⚠️ Malicious Sicoob NuGet steals Brazilian bank credentials while npm packages target AWS and CI/CD secrets.

The fake "Sicoob.Sdk" versions 2.0.0–2.0.4 exfiltrate client IDs, PFX certificates, and passwords. It was downloaded nearly 500 times.

Multiple npm packages from one actor also steal cloud and pipeline secrets.

Full report: https://thehackernews.com/2026/05/malicious-sicoob-nuget-steals-banking.html

⚠️ A previously unknown threat actor has been quietly targeting #Ukraine since at least August 2025.

GREYVIBE uses spear-phishing, fake CAPTCHA pages, and fraudulent websites to deliver custom #malware to military, government, civilian, and business targets.

Researchers also found evidence of AI-assisted malware development and links to the cybercrime ecosystem.

Full report: https://thehackernews.com/2026/05/new-russian-linked-greyvibe-targets.html

⚡ AI is making DDoS attacks faster, smarter, and far more dangerous.

Attackers are now using AI to discover weak spots, create new attack vectors, and scale assaults with terrifying efficiency.

Join our next expert webinar: "A New Perspective on #DDoS Attacks in the Age of AI"

Learn real-world examples of AI-powered attacks and practical ways to defend against them — before they hit you.

👉 Register Now (Free): https://thehacker.news/ai-ddos-attacks

⚠️ Attackers used an LLM agent for post-exploitation after breaching a public Marimo notebook via CVE-2026-39987, a pre-auth RCE flaw affecting versions ≤0.20.4.

The intrusion stole cloud credentials, retrieved an SSH key from AWS Secrets Manager, and exfiltrated a PostgreSQL database via eight SSH sessions in under two minutes.

Full report: https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html

⚠️ A new technique called "ChatGPhish" turns OpenAI’s ChatGPT into a #phishing tool.

No special prompt required... simply summarizing a malicious web page can cause #ChatGPT to display phishing links, fake security alerts, QR codes, and attacker-hosted images in its trusted interface.

Full story: https://thehackernews.com/2026/05/chatgphish-vulnerability-turns-chatgpt.html

🚨 CVE-2026-0257, a PAN-OS and Prisma Access authentication bypass flaw, is under active exploitation.

The CVSS 7.8 bug can enable unauthorized VPN access and, in some observed cases, access to internal networks.

Patch immediately or apply mitigations.

Details: https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html

Dutch authorities have dismantled a botnet comprising at least 17 million infected devices, including computers, smartphones, tablets, and IoT devices.

More than 200 servers in the Netherlands supported the operation. Police seized a subset of the infrastructure, and the hosting provider subsequently took the network offline.

Read: https://thehackernews.com/2026/05/dutch-authorities-dismantle-botnet.html

⚠️ Threat actors are actively exploiting a critical vulnerability in WP Maps Pro.

CVE-2026-8732 (CVSS 9.8) lets unauthenticated attackers create admin accounts and take over sites. It affects all versions up to 6.1.0.

Update to 6.1.1 now.

Read: https://thehackernews.com/2026/06/critical-wp-maps-pro-flaw-actively.html

🚨 A legitimate-looking npm package for OpenAI Codex has been stealing developer auth tokens for over a month.

codexui-android, marketed as a remote web UI, has seen 29,000+ weekly downloads. Since version 0.1.82 it quietly sends ~/.codex/auth.json — including non-expiring refresh tokens — to an attacker server.

Read: https://thehackernews.com/2026/06/openai-codex-authentication-tokens.html

🛑 China-aligned hackers are intensifying espionage campaigns.

Operation Dragon Weave is hitting Czech Republic and Taiwan with spear-phishing ZIPs to deploy AdaptixC2 via Azure Blob Storage.

It gives attackers full remote control with 36 commands.

Learn More: https://thehackernews.com/2026/06/china-aligned-groups-ramp-up-attacks.html

Stay alert with unexpected email attachments.

The “vCISO platform” label is outdated for today’s MSPs.

Service providers need portfolio-wide security programs, CISO-grade intelligence, and revenue insights.

That’s why the Security Growth Platform category has emerged — and Cynomi currently defines it with its unified frameworks and 100% partner-only model.

Read: https://thehackernews.com/2026/06/the-security-growth-platform-why-msps.html

⚡ PAN-OS exploited. Gogs 0-day. GlassWorm takedown. AI malware lures. Smishing wave. OAuth phish kits. SonicWall scans.

Monday #cybersecurity recap is stacked.

Read it - https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html

🔥 A new supply chain attack has hit official Red Hat Cloud Services npm packages.

The Miasma campaign, a fresh Mini Shai-Hulud variant, plants a malicious preinstall hook that steals GitHub secrets, cloud credentials, SSH keys, and more from developer and CI/CD environments.

It also adds persistence and downstream poisoning.

Read: https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html

🚨 A brute-force attack against certain Dashlane accounts bypassed 2FA protections in a handful of cases, allowing attackers to register new devices and download encrypted vault copies.

Fewer than 20 personal plan users were affected.

Full details: https://thehackernews.com/2026/06/dashlane-discloses-brute-force-attack.html