πŸ›‘ Cybersecurity & Privacy πŸ›‘ - News
26.9K subscribers
89.8K links
πŸ—ž The finest daily news on cybersecurity and privacy.

πŸ”” Daily releases.

πŸ’» Is your online life secure?

πŸ“© lalilolalo.dev@gmail.com
Download Telegram
πŸ“’ Developers urged to remain vigilant amid continued Miasma malware risks πŸ“’

The Miasma malware package uses legitimate OIDC tokens, making it indistinguishable from routine code updates.

πŸ“– Read more.

πŸ”— Via "ITPro"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Microsoft Reportedly Cuts Hundreds of Azure Jobs in China 🦿

Microsoft reportedly cut 200 to 400 Azure jobs in China as US and Chinese data rules tighten around cloud operations. The post Microsoft Reportedly Cuts Hundreds of Azure Jobs in China appeared first on TechRepublic.

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Microsoft’s Record-Breaking Patch Tuesday Fixes Over 200 Security Flaws 🦿

Microsofts June Patch Tuesday fixed about 200 CVEs, including public zerodays and Critical Windows flaws tied to patching pressure. The post Microsofts RecordBreaking Patch Tuesday Fixes Over 200 Security Flaws appeared first on TechRepublic.

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Check Point Warning: Actively Exploited VPN Zero-Day Linked to Qilin Ransomware 🦿

Check Point says VPN zeroday CVE202650751 was exploited by a Qilinlinked actor, prompting emergency hotfixes and a CISA patch deadline. The post Check Point Warning Actively Exploited VPN ZeroDay Linked to Qilin Ransomware appeared first on TechRepublic.

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
🦿 Meta Instagram Recovery Flaw Exposed More Than 20,000 Accounts 🦿

Meta says a bug in its AIassisted account recovery workflow likely let attackers reset passwords for more than 20,000 Instagram accounts. The post Meta Instagram Recovery Flaw Exposed More Than 20,000 Accounts appeared first on TechRepublic.

πŸ“– Read more.

πŸ”— Via "Tech Republic"

----------
πŸ‘οΈ Seen on @cibsecurity
β™ŸοΈ Who Runs the Ransomware Group β€˜The Gentlemen?’ β™ŸοΈ

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator of The Gentlemen ransomware group.

πŸ“– Read more.

πŸ”— Via "Krebs on Security"

----------
πŸ‘οΈ Seen on @cibsecurity
β™ŸοΈ A Record-Breaking Patch Tuesday for June 2026 β™ŸοΈ

Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and exploit code for at least three of the weaknesses is now publicly available.

πŸ“– Read more.

πŸ”— Via "Krebs on Security"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks πŸ–‹οΈ

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code using npm lifecycle hooks. "Npm install" is used to download and install all the necessary.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance πŸ–‹οΈ

Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with Chinanexus statesponsored threat actors. "The JDY botnet comprises over 1,500 SOHO small office and home office and IoT devices and operates as a centrally controlled, highperformance scanner used to discover, fingerprint, and continuously map exposed services at scale," Lumen's.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities πŸ–‹οΈ

Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It's tracked as CVE202625089 CVSS score 9.1. "An.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE πŸ–‹οΈ

A highseverity unpatched security flaw in Langflow, an opensource lowcode platform to build artificial intelligence AI applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE20265027 CVSS score 8.8, a case of path traversal that could allow an attacker to write files to arbitrary locations. "The 'POST .

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation πŸ–‹οΈ

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation. The list of vulnerabilities is as follows CVE202620245 CVSS score 7.8 An improper encoding or escaping of output vulnerability in Cisco Catalyst SDWAN Manager that could allow an.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar πŸ–‹οΈ

Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report looks stable. Leadership reads "stable" as "secure." It usually isn't. The work slows down. The risk does not. That gap is what a The Hacker News webinar with Picus Security sets out to close. Autumn.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs πŸ–‹οΈ

Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards πŸ–‹οΈ

On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual it shipped one model as two products, split not by capability but by a layer of safety classifiers. Fable 5 goes to the public. Its twin, Claude Mythos 5, the same underlying model with the cyber safeguards lifted, stays locked to a vetted group of cyber.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances πŸ–‹οΈ

ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. "On June 5, 2026, ServiceNow applied a security update to hosted customer instances," the company revealed in an advisory that requires customer access. "The update concerned a security issue that could allow an unauthenticated user, in.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows πŸ–‹οΈ

The anonymous security researcher going by the name Chaotic Eclipse aka NightmareEclipse has released a proofofconcept PoC exploit for yet another Microsoft Defender zeroday named RoguePlanet. "The exploit is a race condition, so it's a hit or miss," the researcher, who published the exploit under a new GitHub account "MSNightmare" said. "I have managed to get a 100 success rate on.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS πŸ–‹οΈ

Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers Protobuf, that, if successfully exploited, could result in remote code execution RCE and denialofservice DoS attacks. "In affected environments, a single malicious protobuf schema, descriptor, or crafted payload could be enough to trigger.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Meta to Use Off-Site Business Data for Feed and AI Personalization πŸ–‹οΈ

Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence AI chatbot, expanding its scope beyond targeted ads. "Businesses often share information about people's activity on their sites with us to make ads more relevant," Meta said in a statement. "We already use this data like games you play.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code πŸ–‹οΈ

Veeam has released security patches to address a critical flaw in its Backup Replication software that could result in remote code execution. Tracked as CVE202644963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory. It.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity
πŸ–‹οΈ Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues πŸ–‹οΈ

Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its opensource projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the broader ecosystem," a Microsoft spokesperson told The Hacker News via email. "We temporarily removed some.

πŸ“– Read more.

πŸ”— Via "The Hacker News"

----------
πŸ‘οΈ Seen on @cibsecurity