Mozilla has released Firefox 152 to address multiple high-severity vulnerabilities that could allow remote code execution (RCE) and sandbox escape attacks. The security advisory, published on June 16, 2026, highlights a wide range of flaws affecting core browser components and emphasizes the urgency for users to update immediately. Several of the patched vulnerabilities are classified […]
The post Multiple Vulnerabilities in Firefox 152 Enables Remote Code Execution Attacks appeared first on Cyber Security News.
You must login to view this content
You must login to view this content
You must login to view this content
The consulting giant’s majority stake in Dragos, along with the purchase runZero and NetRise, marks its first major push into operational technology software as AI-driven threats to critical infrastructure intensify.
The post Accenture shells out $4.18B on three companies in big industrial cybersecurity push appeared first on CyberScoop.
Hackers are increasingly finding new ways to abuse legitimate enterprise features, and Microsoft SQL Server 2025’s newly introduced AI capabilities are now raising serious security concerns. SpecterOps researchers have demonstrated that these built-in features can be leveraged for stealthy data exfiltration and even command-and-control (C2) communication, all from within the database engine itself. Microsoft introduced […]
The post Hackers Can Leverage SQL Server 2025 AI Features to Exfiltrate Sensitive Data appeared first on Cyber Security News.
A newly uncovered attack campaign has brought a rarely scrutinized Windows executable into the spotlight. Threat actors are actively abusing Fondue.exe, a legitimate Microsoft utility built into the Windows operating system, to side-load a malicious control panel file named APPWIZ.cpl and silently deploy dangerous malware on victim machines. The technique is deceptively clever because it relies entirely on […]
The post Hackers Abuse Microsoft Fondue.exe to Side-Load APPWIZ.cpl and Execute Malware appeared first on Cyber Security News.
Hackers have found a new way to get AI tools to do their dirty work without paying for it. Instead of using their own resources, attackers are hijacking exposed AI model servers and plugging them into automated hacking pipelines. The result is a self-directed attack tool that can scan targets, find weaknesses, write exploits, and […]
The post Hackers Abuse Legitimate RMM Tools to Maintain Persistent Access and Evade Detection appeared first on Cyber Security News.
Hackers are increasingly exploiting trusted AI platforms to deliver sophisticated social engineering attacks, with a recent campaign abusing Claude.ai’s shared chat feature to host malicious ClickFix instructions. According to TrendAI Research, attackers deployed 106 unique malicious hostnames across six campaign waves within seven weeks, continuously rotating infrastructure and testing different AI-themed lures to maximize effectiveness. […]
The post Hackers Abuse Claude.ai Shared Chat Feature to Host the ClickFix Social Engineering Instructions appeared first on Cyber Security News.
Cisco has disclosed critical security vulnerabilities in its Identity Services Engine (ISE) that could allow attackers to execute malicious code remotely and access sensitive data, posing a significant risk to enterprise networks. The vulnerabilities, tracked as CVE-2026-20181 and CVE-2026-20190, were published under advisory ID cisco-sa-ise-multi-G5WP8vv on June 17, 2026. With a CVSS score of 9.1, […]
The post Critical Cisco ISE Vulnerability Allows Attacker to Execute Malicious Code Remotely appeared first on Cyber Security News.
You must login to view this content
SocGholish, an operation that’s been delivering malware to users via fake software updates, has suffered a major blow: the international law enforcement coalition behind Operation Endgame has taken down 106 of its servers and domains, and cleaned up nearly 15,000 websites compromised to serve their malicious payloads. The result of this most recent multinational law enforcement action was announced today by the Dutch National Police and on the operation’s website. How SocGholish infects victims More … More →
The post Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned appeared first on Help Net Security.