Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments
Ravie LakshmananJun 17, 2026Malware / Social Engineering An unknown threat actor has been observed leveraging paid or promoted posts on...
Hacking
Category Added in a WPeMatico Campaign
Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
Ravie LakshmananJun 17, 2026Endpoint Security / Vulnerability Microsoft has formally disclosed that it's working to release a patch to address...
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary...
Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization
For security teams, the findings never stop, but confidence in knowing which ones matter is becoming harder to maintain. The...
The Top 10 Attack Surface Exposures in 2026
The Hacker NewsJun 17, 2026Attack Surface Management Breaches don't always start with a zero-day. An exposed admin panel can get...
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious...
144 Mastra npm Packages Compromised via Hijacked Contributor Account
As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for...
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
Ravie LakshmananJun 17, 2026Vulnerability / Supply Chain Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a...
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Ravie LakshmananJun 09, 2026Vulnerability / Cyber Espionage Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in...
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large...
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild – Patch Now
Ravie LakshmananJun 09, 2026Vulnerability / Browser Security Google has released security updates to address 74 vulnerabilities, including one that has...
The Hidden Security Risk in Modern Networks: The Work Between Tools
Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI...
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and...
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
Ravie LakshmananJun 09, 2026Vulnerability / Artificial Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity...
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
Swati KhandelwalJun 08, 2026Linux / Vulnerability Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that...
