Kali Linux 2026.2 arrives on schedule in the final week of Q2 with a pragmatic blend of desktop environment refreshes, infrastructure hardening, and practical usability refinements that will matter to both pentesters and platform maintainers. The release emphasizes polish and…
Tag: EN
SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)
Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. The malware is capable of targeting Windows, macOS, and Linux systems, and “collects credentials associated with cloud…
Hackers Leverage Blockchain to Hit Japan’s Hotels Through Booking.com Phishing
A wave of phishing emails sent to Booking.com partner accommodations in Japan in May led to blockchain-hosted malware This article has been indexed from www.infosecurity-magazine.com Read the original article: Hackers Leverage Blockchain to Hit Japan’s Hotels Through Booking.com Phishing
June 2026 Apple Updates, (Tue, Jun 30th)
Apple released updates for iOS/iPadOS, macOS, and Safari on Monday. There have been no updates for other Apple operating systems (visionOS, watchOS, tvOS). Usually, Apple updates all products at the same time. This article has been indexed from SANS Internet…
Amazon Q’s MCP Flaw Is an Industry Warning: AI Tools Still Lack Workspace Trust Standards
CVE-2026-12957 in Amazon Q is the third MCP auto-execution vulnerability in three AI coding tools. The pattern reveals a shared design failure, not just a single vendor mistake. Amazon Q’s MCP Flaw Is an Industry Warning: AI Tools Still Lack…
ToddyCat: your hidden email assistant. Part 2
An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services. This article has been…
The AI Token Costs That Can Break Cybersecurity
As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. The post The AI Token Costs That Can Break Cybersecurity appeared first on SecurityWeek. This article has…
Boss Scam Uses DLL Sideloading to Hijack WhatsApp Web and Defraud Enterprises
The new “Boss Scam” is a sharp escalation in CEO fraud: attackers now combine impersonation, Windows DLL sideloading, and WhatsApp Web session theft to turn trusted executive channels into fraud infrastructure. The campaign was highlighted in advisories tied to India’s…
Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817
Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments. A critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited in the wild, according to…
Nissan Employee Data Breached in Oracle PeopleSoft Hack
Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed. The post Nissan Employee Data Breached in Oracle PeopleSoft Hack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI.…
New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials
Convince an AI browser that it is playing a game, and it can hand over your login details. That is the finding behind BioShocking, a technique from security firm LayerX that tricked six AI browsers and assistants into copying a user’s…
UK Healthcare Sector Records Tenfold Increase in Cyber-Attacks
SonicWall records 264,000 events in first five months of 2026 as UK hospitals come under siege This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Healthcare Sector Records Tenfold Increase in Cyber-Attacks
TfL Hackers Were Known To Police For Years
Two young men who pleaded guilty to hacking Transport for London began offending as teenagers and committed numerous other offences This article has been indexed from Silicon UK Read the original article: TfL Hackers Were Known To Police For Years
Kali Linux 2026.2 Released With 9 New Tools and VM Boot Tweaking
Kali Linux team officially released Kali Linux 2026.2 right on schedule at the close of Q2 2026, delivering a compelling mix of desktop environment upgrades, infrastructure modernization, VM performance enhancements, and nine brand-new tools for penetration testers and security researchers.…
Critical SimpleHelp Vulnerability Exploited for Malware Delivery
The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling. The post Critical SimpleHelp Vulnerability Exploited for Malware Delivery appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Critical…
Shadow AI Is Not a Tool Problem. It’s a Timing Problem.
Most AI policies are written in the future tense. Employees use AI in the present tense. That gap explains a lot about shadow AI. A governance committee may still be defining good AI use. Meanwhile, AI has already become part…
Kali Linux 2026.2 trims VM boot times, refreshes its desktops
Penetration testers who run Kali Linux inside virtual machines boot their systems faster after the 2026.2 release. The change comes from a decision about graphics firmware, the code that drives NVIDIA, AMD, and Intel GPUs. That firmware has grown large…
Over 300 UK Firms Hit by Ransomware in a Year
Report Fraud data reveals that more than half of 323 UK ransomware victims last year were SMEs This article has been indexed from www.infosecurity-magazine.com Read the original article: Over 300 UK Firms Hit by Ransomware in a Year
Australia To Double Penalty For Social Media Ban Failures
Australian government to boost maximum penalty for breaches of youth social media ban to A$99m, arguing firms not doing enough This article has been indexed from Silicon UK Read the original article: Australia To Double Penalty For Social Media Ban…