have
New GitHub Zero-Day Exposed Developer Tokens to Attackers
A single click on the wrong repository could have put a developer’s GitHub access at risk. Security researcher Ammar Askar...
Malicious WhatsApp, Slack Alerts Could Have Exposed Millions of Android Users
A routine phone notification could have become an attack path for Google Gemini on Android, according to new research from...
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
Ravie LakshmananJun 04, 2026Malvertising / Browser Security Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge...
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
Swati KhandelwalJun 04, 2026Malware / Open Source Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects...
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
Ravie LakshmananJun 03, 2026Malware / Microsoft Defender Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's...
CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited
A patch that should have retired an Oracle WebLogic vulnerability two years ago is now the reason CISA is sounding...
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
Ravie LakshmananJun 03, 2026Vulnerability / Software Development Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS...
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Ravie LakshmananJun 03, 2026Vulnerability / Network Security Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited...
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Ravie LakshmananJun 03, 2026Vulnerability / Server Security Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers,...
Welcoming the Philippine Government to Have I Been Pwned
03 June 2026 Today, we welcome the 46th government onboarded to Have I Been Pwned’s free gov service: the Philippines.The...
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content
Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of...
Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT
Ravie LakshmananJun 02, 2026Cyber Espionage / Threat Intelligence Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by...
1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever
01 June 2026 Today, I loaded the 1,000th data breach into Have I Been Pwned. Reflecting on that milestone number,...
Police arrest man following hack of Ajax football club
Dutch police have arrested a 35-year-old man suspected of hacking into the computer systems of Amsterdam football giant Ajax, after...
