Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
Ravie LakshmananJun 03, 2026Malware / Microsoft Defender Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's...
have
CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited
A patch that should have retired an Oracle WebLogic vulnerability two years ago is now the reason CISA is sounding...
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
Ravie LakshmananJun 03, 2026Vulnerability / Software Development Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS...
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Ravie LakshmananJun 03, 2026Vulnerability / Network Security Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited...
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Ravie LakshmananJun 03, 2026Vulnerability / Server Security Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers,...
Welcoming the Philippine Government to Have I Been Pwned
03 June 2026 Today, we welcome the 46th government onboarded to Have I Been Pwned’s free gov service: the Philippines.The...
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content
Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of...
Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT
Ravie LakshmananJun 02, 2026Cyber Espionage / Threat Intelligence Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by...
1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever
01 June 2026 Today, I loaded the 1,000th data breach into Have I Been Pwned. Reflecting on that milestone number,...
Police arrest man following hack of Ajax football club
Dutch police have arrested a 35-year-old man suspected of hacking into the computer systems of Amsterdam football giant Ajax, after...
MyPillow listed on ransomware gang’s leak site, but denies it has been breached
The Play ransomware gang is claiming to have stolen data from US pillow manufacturer MyPillow, making off with private and...
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a...
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
Ravie LakshmananMay 31, 2026IoT Security / Network Security Dutch authorities have announced the takedown of a botnet that enslaved millions...
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust...
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of...