UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across...
have
Meta’s own AI chatbot to blame for Instagram accounts being stolen in seconds
Hackers have been hijacking Instagram accounts at scale by exploiting Meta's AI support chatbot. And, as if that weren't bad...
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
Ravie LakshmananJun 05, 2026Cyber Espionage / Threat Intelligence Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 (where...
New GitHub Zero-Day Exposed Developer Tokens to Attackers
A single click on the wrong repository could have put a developer’s GitHub access at risk. Security researcher Ammar Askar...
Malicious WhatsApp, Slack Alerts Could Have Exposed Millions of Android Users
A routine phone notification could have become an attack path for Google Gemini on Android, according to new research from...
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
Ravie LakshmananJun 04, 2026Malvertising / Browser Security Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge...
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
Swati KhandelwalJun 04, 2026Malware / Open Source Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects...
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
Ravie LakshmananJun 03, 2026Malware / Microsoft Defender Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's...
CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited
A patch that should have retired an Oracle WebLogic vulnerability two years ago is now the reason CISA is sounding...
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
Ravie LakshmananJun 03, 2026Vulnerability / Software Development Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS...
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Ravie LakshmananJun 03, 2026Vulnerability / Network Security Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited...
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Ravie LakshmananJun 03, 2026Vulnerability / Server Security Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers,...
Welcoming the Philippine Government to Have I Been Pwned
03 June 2026 Today, we welcome the 46th government onboarded to Have I Been Pwned’s free gov service: the Philippines.The...
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content
Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of...
