notice: please create a custom view template for the cybersec class view-cybersec.html
Fake VS Code alerts on GitHub spread malware to developers
{
"priority": "HIGH",
"cve": "N/A",
"target": "GitHub",
"threat_actor": "N/A",
"patch_ready": false,
"insight": "Malicious actors are spreading malware to developers via fake VS Code security alerts on GitHub."
}
5:10 pm, March 27, 2026
guid
https://www.bleepingcomputer.com/news/security/fake-vs-code-alerts-on-github-spread-malware-to-developers/
source_url
https://www.bleepingcomputer.com/news/security/fake-vs-code-alerts-on-github-spread-malware-to-developers/
author_name
Bill Toulas
id: 392
uid: bZUFx
insdate: 2026-03-27 17:10:06
title: Fake VS Code alerts on GitHub spread malware to developers
additional: {
"priority": "HIGH",
"cve": "N/A",
"target": "GitHub",
"threat_actor": "N/A",
"patch_ready": false,
"insight": "Malicious actors are spreading malware to developers via fake VS Code security alerts on GitHub."
}
category: Cybersecurity
md5:
guid: https://www.bleepingcomputer.com/news/security/fake-vs-code-alerts-on-github-spread-malware-to-developers/
source_url: https://www.bleepingcomputer.com/news/security/fake-vs-code-alerts-on-github-spread-malware-to-developers/
updated:
image:
author_name: Bill Toulas
author_link:
uid: bZUFx
insdate: 2026-03-27 17:10:06
title: Fake VS Code alerts on GitHub spread malware to developers
additional: {
"priority": "HIGH",
"cve": "N/A",
"target": "GitHub",
"threat_actor": "N/A",
"patch_ready": false,
"insight": "Malicious actors are spreading malware to developers via fake VS Code security alerts on GitHub."
}
category: Cybersecurity
md5:
guid: https://www.bleepingcomputer.com/news/security/fake-vs-code-alerts-on-github-spread-malware-to-developers/
source_url: https://www.bleepingcomputer.com/news/security/fake-vs-code-alerts-on-github-spread-malware-to-developers/
updated:
image:
author_name: Bill Toulas
author_link:
Add Comment
AI Testing

Page Views
This page has been viewed 13 times.
Search cybersec
Category List cybersec
- Cybersecurity
- "Comment stuffing" in an HTML phishing attachment as a mechanism for evading AI-based detection?, (Fri, Jul 10th)
- $13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims
- $285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
- [GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)
- [Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)
- [Guest Diary] Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd)
- [Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)
- _HELP_ME_ESCAPE_FROM_BELARUS_PLEASE_ [Guest Diary], (Tue, Jul 7th)
- 'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
- 'NoVoice' Android malware on Google Play infected 2.3 million devices
- /proxy/ URL scans with IP addresses, (Mon, Mar 16th)
- 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
- 11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot
- 13-year-old bug in ActiveMQ lets hackers remotely execute commands
- 144 Mastra npm Packages Compromised via Hijacked Contributor Account
- 148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet
- 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
- 15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros
- 15-year-old detained over French govt agency data breach
- 152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic
- 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems
- 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
- 18-year-old NGINX vulnerability allows DoS, potential RCE
- 19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges
- 2026 Browser Data Reveals Major Enterprise Security Blind Spots
- 2026 Cybersecurity Assessment: The Gap Between Awareness and Resilience
- 2026: The Year of AI-Assisted Attacks
- 22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters
- 22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
- 236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers
- 26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
- 282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study
- 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests
- 3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
- 3 SOC Process Fixes That Unlock Tier 1 Productivity
- 3 SOC Steps that Shut Down Incident Risks Early
- 3 Ways AI Powers Service Desk Attacks and How to Prevent Them
- 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
- 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
- 400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer
- 5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents
- 5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time
- 5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
- 5 Ways Zero Trust Maximizes Identity Security
- 5 reasons Microsoft 365 backup isn’t enough for business data protection
- 54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security
- 54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security
- 7 Ways to Prevent Privilege Escalation via Password Resets
- 7-Eleven confirms data breach claimed by the ShinyHunters gang
- 7-Eleven data breach exposes personal information of 185,000 people
- 73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
- 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
- 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
- A .WAV With A Payload, (Tue, Apr 21st)
- A Glimpse into the “Search Your Target” Market for Stolen Credentials
- A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)
- A React-based phishing page with credential exfiltration via EmailJS, (Fri, Mar 13th)
- A Record-Breaking Patch Tuesday for June 2026
- ADT confirms data breach after ShinyHunters leak threat
- AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
- AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
- AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged
- AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps Up
- AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.
- AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
- AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers
- AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
- AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload
- AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds
- AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.
- AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
- AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android
- AI-built ransomware toolkit automates EDR evasion, AD discovery
- AI-generated Slopoly malware used in Interlock ransomware attack
- APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
- APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military
- APT28 hackers deploy customized variant of Covenant open-source tool
- APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine
- APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
- ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit
- Accenture confirms breach after hacker offers stolen data for sale
- Acer working to patch max severity zero-days in Wave 7 routers
- Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
- Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
- Adding some Automation to the favicon.ico method of Host Recon, (Mon, Jun 29th)
- Adobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic
- Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
- Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
- Adobe patches seven max severity ColdFusion, Campaign flaws
- Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
- Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization
- Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
- After Mythos: New Playbooks For a Zero-Window Era
- Agent AI is Coming. Are You Ready?
- Agentic AI Has an Identity Problem and Attackers Know It
- Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It
- Agentic AI: The Weapon That No Longer Needs a Warrior
- Agentic GRC: Teams Get the Tech. The Mindset Shift Is What's Missing.
- Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
- AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks
- AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
- Ajax football club hack exposed fan data, enabled ticket hijack
- Alabama man pleads guilty to hacking, extorting hundreds of women
- Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada
- Alleged Scattered Spider hacker extradited to the United States
- Alleged Silk Typhoon hacker extradited to US for cyberespionage
- Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
- Amadey, StealC malware operations disrupted in Operation Endgame action
- Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
- Amazon SES increasingly abused in phishing to evade detection
- Amazon fined $2.25M for withholding evidence from fraud victims
- Amazon: Drone strikes damaged AWS data centers in Middle East
- American utility firm Itron discloses breach of internal IT network
- Americans sentenced for running 'laptop farms' for North Korea
- An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
- An Example of Stack String in High Level Language, (Sat, May 23rd)
- Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
- Analysis of a Year of Files Uploaded to DShield Sensors, (Wed, May 27th)
- Analysis of one billion CISA KEV remediation records exposes limits of human-scale security
- Analyzing "Zombie Zip" Files (CVE-2026-0866), (Wed, Mar 11th)
- Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
- Android 17 to expand banking scam call and privacy protections
- Android Adds Intrusion Logging for Sophisticated Spyware Forensics
- Android Developer Verification Rollout Begins Ahead of September Enforcement
- Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
- Android gets patches for Qualcomm zero-day exploited in attacks
- Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
- Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
- Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
- Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards
- Anthropic Restores Claude Fable 5 After U.S. Lifts Jailbreak-Linked Export Controls
- Anthropic confirms Claude Mythos-class models will roll out to the public
- Anthropic is testing desktop-like Claude Cowork for mobile
- Anthropic rolls out Claude Fable 5, but it's available for a limited time
- Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price
- Anthropic to restore Claude Fable access on Wednesday
- Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems
- Anthropic’s restricted Claude Mythos model may be coming to Claude Code
- Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
- Anti-piracy coalition takes down AnimePlay app with 5 million users
- Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
- Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
- Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
- Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages
- Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
- Apple Patches (almost) everything again. March 2026 edition., (Wed, Mar 25th)
- Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs
- Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone
- Apple Patches Everything, (Mon, May 11th)
- Apple Patches Exploited Notification Flaw, (Thu, Apr 23rd)
- Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case
- Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
- Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
- Apple account change alerts abused to send phishing emails
- Apple adds macOS Terminal warning to block ClickFix attacks
- Apple blocked over $11 billion in App Store fraud in 6 years
- Apple expands iOS 18 updates to more iPhones to block DarkSword attacks
- Apple fixes Beats Studio Buds flaw that let hackers spy on conversations
- Apple fixes bug that let the FBI recover deleted Signal messages
- Apple fixes iOS bug that retained deleted notification data
- Apple patches older iPhones and iPads against Coruna exploits
- Apple pushes first Background Security Improvements update to fix WebKit flaw
- Application Control Bypass for Data Exfiltration, (Tue, Mar 31st)
- AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code
- April KB5083769 Windows 11 update causes backup software failures
- April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
- Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer
- AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network
- AryStinger botnet infected thousands of D-Link routers worldwide
- AssuranceAmerica data breach exposes records of 6.9 million drivers
- Attacker Uses Suspected AI-Generated PowerShell Script to Map Active Directory
- Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload
- Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets
- Attackers Exploit 'Ill Bloom' Vulnerability to Drain Over $5 Million From Cryptocurrency Wallets
- Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer
- Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
- Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
- Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)
- Aura confirms data breach exposing 900,000 marketing contacts
- Australia warns of ClickFix attacks pushing Vidar Stealer malware
- Australia warns of global campaign targeting vulnerable CMS platforms
- Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
- Authorities dismantle 'AudiA6' ransomware crypto-laundering service
- Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
- AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
- Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
- Avada Builder WordPress plugin flaws allow site credential theft
- Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
- Axios npm hack used fake Teams error fix to hijack maintainer account
- Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
- Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts
- BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
- BTMOB Android malware service generates custom phishing payloads
- Backdoored PyTorch Lightning package drops credential stealer
- Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
- Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
- Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware
- Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware
- Betterleaks, a new open-source secrets scanner to replace Gitleaks
- Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore
- BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA
- BeyondTrust warns of critical flaws in remote access software
- Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware
- Bitrefill blames North Korean Lazarus group for cyberattack
- Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
- Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
- Bitwarden CLI npm package compromised to steal developer credentials
- Bitwarden adds support for passkey login on Windows 11
- Blackfield ransomware asks Nidec Corporation for $2 million ransom
- Block the Prompt, Not the Work: The End of "Doctor No"
- Bluekit phishing kit adopts browser-in-the-middle for login theft
- Brave Software releases Origin for a paid, bloat-free browsing experience
- Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
- Breach at the Beach: Play the Ultimate Entra ID CTF
- Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine
- British Scattered Spider hacker pleads guilty to crypto theft charges
- Broken VECT 2.0 ransomware acts as a data wiper for large files
- Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
- Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)
- Bubble AI app builder abused to steal Microsoft account credentials
- Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow
- C0XMO botnet spreads via DD-WRT router flaw, kills rival malware
- CERT-EU: European Commission hack exposes data of 30 EU entities
- CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
- CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
- CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
- CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
- CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV
- CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
- CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
- CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
- CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
- CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
- CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
- CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog
- CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
- CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
- CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
- CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
- CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
- CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
- CISA Admin Leaked AWS GovCloud Keys on Github
- CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
- CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
- CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
- CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
- CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
- CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
- CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices
- CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
- CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
- CISA flags Apache ActiveMQ flaw as actively exploited in attacks
- CISA flags VMware Aria Operations RCE flaw as exploited in attacks
- CISA flags Windows Task Host vulnerability as exploited in attacks
- CISA flags Wing FTP Server flaw as actively exploited in attacks
- CISA flags new SD-WAN flaw as actively exploited in attacks
- CISA flags two-year-old Oracle flaw as actively exploited in attacks
- CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day
- CISA gives feds 4 days to patch actively exploited cPanel plugin flaw
- CISA gives feds four days to patch Ivanti flaw exploited as zero-day
- CISA orders feds to patch BlueHammer flaw exploited as zero-day
- CISA orders feds to patch DarkSword iOS flaws exploited attacks
- CISA orders feds to patch Fortinet flaw exploited in attacks by Friday
- CISA orders feds to patch Windows flaw exploited as zero-day
- CISA orders feds to patch Zimbra XSS flaw exploited in attacks
- CISA orders feds to patch actively exploited Citrix flaw by Thursday
- CISA orders feds to patch actively exploited Drupal vulnerability
- CISA orders feds to patch actively exploited Ivanti flaw by Sunday
- CISA orders feds to patch exploited Fortinet EMS flaw by Friday
- CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday
- CISA orders feds to patch max severity ColdFusion flaw by Friday
- CISA orders feds to patch max severity Joomla plugin flaw by Friday
- CISA orders feds to patch max-severity Cisco flaw by Sunday
- CISA orders feds to patch n8n RCE flaw exploited in attacks
- CISA orders feds to prioritize patching Langflow auth bypass flaw
- CISA says ‘Copy Fail’ flaw now exploited to root Linux systems
- CISA sets urgent deadline to fix Cisco flaw exploited in attacks
- CISA tells govt agencies to patch critical exploited flaws in 3 days
- CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
- CISA warns Fortinet users to secure devices after FortiBleed leak
- CISA warns feds to patch iOS flaws exploited in crypto-theft attacks
- CISA warns of Apple flaws exploited in spyware, crypto-theft attacks
- CISA warns of active attacks exploiting Android, Linux bugs
- CISA warns of actively exploited RCE flaws in Joomla extensions
- CISA warns of another cPanel plugin flaw exploited in attacks
- CISA warns of cyberattacks targeting fuel tank monitoring systems
- CISA warns of max severity Ubiquiti flaws exploited in attacks
- CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
- CISA: Microsoft SharePoint RCE flaw now actively exploited
- CISA: New Langflow flaw actively exploited to hijack AI workflows
- CISA: Recently patched Ivanti EPM flaw now actively exploited
- CISA: Splunk Enterprise flaw actively exploited, patch by Sunday
- CISA: Windows BlueHammer flaw now exploited by ransomware gangs
- CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
- CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads
- CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration., (Tue, Jun 23rd)
- California AG sues 23andMe over 2023 breach exposing health data
- Can the Security Platform Finally Deliver for the Mid-Market?
- Can you enforce strong Active Directory password rules without frustrating users?
- Canada arrests three for operating “SMS blaster” device in Toronto
- Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices
- Canadian retail giant Loblaw notifies customers of data breach
- Canvas Breach Disrupts Schools & Colleges Nationwide
- Canvas login portals hacked in mass ShinyHunters extortion campaign
- Carnival Cruise confirms data breach affecting nearly 6 million people
- Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
- Charter Communications data breach affects 4.9 million accounts
- Charter confirms data breach after ShinyHunters extortion threat
- ChatGPT rolls out new $100 Pro subscription to challenge Claude
- ChatGPT share links abused to host fake outage pages to deliver malware
- ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
- Check Point links VPN zero-day attacks to Qilin ransomware gang
- Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
- Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
- China's Apple App Store infiltrated by crypto-stealing wallet apps
- China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan
- China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors
- China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
- China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists
- China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
- China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
- China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
- China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth
- China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
- China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
- China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa
- China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa
- China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware
- China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
- China-linked JDY botnet expands targeting of U.S. military networks
- Chinese APT deploys new malware to keep access to hacked networks
- Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
- Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
- Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
- Chinese hackers breach REDCap servers, steal medical research
- Chinese hackers develop LONGLEASH malware to expand ORB network
- Chinese hackers hijack auth flow, spy on isolated network for a decade
- Chinese hackers target telcos with new Linux, Windows malware
- Chinese hackers use new Atlas RAT malware in European cyberattacks
- Chinese state hackers target telcos with new malware toolkit
- Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign
- ChocoPoc malware delivered via trojanized exploits on GitHub
- Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
- Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
- Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
- Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
- Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available
- Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
- Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
- Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
- Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
- Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
- Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
- Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw
- Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root
- Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
- Cisco finally confirms attackers exploiting Unified CM flaw
- Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks
- Cisco flags more SD-WAN flaws as actively exploited in attacks
- Cisco says critical Webex Services flaw requires customer action
- Cisco source code stolen in Trivy-linked dev environment breach
- Cisco warns of critical Unified CM flaw with PoC exploit code
- Cisco warns of max severity Secure FMC flaws giving root access
- Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
- Cisco warns of unpatched SD-WAN zero-day exploited in attacks
- Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
- Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
- Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service
- Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
- Citrix urges admins to patch NetScaler flaws as soon as possible
- Claude AI finds Vim, Emacs RCE bugs that trigger on file open
- Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
- Claude Code Security and Magecart: Getting the Threat Model Right
- Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
- Claude Code leak used to push infostealer malware on GitHub
- Claude Code source code accidentally leaked in NPM package
- Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
- Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says
- Claude Fable 5 stays free for paid users until July 19 as Anthropic buys more time
- Claude Fable relaunch disappoints users with nerfed performance
- Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
- Clean GitHub repo tricks AI coding agents into running malware
- Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
- ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
- ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
- CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
- Cognizant TriZetto breach exposes health data of 3.4 million patients
- Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
- Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
- Compromised Site Management Panels are a Hot Item in Cybercrime Markets
- Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
- ConnectWise patches new flaw allowing ScreenConnect hijacking
- ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
- ConsentFix v3 attacks target Azure with automated OAuth abuse
- Continuing Scans for swagger.json, (Wed, Jun 3rd)
- Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
- Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
- Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks
- Coruna iOS exploit framework linked to Triangulation attacks
- Cosmetics giant Rituals discloses data breach affecting customers
- Council of Europe investigates ShinyHunters data breach claims
- Coupang hit with record $409 million data breach fine in Korea
- Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker
- CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
- Credit card theft campaign abuses Stripe to host stolen payment info
- Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations
- Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
- Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
- Critical Cisco IMC auth bypass gives attackers Admin access
- Critical Citrix NetScaler memory flaw actively exploited in attacks
- Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands
- Critical Everest Forms Pro flaw exploited to take over WordPress sites
- Critical Fortinet FortiSandbox flaws now exploited in attacks
- Critical Fortinet Forticlient EMS flaw now exploited in attacks
- Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
- Critical Kirki flaw exploited to hijack WordPress admin accounts
- Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
- Critical Marimo pre-auth RCE flaw now under active exploitation
- Critical Microsoft SharePoint flaw now exploited in attacks
- Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation
- Critical Nginx UI auth bypass flaw now actively exploited in the wild
- Critical SimpleHelp flaw exploited to deploy new stealer malware
- Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
- Critical UniFi OS bug lets hackers gain root without authentication
- Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
- Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
- Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
- Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
- Critical Windows Netlogon RCE flaw now exploited in attacks
- Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
- Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
- Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
- Critical cPanel and WHM bug exploited as a zero-day, PoC now available
- Critical flaw in Protobuf library enables JavaScript code execution
- Critical flaw in wolfSSL library enables forged certificate use
- Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
- Critical vm2 sandbox bug lets attackers execute code on hosts
- Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks
- Cross-Platform NPM Stealer, (Fri, May 22nd)
- Crunchyroll probes breach after hacker claims to steal 6.8M users' data
- Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments
- Crypto gang member gets 6.5 years for role in $230 million heist
- Crypto-exchange Kraken extorted by hackers after insider breach
- Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight
- CyberStrikeAI tool adopted by hackers for AI-powered attacks
- Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
- Cybercrime service disrupted for abusing Microsoft platform to sign malware
- Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
- Cybersecurity firms targeted by fraudulent OpenAI organization invites
- DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
- DAEMON Tools devs confirm breach, release malware-free version
- DAEMON Tools trojanized in supply-chain attack to deploy backdoor
- DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
- DHS confirms hackers breached HSIN info-sharing platform
- DOJ seizes CFAKE, SOCFAKE deepfake nude sites under TAKE IT DOWN Act
- DORA and operational resilience: Credential management as a financial risk control
- DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
- DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
- DShield (Cowrie) Honeypot Stats and When Sessions Disconnect, (Mon, Mar 30th)
- DShield Honeypot Update, (Mon, May 4th)
- Danger of Libredtail [Guest Diary], (Wed, Apr 29th)
- Dark web Nemesis Market vendor gets 26 years for selling drugs
- DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
- Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
- Dashlane password manager users locked out by brute force attacks
- Data breach at edtech giant McGraw Hill affects 13.5 million accounts
- Data breach exposes up to 14.2 million email logins at six ISPs
- Dawn of the Apex Agentic Adversary
- Day Zero Readiness: The Operational Gaps That Break Incident Response
- DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
- Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know
- Dell confirms its SupportAssist software causes Windows BSOD crashes
- DentaQuest data breach exposed info of 2.6 million accounts
- Detecting IP KVMs, (Tue, Mar 24th)
- Deterministic + Agentic AI: The Architecture Exposure Validation Requires
- Developer Workstations Are Now Part of the Software Supply Chain
- Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
- Device code phishing attacks surge 37x as new kits spread online
- Die Linke German political party confirms data stolen by Qilin ransomware
- Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary], (Wed, Mar 4th)
- DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
- Discord rolls out end-to-end encryption on voice, video calls
- Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
- DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
- DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets
- DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering
- Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
- Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs
- Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
- DraftKings hacker 'Snoopy' sentenced to 18 months in prison
- DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic
- Drift $280M crypto theft linked to 6-month in-person operation
- Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
- Drift loses $280 million North Korean hackers seize Security Council powers
- Drift loses $280 million as hackers seize Security Council powers
- Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
- Drupal critical update to fix bug with high exploitation risk
- Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
- Drupal: Critical SQL injection flaw now targeted in attacks
- DuckDuckGo browser now blocks YouTube video ads
- Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware
- Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
- Dutch Finance Ministry takes treasury banking portal offline after breach
- Dutch Ministry of Finance discloses breach affecting employees
- Dutch Police discloses security breach after phishing attack
- Dutch govt disrupts malware botnet with 17 million infected devices
- Dutch govt warns of Signal, WhatsApp account hijacking attacks
- Dutch police arrests suspect linked to Ajax football club hack
- EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
- EU court adviser says banks must immediately refund phishing victims
- EU sanctions Russian GRU military hackers over cyberattacks
- Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
- Edu tech firm Instructure discloses cyber incident, probes impact
- Encrypted Client Hello: Ready for Prime Time?, (Mon, Mar 9th)
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets
- England Hockey investigating ransomware data breach
- Entra passkey enrollment vishing targets Microsoft 365 users
- Ericsson US discloses data breach after service provider hack
- EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
- Eurail says December data breach impacts 300,000 individuals
- Europe sanctions Chinese and Iranian firms for cyberattacks
- European Commission confirms data breach after Europa.eu hack
- European Commission investigating breach after Amazon cloud account hack
- European Commission investigating breach after Amazon cloud hack
- European Gym giant Basic-Fit data breach affects 1 million members
- European Parliament Member Investigating Spyware Was Hacked With Pegasus
- European police dismantles €50 million crypto investment fraud ring
- Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs
- Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
- Europol-coordinated action disrupts Tycoon2FA phishing platform
- Every AI Agent Is an Identity. Most Organizations Don't Treat Them That Way
- Evil MSI Background: BASE64 Statistical Analysis, (Mon, Jun 15th)
- Evolution of Ransomware: Multi-Extortion Ransomware Attacks
- Ex-data analyst stole company data in $2.5M extortion scheme
- Ex-school district employee jailed for hacks on former employer
- Exploit available for new DirtyDecrypt Linux root escalation flaw
- Exploit released for new PinTheft Arch Linux root escalation flaw
- Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites
- F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
- F5 issues out-of-band patches for critical NGINX vulnerabilities
- FBI Seizes NetNut Proxy Platform, Popa Botnet
- FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
- FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys
- FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials
- FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts
- FBI arrests suspect linked to $46M crypto theft from US Marshals
- FBI confirms hack of Director Patel's personal email inbox
- FBI disrupts massive AI-powered phishing service using a million URLs
- FBI investigates breach of surveillance and wiretap systems
- FBI links Signal phishing attacks to Russian intelligence services
- FBI links cybercriminals to sharp surge in cargo theft attacks
- FBI seeks victims of Steam games used to spread malware
- FBI seizes Handala data leak site after Stryker cyberattack
- FBI seizes LeakBase cybercrime forum, data of 142,000 members
- FBI takedown of W3LL phishing service leads to developer arrest
- FBI warns against using Chinese mobile apps due to privacy risks
- FBI warns of Handala hackers using Telegram in malware attacks
- FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
- FBI warns of fake FIFA websites running World Cup fraud schemes
- FBI warns of in-person data theft attacks from extortion gang
- FBI warns of phishing attacks impersonating US city, county officials
- FBI: Americans lost a record $21 billion to cybercrime last year
- FBI: Americans lost over $388 million to scams using crypto ATMs in 2025
- FBI: Fraudsters use couriers to steal money in crypto scams
- FBI: Russian hackers now target Signal backup recovery keys
- FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
- FCC bans new routers made outside the USA over security risks
- FFmpeg fixes PixelSmash flaw in widely used video decoder
- FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins
- FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
- FTC to ban data broker Kochava from selling Americans’ location data
- FTC warns of record $3.5 billion losses to imposter scams in 2025
- FTC: Americans lost over $2.1 billion to social media scams in 2025
- Facebook accounts unavailable in worldwide outage
- Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes
- Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
- Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
- Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
- Fake Claude AI website delivers new 'Beagle' Windows malware
- Fake Claude Code install guides push infostealers in InstallFix attacks
- Fake Google Security site uses PWA app to steal credentials, MFA codes
- Fake IT support calls on Microsoft Teams push EtherRAT malware
- Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
- Fake LastPass support email threads try to steal vault passwords
- Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto
- Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
- Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
- Fake OpenAI repository on Hugging Face pushes infostealer malware
- Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials
- Fake Perplexity extension on Chrome Web Store tracked searches
- Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
- Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
- Fake VS Code alerts on GitHub spread malware to developers
- Fake enterprise VPN downloads used to steal company credentials
- Fake enterprise VPN sites used to steal company credentials
- Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
- Felons, Fraudsters Flog Offensive Cybersecurity Startup
- File read flaw in Smart Slider plugin impacts 500K WordPress sites
- Firefox now has a free built-in VPN with 50GB monthly data limit
- Firestarter malware survives Cisco firewall updates, security patches
- First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
- Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
- Flipper One project needs community help to build open Linux platform
- Flipper Zero firmware development continues with community help
- Florida woman imprisoned for massive Microsoft license fraud scheme
- Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
- FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
- Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft
- Forget Data Leakage: Shadow AI's Real Threat Is Access Control
- Former US execs plead guilty to aiding tech support scammers
- Former govt contractor convicted for wiping dozens of federal databases
- Former ransomware negotiator gets 4 years for BlackCat attacks
- Former ransomware negotiator pleads guilty to BlackCat attacks
- FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations
- FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
- FortiBleed campaign used custom FortiGate sniffer to steal credentials
- FortiBleed credential-theft campaign linked to Lynx ransomware
- FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
- FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
- Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
- Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
- Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
- Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
- Foxconn confirms cyberattack claimed by Nitrogen ransomware gang
- Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
- French govt agency confirms breach as hacker offers to sell data
- French govt messaging service breached in account hijacking attack
- From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market
- From 17,000 to 1.1 Million Assets: How Lumen Technologies Rebuilt Exposure Management at Scale
- From Assistive to Agentic: The AI Shift That's Redefining Threat Management
- From VMware to what’s next: Protecting data during hypervisor migration
- From a VHDX File to a Remcos RAT, (Tue, Jun 16th)
- Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
- Funnel Builder WordPress plugin bug exploited to steal credit cards
- GIGABYTE Control Center vulnerable to arbitrary file write flaw
- GM agrees to $12.75M California settlement over sale of drivers’ data
- GPU mining malware spreads via SEO poisoning, AI chatbots
- GSocket Backdoor Delivered Through Bash Script, (Fri, Mar 20th)
- Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
- Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
- GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
- Gentlemen ransomware uses multiple EDR killers to disable defenses
- German authorities identify REvil and GandCrab ransomware bosses
- German authorities identify REvil and GangCrab ransomware bosses
- Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
- Ghanain man pleads guilty to role in $100 million fraud ring
- Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
- Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
- Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
- GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
- GhostTree Attack Abused Recursive Windows Junctions to Hide Malware
- Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
- Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
- GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures
- GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
- GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
- GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code
- GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
- GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
- GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
- GitHub adds AI-powered bug detection to expand security coverage
- GitHub announces npm security changes to tackle supply-chain attacks
- GitHub confirms breach of 3,800 repos via malicious VSCode extension
- GitHub disables Microsoft repos pushing password-stealing malware
- GitHub fixes RCE flaw that gave access to millions of private repos
- GitHub investigates internal repositories breach claimed by TeamPCP
- GitHub links repo breach to TanStack npm supply-chain attack
- GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
- Gitea Vulnerability Exposes Private Container Images without Authentication
- GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
- GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
- GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
- GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
- GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
- GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions
- GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
- Glassworm botnet disrupted after resilient C2 infrastructure takedown
- Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M
- GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
- Gogs patches critical zero-day enabling remote code execution
- Going the Extra Mile: Travel Rewards Turn into Underground Currency.
- Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
- Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
- Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
- Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul
- Google Chrome adds infostealer protection against session cookie theft
- Google Chrome adds session cookie theft protection for all users
- Google Chrome shifts to two-week release cycle for increased stability
- Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
- Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
- Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
- Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices
- Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
- Google Drive ransomware detection now on by default for paying users
- Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
- Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
- Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
- Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
- Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
- Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries
- Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing
- Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
- Google accidentally exposed details of unfixed Chromium flaw
- Google adds Android protection against AI deepfake scam calls
- Google adds ‘Advanced Flow’ for safe APK sideloading on Android
- Google and Microsoft Pull ModHeader With 1.6 Million Installs After Dormant Collector Found
- Google expands Gemini AI use to fight malicious ads on its platform
- Google fixes fourth Chrome zero-day exploited in attacks in 2026
- Google fixes one actively exploited Android zero-day, 124 flaws
- Google fixes two new Chrome zero-days exploited in attacks
- Google loses final appeal to overturn €4.1 billion EU fine
- Google now allows you to change your @gmail.com address
- Google now offers up to $1.5 million for some Android exploits
- Google paid $17.1 million for vulnerability reports in 2025
- Google patches new Chrome zero-day flaw exploited in the wild
- Google releases new privacy controls for activity history, personalization
- Google rolls out Gmail end-to-end encryption on mobile devices
- Google says 90 zero-days were exploited in attacks last year
- Google to use UK and EU user IP addresses for ad personalization
- Google's Android Apps Get Public Verification to Stop Supply Chain Attacks
- Google: Cloud attacks exploit flaws more than weak credentials
- Google: Hackers used AI to develop zero-day exploit for web admin tool
- Google: New UNC6783 hackers steal corporate Zendesk support tickets
- Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
- Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
- Grafana breach caused by missed token rotation after TanStack attack
- Grafana says stolen GitHub token let hackers steal codebase
- Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
- GreyVibe hackers use ChatGPT, Gemini to power cyberattacks
- Grinex exchange blames "Western intelligence" for $13.7M crypto hack
- Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read
- Grok Build Uploads Entire Git Repositories to xAI Storage, Not Just Files It Reads
- GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks
- Guardian Agents: The Next Layer of Identity Governance
- HPE warns of critical AOS-CX flaw allowing admin password resets
- HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)
- Hacker charged with stealing $53 million from Uranium crypto exchange
- Hacker mass-mails HungerRush extortion emails to restaurant patrons
- HackerOne discloses employee data breach after Navia hack
- Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook
- Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
- Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
- Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
- Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
- Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months
- Hackers Use Fake Microsoft Entra Passkey Enrollment to Gain Microsoft 365 Access
- Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
- Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
- Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
- Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns
- Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
- Hackers abuse Google ads for GoDaddy ManageWP login phishing
- Hackers abuse Google ads, Claude.ai chats to push Mac malware
- Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
- Hackers arrested for hijacking and selling 610,000 Roblox accounts
- Hackers backdoor Jscrambler npm package with infostealer malware
- Hackers bypass SonicWall VPN MFA due to incomplete patching
- Hackers compromise Axios npm package to drop cross-platform malware
- Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
- Hackers exploit FortiClient EMS flaw to push infostealer malware
- Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
- Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining
- Hackers exploit React2Shell in automated credential theft campaign
- Hackers exploit Roundcube flaw to spy on academic researchers
- Hackers exploit TrueConf zero-day to push malicious software updates
- Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
- Hackers exploit critical auth bypass in Gitea Docker image
- Hackers exploit critical flaw in Ninja Forms WordPress plugin
- Hackers exploit file upload bug in Breeze Cache WordPress plugin
- Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin
- Hackers exploiting Acrobat Reader zero-day flaw since December
- Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
- Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now
- Hackers now exploit critical Oracle E-Business flaw in attacks
- Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot
- Hackers target Microsoft 365 accounts with 81 million login attempts
- Hackers use pixel-large SVG trick to hide credit card stealer
- Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
- Handling the CVE Flood With EPSS, (Mon, Apr 20th)
- Hands on with Intelligent Terminal, an AI-powered Windows Terminal
- Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
- Healthcare IT solutions provider ChipSoft hit by ransomware attack
- Healthcare tech firm CareCloud says hackers stole patient data
- Healthtech firm Xolis suffers data breach impacting 1.4 million people
- Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu
- Hidden backdoor in Tenda router firmware grants admin access
- Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
- Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
- Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog
- Hims & Hers warns of data breach after Zendesk support ticket breach
- Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
- Hola Browser for Windows compromised to deliver cryptominer
- Home security giant ADT data breach affects 5.5 million people
- How AI Assistants are Moving the Security Goalposts
- How AI Hallucinations Are Creating Real Security Risks
- How CISOs Can Survive the Era of Geopolitical Cyberattacks
- How Ceros Gives Security Teams Visibility and Control in Claude Code
- How Deepfakes and Injection Attacks Are Breaking Identity Verification
- How Leading Organizations Are Turning EDR Into Operational Resilience
- How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
- How Pentera Turns AI Security Workflows into Validation Engines
- How SIEM helps MSPs reduce noise and stop threats faster
- How Varonis Atlas integrates Claude Compliance API for AI governance
- How a Brute Force Attack Unmasked a Ransomware Infrastructure Network
- How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)
- How often are redirects used in phishing in 2026?, (Mon, Apr 6th)
- How to Categorize AI Agents and Prioritize Risk
- How to Evaluate AI SOC Agents: 7 Questions Gartner Says You Should Be Asking
- How to Evaluate an AI SOC Platform in 2026: 6 Capabilities That Separate Leaders from Bolt-On AI solutions
- How to Reduce Phishing Exposure Before It Turns into Business Disruption
- How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
- How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows
- INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
- INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
- INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
- INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator
- INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific
- INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers
- IPv4 Mapped IPv6 Addresses, (Tue, Mar 17th)
- ISC Stormcast For Friday, April 17th, 2026 https://isc.sans.edu/podcastdetail/9896, (Fri, Apr 17th)
- ISC Stormcast For Friday, April 24th, 2026 https://isc.sans.edu/podcastdetail/9906, (Fri, Apr 24th)
- ISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878, (Fri, Apr 3rd)
- ISC Stormcast For Friday, July 10th, 2026 https://isc.sans.edu/podcastdetail/10002, (Fri, Jul 10th)
- ISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970, (Fri, Jun 12th)
- ISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960, (Fri, Jun 5th)
- ISC Stormcast For Friday, March 13th, 2026 https://isc.sans.edu/podcastdetail/9848, (Fri, Mar 13th)
- ISC Stormcast For Friday, March 20th, 2026 https://isc.sans.edu/podcastdetail/9858, (Fri, Mar 20th)
- ISC Stormcast For Friday, March 27th, 2026 https://isc.sans.edu/podcastdetail/9868, (Fri, Mar 27th)
- ISC Stormcast For Friday, March 6th, 2026 https://isc.sans.edu/podcastdetail/9838, (Fri, Mar 6th)
- ISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934, (Fri, May 15th)
- ISC Stormcast For Friday, May 1st, 2026 https://isc.sans.edu/podcastdetail/9914, (Fri, May 1st)
- ISC Stormcast For Friday, May 22nd, 2026 https://isc.sans.edu/podcastdetail/9942, (Fri, May 22nd)
- ISC Stormcast For Friday, May 29th, 2026 https://isc.sans.edu/podcastdetail/9950, (Fri, May 29th)
- ISC Stormcast For Friday, May 8th, 2026 https://isc.sans.edu/podcastdetail/9924, (Fri, May 8th)
- ISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888, (Mon, Apr 13th)
- ISC Stormcast For Monday, April 20th, 2026 https://isc.sans.edu/podcastdetail/9898, (Mon, Apr 20th)
- ISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880, (Mon, Apr 6th)
- ISC Stormcast For Monday, July 13th, 2026 https://isc.sans.edu/podcastdetail/10004, (Mon, Jul 13th)
- ISC Stormcast For Monday, July 6th, 2026 https://isc.sans.edu/podcastdetail/9994, (Mon, Jul 6th)
- ISC Stormcast For Monday, June 15th, 2026 https://isc.sans.edu/podcastdetail/9972, (Mon, Jun 15th)
- ISC Stormcast For Monday, June 1st, 2026 https://isc.sans.edu/podcastdetail/9952, (Mon, Jun 1st)
- ISC Stormcast For Monday, June 22nd, 2026 https://isc.sans.edu/podcastdetail/9980, (Mon, Jun 22nd)
- ISC Stormcast For Monday, June 29th, 2026 https://isc.sans.edu/podcastdetail/9986, (Mon, Jun 29th)
- ISC Stormcast For Monday, June 8th, 2026 https://isc.sans.edu/podcastdetail/9962, (Mon, Jun 8th)
- ISC Stormcast For Monday, March 16th, 2026 https://isc.sans.edu/podcastdetail/9850, (Mon, Mar 16th)
- ISC Stormcast For Monday, March 23rd, 2026 https://isc.sans.edu/podcastdetail/9860, (Mon, Mar 23rd)
- ISC Stormcast For Monday, March 30th, 2026 https://isc.sans.edu/podcastdetail/9870, (Mon, Mar 30th)
- ISC Stormcast For Monday, March 9th, 2026 https://isc.sans.edu/podcastdetail/9840, (Mon, Mar 9th)
- ISC Stormcast For Monday, May 11th, 2026 https://isc.sans.edu/podcastdetail/9926, (Mon, May 11th)
- ISC Stormcast For Monday, May 4th, 2026 https://isc.sans.edu/podcastdetail/9916, (Mon, May 4th)
- ISC Stormcast For Thursday, April 16th, 2026 https://isc.sans.edu/podcastdetail/9894, (Thu, Apr 16th)
- ISC Stormcast For Thursday, April 23rd, 2026 https://isc.sans.edu/podcastdetail/9904, (Thu, Apr 23rd)
- ISC Stormcast For Thursday, April 2nd, 2026 https://isc.sans.edu/podcastdetail/9876, (Thu, Apr 2nd)
- ISC Stormcast For Thursday, April 30th, 2026 https://isc.sans.edu/podcastdetail/9912, (Thu, Apr 30th)
- ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)
- ISC Stormcast For Thursday, July 2nd, 2026 https://isc.sans.edu/podcastdetail/9992, (Thu, Jul 2nd)
- ISC Stormcast For Thursday, July 9th, 2026 https://isc.sans.edu/podcastdetail/10000, (Thu, Jul 9th)
- ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th)
- ISC Stormcast For Thursday, June 18th, 2026 https://isc.sans.edu/podcastdetail/9978, (Thu, Jun 18th)
- ISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958, (Thu, Jun 4th)
- ISC Stormcast For Thursday, March 12th, 2026 https://isc.sans.edu/podcastdetail/9846, (Thu, Mar 12th)
- ISC Stormcast For Thursday, March 19th, 2026 https://isc.sans.edu/podcastdetail/9856, (Thu, Mar 19th)
- ISC Stormcast For Thursday, March 26th, 2026 https://isc.sans.edu/podcastdetail/9866, (Thu, Mar 26th)
- ISC Stormcast For Thursday, March 5th, 2026 https://isc.sans.edu/podcastdetail/9836, (Thu, Mar 5th)
- ISC Stormcast For Thursday, May 14th, 2026 https://isc.sans.edu/podcastdetail/9932, (Thu, May 14th)
- ISC Stormcast For Thursday, May 21st, 2026 https://isc.sans.edu/podcastdetail/9940, (Thu, May 21st)
- ISC Stormcast For Thursday, May 28th, 2026 https://isc.sans.edu/podcastdetail/9948, (Thu, May 28th)
- ISC Stormcast For Thursday, May 7th, 2026 https://isc.sans.edu/podcastdetail/9922, (Thu, May 7th)
- ISC Stormcast For Tuesday, April 14th, 2026 https://isc.sans.edu/podcastdetail/9890, (Tue, Apr 14th)
- ISC Stormcast For Tuesday, April 21st, 2026 https://isc.sans.edu/podcastdetail/9900, (Tue, Apr 21st)
- ISC Stormcast For Tuesday, April 28th, 2026 https://isc.sans.edu/podcastdetail/9908, (Tue, Apr 28th)
- ISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882, (Tue, Apr 7th)
- ISC Stormcast For Tuesday, July 14th, 2026 https://isc.sans.edu/podcastdetail/10006, (Tue, Jul 14th)
- ISC Stormcast For Tuesday, July 7th, 2026 https://isc.sans.edu/podcastdetail/9996, (Tue, Jul 7th)
- ISC Stormcast For Tuesday, June 16th, 2026 https://isc.sans.edu/podcastdetail/9974, (Tue, Jun 16th)
- ISC Stormcast For Tuesday, June 23rd, 2026 https://isc.sans.edu/podcastdetail/9982, (Tue, Jun 23rd)
- ISC Stormcast For Tuesday, June 2nd, 2026 https://isc.sans.edu/podcastdetail/9954, (Tue, Jun 2nd)
- ISC Stormcast For Tuesday, June 30th, 2026 https://isc.sans.edu/podcastdetail/9988, (Tue, Jun 30th)
- ISC Stormcast For Tuesday, June 9th, 2026 https://isc.sans.edu/podcastdetail/9964, (Tue, Jun 9th)
- ISC Stormcast For Tuesday, March 10th, 2026 https://isc.sans.edu/podcastdetail/9842, (Tue, Mar 10th)
- ISC Stormcast For Tuesday, March 17th, 2026 https://isc.sans.edu/podcastdetail/9852, (Tue, Mar 17th)
- ISC Stormcast For Tuesday, March 24th, 2026 https://isc.sans.edu/podcastdetail/9862, (Tue, Mar 24th)
- ISC Stormcast For Tuesday, March 31st, 2026 https://isc.sans.edu/podcastdetail/9872, (Tue, Mar 31st)
- ISC Stormcast For Tuesday, March 3rd, 2026 https://isc.sans.edu/podcastdetail/9832, (Tue, Mar 3rd)
- ISC Stormcast For Tuesday, May 12th, 2026 https://isc.sans.edu/podcastdetail/9928, (Tue, May 12th)
- ISC Stormcast For Tuesday, May 19th, 2026 https://isc.sans.edu/podcastdetail/9936, (Tue, May 19th)
- ISC Stormcast For Tuesday, May 26th, 2026 https://isc.sans.edu/podcastdetail/9944, (Tue, May 26th)
- ISC Stormcast For Tuesday, May 5th, 2026 https://isc.sans.edu/podcastdetail/9918, (Tue, May 5th)
- ISC Stormcast For Wednesday, April 15th, 2026 https://isc.sans.edu/podcastdetail/9892, (Wed, Apr 15th)
- ISC Stormcast For Wednesday, April 1st, 2026 https://isc.sans.edu/podcastdetail/9874, (Wed, Apr 1st)
- ISC Stormcast For Wednesday, April 22nd, 2026 https://isc.sans.edu/podcastdetail/9902, (Wed, Apr 22nd)
- ISC Stormcast For Wednesday, April 29th, 2026 https://isc.sans.edu/podcastdetail/9910, (Wed, Apr 29th)
- ISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884, (Wed, Apr 8th)
- ISC Stormcast For Wednesday, July 1st, 2026 https://isc.sans.edu/podcastdetail/9990, (Wed, Jul 1st)
- ISC Stormcast For Wednesday, July 8th, 2026 https://isc.sans.edu/podcastdetail/9998, (Wed, Jul 8th)
- ISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966, (Wed, Jun 10th)
- ISC Stormcast For Wednesday, June 17th, 2026 https://isc.sans.edu/podcastdetail/9976, (Wed, Jun 17th)
- ISC Stormcast For Wednesday, June 24th, 2026 https://isc.sans.edu/podcastdetail/9984, (Wed, Jun 24th)
- ISC Stormcast For Wednesday, June 3rd, 2026 https://isc.sans.edu/podcastdetail/9956, (Wed, Jun 3rd)
- ISC Stormcast For Wednesday, March 11th, 2026 https://isc.sans.edu/podcastdetail/9844, (Wed, Mar 11th)
- ISC Stormcast For Wednesday, March 18th, 2026 https://isc.sans.edu/podcastdetail/9854, (Wed, Mar 18th)
- ISC Stormcast For Wednesday, March 25th, 2026 https://isc.sans.edu/podcastdetail/9864, (Wed, Mar 25th)
- ISC Stormcast For Wednesday, March 4th, 2026 https://isc.sans.edu/podcastdetail/9834, (Wed, Mar 4th)
- ISC Stormcast For Wednesday, May 13th, 2026 https://isc.sans.edu/podcastdetail/9930, (Wed, May 13th)
- ISC Stormcast For Wednesday, May 20th, 2026 https://isc.sans.edu/podcastdetail/9938, (Wed, May 20th)
- ISC Stormcast For Wednesday, May 27th, 2026 https://isc.sans.edu/podcastdetail/9946, (Wed, May 27th)
- ISC Stormcast For Wednesday, May 6th, 2026 https://isc.sans.edu/podcastdetail/9920, (Wed, May 6th)
- Identity Alone Isn't Enough: Why Device Security Has to Share the Load
- Identity Lifecycle Management Wasn't Built for AI Agents
- India's Telegram ban hit the UAE too. Here's how to get around it
- Infinite Campus data breach affects 137,000 school staff accounts
- Infinite Campus warns of breach after ShinyHunters claims data theft
- Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
- Injective SDK on npm infected with cryptocurrency wallet stealer
- Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process
- Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet
- Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
- Inside an OPSEC Playbook: How Threat Actors Evade Detection
- Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
- Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
- Instagram users locked out after Meta AI abused to steal accounts
- Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
- Instructure confirms data breach, ShinyHunters claims attack
- Instructure confirms hackers used Canvas flaw to deface portals
- Instructure hacker claims data theft from 8,800 schools, universities
- Instructure reaches 'agreement' with ShinyHunters to stop data leak
- Insurance giant Aflac discloses data breach after subsidiary hack
- Interesting Message Stored in Cowrie Logs, (Wed, Mar 18th)
- Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
- International joint action disrupts world’s largest DDoS botnets
- Investigating a New Click-Fix Variant
- Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
- Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
- Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
- Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations
- Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor
- Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
- Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning
- Iranian hackers targeted major South Korean electronics maker
- IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
- Is a $30,000 GPU Good at Password Cracking?
- Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes
- Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
- Ivanti warns of new EPMM flaw exploited in zero-day attacks
- Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
- Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
- Ivanti: Max severity Sentry flaw allows code execution as root
- JDownloader site hacked to replace installers with Python RAT malware
- JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware
- JadePuffer ransomware used AI agent to automate entire attack
- JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025
- Japan's largest taxi operator shuts systems after cyberattack
- Japanese energy firm loses drive with data of 10.9 million clients
- JaredFromSubway MEV bot hacked in $15 million crypto theft
- June 2026 Apple Updates, (Tue, Jun 30th)
- Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
- KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
- Kali Linux 2026.1 released with 8 new tools, new BackTrack mode
- Kali Linux 2026.2 released with 9 new tools, NetHunter updates
- Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison
- KelpDAO suffers $290 million heist tied to Lazarus hackers
- Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
- Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
- Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks
- Klue OAuth breach victim list grows as Icarus hackers claim attack
- KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
- KnowledgeDeliver flaw exploited as a zero-day to install web shells
- Kodak confirms data breach claimed by ShinyHunters extortion gang
- KongTuke hackers now use Microsoft Teams for corporate breaches
- Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
- Kubota says hackers had month-long access to network systems
- Kyber ransomware gang toys with post-quantum encryption on Windows
- LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
- LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
- LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution
- Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
- Laravel Lang packages hijacked to deploy credential-stealing malware
- Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
- Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched
- LastPass confirms data breach in Klue supply chain attack
- LastPass, Bitwarden users targeted with fake security alerts
- Lawmakers Demand Answers as CISA Tries to Contain Data Leak
- Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
- Leak confirms OpenAI is testing a ChatGPT for Science subscription
- LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace
- LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
- LeakNet ransomware uses ClickFix and Deno runtime for stealthy attacks
- LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
- Leaked Shai-Hulud malware fuels new npm infostealer campaign
- Learning from the Vercel breach: Shadow AI & OAuth sprawl
- Lessons Learned from CISA’s Recent GitHub Leak
- Lessons from the Underground: How to Combat Business Email Compromise
- LexisNexis confirms data breach as hackers leak stolen files
- Lidl discloses online shop breach after service provider hack
- LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
- LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
- Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
- Linux Process Name Masquerading, (Wed, Jun 24th)
- LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure