ποΈ Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits accounttoken sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signedin user's token and get it, then read email, open files, browse the calendar, and send messages as that user. No password, no login screen, no permission prompt.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479) ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Redis has patched a useafterfree in its blockingclient code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases. Tracked as CVE202623479, the flaw was introduced in Redis 7.2.0 and remained in every stable branch until the May 5 fixes, unnoticed for over two years.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π¦Ώ Appleβs 2026 Security Events: iPhone Exploits, Zero-Days Put Millions at Risk π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Apples 2026 security year includes zerodays, iPhone exploit kits, WebKit fixes, and background patches that users and IT teams need to track. The post Apples 2026 Security Events iPhone Exploits, ZeroDays Put Millions at Risk appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Appleβs 2026 Security Events: iPhone Exploits, Zero-Days Put Millions at Risk
Appleβs 2026 security year includes zero-days, iPhone exploit kits, WebKit fixes, and background patches that users and IT teams need to track.
π¦Ώ Microsoft Tests Wearable AI Badge for Office Workers π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Microsoft showed Project Solara concept devices at Build 2026, including a wearable AI badge for office workers using AI agents. The post Microsoft Tests Wearable AI Badge for Office Workers appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Microsoft Tests Wearable AI Badge for Work
Microsoft showed Project Solara concept devices at Build 2026, including a wearable AI badge for office workers using AI agents.
π¦Ώ CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
CISA added Oracle WebLogic flaw CVE202421182 to its KEV catalog, giving federal agencies until June 4 to patch exposed servers. The post CISA Flags 2YearOld Oracle WebLogic Vulnerability as Actively Exploited appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited
CISA added Oracle WebLogic flaw CVE-2024-21182 to its KEV catalog, giving federal agencies until June 4 to patch exposed servers.
β€1
π’ βThese sorts of post-compromise techniques used to be restricted to actors with the technical knowledge to carry them outβ: Anthropic warns AI is helping lower the bar for up-and-coming hackers π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
AI is making it harder to differentiate between high and lowskilled actors.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
βThese sorts of post-compromise techniques used to be restricted to actors with the technical knowledge to carry them outβ: Anthropicβ¦
AI is making it harder to differentiate between high and low-skilled actors
π’ Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chief π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chief
Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
ποΈ Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto the projects downstream that pull it. RyotaK of GMO.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great. Read the whole thing before it ruins your week anyway. Unauthenticated.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A new Chinalinked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid operational tempo" and a continually evolving malware arsenal comprising known families like ValleyRAT aka Winos 4.0 and Atlas RAT aka AtlasCross RAT, as well as previously.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner aka FileRipple in late August 2025. The cybercrime group behind the two attack chains is.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have flagged a largescale operation that impersonates opensource and freeware projects to funnel unsuspecting users through a Traffic Distribution System TDS and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework. "The sites are welldesigned and often look like legitimate project portals at a glance, sometimes referencing.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black's Threat Hunter Team reported the campaign this week. This points to espionage, not a money grab.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Department of Justice DoJ on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyberenabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by transnational.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Chinese-Speaking Actor TA4922 Widens Its Global Reach π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Newly named Chinesespeaking actor TA4922 expands from East Asia into Europe and Africa.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Chinese-Speaking Actor TA4922 Widens Its Global Reach
Newly named Chinese-speaking actor TA4922 expands from East Asia into Europe and Africa
π Infosecurity Europe: AI Adoption Creates New Opportunities for Attackers to Distribute Malware, Microsoft Warns π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Microsoft Detection and Response Team DART details how it has uncovered malicious AI applications as cyber criminals manipulate organizations adopting AI tools.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
AI Adoption Creates New Opportunities for Attackers
Microsoft Detection and Response Team (DART) details how it has uncovered malicious AI applications as cyber criminals manipulate organizations adopting AI tools
π Infosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New Benchmark π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A Bugcrowd researcher has unveiled ExploitBench, an independent benchmark of AI models for vulnerability exploitation.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits
A Bugcrowd researcher has unveiled ExploitBench, an independent benchmark of AI models for vulnerability exploitation
π Infosecurity Europe: How Proton Fights Against Cybercriminals Using Its Services π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Proton uses machine learning models to detect abuse of its services especially email addresses used by cybercriminals.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
How Proton Fights Against Cybercriminals Using Its Services
Proton uses machine learning models to detect abuse of its services β especially email addresses used by cybercriminals
π Infosecurity Europe: How Businesses Can Prepare for a Cybersecurity Crisis with Effective Plans π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Cybersecurity and business leaders with experience of dealing with major incidents from within the NCSC and at JLR detail what you need to prioritize if your organization is hit by a cyberattack.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
How Businesses Can Prepare for a Cybersecurity Crisis
Cybersecurity leaders with experience of dealing with incidents from within the NCSC and at JLR detail what you need to prioritize during a cyber-attack
π Infosecurity Europe: Ukraineβs Experience Highlights the Need for Preparation and Resilience in Cybersecurity π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Former Ukrainian foreign minister, Dmytro Kuleba, urges Infosecurity Europe attendees to fight the good fight.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Ukraineβs Experience Highlights the Need for Preparation in Cyber
Former Ukrainian foreign minister, Dmytro Kuleba, urges Infosecurity Europe attendees to never give up
π Infosecurity Europe: Raise Security Concerns with Procurement Now, Because Quantum Canβt Wait π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Forescout VP of security intelligence, Rik Ferguson, warns that Qday is fast approaching.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Infosecurity Europe: Raise Security Concerns with Procurement Now, Bec
Forescout VP of security intelligence, Rik Ferguson, warns that Q-day is fast approaching