A critical supply chain vulnerability in Claude Code’s GitHub Actions that could allow attackers to compromise any repository using Anthropic’s official CI/CD workflow, including Anthropic’s own infrastructure. The vulnerability, discovered by security researcher RyotaK of GMO Flatt Security and patched…
Tag: Cyber Security News
TP-Link Router Vulnerability Allows Attackers to Execute Arbitrary System Commands
A newly disclosed high-severity vulnerability in TP-Link routers could allow attackers to execute arbitrary system commands and fully compromise affected devices. Tracked as CVE-2026-5509, the flaw affects Archer BE450 v1 and Archer BE7200 v1 models. It has been assigned a…
PHANTOMPULSE RAT Uses Process Injection and UAC Bypass to Compromise Windows Systems
A newly analyzed remote access trojan called PHANTOMPULSE has drawn serious attention for its advanced approach to compromising Windows systems. The malware is the final-stage payload in a broader attack chain known as REF6598, a threat cluster actively targeting the…
Web App and API Attacks are Rising: Are You Blind to AI Web Attacks? Join Free WAAP Security Webinar
Every day, thousands of web applications and APIs are probed, scanned, and exploited by attackers who have learned a critical truth: most organizations are not seeing a fraction of what is actually happening inside their environments. Firewalls, intrusion detection systems,…
Gamaredon APT Hides Malware in Windows Features and Abuses Cloud Platforms for C2
Gamaredon, a Russian state-backed espionage group, is deploying a new VBScript worm that hides inside native Windows features while using popular cloud services as covert command-and-control (C2) channels in an ongoing campaign against Ukrainian targets. The operation showcases a modular…
Dashlane Password Manager User Accounts Locked Following Brute-Force Attacks
Dashlane has disclosed a security incident involving a large-scale brute-force attack targeting user accounts, beginning on May 31, 2026. According to the company, an external threat actor attempted to bypass two-factor authentication (2FA) protections by repeatedly guessing authentication codes to…
Critical StrongDM Vulnerability Allows Attackers to Steal and Reuse Authentication
A critical authentication flaw in StrongDM’s desktop application has been identified that allows attackers to hijack user sessions by reusing locally stored authentication material, potentially exposing sensitive enterprise infrastructure. The issue, tracked as CVE-2026-4387, was discovered by SpecterOps during a…
Android 0-Day Vulnerability Exploited in Attacks to Gain Complete Device Control
A critical Android zero-day vulnerability is being actively exploited in targeted attacks, allowing threat actors to gain near-complete control over affected devices without any user interaction. The flaw, tracked as CVE-2025-48595, was highlighted in the June 2026 Android Security Bulletin,…
Nimbus Manticore APT Abuses Fake Recruitment Portal to Deliver Custom Malware
A state-linked hacking group has been caught running a carefully crafted fake recruitment operation to push custom malware onto unsuspecting victims. The group, known as Nimbus Manticore and also tracked as UNC1549 and Smoke Sandstorm, has a long history of…
Hackers Use Meta’s AI Bot to Reset Passwords and Hijack Instagram Accounts
A critical logic flaw in Meta’s AI-powered Instagram support chatbot allowed attackers to bypass two-factor authentication entirely, not by cracking codes, but by simply asking the bot to hand over access. Over the weekend, high-value “OG” Instagram handles, dormant institutional…
IBM WebSphere Server Vulnerable to Remote Code Execution Attack Via Crafted Request
IBM has disclosed a critical security vulnerability in its WebSphere Application Server ecosystem that could allow attackers to execute arbitrary code through specially crafted HTTP requests. The flaw, tracked as CVE-2026-8633, affects environments that use the optional Web Server Plug-ins…
Multiple Red Hat Cloud Services npm Packages Compromised to Deploy Credential-Stealing Malware
A significant supply chain attack on June 1, 2026, targeting over 30 official packages under the @redhat-cloud-services npm scope. The campaign, dubbed “Miasma: The Spreading Blight,” is a new variant of the Mini Shai-Hulud malware family a sophisticated credential-stealing worm…
SmartApeSG Campaign Uses ClickFix Scripts to Infect Windows Hosts With RAT Malware
A well-known social engineering campaign called SmartApeSG is back in the spotlight, this time using ClickFix scripts to quietly plant remote access malware on Windows computers. The campaign lures victims through fake verification pages that trick them into running a…
Attackers Abuse Docker and Kubernetes Misconfigurations to Compromise Host Systems
Attackers are actively exploiting misconfigurations in Docker and Kubernetes environments to break out of containers and take full control of the underlying host systems. What was once a niche concern has grown into a serious and escalating threat, with attackers…
Microsoft Office for the Web and Teams Hit by File Access Outage
Microsoft experienced a service disruption affecting users’ ability to open files through Office for the Web and Microsoft Teams, with the company confirming resolution after investigating elevated error rates across its online productivity platform. The incident, tracked internally under MO1329446…
Critical Plesk Vulnerability Let Users Execute Arbitrary Commands on the Server
A newly disclosed critical vulnerability in Plesk, tracked as CVE-2026-44962, is raising serious security concerns after researchers confirmed it can allow authenticated users to execute arbitrary operating system commands on affected servers. The issue, published in the National Vulnerability Database…
SideCopy Hackers Deploy Persistent XenoRAT Malware to Target Afghanistan Finance Ministry
A Pakistan-linked threat group known as SideCopy has launched a focused cyberattack against Afghanistan’s Ministry of Finance, deploying a persistent remote access tool called XenoRAT. The campaign, dubbed Operation XENOFISCAL, targeted provincial finance officials across all 34 Afghan Mustoufiats —…
Iranian Hackers Abuse AppDomainManager Hijacking to Evade EDR Detection
Iranian hackers have taken their cyberespionage playbook to a new level, deploying a sophisticated .NET hijacking technique to slip past endpoint defenses and target organizations across the United States, Israel, and the United Arab Emirates. The campaign intensified following a…
Microsoft Investigates MFA Setup Failure and MySigns-In Portal Outage
Microsoft is currently investigating a service disruption affecting users attempting to set up multi-factor authentication (MFA) or access the self-service sign-in portal at mysignins.microsoft.com. The issue was officially acknowledged by the company’s Microsoft 365 Status account on X (formerly Twitter)…
New DriveSurge Threat Actor Uses ClickFix and Fake Updates to Infect Website Visitors
A newly identified threat actor named DriveSurge has been quietly compromising thousands of legitimate websites to push malware onto unsuspecting visitors. Using a combination of fake browser update pages and a social engineering trick known as ClickFix, this operation ran…