Cyber Security
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Andrew Doyle
June 17, 2026
Zimperium disclosed Rokarolla, an Android trojan with a 137-command C2 framework that targets 217 banking and cryptocurrency apps via dynamic overlay attacks.
Application Security
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
Gabby Lee
June 17, 2026
Kaspersky found malicious Wallpaper Engine packages on Steam Workshop delivering DarkKomet, Lumma, Vidar, and ransomware loaders to gamers who installed them.
Cybersecurity
GhostTree NTFS Junctions Paralyze Windows Defender Scans
Gabby Lee
June 17, 2026
Varonis disclosed GhostTree, an NTFS junction technique that uses recursive loops to block Windows Defender scans, requiring only standard user permissions.
Application Security
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Gabby Lee
June 17, 2026
Unit 42 found CVE-2026-2473 in the Vertex AI SDK lets attackers execute code in a victim's GCP tenant by squatting predictable bucket names and using ...
Blog
Endpoint Security Solutions: How to Protect Every Enterprise Device
Gabby Lee
June 17, 2026
Discover what endpoint security solutions are, how EDR and EPP work, and how to implement enterprise endpoint protection.
Cybersecurity
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Mitchell Langley
June 16, 2026
Google's GTIG disclosed UNC6508, a China-nexus group that maintained silent email forwarding inside US medical and military research networks for more than two years using ...
Application Security
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Mitchell Langley
June 16, 2026
Defused confirmed active exploitation of CVE-2026-39813 and CVE-2026-39808 in FortiSandbox, chained with CVE-2026-25089 to deliver unauthenticated root code execution across seven financial and critical infrastructure ...
CVE Vulnerability Alerts
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
Gabby Lee
June 16, 2026
Cisco released patches for CVE-2026-20262, an unauthenticated server-side request forgery flaw in SD-WAN Manager now actively exploited, as CISA issued a 13-day federal deadline.
Application Security
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
Andrew Doyle
June 16, 2026
CISA added LiteSpeed cPanel CVE-2026-54420 to its KEV catalog with a 48-hour deadline as exploitation of the unauthenticated REST API privilege escalation flaw was confirmed ...
Cybersecurity
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
Mitchell Langley
June 16, 2026
North Korean APT37 deployed NarwhalRAT, a new backdoor with encrypted custom C2, via fake Microsoft OTP security alerts targeting South Korean defense and crypto sectors.
Cybersecurity
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
Gabby Lee
June 16, 2026
DOJ seized CFAKE.com and SOCFAKE.com in the first TAKE IT DOWN Act enforcement, following a French arrest of the 31-year-old SOCFAKE operator and 340,000 registered ...
Cybersecurity
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
Andrew Doyle
June 16, 2026
CybersecurityNews and SOCRadar exposed The Quarry, a PhaaS platform active since April 2026 running IRS and SSA impersonation campaigns that silently install ConnectWise ScreenConnect for ...
Cybersecurity
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Gabby Lee
June 16, 2026
ESET Research disclosed WIN_DRV, a kernel-mode Windows rootkit linked to China-aligned Earth Lusca — the first confirmed Windows variant of SprySOCKS — signed with a ...
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Mitchell Langley
June 16, 2026
A three-CVE attack chain disclosed by Obsidian Security in LiteLLM AI Gateway lets low-privilege users escalate to root and steal all managed AI API keys.
Application Security
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
Mitchell Langley
June 16, 2026
CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp RMM, lets unauthenticated attackers gain full admin access on 14,000 exposed servers.
Cybersecurity
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
Gabby Lee
June 16, 2026
ShinyHunters claims 61 million records stolen from Sysco's Salesforce CRM, including pricing schedules and contact data, with a June 18 publication deadline.
Blog
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Mitchell Langley
June 15, 2026
Scareware tricks users with fake virus warnings into paying for rogue security software. Learn how it works, examples, and how to remove it.
Application Security
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Andrew Doyle
June 15, 2026
Lapsus$ listed 3,800 stolen GitHub internal repositories for sale 25 days after the confirmed breach, including Copilot, CodeQL, and Dependabot source code.
Cybersecurity
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Andrew Doyle
June 15, 2026
Nightspire ransomware listed four US victims including Blue Nile Medical Center with 3,000 exposed patient EHR records and Silsbee Police Department in Texas.
Cybersecurity
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Andrew Doyle
June 15, 2026
Oleksii Lytvynenko, a Ukrainian national extradited from Ireland, pleaded guilty to developing the malware loader that delivered Conti ransomware payloads.
Cybersecurity
Trump Administration Lifts Claude Fable 5 Access Restrictions
Mitchell Langley
July 2, 2026
Application Security
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
Gabby Lee
June 30, 2026
Application Security
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
Mitchell Langley
July 2, 2026
Cybersecurity
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries
Mitchell Langley
July 2, 2026
TOP CYBERSECURITY HEADLINES
Application Security
Poisoned Email Turns Claude Desktop Into a Reverse Shell
Application Security
Adobe’s Seven CVSS 10.0 Flaws Span ColdFusion and Campaign Classic
This Week’s Security Spotlight
Application Security
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Mitchell Langley
July 2, 2026
Application Security
DeepSeek Built Browser Ransomware Using Chrome File System API
Gabby Lee
July 2, 2026
CVE Vulnerability Alerts
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Gabby Lee
July 2, 2026
Application Security
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Gabby Lee
June 30, 2026
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
June 17, 2026
Unit 42 found CVE-2026-2473 in the Vertex AI SDK lets attackers execute code in a victim's GCP tenant by squatting predictable bucket names and using ...
Endpoint Security Solutions: How to Protect Every Enterprise Device
June 17, 2026
Discover what endpoint security solutions are, how EDR and EPP work, and how to implement enterprise endpoint protection.
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
June 16, 2026
Google's GTIG disclosed UNC6508, a China-nexus group that maintained silent email forwarding inside US medical and military research networks for more than two years using ...
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
June 16, 2026
Defused confirmed active exploitation of CVE-2026-39813 and CVE-2026-39808 in FortiSandbox, chained with CVE-2026-25089 to deliver unauthenticated root code execution across seven financial and critical infrastructure ...
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
June 16, 2026
Cisco released patches for CVE-2026-20262, an unauthenticated server-side request forgery flaw in SD-WAN Manager now actively exploited, as CISA issued a 13-day federal deadline.
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
June 16, 2026
CISA added LiteSpeed cPanel CVE-2026-54420 to its KEV catalog with a 48-hour deadline as exploitation of the unauthenticated REST API privilege escalation flaw was confirmed ...
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
June 16, 2026
North Korean APT37 deployed NarwhalRAT, a new backdoor with encrypted custom C2, via fake Microsoft OTP security alerts targeting South Korean defense and crypto sectors.
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
June 16, 2026
DOJ seized CFAKE.com and SOCFAKE.com in the first TAKE IT DOWN Act enforcement, following a French arrest of the 31-year-old SOCFAKE operator and 340,000 registered ...
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
June 16, 2026
CybersecurityNews and SOCRadar exposed The Quarry, a PhaaS platform active since April 2026 running IRS and SSA impersonation campaigns that silently install ConnectWise ScreenConnect for ...
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
June 16, 2026
ESET Research disclosed WIN_DRV, a kernel-mode Windows rootkit linked to China-aligned Earth Lusca — the first confirmed Windows variant of SprySOCKS — signed with a ...
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
June 16, 2026
A three-CVE attack chain disclosed by Obsidian Security in LiteLLM AI Gateway lets low-privilege users escalate to root and steal all managed AI API keys.
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
June 16, 2026
CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp RMM, lets unauthenticated attackers gain full admin access on 14,000 exposed servers.
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
June 16, 2026
ShinyHunters claims 61 million records stolen from Sysco's Salesforce CRM, including pricing schedules and contact data, with a June 18 publication deadline.
What Is Scareware? How Fake Security Warnings Lead to Real Malware
June 15, 2026
Scareware tricks users with fake virus warnings into paying for rogue security software. Learn how it works, examples, and how to remove it.
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
June 15, 2026
Lapsus$ listed 3,800 stolen GitHub internal repositories for sale 25 days after the confirmed breach, including Copilot, CodeQL, and Dependabot source code.
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
June 15, 2026
Nightspire ransomware listed four US victims including Blue Nile Medical Center with 3,000 exposed patient EHR records and Silsbee Police Department in Texas.
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
June 15, 2026
Oleksii Lytvynenko, a Ukrainian national extradited from Ireland, pleaded guilty to developing the malware loader that delivered Conti ransomware payloads.
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
June 15, 2026
Attackers hijacked Awesome Motive's CDN to push a backdoor to OptinMonster, TrustPulse, and PushEngage, creating rogue admin accounts on WordPress sites.
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
June 15, 2026
Varonis disclosed a three-step vulnerability chain in Microsoft 365 Copilot that allowed attackers to steal emails and documents with a single crafted link.
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
June 15, 2026
Novo Nordisk confirmed a breach exposing pseudonymized clinical trial biomarker data and healthcare provider records. No threat actor claimed responsibility.





































