments and…
Tag: Cyber Security News
Critical Apache ActiveMQ Vulnerability Allows Malicious Security Header Injections
A critical vulnerability in Apache ActiveMQ has been disclosed, allowing attackers to inject malicious HTTP security headers through improperly handled message properties, potentially leading to cross-site scripting and response manipulation attacks in affected deployments. Tracked as CVE-2026-42253, the issue impacts…
Windows Search URI Handler Flaw Leaks NTLMv2 Hashes to Attacker-Controlled Servers
A newly disclosed flaw in the Windows search URI handler can silently leak NTLMv2 hashes to attacker-controlled servers with nothing more than a single link click. This behavior is the same bug class as CVE-2026-33829 in the Snipping Tool, but Microsoft has…
Microsoft 365 Android Apps Account Takeover Vulnerability Impacted Billions of Android Users
A single forgotten development flag left active in production code silently handed Microsoft account tokens to any app on an Android device, exposing billions of users across six major Microsoft 365 apps to account takeover without any interaction or consent.…
HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora
A newly disclosed remote denial-of-service exploit dubbed “HTTP/2 Bomb” targets the default HTTP/2 configurations of the world’s most widely deployed web servers, nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora, enabling a single attacker on a home internet connection…
1-Click GitHub Token Vulnerability Lets Attackers Steal Users’ OAuth Tokens
A critical security vulnerability in Visual Studio Code’s webview implementation allows attackers to steal GitHub OAuth tokens, including read/write access to private repositories, simply by tricking a victim into clicking a single malicious link. The bug was publicly disclosed on…
Threat Actor Uses Stolen Gemini API Keys to Automate Telegram Influence Campaign
A single threat actor has been running a fake political persona on Telegram for five years, quietly building an audience of over 17,000 subscribers while using stolen AI credentials to power the entire operation. What looks like an American patriot…
WordPress Malware Abuses Steam Community Profiles for C2 Operations
A newly discovered malware campaign targeting WordPress websites has raised serious concerns across the web security community. Attackers behind this campaign are using an unexpected method to communicate with infected sites, hiding command instructions inside Steam Community profile comments and…
Russia Says Foreign Spyware Found on High-Ranking Officials’ Mobile Phones
Russia’s Federal Security Service (FSB) has claimed it disrupted a large-scale cyber-espionage operation involving the deployment of advanced spyware on mobile devices used by high-ranking government officials. The agency stated that the campaign was orchestrated by unidentified foreign intelligence services…
Red Hat Confirms Supply Chain Compromise of @redhat-cloud-services npm Packages
Red Hat has officially confirmed a supply chain compromise affecting multiple packages published under the @redhat-cloud-services npm namespace, disclosed publicly on June 1, 2026. A compromised GitHub account was used to inject malicious code into frontend libraries maintained within a…
Attackers Abuse AWS, Google Cloud, Cloudflare, and Microsoft Services to Hide Malicious Traffic
Cybercriminals are increasingly weaponizing trusted cloud infrastructure, including Amazon Web Services, Google Cloud, Microsoft Azure, Cloudflare, and GitHub, to camouflage malicious traffic, evade detection, and sustain long-lived Command and Control (C2) operations. A recent threat intelligence investigation using ANY.RUN’s Threat…
SolyxImmortal Python Malware Steals Browser Passwords, Cookies, Files, and Keystrokes
A new Python-based malware called SolyxImmortal has been found quietly stealing browser passwords, cookies, sensitive files, and keystrokes from infected Windows systems. The malware uses well-known Python libraries and multi-threading to carry out its operations simultaneously, making it harder to…
Hackers Use 34 Malicious Packages to Steal Cloud Keys, Wallets, and SSH Credentials
Hackers have planted 34 malicious packages across three major open-source ecosystems, quietly stealing cloud credentials, SSH keys, and blockchain wallet data from developers who never suspected a thing. The campaign, named TrapDoor, was first disclosed on May 24, 2026 by…
Mustang Panda Deploys PlugX RAT Through Multi-Stage LNK and PowerShell Attack Chain
A well-known Chinese state-sponsored threat group called Mustang Panda has been caught running a sophisticated cyberattack campaign using its signature remote access tool, PlugX. The group used a cleverly disguised fake browser update to trick users into downloading a multi-stage…
Microsoft MSRC Allegedly Dismissed Dependency Confusion Vulnerability, Claims Researcher
A dependency confusion vulnerability affecting Microsoft’s Azure Portal after the Microsoft Security Response Center (MSRC) closed the case, claiming the confirmed remote code execution evidence did not constitute an exploitable security issue. The vulnerability was uncovered by Security researcher Wahid…
CISA Flags Palo Alto Networks PAN-OS Vulnerability as Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Palo Alto Networks PAN-OS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. The vulnerability affects PAN-OS, the…
Hackers Deploy AZUREVEIL Adaptix C2 Agent via Spearphishing Campaign
A newly identified spearphishing campaign has been quietly targeting government officials, researchers, and technology workers in the Czech Republic and Taiwan. Threat researchers traced the operation to a China-linked threat actor, with the earliest known sample surfacing from Taiwan in…
Claude Code’s GitHub Actions Vulnerability Lets Attackers Compromise Any Repository
A critical supply chain vulnerability in Claude Code’s GitHub Actions that could allow attackers to compromise any repository using Anthropic’s official CI/CD workflow, including Anthropic’s own infrastructure. The vulnerability, discovered by security researcher RyotaK of GMO Flatt Security and patched…
TP-Link Router Vulnerability Allows Attackers to Execute Arbitrary System Commands
A newly disclosed high-severity vulnerability in TP-Link routers could allow attackers to execute arbitrary system commands and fully compromise affected devices. Tracked as CVE-2026-5509, the flaw affects Archer BE450 v1 and Archer BE7200 v1 models. It has been assigned a…
PHANTOMPULSE RAT Uses Process Injection and UAC Bypass to Compromise Windows Systems
A newly analyzed remote access trojan called PHANTOMPULSE has drawn serious attention for its advanced approach to compromising Windows systems. The malware is the final-stage payload in a broader attack chain known as REF6598, a threat cluster actively targeting the…