Cybersecurity Center

Cybersecurity News

  • OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws (Tuesday June 23, 2026)
    OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative, the artificial intelligence (AI) company announced last month. Calling GPT‑5.5‑Cyber its "strongest model yet for finding and helping patch software vulnerabilities," OpenAI said the model can "sustain deeper analysis across large codebases" to identify (HackerNews)
  • ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack (Monday June 22, 2026)
    Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code. "Attackers compromised the vendor's build and distribution pipeline, injecting backdoor code into Pro plugin releases distributed through official licensed update channels," Wordfence said in an analysis (HackerNews)
  • Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants (Monday June 22, 2026)
    Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence (AI) conversions from other customers' applications without requiring authentication. The vulnerabilities have been collectively codenamed DifyTap by Zafran Security. (HackerNews)
  • 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests (Monday June 22, 2026)
    A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squid's default configuration. Researchers at Calif.io disclosed it in June and named it Squidbleed ( (HackerNews)
  • New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer (Monday June 22, 2026)
    Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute the malware. Evidence indicates that the threat actor is likely Russian-speaking and financially motivated, owing to the (HackerNews)
  • Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries (Monday June 22, 2026)
    Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start. On that date, certified Android phones in Brazil, Indonesia, Singapore, and Thailand will block normal installs of apps whose developers have not registered an identity with Google, whether the app (HackerNews)
  • Stop Your Legacy Infrastructure from Hijacking Your AI Agents (Monday June 22, 2026)
    Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventing AI security programs by using legacy infrastructure to hijack AI agents. AI adoption is moving faster than security programs can account for. Roughly 71% of organizations are piloting AI agents across their (HackerNews)
  • ⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More (Monday June 22, 2026)
    It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much control. The annoying part is how little of this feels new. Weak credentials, sketchy downloads, browser extensions with too much access, and WordPress sites are used to push more (HackerNews)
  • Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices (Monday June 22, 2026)
    Canada's spy service got a judge's permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federal Court released a public version of the ruling on June 15. It is the first time the Canadian Security Intelligence Service has used its threat reduction warrant powers this way. The warrant let CSIS alter, (HackerNews)
  • AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network (Monday June 22, 2026)
    A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up in. QiAnXin's XLab calls it AryStinger and counts at least 4,300 infected routers, a total it says is still rising. The distinction matters. AryStinger exists for the stage of an attack that comes before the break-in. Infected (HackerNews)
  • INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific (Monday June 22, 2026)
    A new report from INTERPOL has revealed a "dramatic increase" in cybercrime in Asia and the South Pacific, fueled by rapid digitalization, internet penetration, new technologies, organized criminal networks, and a disparity in cybersecurity maturity. According to INTERPOL's 2025/2026 Asia and South Pacific Cyberthreat Assessment Report, phishing has emerged as the most widespread and (HackerNews)
  • Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys (Saturday June 20, 2026)
    Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens (HackerNews)
  • Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain (Friday June 19, 2026)
    Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips. That code is burned into the silicon at manufacture. No software update can reach it. Affected devices will carry this flaw for as long as they stay in use. This is not a remote attack. It requires (HackerNews)
  • The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes (Friday June 19, 2026)
    The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affiliates for impairing system defenses before deploying the encryptor. This mature portfolio of EDR-terminating tools is centered around a framework that's known as GentleKiller. "They also incorporate third-party or (HackerNews)
  • AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution (Friday June 19, 2026)
    Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker's web page, and that page's JavaScript can reach a privileged local service on the same machine and spawn a process on the host. No credentials, no sign-in screen, and no further user interaction once (HackerNews)
  • Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites (Friday June 19, 2026)
    Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites. "With these actions we deprive cybercriminals of access to infected computer systems," Maikel Rollman of the Netherlands National High Tech Crime Unit said. "This prevents (HackerNews)
  • CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices (Friday June 19, 2026)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices. The sweeping campaign, believed to be the work of Russian-speaking threat actors, has been codenamed FortiBleed. The number of compromised devices stands at (HackerNews)
  • From Assistive to Agentic: The AI Shift That's Redefining Threat Management (Friday June 19, 2026)
    Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset data. But often, these tools are working in siloes, generating (overlapping) alerts and data. And yet, breach dwell times remain stubbornly long (~43 days), response windows keep closing before teams can act, and analysts burn out triaging noise instead (HackerNews)
  • Forget Data Leakage: Shadow AI's Real Threat Is Access Control (Friday June 19, 2026)
    The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive data into public AI tools. Security teams responded with usage policies, domain blocks, and data loss prevention rules. That response made sense at the time. It doesn't fit the problem anymore. Shadow AI has shifted from a data leakage concern to an access control problem. The threat isn't (HackerNews)
  • Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data (Friday June 19, 2026)
    Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To that end, organizations will be unable to connect to Salesforce via the app until further notice, the American cloud-based software company noted in an alert published this week. "Salesforce took (HackerNews)
  • Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone (Friday June 19, 2026)
    Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting the Airoha Bluetooth audio SDK that makes it possible to pair a Bluetooth audio device without user consent. (HackerNews)
  • ‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm (Thursday June 18, 2026)
    For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a "residential proxy" provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR]. (KrebsOnSecurity)
  • F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution (Thursday June 18, 2026)
    F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below - CVE-2026-42530 (CVSS v4 score: 9.2) - A use-after-free vulnerability in the ngx_http_v3_module that could be triggered by a remote unauthenticated attacker when NGINX Open Source is (HackerNews)
  • Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network (Thursday June 18, 2026)
    If an autonomous AI agent interacts with your company's core intellectual property today, can your security team instantly name the person who authorized it? For most enterprises, the answer is a simple no. The rush to adopt internal AI tools has left a massive trail of administrative debt: orphaned agents (AI tools left running after their creator leaves the company) and standing privileges ( (HackerNews)
  • ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories (Thursday June 18, 2026)
    The internet did not break this week. It got used exactly as designed, which is worse. Searches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks ran in memory and left almost nothing behind. Cloud agents looked like helpers until attackers treated them like open shells. Add exposed edge gear, poisoned packages, cash courier scams, (HackerNews)
  • Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2 (Thursday June 18, 2026)
    Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign codenamed CryptoBandits that has targeted users since February 2026 with clipboard-intercepting malware with self-spreading capabilities and using the Tor anonymity network to hide communication. "The clipper in this campaign relies on Windows Script Host and ActiveX-driven logic to launch a bundled Tor proxy and (HackerNews)
  • INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023 (Thursday June 18, 2026)
    Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims since August 2023. "The disruption of LockBit and the shutdown of BlackCat created opportunities for INC to expand as affiliates migrated to alternative ransomware operations," Acronis (HackerNews)
  • The Scripts on Your Checkout Page Are Now a PCI DSS Problem (Thursday June 18, 2026)
    An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the full QSA assessment here → When a customer types their card number into your checkout, their browser is running far more than your code. Analytics tags, a tag manager, a support widget, a payment iframe: a modern checkout loads dozens of third-party scripts, and any one of them can be turned (HackerNews)
  • DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic (Thursday June 18, 2026)
    Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure. According to findings from Broadcom-owned Symantec and Carbon Black, the backdoor was deployed against a major U.S. services firm. The name of the company was (HackerNews)
  • Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments (Wednesday June 17, 2026)
    An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phishing page that acts as the central hub, alongside GitHub and SourceForge projects promoted by fake accounts, a YouTube channel, and a (HackerNews)
  • Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development (Wednesday June 17, 2026)
    Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a privilege escalation flaw. "Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender (HackerNews)
  • Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline (Wednesday June 17, 2026)
    A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim's machine, building a way back in that did not run through the C2 at all. When the Havoc server went offline the next (HackerNews)
  • Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization (Wednesday June 17, 2026)
    For security teams, the findings never stop, but confidence in knowing which ones matter is becoming harder to maintain. The problem is no longer visibility. It's validation. Security teams must decide which findings warrant action while operating under constant pressure and incomplete information. Increasingly, the challenge is not discovering potential risks. It is determining which risks (HackerNews)
  • Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats (Wednesday June 17, 2026)
    Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys. "Every plugin poses as an AI coding assistant built on DeepSeek and other large language models, offering chat, commit messages, code review, bug finding, and unit tests," (HackerNews)
  • The Top 10 Attack Surface Exposures in 2026 (Wednesday June 17, 2026)
    Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like MongoBleed earlier this year, which let attackers pull credentials and session tokens from server memory without authentication — anything internet-facing is immediately at risk. With time-to-exploit now down to a (HackerNews)
  • 145 Mastra npm Packages Compromised via Hijacked Contributor Account (Wednesday June 17, 2026)
    As many as 145 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from Endor Labs, JFrog, OX Security, SafeDep, Socket, StepSecurity, and Synk. "A single npm account ( (HackerNews)
  • CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution (Wednesday June 17, 2026)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-48907 (CVSS score: 10.0), is a case of improper access control that could facilitate arbitrary (HackerNews)
  • Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting (Tuesday June 16, 2026)
    A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving infrastructure. Palo Alto Networks Unit 42, which found and reported the bug through Google's bug bounty program, calls the technique "Pickle in the Middle" and said it saw no exploitation in the wild. (HackerNews)
  • ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures (Tuesday June 16, 2026)
    Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader, observed in April 2026, have targeted education and financial organizations. "Earlier BabaDeda activity was known for (HackerNews)
  • New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds (Tuesday June 16, 2026)
    Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends SMS, rewrites the clipboard to redirect crypto payments, and switches off Google Play (HackerNews)
  • Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive (Tuesday June 16, 2026)
    Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and platforms. Yet despite this abundance of information, many organizations continue to face a fundamental challenge: sifting through the noise to understand who is behind an IP and (HackerNews)
  • Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week (Tuesday June 16, 2026)
    Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours. CVE-2026-39813 (CVSS score: 9.1) refers to a path traversal vulnerability in FortiSandbox JRPC API that could (HackerNews)
  • China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth (Tuesday June 16, 2026)
    Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. "The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS," ESET said in a report shared with The Hacker News. "Both come with a hard-coded C&C [command-and-control] configuration and support communication over TCP, UDP, (HackerNews)
  • Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware (Tuesday June 16, 2026)
    The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver a new malware called NarwhalRAT. "The attack email contained a message impersonating an MS account security alert," the Genians Security Center (GSC) said. "It was designed to create concern over possible (HackerNews)
  • Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw (Tuesday June 16, 2026)
    Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0. "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or (HackerNews)
  • CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation (Tuesday June 16, 2026)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026. The vulnerability in question is CVE-2026-54420 (CVSS score: 8.5), which has been described as a case of privilege (HackerNews)
  • Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails (Monday June 15, 2026)
    A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the unusual part: the attackers rewired the victims' own Google Workspace rules to copy any message (HackerNews)
  • North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels (Monday June 15, 2026)
    Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi). According to a report published by Proofpoint, the threat actor has been found orchestrating phishing campaigns using developer role recruitment or code review themes (HackerNews)
  • LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers (Monday June 15, 2026)
    A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one OpenAI-compatible interface. A server takeover exposes every provider key it holds, the secrets that (HackerNews)
  • One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes (Monday June 15, 2026)
    A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL filtering tools were (HackerNews)
  • ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More (Monday June 15, 2026)
    Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software keeps becoming someone else's entry point. Scroll through the full Monday Cybersecurity (HackerNews)
  • Who Runs the Ransomware Group ‘The Gentlemen?’ (Wednesday June 10, 2026)
    A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator of The Gentlemen ransomware group. (KrebsOnSecurity)
  • A Record-Breaking Patch Tuesday for June 2026 (Tuesday June 09, 2026)
    Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and exploit code for at least three of the weaknesses is now publicly available. (KrebsOnSecurity)
  • Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts (Monday June 01, 2026)
    The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta's "AI support assistant" bot into resetting account passwords. (KrebsOnSecurity)
  • Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks (Monday May 25, 2026)
    Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had assumed control over the technical infrastructure of Stark Industries Solutions, an Internet service provider sanctioned last year by the EU as a frequent staging ground for cyber mischief from Russia's intelligence agencies. (KrebsOnSecurity)
  • Lawmakers Demand Answers as CISA Tries to Contain Data Leak (Friday May 22, 2026)
    Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials. (KrebsOnSecurity)
  • Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada (Thursday May 21, 2026)
    Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February 2026 after the accused launched a volley of DDoS, doxing and swatting campaigns against this author and a security researcher. He now faces criminal hacking charges in both Canada and the United States. (KrebsOnSecurity)
  • CISA Admin Leaked AWS GovCloud Keys on Github (Monday May 18, 2026)
    Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history. (KrebsOnSecurity)
  • Patch Tuesday, May 2026 Edition (Tuesday May 12, 2026)
    Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers -- including Apple, Google, Microsoft, Mozilla and Oracle -- fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases. (KrebsOnSecurity)
  • Canvas Breach Disrupts Schools & Colleges Nationwide (Friday May 08, 2026)
    An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service's login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions. (KrebsOnSecurity)

Disclaimer: Some Links listed are external-links and are not managed by Western Illinois University. Western Illinois University or any of its employees shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyone's use of the information.