Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments Malware / Social EngineeringAn unknown threat actor has been observed leveraging paid or promoted... 2026-6-17 18:14:24 | 阅读: 6 | 收藏 | The Hacker News - thehackernews.com reputation download promoted github sourceforge

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development Endpoint Security / VulnerabilityMicrosoft has formally disclosed that it's working to release a p... 2026-6-17 17:36:28 | 阅读: 4 | 收藏 | The Hacker News - thehackernews.com microsoft rogueplanet 2026 defender eclipse

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline A French-speaking attacker broke into a small French automotive business, planted a keylogger, and... 2026-6-17 16:0:56 | 阅读: 8 | 收藏 | The Hacker News - thehackernews.com tailscale c2 cato poisson openssh

Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization For security teams, the findings never stop, but confidence in knowing which ones matter is becomin... 2026-6-17 11:58:0 | 阅读: 18 | 收藏 | The Hacker News - thehackernews.com security exposure aev breachlock

The Top 10 Attack Surface Exposures in 2026 Attack Surface ManagementBreaches don't always start with a zero-day. An exposed admin panel can g... 2026-6-17 10:30:0 | 阅读: 10 | 收藏 | The Hacker News - thehackernews.com facing ransomware database reachable upnp

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplac... 2026-6-17 09:38:46 | 阅读: 12 | 收藏 | The Hacker News - thehackernews.com deepseek coder malicious aikido chrome

144 Mastra npm Packages Compromised via Hijacked Contributor Account As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-sou... 2026-6-17 07:38:24 | 阅读: 12 | 收藏 | The Hacker News - thehackernews.com mastra malicious payload library

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution Vulnerability / Supply Chain AttackThe U.S. Cybersecurity and Infrastructure Security Agency (CI... 2026-6-17 05:50:46 | 阅读: 11 | 收藏 | The Hacker News - thehackernews.com wordpress jce joomla widget 2026

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting Machine Learning / Cloud SecurityA flaw in the Google Cloud Vertex AI SDK for Python let an attack... 2026-6-16 19:5:41 | 阅读: 11 | 收藏 | The Hacker News - thehackernews.com vertex victim attacker cloud staging

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loade... 2026-6-16 17:41:28 | 阅读: 16 | 收藏 | The Hacker News - thehackernews.com loader clickfix ipsum lorem payload

New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds Mobile Security / MalwareSecurity researchers at Zimperium's zLabs have documented a new Android b... 2026-6-16 13:10:17 | 阅读: 22 | 收藏 | The Hacker News - thehackernews.com rokarolla zimperium trojan security

Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment... 2026-6-16 11:30:0 | 阅读: 19 | 收藏 | The Hacker News - thehackernews.com security residential spur proxy

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week Vulnerability / Threat IntelligenceBad actors are exploiting multiple security vulnerabilities in... 2026-6-16 10:30:41 | 阅读: 9 | 收藏 | The Hacker News - thehackernews.com 2026 25089 attacker

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth Cybersecurity researchers have flagged two previously undocumented Windows variants of what was bel... 2026-6-16 09:44:34 | 阅读: 11 | 收藏 | The Hacker News - thehackernews.com windows sprysocks drv security fishmonger

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed usi... 2026-6-16 08:14:55 | 阅读: 14 | 收藏 | The Hacker News - thehackernews.com c2 python narwhalrat security phishing

Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw Vulnerability / Network SecurityCisco has released security updates for a medium-severity security... 2026-6-16 06:5:58 | 阅读: 5 | 收藏 | The Hacker News - thehackernews.com 2026 catalyst security vmanage nms

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation Vulnerability / Server SecurityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) ha... 2026-6-16 05:41:52 | 阅读: 6 | 收藏 | The Hacker News - thehackernews.com litespeed cpanel security 2026 cagefs

Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails Cyber Espionage / Email SecurityA China-linked espionage group hid inside North American medical,... 2026-6-15 19:44:6 | 阅读: 10 | 收藏 | The Hacker News - thehackernews.com redcap unc6508 gtig attackers military

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with... 2026-6-15 19:32:52 | 阅读: 13 | 收藏 | The Hacker News - thehackernews.com malicious windows contagious developers ottercookie

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the serv... 2026-6-15 16:39:1 | 阅读: 14 | 收藏 | The Hacker News - thehackernews.com proxy litellm attacker mcp 2026