F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution Vulnerability / Cloud SecurityF5 has released security updates to address two critical security fl... 2026-6-18 17:32:14 | 阅读: 3 | 收藏 | The Hacker News - thehackernews.com 2026 ingress security attacker aslr

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories The internet did not break this week. It got used exactly as designed, which is worse.Searches were... 2026-6-18 15:27:54 | 阅读: 3 | 收藏 | The Hacker News - thehackernews.com phishing security malicious windows attackers

Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2 Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targete... 2026-6-18 14:30:42 | 阅读: 9 | 收藏 | The Hacker News - thehackernews.com clipper worm clipboard c2 wscript

INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023 Vulnerability / Enterprise SecurityCybersecurity researchers have charted the evolution of INC fro... 2026-6-18 14:12:48 | 阅读: 8 | 收藏 | The Hacker News - thehackernews.com ransomware acronis sectors affiliates payload

DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic Remote Access Trojan / RansomwareThreat actors associated with the DragonForce ransomware have bee... 2026-6-18 13:30:7 | 阅读: 11 | 收藏 | The Hacker News - thehackernews.com microsoft ransomware network c2 dragonforce

Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network AI Security / Data SecurityIf an autonomous AI agent interacts with your company's core intellectu... 2026-6-18 11:58:0 | 阅读: 6 | 收藏 | The Hacker News - thehackernews.com security privileges interacts orphaned network

The Scripts on Your Checkout Page Are Now a PCI DSS Problem Payment Security / ComplianceAn independent PCI assessor tested Reflectiz against the new PCI DSS... 2026-6-18 11:0:0 | 阅读: 5 | 收藏 | The Hacker News - thehackernews.com reflectiz saq qsa dss assessor

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments Malware / Social EngineeringAn unknown threat actor has been observed leveraging paid or promoted... 2026-6-17 18:14:24 | 阅读: 10 | 收藏 | The Hacker News - thehackernews.com reputation download promoted github sourceforge

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development Endpoint Security / VulnerabilityMicrosoft has formally disclosed that it's working to release a p... 2026-6-17 17:36:28 | 阅读: 10 | 收藏 | The Hacker News - thehackernews.com microsoft rogueplanet 2026 defender eclipse

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline A French-speaking attacker broke into a small French automotive business, planted a keylogger, and... 2026-6-17 16:0:56 | 阅读: 14 | 收藏 | The Hacker News - thehackernews.com tailscale c2 cato poisson openssh

Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization For security teams, the findings never stop, but confidence in knowing which ones matter is becomin... 2026-6-17 11:58:0 | 阅读: 19 | 收藏 | The Hacker News - thehackernews.com security exposure aev breachlock

The Top 10 Attack Surface Exposures in 2026 Attack Surface ManagementBreaches don't always start with a zero-day. An exposed admin panel can g... 2026-6-17 10:30:0 | 阅读: 15 | 收藏 | The Hacker News - thehackernews.com facing ransomware database reachable upnp

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplac... 2026-6-17 09:38:46 | 阅读: 15 | 收藏 | The Hacker News - thehackernews.com deepseek coder malicious aikido chrome

144 Mastra npm Packages Compromised via Hijacked Contributor Account As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-sou... 2026-6-17 07:38:24 | 阅读: 14 | 收藏 | The Hacker News - thehackernews.com mastra malicious payload library

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution Vulnerability / Supply Chain AttackThe U.S. Cybersecurity and Infrastructure Security Agency (CI... 2026-6-17 05:50:46 | 阅读: 11 | 收藏 | The Hacker News - thehackernews.com wordpress jce joomla widget 2026

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting Machine Learning / Cloud SecurityA flaw in the Google Cloud Vertex AI SDK for Python let an attack... 2026-6-16 19:5:41 | 阅读: 11 | 收藏 | The Hacker News - thehackernews.com vertex victim attacker cloud staging

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loade... 2026-6-16 17:41:28 | 阅读: 16 | 收藏 | The Hacker News - thehackernews.com loader clickfix ipsum lorem payload

New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds Mobile Security / MalwareSecurity researchers at Zimperium's zLabs have documented a new Android b... 2026-6-16 13:10:17 | 阅读: 22 | 收藏 | The Hacker News - thehackernews.com rokarolla zimperium trojan security

Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment... 2026-6-16 11:30:0 | 阅读: 19 | 收藏 | The Hacker News - thehackernews.com security residential spur proxy

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week Vulnerability / Threat IntelligenceBad actors are exploiting multiple security vulnerabilities in... 2026-6-16 10:30:41 | 阅读: 10 | 收藏 | The Hacker News - thehackernews.com 2026 25089 attacker