Monthly Archives: June 2026

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
June 20, 2026

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin...

Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
June 19, 2026

Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside...

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes
June 19, 2026

The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection...

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
June 19, 2026

Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into...

Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites
June 19, 2026

Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have...

CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices
June 19, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate...

From Assistive to Agentic: The AI Shift That’s Redefining Threat Management
June 19, 2026

Introduction The average enterprise security team has 40 or more security tools, giving a lot...

Forget Data Leakage: Shadow AI’s Real Threat Is Access Control
June 19, 2026

The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive...

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data
June 19, 2026

Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in...

Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone
June 19, 2026

Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that...

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
June 18, 2026

F5 has released security updates to address two critical security flaws in NGINX Open Source...

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories
June 18, 2026

The internet did not break this week. It got used exactly as designed, which is...

Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
June 18, 2026

Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since...

INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
June 18, 2026

Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to...

DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic
June 18, 2026

Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote...

Alert: NCSC issues advice following global targeting of Fortinet firewalls and VPN gateways
June 18, 2026

Organisations using Fortinet services are being urged to take action following a campaign affecting firewalls...

The ‘vibe coding spectrum’ approach to AI-assisted software development
June 18, 2026

Different code deserves different levels of oversight, so calibrate your approach to ‘vibe coding’ accordingly....

Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network
June 18, 2026

If an autonomous AI agent interacts with your company’s core intellectual property today, can your...

The Scripts on Your Checkout Page Are Now a PCI DSS Problem
June 18, 2026

An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the...

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments
June 17, 2026

An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news...

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
June 17, 2026

Microsoft has formally disclosed that it’s working to release a patch to address a Defender...

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
June 17, 2026

A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole...

NCSC CEO: Hostile states linked to three-quarters of cyber attacks affecting UK’s critical systems
June 17, 2026

Dr Richard Horne highlighted the scale of cyber threats against the UK’s critical infrastructure at...

Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization
June 17, 2026

For security teams, the findings never stop, but confidence in knowing which ones matter is...

The Top 10 Attack Surface Exposures in 2026
June 17, 2026

Breaches don’t always start with a zero-day. An exposed admin panel can get brute-forced, or...

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
June 17, 2026

Cybersecurity researchers have flagged a “coordinated malware campaign” on the JetBrains Marketplace that has published...

144 Mastra npm Packages Compromised via Hijacked Contributor Account
June 17, 2026

As many as 144 npm packages associated with the Mastra namespace (“@mastra/*”), a popular open-source...

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
June 17, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw...

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
June 16, 2026

A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with...

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
June 16, 2026

Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader,...