Microsoft shut down dozens of GitHub code repositories for Azure and AI coding tools after a reported hack. This article has been indexed from Security News | TechCrunch Read the original article: Microsoft’s open source tools were hacked to steal…
Tag: EN
New China-Linked Threat Cluster OP-512 Targets IIS Servers With Cryptographically Unique Web Shell Framework
A newly identified threat cluster with suspected ties to China has been caught targeting Internet Information Services (IIS) web servers using a purpose-built web shell framework. Tracked as OP-512, this group stands out for deploying tools designed to evade every…
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-42271 BerriAI LiteLLM Command Injection Vulnerability CVE-2026-50751 Check Point Security Gateway Improper Authentication Vulnerability These types of vulnerabilities are a frequent…
Check Point VPN 0-day Vulnerability Exploited in the Wild to Deploy Ransomware
Check Point Research has uncovered active exploitation of CVE-2026-50751, a critical authentication bypass vulnerability (CVSS 9.3) in Check Point Remote Access VPN and Mobile Access deployments, with confirmed post-compromise activity linked to the Qilin ransomware gang. CVE-2026-50751 targets deployments configured…
Operation FlutterBridge Uses Fake Google Ads to Spread macOS Backdoor
Operation FlutterBridge uses fake Google ads and shell companies to deploy FlutterShell, a new macOS backdoor targeting unsuspecting users. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Operation FlutterBridge…
CISA Highlights Vital Resources to Help Event Attendees Stay Safe
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from CISA Blog Read the original article: CISA Highlights Vital Resources to Help Event Attendees Stay Safe
AI Policy Meets Operational Reality: White House AI Cybersecurity Order Calls for Public-Private Coordination
As frontier AI models gain stronger cyber capabilities, public-private collaboration will be essential for improving AI-assisted defense, strengthening vulnerability response, and building critical infrastructure resilience. This article has been indexed from Industry Trends & Insights Read the original article:…
Meta claims NSO Group still targets WhatsApp users despite court order
Meta claims it disrupted spear-phishing attempts linked to NSO Group and is asking a US federal court to hold the spyware vendor in contempt for allegedly violating an injunction that bars it from targeting WhatsApp and its users. “We successfully…
Meta Deletes Face-Recognition System From Its Smart Glasses App After WIRED Report
The code WIRED identified is gone from the latest version of Meta AI, the companion app for the company’s smart glasses. Meta won’t say why or whether it’s coming back. This article has been indexed from Security Latest Read the…
Meta Rolls Out Paid Plans for Facebook, Instagram, and WhatsApp
Meta has announced a wide expansion of its subscription business, introducing new paid plans for Facebook, Instagram, and WhatsApp users while preparing additional premium offerings aimed at artificial intelligence users, content creators, and businesses. The move reflects the company’s…
Critical 7-Zip Vulnerability Exposes Millions of Systems to Potential Malware Attacks
A fresh disclosure highlights a security weakness in the popular 7-Zip tool, stirring unease within cyber defense circles due to its potential misuse for spreading harmful software. Though limited to outdated builds of this open compression program, the flaw…
Ad Tracking Puts US Troops at Risk on the Battlefield
The ad-tracking industry is facing fresh scrutiny after reports said commercial location data has been used to expose US soldiers in active war zones. US Central Command reportedly confirmed that it has received multiple threat reports about adversaries exploiting…
Gogs Zero-Day Vulnerability Raises Alarm Over Server Security
Researchers have discovered a zero-day vulnerability in Gogs, the widely used self-hosted Git repository management platform, that may allow authenticated users to escalate their privileges on vulnerable servers by leveraging this vulnerability to execute remote code. In addition to…
WhatsApp to Roll Out Username Feature, No Mobile Number Required
WhatsApp will launch a new feature where users can opt for usernames and connect with others without putting mobile numbers. The feature is similar to the famous messaging app Telegram and also Instagram. The new update will allow users to…
Meta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt Order
Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group. In addition, the tech giant said it’s filing a federal court contempt order against the company for violating a permanent injunction that barred…
TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)
This diary continues the Internet Storm Center's tracking of the TeamPCP supply chain campaign, first documented in the SANS white paper When the Security Scanner Became the Weapon and most recently in the handler diary Activity Through 2026-05-24. Since that…
Governing Claude Enterprise in Environments Where Inline Controls Can’t Go
TrendAI™ integrates Anthropic’s Claude Compliance API into TrendAI Vision One™ through two collectors that bring AI-aware visibility and detection to Claude Enterprise usage: one keeps all data inside the environment, while the other feeds TrendAI Vision One™ for deeper correlation…
Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open
Two separate Russia-aligned campaigns are still exploiting the WinRAR flaw CVE-2025-8088 against Ukrainian organizations nearly a year after it was patched, showing how unmanaged software keeps an exploited entry point open long after the fix ships. This article has been…
Critical Zcash Vulnerability Found and Fixed
If you’re a user—owner?—of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this…
Malspam Attack Uses Google DoubleClick Redirects to Deliver Fileless .NET Loader
Cybercriminals have found a new way to sneak malware past email security tools, and this time they are hiding behind a name that most systems trust without question. A recent malspam campaign has been caught using Google’s own DoubleClick ad-tracking…