Aggregator
Novel OAuth Client ID Spoofing Technique Targets Cloud Environments
Turning the Tables on Email Scammers With 'ScamBuster'
Red Hat security advisory (AV26-688)
[Control systems] CISA ICS security advisories (AV26–687)
Ubuntu security advisory (AV26-686)
Dell security advisory (AV26-685)
IBM security advisory (AV26-684)
Debian 13 Released With Security Updates, Bug Fixes and Driver Updates
The Debian Project has released Debian 13.6, the latest maintenance update for Debian 13 “trixie.” The point release focuses on security corrections and fixes for serious software issues across the operating system’s package collection. Debian 13.6 is not a new major version of the distribution. Users do not need to reinstall the operating system or […]
The post Debian 13 Released With Security Updates, Bug Fixes and Driver Updates appeared first on Cyber Security News.
Hackers Using Vibe-Coded Generated PowerShell Script to Enumerate Active Directory Accounts
Threat actors have started weaponizing AI-generated PowerShell code to map Active Directory (AD) environments, marking a notable shift from off-the-shelf hacking tools to bespoke, “vibe-coded” malware. Security researchers at Huntress recovered and reconstructed one such script, dubbed Untitled1.ps1, from an incident on June 3, 2026. Vibe coding refers to writing software by iteratively prompting an […]
The post Hackers Using Vibe-Coded Generated PowerShell Script to Enumerate Active Directory Accounts appeared first on Cyber Security News.
WordPress, Joomla, Craft CMS. Хакеры массово взламывают сайты по всему миру через 15 уязвимостей
Attackers Combine MCP Recon With Cloud Metadata SSRF to Steal Service Account Tokens
Internet-wide reconnaissance is expanding beyond conventional application targets to include Model Context Protocol (MCP) services, AI assistant configuration files, and locally exposed LLM endpoints. A 14-day review of Apache and ModSecurity logs from a small, low-traffic shared host found roughly 200 requests tied to AI-agent reconnaissance, alongside routine WordPress, .env, Git, and Spring Boot Actuator […]
The post Attackers Combine MCP Recon With Cloud Metadata SSRF to Steal Service Account Tokens appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage
Ransomware negotiator who betrayed clients sentenced to 70 months in prison
A former ransomware negotiator at incident response firm DigitalMint has been sentenced to 70 months in prison after admitting he shared confidential client information with the BlackCat ransomware group and later helped carry out ransomware attacks. Prosecutors say Angelo Martino, 41, abused his role at DigitalMint beginning in April 2023 by providing BlackCat operators with sensitive information gathered during ransomware negotiations. The information included victims’ negotiating positions, insurance policy limits, and internal assessments, helping the … More →
The post Ransomware negotiator who betrayed clients sentenced to 70 months in prison appeared first on Help Net Security.
CISA Warns of Joomla Sites Running iCagenda or Balbooa Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added two high-risk Joomla extension flaws to its Known Exploited Vulnerabilities (KEV) Catalog. Both vulnerabilities allow unrestricted file uploads, a weakness that attackers can abuse to upload malicious files and potentially take control of vulnerable websites. The affected products are iCagenda and Balbooa Forms, two extensions used […]
The post CISA Warns of Joomla Sites Running iCagenda or Balbooa Exploited in Attacks appeared first on Cyber Security News.
AI-Powered ‘Intelligent Worm’ Could Regenerate Exploits and Adapt to Defenses in Real Time
A new threat model is raising hard questions about how quickly self-spreading malware could change during an attack. The proposed Intelligent Worm is not a confirmed strain found in the wild, but a scenario in which a worm uses an onboard reasoning loop to revise its attack methods after defenses block its original route. Like […]
The post AI-Powered ‘Intelligent Worm’ Could Regenerate Exploits and Adapt to Defenses in Real Time appeared first on Cyber Security News.
Fake OAuth client IDs are helping attackers slip past sign-in logs
Attackers running account enumeration against Microsoft cloud tenants have added a step that keeps their probing out of the usual telemetry. They spoof the OAuth client ID, the globally unique identifier assigned to an application and passed as client_id in an authentication request. Microsoft Entra ID records that value as the application ID in its sign-in logs, and the way it handles unfamiliar identifiers opens a gap that operators have started to work through. Entra … More →
The post Fake OAuth client IDs are helping attackers slip past sign-in logs appeared first on Help Net Security.
Загрузил PNG с котиком, потерял все пароли проекта. GhostCommit – новый способ обмануть ИИ
Progress Software Warns of "External Security Threat" to ShareFile
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
- CVE-2008-4128 Cisco IOS Cross-Site Request Forgery Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied.
While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV Catalog vulnerabilities. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Aware of an exploited vulnerability not currently listed in the KEV Catalog? Submit it for potential addition through CISA’s KEV Nomination Form. Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.