Aggregator

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments

The Hackers News
5 days 19 hours ago
An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phishing page that acts as the central hub, alongside GitHub and SourceForge projects promoted by fake accounts, a YouTube channel, and a
The Hacker News

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development

The Hackers News
5 days 20 hours ago
Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a privilege escalation flaw. "Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender
The Hacker News

Google Cloud Vertex AI Allows Attacker to Hijack Victim’s Model and Poison it

Cyber Security News
5 days 20 hours ago

A newly disclosed vulnerability in Google Cloud Vertex AI could have allowed attackers to hijack machine learning model uploads and execute malicious code in victim environments, according to research shared with Google under responsible disclosure. The issue affects the Vertex AI Python SDK (google-cloud-aiplatform) and stems from a combination of predictable cloud storage bucket naming […]

The post Google Cloud Vertex AI Allows Attacker to Hijack Victim’s Model and Poison it appeared first on Cyber Security News.

Abinaya

GitBait Phishing Campaign Abuses GitHub Pages to Attack Financial Institutions

Cyber Security News
5 days 21 hours ago

A sophisticated phishing campaign called “GitBait” has been caught targeting Mexico’s financial sector with a level of precision rarely seen in credential-theft operations. The campaign abuses GitHub Pages, a widely trusted free hosting service, to deliver fake banking portals that look nearly identical to the real thing. Victims who land on these pages are tricked […]

The post GitBait Phishing Campaign Abuses GitHub Pages to Attack Financial Institutions appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2026-32652 | Dell AIOps up to 1.18.3 Installation default credentials (dsa-2026-231)

VulDB Recent Entries
5 days 21 hours ago
A vulnerability classified as critical was found in Dell AIOps up to 1.18.3. This vulnerability affects unknown code of the component Installation Handler. The manipulation results in use of default credentials. This vulnerability was named CVE-2026-32652. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2026-53875 | picklescan up to 1.0.2 torch.load eval injection

VulDB Recent Entries
5 days 21 hours ago
A vulnerability classified as critical has been found in picklescan up to 1.0.2. This affects the function torch.load. The manipulation leads to improper neutralization of directives in dynamically evaluated code. This vulnerability is uniquely identified as CVE-2026-53875. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

Managed ad