Cyber Security
BioShocking Attack Turns AI Browsers Into Credential Thieves
Working Exploit Published for LoadMaster CVE-2026-8037 RCE
SimpleHelp CVE-2026-48558 Exploited to Deploy Djinn Stealer
CISA Confirms BlueHammer CVE-2026-33825 Used in Ransomware
Three Daktronics Controller Flaws Allow Remote Highway Sign Hijack
Gitea CVE-2026-20896 Auth Bypass Exploited via One HTTP Header
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
Microsoft Removes 119 StegoAd Extensions from Edge Add-ons Store
Public PoC Drops for Critical libssh2 Flaw CVE-2026-55200
Hijacked npm and Go Packages Exploit VS Code MCP to Deploy Infostealer
SBU and FBI Expose Russian FSB and GRU Signal Key Theft Campaign
US Offers $10M Bounty for Russian Hackers UNC5792 and UNC4221
Mozilla 0DIN Shows AI Coding Agents Can Be Tricked via DNS TXT
White House Cybersecurity Review Restricts GPT-5.6 and Anthropic
Athena Coalition Finds 20,000+ Flaws in 500 Open-Source Projects
Klue OAuth Breach Hits Huntress, Recorded Future via Salesforce
Law Enforcement Clears 15,000 SocGholish WordPress Sites
ShapedPlugin Update System Hacked, Malicious Code Pushed to Customers
Microsoft Exposes Windows Crypto Clipper Using USB Worm and Tor C2
Crypto Clipper Abuses AI Reviews and VirusTotal to Fake Legitimacy
Defender Zero-Day CVE-2026-50656 Under Active Exploit, No Patch
DOJ Seizes Huione Group Cloud Accounts in $4B Fraud Crackdown
Cisco Unified CM SSRF Flaw CVE-2026-20230 Under Active Exploit
Two Scattered Spider Members Plead Guilty in TfL Hack Case
Gizmodo Account Hijacked to Push ClickFix Malware at Readers
Algerian Phishing Marketplace Operator Extradited to US
Anthropic’s Mythos AI Found Flaws in Classified US Government Systems
Samsung KNOX Kernel Flaw CVE-2026-20971 Affects Galaxy S9 to S25
macOS ClickFix Variant Silently Mounts DMG to Deploy AMOS Stealer
Dify DifyTap Flaws Expose Cross-Tenant AI App Data
What Is Cloud Detection and Response (CDR) and How Does It Work
Blog
What is Cloud Detection and Response (CDR) and How Does it Work
Cloud detection and response (CDR) delivers real-time threat visibility across cloud workloads. Learn how CDR works and how to implement it.
Application Security
Google Patches 5th Chrome Zero-Day; V8 Flaw Chains for OS Access
Google patched CVE-2026-11645, a V8 out-of-bounds flaw being chained with a sandbox escape to achieve OS code execution. The fifth Chrome zero-day of 2026.
Application Security
LiteLLM CVE-2026-42271 Added to CISA KEV: AI API Keys at Risk
CISA added BerriAI LiteLLM CVE-2026-42271 to the KEV catalog. The command injection flaw enables OS access and theft of all configured AI provider API keys.
Cybersecurity
France’s Tchap Messaging App Breached, 643K Messages Exposed
ANSSI detected attackers who used a hijacked account and hardcoded LDAP credentials to breach Tchap, exposing 643,000 messages across 73,000 accounts.
Application Security
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
SAP's June 2026 Patch Day addressed 15 security notes including CVE-2026-44748, a CVSS 9.9 XML Signature Wrapping flaw in NetWeaver SAML authentication.
CVE Vulnerability Alerts
Exploit Published for Linux Kernel nf_tables CVE-2026-23111
Exodus Intelligence released a working exploit for Linux kernel CVE-2026-23111, a nf_tables flaw enabling root escalation on unpatched Ubuntu and Debian.
Cybersecurity
Qilin Ransomware Hits Isuzu Motors, Opéra Comique, and 3 Others
Qilin ransomware posted six victims including Isuzu Motors, Opéra Comique, and Australian healthcare provider The Banyans in a cross-sector June 8 batch.
Cybersecurity
Nova, Stormous, and Akira Target European Organizations
Nova claimed Trevi S.p.A., Stormous listed a Dutch Catholic group, and Akira hit a French ambulatory clinic in coordinated European ransomware postings.
Cybersecurity
Turkish Police Detain 357 in Nationwide Cybercrime Raids
Turkish police detained 357 and arrested 194 in raids across 18 provinces targeting online gambling, financial fraud, and child sexual abuse material.
Application Security
Apache HTTP Server 2.4.68 Patches 13 CVEs Including HTTP/2 DoS
Apache HTTP Server 2.4.68 patches 13 vulnerabilities including CVE-2026-49975, the HTTP/2 bomb denial-of-service flaw affecting nginx, Envoy, and Cloudflare.
Cybersecurity
Storm-3075 Uses ChatGPT and Claude Brands to Harvest Credentials
Microsoft identified Storm-3075 using ChatGPT, Claude, and DeepSeek brands in AiTM phishing that targeted over 2,000 organizations across the US, UK, and India.
Blog
Security Posture Assessment: How to Evaluate and Strengthen Defenses
A security posture assessment maps your attack surface, scores risk, and guides remediation. Learn what it involves and how to conduct one.
Application Security
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
Veeam patched CVE-2026-44963, a CVSS 9.4 RCE flaw letting any domain user execute code on backup servers across its 550,000-customer install base.
Application Security
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
Fortinet patched CVE-2026-25089, a CVSS 9.1 OS command injection in FortiSandbox's Web UI exploitable by unauthenticated attackers via crafted HTTP requests.
Application Security
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
OpenSSL released 16 security fixes, led by CVE-2026-45447, a HIGH severity heap use-after-free in PKCS7_verify() that may enable RCE via crafted S/MIME messages.
Cybersecurity
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Akira ransomware posted three US victims on June 9: Spray Equipment with 26GB of W-2 records and engineering drawings, Rockaway River Country Club, and SMPC ...
Cybersecurity
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Chaos ransomware listed US telecom provider Airespring on its leak site. Rapid7 documented Chaos as a MuddyWater Iranian APT false-flag tool, complicating attribution.
Application Security
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
The Shai-Hulud Hades variant targeted ~29 bioinformatics and ML PyPI packages in a second wave, introducing a loader-payload split and bringing the campaign past 100 ...
Application Security
Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
Microsoft's June Patch Tuesday closes the actively exploited Exchange Server CVE-2026-42897 and sets a 17-day countdown to a critical Secure Boot deadline.
CVE Vulnerability Alerts
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
Check Point disclosed CVE-2026-50751, a critical VPN authentication bypass exploited by Qilin ransomware for five weeks, and released an emergency hotfix.
Application Security
Attackers Hit Oracle EBS CVE-2026-46817 Days After Patch
Application Security
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
CVE Vulnerability Alerts
CISA Confirms BlueHammer CVE-2026-33825 Used in Ransomware
Cybersecurity
Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

TOP CYBERSECURITY HEADLINES

This Week’s Security Spotlight

Application Security
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Application Security
Six AirDrop and Quick Share Flaws Put 5B Devices at Risk
CVE Vulnerability Alerts
SimpleHelp CVE-2026-48558 Exploited to Deploy Djinn Stealer
Cybersecurity
Gizmodo Account Hijacked to Push ClickFix Malware at Readers
Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
France’s Tchap Messaging App Breached, 643K Messages Exposed
ANSSI detected attackers who used a hijacked account and hardcoded LDAP credentials to breach Tchap, exposing 643,000 messages across 73,000 accounts.
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
SAP's June 2026 Patch Day addressed 15 security notes including CVE-2026-44748, a CVSS 9.9 XML Signature Wrapping flaw in NetWeaver SAML authentication.
Exploit Published for Linux Kernel nf_tables CVE-2026-23111
Exodus Intelligence released a working exploit for Linux kernel CVE-2026-23111, a nf_tables flaw enabling root escalation on unpatched Ubuntu and Debian.
Qilin Ransomware Hits Isuzu Motors, Opéra Comique, and 3 Others
Qilin ransomware posted six victims including Isuzu Motors, Opéra Comique, and Australian healthcare provider The Banyans in a cross-sector June 8 batch.
Nova, Stormous, and Akira Target European Organizations
Nova claimed Trevi S.p.A., Stormous listed a Dutch Catholic group, and Akira hit a French ambulatory clinic in coordinated European ransomware postings.
Turkish Police Detain 357 in Nationwide Cybercrime Raids
Turkish police detained 357 and arrested 194 in raids across 18 provinces targeting online gambling, financial fraud, and child sexual abuse material.
Apache HTTP Server 2.4.68 Patches 13 CVEs Including HTTP/2 DoS
Apache HTTP Server 2.4.68 patches 13 vulnerabilities including CVE-2026-49975, the HTTP/2 bomb denial-of-service flaw affecting nginx, Envoy, and Cloudflare.
Storm-3075 Uses ChatGPT and Claude Brands to Harvest Credentials
Microsoft identified Storm-3075 using ChatGPT, Claude, and DeepSeek brands in AiTM phishing that targeted over 2,000 organizations across the US, UK, and India.
Security Posture Assessment: How to Evaluate and Strengthen Defenses
A security posture assessment maps your attack surface, scores risk, and guides remediation. Learn what it involves and how to conduct one.
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
Veeam patched CVE-2026-44963, a CVSS 9.4 RCE flaw letting any domain user execute code on backup servers across its 550,000-customer install base.
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
Fortinet patched CVE-2026-25089, a CVSS 9.1 OS command injection in FortiSandbox's Web UI exploitable by unauthenticated attackers via crafted HTTP requests.
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
OpenSSL released 16 security fixes, led by CVE-2026-45447, a HIGH severity heap use-after-free in PKCS7_verify() that may enable RCE via crafted S/MIME messages.
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Akira ransomware posted three US victims on June 9: Spray Equipment with 26GB of W-2 records and engineering drawings, Rockaway River Country Club, and SMPC ...
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Chaos ransomware listed US telecom provider Airespring on its leak site. Rapid7 documented Chaos as a MuddyWater Iranian APT false-flag tool, complicating attribution.
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
The Shai-Hulud Hades variant targeted ~29 bioinformatics and ML PyPI packages in a second wave, introducing a loader-payload split and bringing the campaign past 100 ...
Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
Microsoft's June Patch Tuesday closes the actively exploited Exchange Server CVE-2026-42897 and sets a 17-day countdown to a critical Secure Boot deadline.
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
Check Point disclosed CVE-2026-50751, a critical VPN authentication bypass exploited by Qilin ransomware for five weeks, and released an emergency hotfix.
WhatsApp Files Contempt Motion Over New NSO Group Spyware Activity
WhatsApp detected new NSO Group activity violating a permanent court injunction and filed a federal contempt motion against the Israeli surveillance firm.
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
TheGentlemen ransomware posted 12 victims across 8 countries in one day, including two healthcare providers with HIPAA and NHS breach notification exposure.
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Gogs version 0.14.3 patches a critical CVSSv4 9.4 RCE zero-day that had exposed 2,300 internet-facing servers for ten days with a public Metasploit exploit.