A new open-source bug bounty hunting toolkit called BugHunter, built on top of Anthropic’s Claude Code and now extended to support free AI providers like Ollama and Groq, is gaining traction in the security research community for automating the full…
Tag: EN
DarkSpectre
Hidden in Plain Sight: How the DarkSpectre Malware Campaign Weaponized Our Browsers This article has been indexed from CyberMaterial Read the original article: DarkSpectre
Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring…
Zero Trust For AI In Defense Networks
There is always a moment before the mistake. It is the meeting where someone says the model works. The dashboard looks clean. The demo lands. The room nods. People start… The post Zero Trust For AI In Defense Networks appeared…
Splunk Enterprise Pre-Auth RCE Chain Exposes Database With Zero Authentication
A critical vulnerability chain in Splunk Enterprise has been disclosed, enabling unauthenticated attackers to achieve remote code execution (RCE) through a misconfigured PostgreSQL sidecar service. Tracked as CVE-2026-20253, the flaw has a CVSS score of 9.8 and affects Splunk Enterprise…
ServiceNow Deploys Security Fix After Researcher Uncovers Activity Targeting Flaw
Following the disclosure of a recent vulnerability in the ServiceNow platform, the company issued a security update after investigating unauthorized access paths to customer data. A number of reports indicated potential exploitation of this vulnerability quickly gained industry attention,…
Cyber Security: Six Cyber Threats to Look Out for in 2026
With industries being digitized, cybercrime is also advancing. This year, besides being opportunistic, threats have also become highly targeted, intelligent, and automated. The data comes from UK Government’s Cyber Security Breaches Survey 2025, which hints that 43% of businesses and…
The FBI built its own replica small town to simulate real-world cyberattacks
Hidden inside a building in Alabama, the FBI has created its own small town as a dedicated cyber training ground for simulating cyberattacks. This article has been indexed from Security News | TechCrunch Read the original article: The FBI built…
The FCC Wants to Kill Burner Phones
Plus: AI bug hunting fuels Microsoft’s biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more. This article has been indexed from Security Latest Read the original article: The FCC Wants to Kill Burner Phones
Atomic Arch: 400+ AUR Packages Backdoored with eBPF Rootkit and Credential Stealer
An AUR supply chain attack compromised more than 400 Arch Linux packages from 11 June 2026, planting a Rust credential stealer and an eBPF rootkit that hides from standard inspection tools. Atomic Arch: 400+ AUR Packages Backdoored with eBPF Rootkit…
U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle PeopleSoft Enterprise PeopleTools flaw, tracked as CVE-2026-35273 (CVSS score of 9.8), to…
New Agentjacking Attack Hijacks AI Coding Agents to Execute Malicious Code
A newly disclosed Agentjacking attack class can silently weaponize AI coding agents against the very developers who rely on them, requiring no phishing, no server compromise, and no user interaction beyond a developer’s normal workflow of asking their AI assistant…
Critical Splunk Enterprise Pre-Auth RCE Chain Exposes Databases
A critical pre-authentication remote code execution (RCE) vulnerability in Splunk Enterprise has been disclosed, carrying a near-perfect CVSS score of 9.8. Tracked as CVE-2026-20253, the flaw was published by Splunk on June 10, 2026, and affects the PostgreSQL Sidecar Service introduced in Splunk…
US Government Suspends Anthropic’s Claude Fable 5 and Mythos 5 Over Security and Jailbreak Concerns
Anthropic has paused access to Claude Fable 5 and Claude Mythos 5 for all users following a directive from the US government to restrict access for foreign nati Thank you for being a Ghacks reader. The post US Government Suspends…
Anthropic Blocks Fable 5 and Mythos 5 Following U.S. National Security Directive
Anthropic has disabled all access to its Fable 5 and Mythos 5 artificial intelligence models following a sudden export-control directive from the United States government. Issued at 5:21 PM ET on June 13, 2026, the directive cited pressing national security…
Malicious 152 Chrome Extensions Caught Spoofing Google Organic Search Traffic
A massive, coordinated network of 152 malicious Google Chrome browser extensions has been dismantled after researchers caught the operation generating fake organic Google search traffic. Socket’s Threat Research Team discovered the operation spanning 38 separate Chrome Web Store publisher accounts…
Anthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export Controls
Anthropic takes Fable 5 and Mythos 5 offline to comply with a directive from the Trump administration to prevent use by foreign nationals. The post Anthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export…
U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals
Anthropic said on Friday it will “abruptly disable” its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether…
Anthropic Fable 5 and Mythos 5 Access Blocked to All Users Following Government Directive
Anthropic has disabled its two most capable AI models, Fable 5 and Mythos 5, after the U.S. government issued an export control directive late on June 12 ordering the company to block access for any foreign national, whether inside or…
CyberTitan Champions: Inside Canada’s National High School Cybersecurity Competition (and CyberPatriot)
Cybersecurity Today on the Weekend interviews the winning Canadian CyberTitan team (“S-ores”/a regex-based name) along with coach Phil, educator Tim, and CyberTitan manager Sheena to explain how CyberTitan (run by ICTC) connects to the international CyberPatriot program. They describe the…