⚠️ A previously unknown threat actor has been quietly targeting #Ukraine since at least August 2025.

GREYVIBE uses spear-phishing, fake CAPTCHA pages, and fraudulent websites to deliver custom #malware to military, government, civilian, and business targets.

Researchers also found evidence of AI-assisted malware development and links to the cybercrime ecosystem.

Full report: https://thehackernews.com/2026/05/new-russian-linked-greyvibe-targets.html

⚡ AI is making DDoS attacks faster, smarter, and far more dangerous.

Attackers are now using AI to discover weak spots, create new attack vectors, and scale assaults with terrifying efficiency.

Join our next expert webinar: "A New Perspective on #DDoS Attacks in the Age of AI"

Learn real-world examples of AI-powered attacks and practical ways to defend against them — before they hit you.

👉 Register Now (Free): https://thehacker.news/ai-ddos-attacks

⚠️ Attackers used an LLM agent for post-exploitation after breaching a public Marimo notebook via CVE-2026-39987, a pre-auth RCE flaw affecting versions ≤0.20.4.

The intrusion stole cloud credentials, retrieved an SSH key from AWS Secrets Manager, and exfiltrated a PostgreSQL database via eight SSH sessions in under two minutes.

Full report: https://thehackernews.com/2026/05/attackers-use-llm-agent-for-post.html

⚠️ A new technique called "ChatGPhish" turns OpenAI’s ChatGPT into a #phishing tool.

No special prompt required... simply summarizing a malicious web page can cause #ChatGPT to display phishing links, fake security alerts, QR codes, and attacker-hosted images in its trusted interface.

Full story: https://thehackernews.com/2026/05/chatgphish-vulnerability-turns-chatgpt.html

🚨 CVE-2026-0257, a PAN-OS and Prisma Access authentication bypass flaw, is under active exploitation.

The CVSS 7.8 bug can enable unauthorized VPN access and, in some observed cases, access to internal networks.

Patch immediately or apply mitigations.

Details: https://thehackernews.com/2026/05/pan-os-globalprotect-authentication.html

Dutch authorities have dismantled a botnet comprising at least 17 million infected devices, including computers, smartphones, tablets, and IoT devices.

More than 200 servers in the Netherlands supported the operation. Police seized a subset of the infrastructure, and the hosting provider subsequently took the network offline.

Read: https://thehackernews.com/2026/05/dutch-authorities-dismantle-botnet.html

⚠️ Threat actors are actively exploiting a critical vulnerability in WP Maps Pro.

CVE-2026-8732 (CVSS 9.8) lets unauthenticated attackers create admin accounts and take over sites. It affects all versions up to 6.1.0.

Update to 6.1.1 now.

Read: https://thehackernews.com/2026/06/critical-wp-maps-pro-flaw-actively.html

🚨 A legitimate-looking npm package for OpenAI Codex has been stealing developer auth tokens for over a month.

codexui-android, marketed as a remote web UI, has seen 29,000+ weekly downloads. Since version 0.1.82 it quietly sends ~/.codex/auth.json — including non-expiring refresh tokens — to an attacker server.

Read: https://thehackernews.com/2026/06/openai-codex-authentication-tokens.html

🛑 China-aligned hackers are intensifying espionage campaigns.

Operation Dragon Weave is hitting Czech Republic and Taiwan with spear-phishing ZIPs to deploy AdaptixC2 via Azure Blob Storage.

It gives attackers full remote control with 36 commands.

Learn More: https://thehackernews.com/2026/06/china-aligned-groups-ramp-up-attacks.html

Stay alert with unexpected email attachments.

The “vCISO platform” label is outdated for today’s MSPs.

Service providers need portfolio-wide security programs, CISO-grade intelligence, and revenue insights.

That’s why the Security Growth Platform category has emerged — and Cynomi currently defines it with its unified frameworks and 100% partner-only model.

Read: https://thehackernews.com/2026/06/the-security-growth-platform-why-msps.html

⚡ PAN-OS exploited. Gogs 0-day. GlassWorm takedown. AI malware lures. Smishing wave. OAuth phish kits. SonicWall scans.

Monday #cybersecurity recap is stacked.

Read it - https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html

🔥 A new supply chain attack has hit official Red Hat Cloud Services npm packages.

The Miasma campaign, a fresh Mini Shai-Hulud variant, plants a malicious preinstall hook that steals GitHub secrets, cloud credentials, SSH keys, and more from developer and CI/CD environments.

It also adds persistence and downstream poisoning.

Read: https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html

🚨 A brute-force attack against certain Dashlane accounts bypassed 2FA protections in a handful of cases, allowing attackers to register new devices and download encrypted vault copies.

Fewer than 20 personal plan users were affected.

Full details: https://thehackernews.com/2026/06/dashlane-discloses-brute-force-attack.html

⚠️ Pakistan-aligned SideCopy group is hitting Afghanistan’s Ministry of Finance with spear-phishing attacks using Xeno RAT.

Attackers are sending ZIP files with malicious LNK files named in Pashto to trick government officials. The LNK uses mshta.exe to install Xeno RAT 1.8.7, which gives attackers persistent access for keylogging, screenshots, and more.

Read: https://thehackernews.com/2026/06/pakistan-linked-sidecopy-targets.html

Many organizations invest in EDR but still lack real resilience. Lean teams drown in alerts, investigations lag, and responses are slow.

AI attacks are rising (67% of organizations affected), and 84% of major incidents now use living-off-the-land techniques.

Visibility alone isn’t enough.

Bitdefender GravityZone PHASR reduces attacker opportunities, while MDR adds 24x7 expert response.

Read: https://thehackernews.com/2026/06/how-leading-organizations-are-turning.html

🔴 A 19-year-old #Linux vulnerability called CIFSwitch allows low-privileged users to gain root access.

SpaceX security engineer Asim Viladi Oglu Manizada discovered the logic flaw between the kernel’s CIFS client and the cifs-utils package. The issue has existed since 2007.

A patch was merged into mainline Linux on May 19, 2026.

Details: https://thehackernews.com/2026/06/weekly-recap-new-linux-flaw-pan-os.html#:~:text=New%20Linux%20Flaw%20CIFSwitch%20Uncovered

🔒 Fragmented identity pipelines are failing against digital injection attacks.

Hubert Behaghel, CTO at Veriff, explains that stitching together multiple vendors for camera capture, liveness detection, and risk scoring often drops critical signals like device telemetry and session context. This creates easy entry points for attackers using virtual cameras and emulators.

Integrated systems that maintain end-to-end visibility offer much stronger protection.

Read: https://thehackernews.com/expert-insights/2026/06/why-fragmented-identity-pipelines-fail.html

AI workloads are scaling rapidly across cloud environments, and security teams now have better visibility into what that means for cloud operations, development workflows, and security strategy in practice.

On June 16 at 12:00 PM ET, Wiz Research will break down the key findings from the State of AI in the Cloud 2026 report and what they signal for your security program.

The session covers:
🔸 Where AI adoption is accelerating: Which cloud services, agent patterns, and copilot architectures are growing fastest
🔸 How cloud environments are evolving: What new connectivity and visibility considerations AI workloads introduce across identity, data, and infrastructure.
🔸 What attackers are already doing: How threat actors use AI to find and exploit misconfigurations faster

Save Your Spot: https://thn.news/thn-ai-cloud-2026