SOC teams donβt need another console.
They need alerts that connect across endpoint, cloud, identity, and network data.
One attack should not look like five separate incidents.
The analysis starts here: https://awards.thehackernews.com/blog/soc-doesnt-need-another-console/
They need alerts that connect across endpoint, cloud, identity, and network data.
One attack should not look like five separate incidents.
The analysis starts here: https://awards.thehackernews.com/blog/soc-doesnt-need-another-console/
π₯5
β οΈ SharkLoader is delivering Cobalt Strike Beacon.
Experts say the StrikeShark campaign targeted government, diplomatic, and software development organizations across multiple countries.
Public CVE exploits, malicious installers, and DLL hijacking sit in the attack chain.
Read: https://thehackernews.com/2026/06/new-sharkloader-malware-deploys-cobalt.html
Experts say the StrikeShark campaign targeted government, diplomatic, and software development organizations across multiple countries.
Public CVE exploits, malicious installers, and DLL hijacking sit in the attack chain.
Read: https://thehackernews.com/2026/06/new-sharkloader-malware-deploys-cobalt.html
π₯4π€2
π¨ Russian intelligence-linked phishers have a new Signal trick.
FBI and CISA say they are asking targets to share their Signal Backup Recovery Key.
If they get it, they can restore old backups, read message history, and take over the account.
Hereβs how the phishing works: https://thehackernews.com/2026/06/fbi-warns-russian-intelligence-hackers.html
FBI and CISA say they are asking targets to share their Signal Backup Recovery Key.
If they get it, they can restore old backups, read message history, and take over the account.
Hereβs how the phishing works: https://thehackernews.com/2026/06/fbi-warns-russian-intelligence-hackers.html
π₯12π5π€―3π±1
π Gaslight doesnβt just steal from #macOS.
It tries to talk the analystβs AI tools out of analyzing it.
SentinelOne found a Rust-based implant with #Telegram C2 and 38 fake βsystemβ messages built to make LLM-assisted triage abort or refuse.
Read: https://thehackernews.com/2026/06/new-gaslight-macos-malware-uses-prompt.html
It tries to talk the analystβs AI tools out of analyzing it.
SentinelOne found a Rust-based implant with #Telegram C2 and 38 fake βsystemβ messages built to make LLM-assisted triage abort or refuse.
Read: https://thehackernews.com/2026/06/new-gaslight-macos-malware-uses-prompt.html
π8
β‘ OpenAI is keeping GPT-5.6 behind a narrow gate.
Sol, Terra, and Luna are in limited preview for government-approved partners.
Sol adds stronger cyber safeguards for #vulnerability research, defensive testing, and dual-use requests.
Read: https://thehackernews.com/2026/06/openai-limits-gpt-56-rollout-as-sol.html
Sol, Terra, and Luna are in limited preview for government-approved partners.
Sol adds stronger cyber safeguards for #vulnerability research, defensive testing, and dual-use requests.
Read: https://thehackernews.com/2026/06/openai-limits-gpt-56-rollout-as-sol.html
π16π€6π€―6π₯1
π A fake support SMS was the entry point.
Ukraineβs SSU and the FBI say Russian intelligence services targeted messaging accounts used by officials, military personnel, politicians, and activists.
The goal: steal credentials and sensitive information.
How the campaign worked: https://thehackernews.com/2026/06/ukraine-says-russian-intelligence-used.html
Ukraineβs SSU and the FBI say Russian intelligence services targeted messaging accounts used by officials, military personnel, politicians, and activists.
The goal: steal credentials and sensitive information.
How the campaign worked: https://thehackernews.com/2026/06/ukraine-says-russian-intelligence-used.html
π9π4β‘3π₯3π€2
β οΈ A trusted VS Code workspace can trigger the attack.
Hijacked npm packages used hidden folder-open tasks instead of npm lifecycle scripts.
JavaScript was hidden as a font file, resolved through blockchain dead drops, and used to deploy a Python infostealer.
Learn more β https://thehackernews.com/2026/06/hijacked-npm-and-go-packages-use-vs.html
Hijacked npm packages used hidden folder-open tasks instead of npm lifecycle scripts.
JavaScript was hidden as a font file, resolved through blockchain dead drops, and used to deploy a Python infostealer.
Learn more β https://thehackernews.com/2026/06/hijacked-npm-and-go-packages-use-vs.html
π1π1
π¨ CVE-2026-55200 now has public PoC code.
The libssh2 flaw lets a malicious SSH server trigger memory corruption in a connecting client.
> No credentials
> No user interaction
> Affected through libssh2 1.11.1
The real cleanup problem is finding bundled and static copies in curl, Git, PHP, and appliances.
Learn more β https://thehackernews.com/2026/06/public-poc-released-for-critical.html
The libssh2 flaw lets a malicious SSH server trigger memory corruption in a connecting client.
> No credentials
> No user interaction
> Affected through libssh2 1.11.1
The real cleanup problem is finding bundled and static copies in curl, Git, PHP, and appliances.
Learn more β https://thehackernews.com/2026/06/public-poc-released-for-critical.html
π₯5
π Microsoft removed 119 Edge extensions hiding malware in images and fonts.
Up to 2.6 MILLION installs. They posed as ad blockers, VPNs, translators, and video downloaders.
Some payloads stole credentials and ran ad fraud.
Read how StegoAd stayed hidden for years β https://thehackernews.com/2026/06/microsoft-removes-119-edge-extensions.html
Up to 2.6 MILLION installs. They posed as ad blockers, VPNs, translators, and video downloaders.
Some payloads stole credentials and ran ad fraud.
Read how StegoAd stayed hidden for years β https://thehackernews.com/2026/06/microsoft-removes-119-edge-extensions.html
π20π₯2
The SOC problem is no longer just detection.
It is the queue.
AI is now taking the first pass on alert triage, enrichment, and routine response so analysts can focus on calls that carry risk.
The 2026 Cybersecurity Stars Awards winners show where SOC automation is headed.
Read the story: https://awards.thehackernews.com/blog/ai-reads-the-alert-queue/
It is the queue.
AI is now taking the first pass on alert triage, enrichment, and routine response so analysts can focus on calls that carry risk.
The 2026 Cybersecurity Stars Awards winners show where SOC automation is headed.
Read the story: https://awards.thehackernews.com/blog/ai-reads-the-alert-queue/
π€5
β οΈ Gamaredon ran 35 phishing campaigns against Ukraine in 2025.
ESET says it used new PowerShell tools, HTML smuggling, and CVE-2025-8088 to plant malware in Startup.
Simple malware. Harder infrastructure.
Read more β https://thehackernews.com/2026/06/gamaredon-expands-ukraine-attacks-with.html
ESET says it used new PowerShell tools, HTML smuggling, and CVE-2025-8088 to plant malware in Startup.
Simple malware. Harder infrastructure.
Read more β https://thehackernews.com/2026/06/gamaredon-expands-ukraine-attacks-with.html
π5π€―3π₯2π€1
π 236,493 scam domains.
Experts say DCloud Uni-App templates are being used to run fake crypto exchanges, #WhatsApp phishing, gambling scams, and wallet drainers.
Read the full story β https://thehackernews.com/2026/06/236000-dcloud-uni-app-sites-used-in.html
Experts say DCloud Uni-App templates are being used to run fake crypto exchanges, #WhatsApp phishing, gambling scams, and wallet drainers.
Read the full story β https://thehackernews.com/2026/06/236000-dcloud-uni-app-sites-used-in.html
π±4π₯2π2
π EvilTokens hides account takeover risk from your SOC.
Static URL analysis misses it as the phishing page appears only after browser-side decryption. Avoid visibility gaps and accelerate response by uncovering the full attack flow in 1 min.
Read β https://thn.news/ghost-analysis-2023
Static URL analysis misses it as the phishing page appears only after browser-side decryption. Avoid visibility gaps and accelerate response by uncovering the full attack flow in 1 min.
Read β https://thn.news/ghost-analysis-2023
π₯8π4
Your encrypted credentials may not stay encrypted forever.
Attackers can harvest them now, store them, and decrypt them later when quantum hardware catches up.
That is why post-quantum migration should start with long-lived credentials and machine identities.
Read the full story: https://thehackernews.com/2026/06/why-post-quantum-cryptography-starts.html
Attackers can harvest them now, store them, and decrypt them later when quantum hardware catches up.
That is why post-quantum migration should start with long-lived credentials and machine identities.
Read the full story: https://thehackernews.com/2026/06/why-post-quantum-cryptography-starts.html
π10π±2π1π€1
β οΈ Mustang Panda hid C2 in cloud traffic.
Acronis says the China-aligned group abused Zoho WorkDrive as a command channel in campaigns against Indian government and hydropower targets.
ZOHOMURK read commands from an inbox folder and wrote stolen output to an outbox.
Read π https://thehackernews.com/2026/06/mustang-panda-uses-zoho-workdrive-as.html
Acronis says the China-aligned group abused Zoho WorkDrive as a command channel in campaigns against Indian government and hydropower targets.
ZOHOMURK read commands from an inbox folder and wrote stolen output to an outbox.
Read π https://thehackernews.com/2026/06/mustang-panda-uses-zoho-workdrive-as.html
π€5π2
β‘ DirtyClone leads the week, but the rest of the queue is ugly:
π§ Linux root bug
π¨ PTC exploited
π Gaslight malware
π― Turla backdoor
π§Ή StealC takedown
π€ Agent prompt injection
π΅οΈ New infostealers
πΊ DVR proxy abuse
𧩠Urgent CVEs
Full recap: https://thehackernews.com/2026/06/weekly-recap-linux-kernel-flaws-ai.html
π§ Linux root bug
π¨ PTC exploited
π Gaslight malware
π― Turla backdoor
π§Ή StealC takedown
π€ Agent prompt injection
π΅οΈ New infostealers
πΊ DVR proxy abuse
𧩠Urgent CVEs
Full recap: https://thehackernews.com/2026/06/weekly-recap-linux-kernel-flaws-ai.html
π6π₯2
π₯ #WhatsApp is finally getting usernames.
The app has started global username reservations before a wider rollout later this year.
So people can message each other without handing over a phone number.
Details here: https://thehackernews.com/2026/06/whatsapp-is-finally-getting-usernames.html
The app has started global username reservations before a wider rollout later this year.
So people can message each other without handing over a phone number.
Details here: https://thehackernews.com/2026/06/whatsapp-is-finally-getting-usernames.html
π₯25π13π9π4
π The extension did not need to steal passwords to be dangerous.
Microsoft found a fake #Perplexity Chrome extension that logged searches and address bar input before redirecting users to real results.
How it worked, and what users should check: https://thehackernews.com/2026/06/malicious-perplexity-chrome-extension.html
Microsoft found a fake #Perplexity Chrome extension that logged searches and address bar input before redirecting users to real results.
How it worked, and what users should check: https://thehackernews.com/2026/06/malicious-perplexity-chrome-extension.html
π€―4π₯3π2π2
π¨ Oracle E-Business Suite has a new active exploitation problem.
CVE-2026-46817 is a CVSS 9.8 flaw in Oracle Payments that can allow unauthenticated HTTP takeover.
No public PoC. Attribution unknown.
Read the full report: https://thehackernews.com/2026/06/oracle-e-business-suite-flaw-cve-2026.html
CVE-2026-46817 is a CVSS 9.8 flaw in Oracle Payments that can allow unauthenticated HTTP takeover.
No public PoC. Attribution unknown.
Read the full report: https://thehackernews.com/2026/06/oracle-e-business-suite-flaw-cve-2026.html
π2π€2π₯1π€―1