Law Enforcement Clears 15,000 SocGholish WordPress Sites
June 24, 2026
Operation Endgame dismantled nearly 15,000 SocGholish-infected WordPress sites and 106 C2 servers linked to Russian cybercrime group Evil Corp in
Endpoint Security
Law Enforcement Clears 15,000 SocGholish WordPress Sites
Operation Endgame dismantled nearly 15,000 SocGholish-infected WordPress sites and 106 C2 servers linked to Russian cybercrime group Evil Corp in a June 2026 international enforcement ...
Microsoft Exposes Windows Crypto Clipper Using USB Worm and Tor C2
Microsoft disclosed a Windows crypto clipper campaign active since February 2026, using USB LNK worm spreading and Tor-based C2 to intercept and redirect cryptocurrency transactions.
Crypto Clipper Abuses AI Reviews and VirusTotal to Fake Legitimacy
Check Point Research exposed a crypto clipper campaign using AI-generated fake reviews on GitHub, YouTube, and VirusTotal comment sections to manufacture trust before delivering malware.
Defender Zero-Day CVE-2026-50656 Under Active Exploit, No Patch
Microsoft confirmed CVE-2026-50656, a zero-day in the Defender Malware Protection Engine allowing SYSTEM-level privilege escalation, is under active exploitation with no patch currently available.
Gizmodo Account Hijacked to Push ClickFix Malware at Readers
A threat actor compromised a Gizmodo account to serve ClickFix malware prompts to readers, exploiting brand trust to push PowerShell-based attacks at scale.
Samsung KNOX Kernel Flaw CVE-2026-20971 Affects Galaxy S9 to S25
CVE-2026-20971 is a CVSS 7.8 use-after-free in Samsung KNOX's PROCA and FIVE subsystems, affecting Galaxy S9 through S25 across Android 13, 14, 15, and 16.
macOS ClickFix Variant Silently Mounts DMG to Deploy AMOS Stealer
Unit 42 found a macOS ClickFix variant using hdiutil to silently mount DMG files and deploy AMOS stealer, targeting crypto wallets and iCloud Keychain.
Elastic Exposes OXLOADER and CastleStealer in Russian Malvertising
Elastic Security Labs exposed OXLOADER and CastleStealer — two new Russian-linked malware families spread via fake Google Ads targeting software downloaders.
WhatsApp Phishing Deploys ManageEngine RMM Malware Across Continents
Kaspersky found a WhatsApp phishing campaign using VBScript to install ManageEngine RMM software across multiple countries, granting attackers remote access.
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Zimperium disclosed Rokarolla, an Android trojan with a 137-command C2 framework that targets 217 banking and cryptocurrency apps via dynamic overlay attacks.
Microsoft Exposes Windows Crypto Clipper Using USB Worm and Tor C2
June 24, 2026
Microsoft disclosed a Windows crypto clipper campaign active since February 2026, using USB LNK worm spreading and Tor-based C2 to
Crypto Clipper Abuses AI Reviews and VirusTotal to Fake Legitimacy
June 24, 2026
Check Point Research exposed a crypto clipper campaign using AI-generated fake reviews on GitHub, YouTube, and VirusTotal comment sections to
Defender Zero-Day CVE-2026-50656 Under Active Exploit, No Patch
June 24, 2026
Microsoft confirmed CVE-2026-50656, a zero-day in the Defender Malware Protection Engine allowing SYSTEM-level privilege escalation, is under active exploitation with
Gizmodo Account Hijacked to Push ClickFix Malware at Readers
June 24, 2026
A threat actor compromised a Gizmodo account to serve ClickFix malware prompts to readers, exploiting brand trust to push PowerShell-based
Samsung KNOX Kernel Flaw CVE-2026-20971 Affects Galaxy S9 to S25
June 24, 2026
CVE-2026-20971 is a CVSS 7.8 use-after-free in Samsung KNOX’s PROCA and FIVE subsystems, affecting Galaxy S9 through S25 across Android
macOS ClickFix Variant Silently Mounts DMG to Deploy AMOS Stealer
June 24, 2026
Unit 42 found a macOS ClickFix variant using hdiutil to silently mount DMG files and deploy AMOS stealer, targeting crypto
Elastic Exposes OXLOADER and CastleStealer in Russian Malvertising
June 24, 2026
Elastic Security Labs exposed OXLOADER and CastleStealer — two new Russian-linked malware families spread via fake Google Ads targeting software
WhatsApp Phishing Deploys ManageEngine RMM Malware Across Continents
June 23, 2026
Kaspersky found a WhatsApp phishing campaign using VBScript to install ManageEngine RMM software across multiple countries, granting attackers remote access.
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
June 17, 2026
Zimperium disclosed Rokarolla, an Android trojan with a 137-command C2 framework that targets 217 banking and cryptocurrency apps via dynamic
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.