OnyxC2 is a MaaS stealer targeting 210+ apps, using DLL sideloading, encrypted payloads, and remote access features to evade detection. OnyxC2 appeared on a cybercrime forum earlier this year and is sold as a subscription service: $250 per month for…
Tag: EN
Signal Users Targeted in Sophisticated Phishing Campaigns Aimed at Stealing Chat Backups
Recently uncovered cyber threats now focus on people relying on Signal’s encrypted messaging service. Fake notifications, appearing legitimate at first glance, lead recipients to counterfeit pages through deceptive URLs. These attempts aim straight at stored conversation archives linked to…
Cyber Briefing: 2026.06.11
6.7M Breached, AI Blindspots, & The Rise of Unencrypted Extortion. (Are you covered?) This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.06.11
Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface Management
Torrance, United States / California, 11th June 2026, CyberNewswire This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of…
Ivanti Command Injection Vulnerability Exploited in Attacks Following PoC Release
Threat actors have begun actively exploiting a critical Ivanti Sentry command injection vulnerability just days after a proof-of-concept (PoC) exploit was made public, according to new internet scanning data from the Shadowserver Foundation. The flaw, tracked as CVE-2026-10520, carries a…
Alert Fatigue Is Becoming a Security Threat of Its Own
As alert volumes outpace human capacity, organizations are turning to AI, automation, and deeper context to separate real threats from the noise. The post Alert Fatigue Is Becoming a Security Threat of Its Own appeared first on SecurityWeek. This article…
Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks
Oracle has released a patch for CVE-2026-35273, but it has not said whether it’s a zero-day exploited in ShinyHunters attacks. The post Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks appeared first on SecurityWeek. This article has been indexed…
Fake Spotify Premium tutorials on TikTok and Instagram Reels spread malware
Cybercriminals are using TikTok and Instagram Reels videos to spread Vidar, an infostealer malware, through fake downloads for popular paid software, according to ReversingLabs. The researchers uncovered two campaigns behind the activity, each using a different approach to draw in…
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories
It’s been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there’s a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing…
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason is simple. Cybersecurity is full of work that deserves recognition…
Cybercriminals Use Fake AI Guides and Dev Tools to Spread AsyncRAT Malware
Fake AI guides hide a multi-stage chain that drops AsyncRAT, with signs of AI-assisted coding This article has been indexed from www.infosecurity-magazine.com Read the original article: Cybercriminals Use Fake AI Guides and Dev Tools to Spread AsyncRAT Malware
Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware
Hackers are using fake Claude Code guide and AI PDFs to spread AsyncRAT malware via Windows attack using PowerShell and Defender exclusions. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original…
OceanLotus Targets Stock Investors in FireAnt MetaKit Supply-Chain Hack
OceanLotus APT has executed a precision supply‑chain operation that implanted its SPECTRALVIPER backdoor into FireAnt MetaKit, a popular Vietnamese market‑data component. Telemetry collected from mid‑2024 through early 2026 shows OceanLotus (aka APT32) conducting two distinct campaigns: a long‑running espionage intrusion…
When Your AI Agent’s Memory Becomes a Security Liability
Key Findings: Check Point Research identified a critical vulnerability chain in LangGraph, an open-source framework from the creators of LangChain that enables developers to build complex, stateful, and controllable AI agent workflows using LLMs; they have approximately 46.5 million monthly downloads, making it one of the most widely…
South Korea hits Coupang with $400M+ fine for data breach that affected millions
South Korean authorities issued the record-breaking fine following a data breach that affected over 30 million customers. This article has been indexed from Security News | TechCrunch Read the original article: South Korea hits Coupang with $400M+ fine for data…
Threat Actors Weaponize AI Hype to Deliver AsyncRAT
FortiGuard Labs analyzes a multi-stage malware campaign that uses fake AI-themed documents, hidden PowerShell scripts, AutoHotkey loaders, and process injection to deploy AsyncRAT and maintain remote access. This article has been indexed from FortiGuard Labs Threat Research Read the…
CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk
The new BOD 26-04 requires agencies to review and update vulnerability management policies with a focus on KEV catalog entries. The post CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk appeared first on SecurityWeek. This article has…
LABScon25 Replay | Keynote: Steps to an Ecology of Cyber
Decades of piling complexity onto non-standardized stacks have left security unsteerable. Juan Andrés Guerrero-Saade makes the case for a new approach. This article has been indexed from SentinelLabs – We are hunters, reversers, exploit developers, and tinkerers shedding light on…
Breaking Free Of The Cyber Insurance Market’s Moment Of Frustration
Cyber insurance is experiencing a prolonged “moment of frustration.” Insurers face volatile cycles, pricing pressures and inconsistent growth. A recent report by Munich Re found the global cyber insurance market totaled $15.3 billion in 2024, and is expected… The post Breaking Free Of The Cyber Insurance Market’s Moment…
The Hidden Security Risks of Poor Software Testing
Poor Software Testing can expose hidden flaws, vulnerable dependencies and weak controls, increasing breach risks, downtime and costly fixes after release. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article:…