Category: Uncategorized

  • Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps

    Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps

    Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET.

    The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites mimicking utilities, war-related updates, and a government news source:

    govlens[.]net, which

  • New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework

    New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework

    Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework.

    ReliaQuest has assessed with moderate to high confidence that the espionage-focused activity is linked to China.

    “OP-512 was highly likely conducting espionage through a

  • Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver

    Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver

    Eighteen months ago, the AI SOC was a marketing line. Today it’s a budget item. The category has crossed over from interesting to inevitable, with billions of dollars now flowing into AI-powered security operations platforms, agentic SOC tools, and AI co-pilots built into every layer of the security stack. The data shows SOCs are buying, deploying, and standing up AI capabilities at the fastest
  • Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

    Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

    Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise.

    The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, 1.9.12. A patch for the flaw was

  • FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins

    FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins

    Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff.

    Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming apps, and at least one operation that copies FIFA’s login page well enough to take over real accounts.

    It is an obvious target. More than

  • PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network

    PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network

    The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network.

    “Compromised business servers across the U.S., Europe, and Asia were quietly converted into SMTP proxies, verified for mail relay capability, and synced to a downstream consumer every five minutes,” Hunt.io said in

  • Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

    Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

    Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root.

    It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco’s PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway.

    The flaw is a server-side request forgery.

  • Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

    Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

    A security researcher found a flaw in Anthropic’s Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic’s own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto the projects downstream that pull it.

    RyotaK of GMO

  • ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

    ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

    It got stupid again.

    The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great.

    Read the whole thing before it ruins your week anyway.

    Unauthenticated

  • China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa

    A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa.

    These efforts have been complemented by a “rapid operational tempo” and a continually evolving malware arsenal comprising known families like ValleyRAT (aka Winos 4.0) and Atlas RAT (aka AtlasCross RAT), as well as previously