1. Splunk Enterprise is affected by a critical unauthenticated remote code execution vulnerability tracked as CVE-2026-20253 (The Hacker News). 2. The ShinyHunters threat group is actively exploiting a zero day vulnerability in Oracle PeopleSoft to compromise hundreds of organizations (Reddit). 3. CISA has issued an emergency directive requiring federal agencies to patch a maximum severity Ivanti vulnerability within three days (Reddit). 4. The Lapsus ransomware…
Posts published in “CyberSec report”
1. CISA issued a binding operational directive requiring federal agencies to patch an actively exploited vulnerability in Ivanti Sentry within three days (bleepingcomputer.com). 2. The ShinyHunters extortion group is actively exploiting a critical remote code execution vulnerability in Oracle PeopleSoft tracked as CVE-2026-35273 (thehackernews.com). 3. Researchers identified a critical vulnerability chain in the LangGraph AI framework that allows for remote code execution via SQL injection…
1. Microsoft released a record number of security patches for June 2026 including fixes for YellowKey and GreenPlasma zero day vulnerabilities (https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-yellowkey-greenplasma-miniplasma-zero-days/) 2. A new Microsoft Defender zero day exploit named RoguePlanet was released by a researcher granting SYSTEM privileges on updated Windows systems (https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-rogueplanet-zero-day-grants-system-privileges/) 3. ServiceNow confirmed that threat actors exploited a flaw to gain unauthorized access to customer instances (https://thehackernews.com/2026/06/servicenow-flaw-exploited-to-gain.html) 4. Ivanti patched…
1. Miasma malware has impacted 73 Microsoft GitHub repositories leading to security concerns regarding repository integrity (Reddit). 2. Threat actor UNC3753 is conducting a financially motivated data theft and extortion campaign against U.S. professional and financial services (The Hacker News). 3. Over 20000 Instagram accounts were hijacked after attackers abused Meta AI support systems to reset user passwords (Bleeping Computer). 4. Hackers are actively exploiting…
1. CISA added the high severity SolarWinds Serv-U denial of service vulnerability CVE-2026-28318 to its Known Exploited Vulnerabilities catalog following reports of active exploitation (The Hacker News). 2. Cisco warned that the high severity vulnerability CVE-2026-20245 in Catalyst SD-WAN Manager is currently being exploited in the wild with no patch yet available (The Hacker News). 3. The Miasma self-replicating supply chain attack has compromised 73…
1. CISA added the critical Magento RCE vulnerability CVE-2026-45247 to its Known Exploited Vulnerabilities catalog following reports of active exploitation (The Hacker News). 2. A large scale malvertising campaign is using fake websites mimicking open source tools to distribute malware families like Remus Stealer and SessionGate (The Hacker News). 3. Attackers successfully compromised a senior executive at a global stock exchange, maintaining access to their…
1. A supply chain attack compromised Red Hat npm packages to distribute the Miasma credential stealing worm (thehackernews.com). 2. A critical Windows Netlogon remote code execution vulnerability is being actively exploited in the wild (bleepingcomputer.com). 3. Nearly 2000 WordPress sites were infected with malware using Steam profiles as command and control infrastructure (bleepingcomputer.com). 4. The Pakistan linked SideCopy group is targeting the Afghanistan Ministry of…
1. Palo Alto Networks confirmed that CVE-2026-0257, an authentication bypass vulnerability in PAN-OS GlobalProtect, is under active exploitation in the wild. (The Hacker News) 2. Attackers are actively exploiting the GlobalProtect authentication bypass flaw to establish unauthorized VPN connections to corporate networks. (BleepingComputer) 3. A new local privilege escalation vulnerability named CIFSwitch has been identified in the Linux kernel, allowing attackers to gain root access…
1. Palo Alto Networks confirmed that CVE-2026-0257, an authentication bypass vulnerability in PAN-OS and Prisma Access, is currently under active exploitation (thehackernews.com). 2. Dutch authorities successfully dismantled a massive botnet consisting of 17 million infected devices and seized over 200 associated servers (bleepingcomputer.com). 3. A Russian-linked threat actor named GREYVIBE has been identified conducting persistent AI-powered cyberattacks against Ukrainian entities since August 2025 (thehackernews.com). 4.…
1. A new phishing campaign targeting Japanese online banking users is utilizing a domain and branding typo related to PayPoy (https://www.reddit.com/r/cybersecurity/comments/1tpvisr/new_phishing_campaign_targeting_japanese_online/). 2. Threat actor JINX-0164 is targeting cryptocurrency firms using fake recruiter lures and custom macOS malware to facilitate asset theft (https://thehackernews.com/2026/05/jinx-0164-targets-cryptocurrency-firms.html). 3. A malicious npm package named mouse5212-super-formatter was discovered stealing files from the local directory used by the Claude AI tool (https://thehackernews.com/2026/05/malicious-npm-package-stole-files-from.html). 4.…
1. The ShinyHunters extortion group breached 7-Eleven systems and leaked a 9.4GB database containing personal information of over 183,000 individuals (BleepingComputer). 2. Threat actors are actively exploiting a critical SQL injection vulnerability in Ghost CMS, tracked as CVE-2026-26980, to compromise over 700 websites (The Hacker News). 3. CISA has issued an emergency directive for U.S. federal agencies to patch an actively exploited SQL injection vulnerability…
1. A critical SQL injection vulnerability in Drupal Core tracked as CVE-2026-9082 is being actively exploited with over 15000 attempts recorded across 6000 sites (The Hacker News). 2. The LiteSpeed User-End cPanel Plugin is under active exploitation via CVE-2026-48172 which allows attackers to execute arbitrary scripts with root privileges (The Hacker News). 3. The Megalodon campaign compromised over 5500 GitHub repositories within six hours by…
1. Microsoft confirmed active exploitation of two Microsoft Defender vulnerabilities including CVE-2026-41091 which grants SYSTEM privileges (The Hacker News). 2. CISA added critical vulnerabilities in Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities catalog following evidence of active use (The Hacker News). 3. Cisco patched a maximum severity vulnerability CVE-2026-20223 in Secure Workload that allows unauthenticated remote attackers to access sensitive data…
1. GitHub is investigating a breach of approximately 3800 internal repositories after an employee installed a malicious VS Code extension (The Hacker News). 2. Microsoft released a mitigation for the YellowKey BitLocker bypass vulnerability tracked as CVE-2026-45585 (The Hacker News). 3. Grafana Labs confirmed a breach of its internal GitHub environment involving source code, though customer production systems remain unaffected (The Hacker News). 4. The…
1. A critical heap buffer overflow vulnerability in NGINX tracked as CVE-2026-42945 is being actively exploited in the wild to cause worker crashes and potential remote code execution (The Hacker News). 2. Security researcher Chaotic Eclipse released a proof of concept for a Windows zero day exploit named MiniPlasma that grants attackers SYSTEM privileges on fully patched systems (Bleeping Computer). 3. The Tycoon2FA phishing kit…
1. Microsoft Exchange and Windows 11 were successfully compromised by researchers using zero day vulnerabilities during the Pwn2Own Berlin 2026 event (bleepingcomputer.com). 2. The Funnel Builder WordPress plugin is being actively exploited to inject malicious JavaScript into WooCommerce checkout pages to steal credit card data (bleepingcomputer.com). 3. A critical supply chain attack targeting the TanStack library impacted two OpenAI employee devices, prompting immediate security containment…
1. A new Linux kernel local privilege escalation vulnerability named Fragnesia tracked as CVE-2026-46300 allows attackers to gain root access (The Hacker News). 2. A critical heap buffer overflow vulnerability in the NGINX rewrite module tracked as CVE-2026-42945 enables unauthenticated remote code execution (The Hacker News). 3. West Pharmaceutical Services confirmed a cyberattack involving data exfiltration and system encryption (BleepingComputer). 4. The Gentlemen ransomware group…
1. A mass npm supply chain attack involving the Mini Shai-Hulud worm has compromised over 170 packages including TanStack and Mistral AI. (https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html) 2. Instructure reached an agreement with the ShinyHunters extortion group to prevent the leak of 3.65TB of stolen data. (https://thehackernews.com/2026/05/instructure-reaches-ransom-agreement.html) 3. A rogue version of the official Checkmarx Jenkins plugin was published on the Jenkins Marketplace containing an infostealer. (https://www.bleepingcomputer.com/news/security/official-checkmarx-jenkins-package-compromised-with-infostealer/) 4. A…
1. The ShinyHunters threat group claims to have stolen 275 million records from Canvas LMS affecting 9000 schools with a ransom deadline set for May 12 (Reddit). 2. Instructure reported a second security incident involving its Canvas platform following the massive data breach (Reddit). 3. The official JDownloader website was compromised to distribute malicious installers containing a Python based remote access trojan (BleepingComputer). 4. A…
1. The ShinyHunters extortion group breached the Canvas education platform and defaced login portals for thousands of schools, threatening to leak 275 million records (krebsonsecurity.com). 2. A new unpatched Linux kernel vulnerability named Dirty Frag allows local attackers to gain root access on most major distributions (thehackernews.com). 3. The Copy Fail vulnerability, identified as CVE-2026-31431, is currently under active exploitation in the wild (thehackernews.com). 4.…
1. Palo Alto Networks warns that a critical buffer overflow vulnerability in PAN-OS tracked as CVE-2026-0300 is being actively exploited for unauthenticated remote code execution (thehackernews.com). 2. A critical Linux kernel local privilege escalation vulnerability known as Copy Fail or CVE-2026-31431 allows for stealthy root access on millions of systems (unit42.paloaltonetworks.com). 3. The Apache Software Foundation released updates for a critical HTTP/2 flaw tracked as…
1. Instructure confirmed a data breach involving its Canvas platform with the ShinyHunters extortion gang claiming responsibility for the attack (bleepingcomputer.com). 2. An IBM subsidiary responsible for managing Italian public administration infrastructure suffered a breach where attackers maintained access for two weeks (reddit.com). 3. A critical cPanel vulnerability is being mass exploited in ongoing Sorry ransomware attacks (reddit.com). 4. A global law enforcement operation involving…
1. Trellix confirmed a security breach involving unauthorized access to a portion of its internal source code repository (thehackernews.com). 2. A Vietnamese-linked operation named AccountDumpling compromised 30,000 Facebook accounts using Google AppSheet as a phishing relay (thehackernews.com). 3. China-linked threat group SHADOW-EARTH-053 is conducting an espionage campaign targeting government and defense sectors across Asia and a NATO member state (thehackernews.com). 4. Cybercrime groups Cordial Spider…
1. A critical Linux local privilege escalation vulnerability named Copy Fail tracked as CVE-2026-31431 allows unprivileged users to obtain root access (The Hacker News). 2. Official SAP npm packages were compromised in a supply chain attack to steal developer credentials and authentication tokens (Bleeping Computer). 3. Google patched a maximum severity remote code execution flaw in the Gemini CLI npm package and GitHub Actions workflow…
1. Microsoft confirmed active exploitation of the Windows Shell spoofing vulnerability CVE 2026 32202 (The Hacker News). 2. A Chinese national linked to the Silk Typhoon threat group was extradited to the United States for cyberattacks against government agencies (The Hacker News). 3. French authorities arrested a 21 year old hacker known as HexDex for approximately 100 data breaches including the French Ministry of National…
1. CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X routers (The Hacker News). 2. Home security company ADT confirmed a data breach following extortion threats from the ShinyHunters group (BleepingComputer). 3. The Lazarus APT group is conducting a new campaign using the Mach-O Man malware kit to target businesses on macOS (Reddit).…
1. A high severity SSRF vulnerability in LMDeploy tracked as CVE 2026 33626 is being actively exploited in the wild within 13 hours of its disclosure (thehackernews.com). 2. The Bitwarden CLI npm package was compromised as part of an ongoing supply chain attack involving malicious code in the bw1.js file (thehackernews.com). 3. The threat group UNC6692 is conducting a campaign by impersonating IT helpdesk staff…
1. Over 1300 Microsoft SharePoint servers remain vulnerable to a spoofing zero day exploit that is currently being used in active attacks (BleepingComputer). 2. Microsoft released emergency out of band security updates to address a critical privilege escalation vulnerability in ASP.NET Core (BleepingComputer). 3. CISA has flagged a new SD WAN vulnerability that is currently being exploited in the wild (Reddit). 4. Researchers discovered a…
1. Cloud development platform Vercel confirmed a security breach involving unauthorized access to internal systems following the compromise of a third party AI tool used by an employee (The Hacker News). 2. Threat actors are actively exploiting a 17 year old Microsoft Excel vulnerability which has been flagged by the US cyber defense agency (Reddit). 3. Researchers identified a new malware strain named ZionSiphon targeting…
1. Three Microsoft Defender zero day vulnerabilities codenamed BlueHammer RedSun and UnDefend are being actively exploited in the wild to gain elevated privileges (The Hacker News). 2. The Payouts King ransomware group is utilizing QEMU virtual machines as a reverse SSH backdoor to evade detection by endpoint security solutions (BleepingComputer). 3. The Grinex cryptocurrency exchange has suspended operations following a 13.7 million dollar hack that…
1. A critical authentication bypass vulnerability in Nginx UI with Model Context Protocol support is currently being exploited in the wild for full server takeover. (https://www.bleepingcomputer.com/news/security/critical-nginx-ui-auth-bypass-flaw-now-actively-exploited-in-the-wild/) 2. A new zero day vulnerability in Microsoft SharePoint has been identified as actively exploited and is subject to a CISA remediation deadline. (https://www.reddit.com/r/cybersecurity/comments/1smf2gz/new_microsoft_sharepoint_zeroday_cve_april_15/) 3. CISA has issued a warning regarding the active exploitation of a Windows Task Host…
1. A cluster of 108 malicious Google Chrome extensions was identified stealing user data and Telegram information from approximately 20000 users (thehackernews.com). 2. The critical ShowDoc remote code execution vulnerability CVE-2025-0520 is currently being actively exploited in the wild (thehackernews.com). 3. CISA added six vulnerabilities to its Known Exploited Vulnerabilities catalog including a critical SQL injection flaw in Fortinet FortiClient EMS tracked as CVE-2026-21643 (thehackernews.com).…
1. Adobe released an emergency patch for CVE-2026-34621, a critical vulnerability in Acrobat Reader currently under active exploitation in the wild (The Hacker News). 2. Threat actors compromised the CPUID website to distribute trojanized versions of CPU-Z and HWMonitor, which deployed the STX RAT to unsuspecting users (The Hacker News). 3. ShinyHunters claimed a data breach affecting Rockstar Games, allegedly facilitated through a Snowflake integration…
1. Threat actors have been actively exploiting a zero-day vulnerability in Adobe Reader via malicious PDF files since December 2025 (thehackernews.com). 2. The update system for the Smart Slider 3 Pro plugin was hijacked to distribute a backdoored version to WordPress and Joomla users (bleepingcomputer.com). 3. A new Lua-based malware strain named LucidRook is being deployed in spear-phishing campaigns targeting NGOs and universities in Taiwan…
1. A remote unauthenticated RCE to root chain vulnerability has been identified in CUPS (https://www.reddit.com/r/netsec/comments/1sflk3t/spooler_alert_remote_unauthd_rcetoroot_chain_in/). 2. A path traversal vulnerability in an MCP server allows AI agents to access sensitive SSH keys (https://www.reddit.com/r/netsec/comments/1sfhmaa/we_found_a_path_traversal_in_an_mcp_server_with/). 3. A self propagating credential worm has compromised npm packages under the fairwords scope to steal tokens and infect PyPI packages (https://www.reddit.com/r/Malware/comments/1sfjg9f/fairwords_npm_packages_compromised_by_a/). 4. Authorities have disrupted a campaign involving router DNS hijacks…
1. Fortinet released an emergency patch for a critical vulnerability in FortiClient EMS that is currently being exploited in the wild (BleepingComputer). 2. German authorities identified a 31 year old Russian national as the leader of the REvil and GandCrab ransomware gangs responsible for over 130 attacks (The Hacker News). 3. A six month social engineering campaign by DPRK threat actors resulted in the theft…
1. The TeamPCP hacking group is responsible for a major data breach at the European Commission and is conducting ongoing supply chain attacks (The Record). 2. North Korean threat actor UNC1069 compromised the Axios npm package through a highly targeted social engineering campaign against the maintainer (The Hacker News). 3. The Qilin ransomware group claimed responsibility for a data theft attack against the German political…
1. ShinyHunters compromised Cisco source code and AWS keys by exploiting a supply chain vulnerability in Trivy. The breach resulted in the unauthorized cloning of over 300 repositories (https://www.reddit.com/r/netsec/comments/1sa8nld/cisco_source_code_stolen_by_shinyhunters_via/). 2. Google released a patch for a high severity Chrome zero day vulnerability identified as CVE 2026 5281 which is currently under active exploitation (https://thehackernews.com/2026/04/new-chrome-zero-day-cve-2026-5281-under.html). 3. Apple expanded the availability of iOS 18.7.7 and iPadOS 18.7.7…
1. The Axios npm package was compromised via a stolen maintainer account to distribute a malicious dependency and a cross platform remote access trojan. (thehackernews.com) 2. CISA issued an emergency directive for federal agencies to patch an actively exploited vulnerability in Citrix NetScaler appliances. (bleepingcomputer.com) 3. Iranian state affiliated hackers breached the personal email account of the FBI director and leaked personal documents and photos…
1. A critical vulnerability in Fortinet FortiClient EMS is currently being exploited in active attacks. (bleepingcomputer.com) 2. The European Commission confirmed a data breach following a cyberattack on the Europa.eu platform claimed by the ShinyHunters extortion gang. (bleepingcomputer.com) 3. Pro-Iran hacktivist group Handala breached the personal email account of FBI Director Kash Patel and published sensitive documents. (bleepingcomputer.com) 4. Three China-linked threat clusters are targeting…
1. Citrix NetScaler ADC and Gateway are under active reconnaissance for CVE-2026-3055, a critical memory overread vulnerability with a CVSS score of 9.3 (The Hacker News). 2. CISA added CVE-2025-53521, a critical remote code execution flaw in F5 BIG-IP Access Policy Manager, to its Known Exploited Vulnerabilities catalog (The Hacker News). 3. Russian state-sponsored group TA446 is deploying the DarkSword iOS exploit kit in targeted…
1. A new payment skimmer uses WebRTC data channels to bypass security controls and exfiltrate payment data from e-commerce sites (thehackernews.com). 2. A Magento vulnerability identified as APSB25-94 allows unauthenticated file uploads leading to remote code execution (reddit.com). 3. The GlassWorm malware campaign has evolved to use Solana blockchain dead drops to deliver remote access trojans and steal sensitive browser and crypto data (thehackernews.com). 4.…