Uncategorized

Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden

Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden 2026-06-16 at 13:00 By Threat Hunter Team Backdoor.Turn, a Go-based RAT, is the first known malware to abuse Microsoft Teams’ TURN relay servers to mask command-and-control traffic. The attackers also used a previously unknown vulnerability in a Huawei driver. This article is an […]

Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden Read More »

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth 2026-06-16 at 12:44 By Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. “The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS,” ESET said in a report shared with The Hacker News. “Both

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth Read More »

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware 2026-06-16 at 11:14 By The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT. “The attack email contained a message impersonating an MS account security alert,” the Genians

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware Read More »

Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw

Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw 2026-06-16 at 09:05 By Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0. “A vulnerability in the

Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw Read More »

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation 2026-06-16 at 08:41 By The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026. The

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation Read More »

Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails

Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails 2026-06-15 at 22:44 By A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole

Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails Read More »

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels 2026-06-15 at 22:32 By Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi). According to a report published by Proofpoint, the threat actor has

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels Read More »

Toxic mix of chaos and drudgery turns Meta’s AI unit into a real-world hell: ‘Soul-crushing’

Toxic mix of chaos and drudgery turns Meta’s AI unit into a real-world hell: ‘Soul-crushing’ 2026-06-15 at 22:11 By Marc Vartabedian A new unit at Meta devoted to artificial intelligence is turning into real-world hell for employees, according to a new report. This article is an excerpt from Latest Technology News | New York Post

Toxic mix of chaos and drudgery turns Meta’s AI unit into a real-world hell: ‘Soul-crushing’ Read More »

Top Anthropic staffers rush to DC in bid to reverse White House crackdown on ‘Mythos’ and ‘Fable’ AI models

Top Anthropic staffers rush to DC in bid to reverse White House crackdown on ‘Mythos’ and ‘Fable’ AI models 2026-06-15 at 20:14 By Thomas Barrabi Some of Anthropic’s top staffers are holed up in Washington DC as the company scrambles to reverse a White House crackdown on its “Mythos” and “Fable” AI models. This article

Top Anthropic staffers rush to DC in bid to reverse White House crackdown on ‘Mythos’ and ‘Fable’ AI models Read More »

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers 2026-06-15 at 19:39 By A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers Read More »

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes 2026-06-15 at 18:09 By A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes Read More »

Maine Data Breach Reporting Portal Abused, Taken Offline

Maine Data Breach Reporting Portal Abused, Taken Offline 2026-06-15 at 17:11 By Two organizations had false data breach notices filed against them, causing the Office of the Maine Attorney General to remove its public-facing data breach database. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source

Maine Data Breach Reporting Portal Abused, Taken Offline Read More »

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More 2026-06-15 at 16:49 By Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More Read More »

The Onboarding Password Mistake That Creates Unnecessary Risk

The Onboarding Password Mistake That Creates Unnecessary Risk 2026-06-15 at 14:30 By Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary “first-day” password so employees can access systems for the first time. The issue

The Onboarding Password Mistake That Creates Unnecessary Risk Read More »

152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic

152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic 2026-06-15 at 14:07 By Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family. The cluster spans 38 separate Chrome Web Store publisher accounts and

152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic Read More »

Anthropic downplays security risks of ‘Mythos’ and ‘Fable’ AI models after ban — prompting scorn from White House officials

Anthropic downplays security risks of ‘Mythos’ and ‘Fable’ AI models after ban — prompting scorn from White House officials 2026-06-15 at 13:00 By Thomas Barrabi, Marc Vartabedian The company’s seemingly contradictory words and actions drew scorn from Trump officials who noted Anthropic has spent months stoking fears about potential AI doomsday scenarios. This article is

Anthropic downplays security risks of ‘Mythos’ and ‘Fable’ AI models after ban — prompting scorn from White House officials Read More »

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites 2026-06-15 at 12:59 By An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites Read More »

Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts

Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts 2026-06-15 at 09:30 By Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations. “These accounts promoted fake offers, including free mobile

Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts Read More »

Scroll to Top