Cyber Security News

Zhipu AI’s open-weight GLM-5.2 model is reportedly performing on par with Anthropic’s restricted Claude Mythos in specific cybersecurity and software vulnerability detection tasks, a development that is intensifying concerns inside the U.S. government about the effectiveness of its AI export control strategy. Zhipu AI (Z.ai) released GLM-5.2 on June 13, 2026, under a permissive open-weight […]

The post China’s New Zhipu AI Reportedly Matches Claude Mythos in Vulnerability Detection appeared first on Cyber Security News.

A new open-source offensive security platform called RedAmon is redefining automated penetration testing by chaining reconnaissance, exploitation, post-exploitation, AI-driven triage, and automated code remediation all into a single end-to-end pipeline that culminates in a GitHub pull request with the fix already written. RedAmon is a modular, containerized penetration testing framework built on Docker that requires […]

The post RedAmon AI Tool that Chains Reconnaissance, Exploitation, and Post-exploitation appeared first on Cyber Security News.

OpenAI has officially begun a limited preview of the GPT‑5.6 model series Sol, Terra, and Luna, positioning its flagship Sol as the company’s most capable and security-hardened AI model to date, available initially only to a small group of trusted partners at the formal request of the Trump administration. The GPT‑5.6 family introduces three distinct […]

The post OpenAI Released GPT-5.6 Sol With Limited Access and Strong Cyberattack Protections appeared first on Cyber Security News.

Anthropic has confirmed that Claude Mythos 5, its most powerful AI cybersecurity model, will be redeployed to a select set of U.S. organizations responsible for operating and defending critical infrastructure, following a government-led review process that began on June 12, 2026. Claude Mythos first made headlines in April 2026 when Anthropic described it as a […]

The post Anthropic Confirms Claude Mythos 5 Redeployment for US Critical Infrastructure Organizations appeared first on Cyber Security News.

A critical cloud storage attack technique dubbed “bucket hijacking” a method that enables threat actors to silently redirect an organization’s active cloud data streams, including audit logs and telemetry, into attacker-controlled external storage buckets across major cloud platforms. The technique has been confirmed to affect Google Cloud, Amazon Web Services (AWS), and Microsoft Azure, with […]

The post New Bucket Hijacking Attack Allows Hackers to Reroute Cloud Data Streams to External Storage appeared first on Cyber Security News.

A new Linux kernel local privilege escalation vulnerability, dubbed “DirtyClone” (CVE-2026-43503), that allows unprivileged local users to gain full root access by manipulating cloned network packets through the XFRM/IPsec subsystem, all without leaving a trace in kernel logs or audit records. DirtyClone is a high-severity variant in the DirtyFrag vulnerability family, a class of Linux […]

The post New DirtyClone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets appeared first on Cyber Security News.

A high-severity vulnerability in the Amazon Q Developer Extension for Visual Studio Code (VS Code), Amazon’s AI-powered coding assistant. Tracked as CVE-2026-12957 and CVE-2026-12958 and disclosed by Wiz Research, the flaws allowed attackers to achieve arbitrary code execution and cloud credential theft simply by having a developer open a malicious repository. The root cause was […]

The post Amazon Q Vulnerability Let Attackers Execute Code and Access Sensitive Cloud Environments appeared first on Cyber Security News.

A newly disclosed Linux kernel vulnerability combining a Copy-on-Write (COW) page-cache corruption flaw with the net/sched subsystem’s act_pedit component is enabling unprivileged local attackers to escalate privileges to full root access on several major Linux distributions. The exploit, dubbed packet_edit_meme, has been verified in June 2026 against actively maintained enterprise and consumer kernels. The root […]

The post New Linux pedit COW Exploit Allows Attackers to Gain System Root Access appeared first on Cyber Security News.

Hackers and other bad actors don’t keep normal business hours. They know that their best chance is when businesses are closed for the day, and the programs that they use can operate at any time.  A ransomware attack can begin at 2 a.m. on a Sunday or a phishing campaign may spread through a company […]

The post Why 24/7 Support Is Essential for Cybersecurity Providers appeared first on Cyber Security News.

A sophisticated Phishing-as-a-Service (PhaaS) platform called Bluekit has been confirmed operational at scale, with cybersecurity firm Netcraft detecting approximately 70 live hostnames in a single week. First documented by Varonis Threat Labs as an emerging tool still in development, Bluekit has since matured into a fully operational threat capable of bypassing multi-factor authentication (MFA) and […]

The post New Bluekit Phishing-as-a-Service Bypasses MFA to Steal Microsoft Login Credentials appeared first on Cyber Security News.

Water utilities across the United States and Europe are under growing pressure as hackers continue to find easy ways in. Nation-state actors and affiliated groups have been quietly exploiting internet-facing control systems and weak login credentials to access water and wastewater infrastructure — systems that millions of people depend on every day. The threat has […]

The post Hackers Exploit Weak Credentials and Internet-Facing PLCs to Breach Water Utilities appeared first on Cyber Security News.

A newly documented attack chain tied to threat actor group UAC-0226 is putting Windows users at serious risk. The campaign uses booby-trapped WinRAR archives, hidden file streams, and a sophisticated memory-loading technique to deliver GIFTEDCROOK, a stealer malware designed to quietly drain browser credentials, cookies, and sensitive documents from infected machines. The attack has shown […]

The post New GIFTEDCROOK Chain Abuses WinRAR ADS and Reflective Loading to Steal Browser Data appeared first on Cyber Security News.

Hackers are no longer waiting in your inbox. A newly identified scam technique places fake invoices directly inside shopping app order histories, making them feel more credible than a typical phishing email. Researchers have observed fraudulent receipts appearing inside the Shop app, the popular order-tracking application from Shopify, catching users off guard in a space […]

The post Hackers Leveraged Shopify Oder-Tracking App Shop to Push Fake Invoices appeared first on Cyber Security News.

A serious cybersecurity breach has come to light in Japan, where the country’s Ground Self-Defense Force (JGSDF) unknowingly used malware-infected USB drives on computers connected to classified military networks. The incident lasted for nearly a year before anyone noticed. What makes this case especially alarming is not just the breach itself, but the fact that […]

The post Nikkei Warns of Japan’s Ground Self-Defense Force Used USB Drives Infected with a China-linked Malware appeared first on Cyber Security News.

A critical authentication bypass vulnerability in the python.org release management API could have allowed attackers to impersonate administrators, potentially redirecting millions of users to malicious download URLs. The flaw, responsibly disclosed on February 23, 2026, by Splitline Ng of the DEVCORE Research Team, was patched within 48 hours of the initial report. The vulnerability resided […]

The post Critical python.org Vulnerability Allowed Attackers to Forge Admin-Level API Requests appeared first on Cyber Security News.

A newly uncovered infostealer called KuinaExtractor has been quietly evolving for over six months, posing a serious and growing threat to users across multiple platforms. Written in the Rust programming language, the malware targets browser data, cryptocurrency wallets, and credentials for popular services including Roblox, Steam, and Discord. What makes this threat particularly concerning is […]

The post KuinaExtractor Uses Telegram Exfiltration, UAC Bypass, and Sandbox Detection for Stealth appeared first on Cyber Security News.

Russian authorities deployed Cellebrite’s Universal Forensic Extraction Device (UFED) to breach the iPhone of opposition politician Andrey Pivovarov in June 2021, months after the Israeli surveillance firm publicly announced it had terminated all contracts with Russian customers, according to a forensic investigation published by the Citizen Lab at the University of Toronto. On May 31, […]

The post Russia Used Cellebrite Tool to Hack Activist’s iPhone Despite Contract Cancellation appeared first on Cyber Security News.

The clock has run out. As of June 24, 2026, the first of Microsoft’s original Secure Boot certificates, the Microsoft Corporation KEK CA 2011, has officially expired, with the Microsoft UEFI CA 2011 following on June 27, 2026. A third, the Microsoft Windows Production PCA 2011, is set to expire on October 19, 2026. Together, these certificates […]

The post Windows Secure Boot Certificate Expired — Billions of PCs Affected Including Linux Distros appeared first on Cyber Security News.

A critical security flaw lurking in curl for over 25 years has been patched, as part of a record-breaking security release that fixed 18 CVEs, the most ever issued in a single curl version. The vulnerability, CVE-2026-8932, was first shipped in curl version 7.7 on March 22, 2001, making it the oldest curl security issue […]

The post 25-Year-Old Vulnerability in cURL Used by 30 Billion Devices Finally Patched appeared first on Cyber Security News.

LokiBot, one of the oldest credential-stealing malware families still active today, has resurfaced in a new multi-stage campaign designed to steal credentials from a wide range of applications. The campaign uses a JScript email attachment as its entry point, quietly setting off a chain of events that ends with sensitive data being silently lifted from […]

The post LokiBot Campaign Uses JScript Attachment, .NET Injector, and Process Injection to Steal Credentials appeared first on Cyber Security News.