Malware was discovered in the npm package dbmux. Any computer with this package installed or running should be considered fully compromised. The GitHub Advisory (GHSA-62wx-5f55-w8g2) characterizes the incident as severe: any machine with dbmux installed or executing it should be…
Tag: EN
France’s Government Messaging App Tchap Got Breached
France’s government chat app Tchap was breached after a single account was compromised, exposing messages and data from public channels. Tchap, the encrypted messaging platform developed by the French government for its civil servants and made mandatory last year, was…
EU Orders Meta To Open WhatsApp To AI Rivals
Interim measure gives Meta five days to restore free access to AI tools, after Meta launches its own business agent on WhatsApp This article has been indexed from Silicon UK Read the original article: EU Orders Meta To Open WhatsApp…
US Adds Alibaba, Baidu, BYD, Unitree To Military List
US Defence Department adds major Chinese tech firms to list designating them as military entities, in move that could pave way for sanctions This article has been indexed from Silicon UK Read the original article: US Adds Alibaba, Baidu, BYD,…
Meta Says NSO Still Targeting WhatsApp Users
Facebook parent Meta says NSO Group violates court order barring it from targeting WhatsApp users with commercial Pegasus spyware This article has been indexed from Silicon UK Read the original article: Meta Says NSO Still Targeting WhatsApp Users
Windows Defender Zero-Day “RoguePlanet” Lets Attackers Gain SYSTEM Privileges
A newly disclosed zero-day vulnerability dubbed “RoguePlanet” is affecting Microsoft Defender, allowing attackers to escalate privileges and obtain full SYSTEM-level access on vulnerable Windows machines. A security researcher recently published the issue under the alias “MSNightmare,” who released a proof-of-concept…
Windows BitLocker 0-Day Flaw Enables Security Feature Bypass Attacks
Microsoft has disclosed a newly identified zero-day vulnerability in Windows BitLocker that could allow attackers to bypass one of the operating system’s core disk encryption protections. The flaw, tracked as CVE-2026-50507, has been classified as an “Important” severity issue and…
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact
In addition, Rockwell Automation announced some enhancements to its SecureOT cybersecurity solution for OT. The post ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Microsoft Fixes 200 CVEs in June Patch Tuesday
Microsoft has patched 200 vulnerabilities including three zero-days This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Fixes 200 CVEs in June Patch Tuesday
OpenClaw AI Agent Leaks Credentials in Phishing Simulation
Autonomous email agents can become high‑impact phishing victims, leaking cloud credentials and sensitive business data even when wrapped in explicit safety instructions. In a controlled lab deployment on the OpenClaw agent platform, an AI agent dubbed “Pinchy” failed multiple classic…
ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. “On June 5, 2026, ServiceNow applied a security update to hosted customer instances,” the company revealed in…
Fable 5, Tchap hacked, CISA priorities
Anthropic releases Claude Fable 5 French government messaging service breached CISA rethinking risk evaluations Get the show notes here: https://cisoseries.com/cybersecurity-news-claude-fable-5-tchap-hacked-cisa-priorities/ Thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal email, a familiar…
Windows BitLocker 0-Day Vulnerability Allows Attackers to Bypass Security Feature
Microsoft disclosed a new Windows BitLocker Security Feature Bypass vulnerability, tracked as CVE-2026-50507, on June 9, 2026, as part of its June Patch Tuesday security release. The flaw, rooted in a protection mechanism failure, allows an unauthorized attacker with physical access…
No Patch Planned for Exploited Arista EOS Vulnerability
Organizations are advised to apply vendor-supplied mitigations or discontinue the vulnerable devices. The post No Patch Planned for Exploited Arista EOS Vulnerability appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: No Patch Planned…
Microsoft Patch Tuesday June 2026 Fixes 198 Vulnerabilities, Including 3 Zero-Days
Microsoft’s June 2026 Patch Tuesday fixes 198 vulnerabilities across Windows, Office, Azure and other Microsoft products, including three zero‑day flaws that were exploited or publicly disclosed before patches were available. Security teams should fast‑track deployment of BitLocker and HTTP.sys, Remote…
The security in smartphones is helping send them to landfills
Billions of working smartphones reach the end of their service lives each year and move into drawers, recycling streams, and waste piles. The WEEE Forum estimated that 5.3 billion mobile phones became electronic waste in 2022. Many of these devices…
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet. “The exploit is a race condition, so it’s a hit or miss,” the researcher,…
Hackers Use ClickFix Chain to Deploy MLTBackdoor Malware
A sophisticated new backdoor family, tracked as MLTBackdoor, that operators are deploying through a multi-stage ClickFix infection chain to establish footholds for ransomware and follow-on activity. The campaign begins with an automotive-themed ClickFix lure: when a victim copies, pastes, and…
Anthropic Released Claude Fable 5, the First Model in Mythos Class
Anthropic has released Claude Fable 5, the first publicly available model in its new Mythos capability tier, a class powerful enough that the company says it ships with cybersecurity safeguards baked in from day one. Fable 5 sits above the…
NOVA microhypervisor brings AMD DMA isolation to shared AI infrastructure
BlueRock has issued the latest open-source release of its NOVA Microhypervisor with DMA remapping support for AMD platforms that have IOMMU hardware virtualization. The capability is enabled by default and extends hardware-level isolation across virtual machines, devices, and memory in…