An active campaign in which attackers are abusing Microsoft’s OAuth 2.0 Device Authorization Grant (device code) flow to take over Microsoft 365 accounts. Rather than capturing credentials with a fake login page, the threat actors persuade victims to complete a…
Tag: EN
U.S. CISA adds Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited…
Software supply chains are heading for a transparency test
Software supply chain visibility is becoming part of product security work as the EU Cyber Resilience Act (CRA) moves toward application in December 2027. ENISA’s SBOM Adoption State of Play 2026 shows organizations preparing for CRA obligations through SBOM tooling,…
Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk
Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform’s built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia. This article has been indexed…
LiteLLM Vulnerability Chain: What Security Teams Running AI Gateways Need to Do Now
A three-CVE chain lets any default LiteLLM user escalate to admin and get a shell on the gateway server. A separate RCE is already in CISA’s KEV. Here’s what to check and how to patch. LiteLLM Vulnerability Chain: What Security…
Zhipu AI Sees Stock Price Jump Amid Anthropic Disruption
Beijing-based start-up touts new GLM-5.2 model as stable alternative after White House orders Claude model restrictions This article has been indexed from Silicon UK Read the original article: Zhipu AI Sees Stock Price Jump Amid Anthropic Disruption
OptinMonster Plugin Vulnerability Exposes 1.2 Million WordPress Sites to Cyberattacks
A large-scale supply chain attack targeting the popular OptinMonster WordPress plugin has exposed more than 1.2 million websites to active compromise. The campaign also affects the TrustPulse and PushEngage plugins, both developed by Awesome Motive, significantly amplifying the attack surface…
China-linked actor spent two years inside medical research networks
China’s UNC6508 hid in North American medical research networks for 2 years, stealing credentials and forwarding emails to Gmail Google’s Threat Intelligence Group published a report this week on UNC6508, a China-linked cyberespionage group that breached North American medical and…
Planning a trip? Fake travel sites are multiplying this summer
Cyberattacks against hospitality, travel, and recreation organizations rose 24% year over year, reaching an average of 2,291 incidents per organization each week in May 2026, according to Check Point. (Source: Check Point) “The sector has more than doubled its attack…
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT. “The attack email contained a message impersonating an MS account security alert,” the…
FBI Warns Courier Cash Pickups Are Driving Crypto Scams
The FBI claims couriers are being used to circumvent bank transfers in crypto investment schemes This article has been indexed from www.infosecurity-magazine.com Read the original article: FBI Warns Courier Cash Pickups Are Driving Crypto Scams
Judge Dismisses xAI Trade Secrets Claim Against OpenAI
US federal judge says xAI failed to show indications that OpenAI induced former xAI engineer to disclose trade secrets This article has been indexed from Silicon UK Read the original article: Judge Dismisses xAI Trade Secrets Claim Against OpenAI
Ransomware Ecosystem Consolidates Around LockBit Alumni, Qilin, Hyflock, and The Gentlemen
The global ransomware landscape shifted noticeably in the first quarter of 2026, as former operators from well-known criminal groups began launching their own competing programs. Data leak sites tracked 2,122 new victims during Q1 2026, making it the second-highest first-quarter…
OptinMonster Plugin Hack Exposes 1.2 Million WordPress Sites to Cyberattack
A large-scale supply chain attack targeting widely used WordPress plugins has exposed more than 1.2 million websites to potential compromise after attackers injected malicious code into legitimate JavaScript files distributed through trusted CDN infrastructure. Security researchers at Sansec discovered an…
From a VHDX File to a Remcos RAT, (Tue, Jun 16th)
Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094[1]). Once unzipped, it contains a VHDX file that discloses a malicious JavaScript after being mounted (which is automatic on modern Windows OSs): This article has been indexed from…
UK Government Plans Youth Social Media Ban For Next Year
Government aims to pass legislation before Christmas to ban platforms for under-16s, amid growing international pressure for action This article has been indexed from Silicon UK Read the original article: UK Government Plans Youth Social Media Ban For Next Year
Anthropic Meets With Officials After Fable 5 Suspension
Anthropic reportedly meets with senior White House officials after being ordered to suspend access to Fable 5, Mythos 5 This article has been indexed from Silicon UK Read the original article: Anthropic Meets With Officials After Fable 5 Suspension
Guernsey Returns £8m To OneCoin Victims
Funds seized from crypto fugitive Ruja Ignatova to be handed over to German officials for return to victims of $4.5bn fraud This article has been indexed from Silicon UK Read the original article: Guernsey Returns £8m To OneCoin Victims
Police To Deploy Facial Recognition In Peterborough
Cambridgeshire Police to implement tech in Peterborough city centre for second time, amid acceleration of scanning deployments This article has been indexed from Silicon UK Read the original article: Police To Deploy Facial Recognition In Peterborough
Anthropic models defended, FBI shuts down massive phishing service, 1Password acquires Apono
Cyber leaders defend Anthropic’s banned models FBI disrupts massive phishing service 1Password acquires Apono Get the show notes here: https://cisoseries.com/cybersecurity-news-anthropic-models-defended-massive-phishing-service-shuttered-1password-acquires-apono/ Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now: How do we…