🛡 Cybersecurity & Privacy 🛡 - News
26.9K subscribers
89.8K links
🗞 The finest daily news on cybersecurity and privacy.

🔔 Daily releases.

💻 Is your online life secure?

📩 lalilolalo.dev@gmail.com
Download Telegram
🖋️ Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues 🖋️

Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its opensource projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the broader ecosystem," a Microsoft spokesperson told The Hacker News via email. "We temporarily removed some.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
🖋️ WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine 🖋️

Two Russiaaligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu aka Gamaredon and SHADOWEARTH066 aka UAC0226. It involves the exploitation of CVE20258088, a path traversal flaw that allows an.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
🖋️ Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models 🖋️

University of Toronto researchers have built and tested a proofofconcept AIdriven computer worm that uses a locally hosted openweight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself, all without human intervention and without touching a commercial AI service. The preprint, posted to arXiv on.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
🖋️ Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now 🖋️

Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The highseverity vulnerability, tracked as CVE202611645 CVSS score 8.8, has been described as an outofbounds memory access in V8, Chrome's JavaScript and WebAssembly engine. "Outofbounds read and write in V8 in Google Chrome prior to 149.0.7827.103.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
🖋️ The Hidden Security Risk in Modern Networks: The Work Between Tools 🖋️

Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort. But the same challenges persist. Outages still last hours, causing significant financial losses, operational disruption, and reputational impact. Threat response and mean time to.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
🖋️ New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing 🖋️

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the drive for contention in the background. Researchers at Graz University of Technology built it and.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
🖋️ Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer 🖋️

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index PyPI registry, as the Mini ShaiHuludstyle attacks continue to be refined and splintered to target specific ecosystems. "The compromised releases shipped a setup.pth file that attempts to execute automatically.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
🖋️ LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE 🖋️

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a highseverity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE202642271 CVSS score 8.7, is a command injection vulnerability that could allow any authenticated user to run arbitrary commands on the.

📖 Read more.

🔗 Via "The Hacker News"

----------
👁️ Seen on @cibsecurity
🚀 SMB cyber-readiness: What makes or breaks it 🚀

A company that's expecting a cyberattack but hasnt actively prepared for it risks making the hardest decisions at the worst possible moment.

📖 Read more.

🔗 Via "ESET - WeLiveSecurity"

----------
👁️ Seen on @cibsecurity
📔 Fake Software Tutorials on TikTok Spread Vidar Stealer 📔

Threat actors push fake freesoftware tutorials on TikTok and Instagram to spread Vidar stealer.

📖 Read more.

🔗 Via "Infosecurity Magazine"

----------
👁️ Seen on @cibsecurity
📔 New SilabRAT Trojan Hijacks Sessions to Steal Crypto 📔

MaaS trojan SilabRAT uses HVNC and browser cloning to hijack sessions and steal crypto.

📖 Read more.

🔗 Via "Infosecurity Magazine"

----------
👁️ Seen on @cibsecurity
📔 Cybersecurity Software Fails to Detect Fifth of Brower-Based Phishing Attacks 📔

Menlo Security research warns that as enterprise applications become increasingly browser based, traditional cybersecurity tools leave them vulnerable to cyber threats.

📖 Read more.

🔗 Via "Infosecurity Magazine"

----------
👁️ Seen on @cibsecurity
📔 New Fable 5 Is a "Mythos-Class" LLM Available to All, Anthropic Announces 📔

Anthropic unveils Claude Mythos 5 and Fable 5, a restrictedaccess frontier AI model and guardrailed version for everyone to use.

📖 Read more.

🔗 Via "Infosecurity Magazine"

----------
👁️ Seen on @cibsecurity
📔 Over a Quarter of Identity Crime Victims Hit by Multiple Incidents, ITRC Data Shows 📔

Nearly 26 of identity crime victims faced multiple incidents in the past year, as ITRC warns of a growing "multilayered crisis".

📖 Read more.

🔗 Via "Infosecurity Magazine"

----------
👁️ Seen on @cibsecurity
📔 Microsoft Fixes 200 CVEs in June Patch Tuesday 📔

Microsoft has patched 200 vulnerabilities including three zerodays.

📖 Read more.

🔗 Via "Infosecurity Magazine"

----------
👁️ Seen on @cibsecurity
📔 75% of Firms Deploy Vulnerable Code Amid Pressure on CISOs, Report Finds 📔

Checkmarx report warns that business pressure is among the reason security leaders let security compliance slip.

📖 Read more.

🔗 Via "Infosecurity Magazine"

----------
👁️ Seen on @cibsecurity
📔 AI Coding Adoption Hits 97% but Governance Lags Behind 📔

Most dev teams use AI coding assistants but only 30 have full governance in place.

📖 Read more.

🔗 Via "Infosecurity Magazine"

----------
👁️ Seen on @cibsecurity
📔 Critical phpBB Flaw Lets Attackers Hijack Any Account with One Request 📔

Critical phpBB authentication bypass lets attackers hijack any account with one request.

📖 Read more.

🔗 Via "Infosecurity Magazine"

----------
👁️ Seen on @cibsecurity
📔 Google Releases Patch for Chrome Vulnerability Exploited in the Wild 📔

The flaw, CVE202611645, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

📖 Read more.

🔗 Via "Infosecurity Magazine"

----------
👁️ Seen on @cibsecurity
📔 Check Point Warns Critical Auth Bypass Bug Exploited in the Wild 📔

Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin.

📖 Read more.

🔗 Via "Infosecurity Magazine"

----------
👁️ Seen on @cibsecurity
🦅 FIFA World Cup 2026 Scams Are Already Active: Fake Domains, Phishing Sites, and How to Stay Safe 🦅

The FIFA World Cup 2026 kicks off on June 11, and the world's biggest sporting event is drawing more than just fans it is already attracting a wave of cybercriminals targeting ticket buyers, job seekers, streaming viewers, and corporate brands alike.  The FBI has issued a formal Public Service Announcement warning that threat actors are creating fraudulent versions of FIFAaffiliated websites to steal personal information, conduct financial fraud, and sell fake products and services. Cyble researchers independently analyzed the domains flagged by the FBI and confirmed that many remained active and operational at the time of publishing this report.  With 48 teams, 16 host cities across the United States, Canada, and Mexico, and an estimated global audience of billions, the FIFA Wor...

📖 Read more.

🔗 Via "CYBLE"

----------
👁️ Seen on @cibsecurity