The Top 10 Attack Surface Exposures in 2026
The Hacker NewsJun 17, 2026Attack Surface Management Breaches don't always start with a zero-day. An exposed admin panel can get...
AndyC
Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious...
144 Mastra npm Packages Compromised via Hijacked Contributor Account
As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for...
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
Ravie LakshmananJun 17, 2026Vulnerability / Supply Chain Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a...
Suspected North Korean actors use fake ‘coding assignments’ to steal crypto
Suspected North Korean threat actors are targeting developers with fake job offers and “coding assignments” that lead to the deployment...
China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa
Ravie LakshmananJun 04, 2026Malware / Cybercrime A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to...
Infinite Campus: Salesforce Breach Exposed 137,000 Staff Records
A data breach affecting education technology provider Infinite Campus has exposed the personal information of more than 137,000 school staff...
Best Prime Day Tech Deals: Apple, Bose, Garmin, and More
Prime Day is almost here, and some of the best tech deals are already live. Amazon Prime Day 2026 will...
ShinyHunters Claims Council of Europe HR Data, Threatens Leak
ShinyHunters has put the Council of Europe on the clock, claiming it stole 297GB of sensitive data and threatening to...
Nintendo Alleged Data Breach: Threat Actor Demands $2M Ransom
Nintendo is facing a potential incident after a threat actor claimed to have stolen nearly a decade’s worth of internal...
Oracle Warns PeopleSoft Customers After Critical Zero-Day Exploited
A critical Oracle PeopleSoft flaw is already being exploited, putting more than 100 organizations on alert. Oracle issued an emergency...
AI in the underground: Curiosity, claims, and concerns
Counter Threat Unit™ (CTU) researchers have observed artificial intelligence (AI) emerging into a prominent topic in underground communities, with threat...
A needle in a stack of needles: Hunting infostealers with AI
At the NorthSec Conference 2026, Sophos Principal Data Scientist François Labrèche presented a talk titled ‘A Needle in a Haystack:...
Sophos recognized for endpoint leadership in SE Labs Awards 2026
Simon Edwards (L), SE Labs Founder and CEO, presents awards to Richard Cohen (R), Sophos Threat Research DirectorWe’re proud to...
June Patch Tuesday smashes past 500-CVE mark
Critical severityCVE-2026-33828Windows Device Health Attestation (DHA) Elevation of Privilege VulnerabilityCVE-2026-42985Remote Desktop Client Remote Code Execution VulnerabilityCVE-2026-42987Windows Deployment Services (WDS) Remote...
