Cyber Security News

A new Linux kernel local privilege escalation vulnerability, dubbed “DirtyClone” (CVE-2026-43503), that allows unprivileged local users to gain full root access by manipulating cloned network packets through the XFRM/IPsec subsystem, all without leaving a trace in kernel logs or audit records. DirtyClone is a high-severity variant in the DirtyFrag vulnerability family, a class of Linux […]

The post New DirtyClone Linux Vulnerability Allows Attackers to Gain Root Access Via Cloned Packets appeared first on Cyber Security News.

A high-severity vulnerability in the Amazon Q Developer Extension for Visual Studio Code (VS Code), Amazon’s AI-powered coding assistant. Tracked as CVE-2026-12957 and CVE-2026-12958 and disclosed by Wiz Research, the flaws allowed attackers to achieve arbitrary code execution and cloud credential theft simply by having a developer open a malicious repository. The root cause was […]

The post Amazon Q Vulnerability Let Attackers Execute Code and Access Sensitive Cloud Environments appeared first on Cyber Security News.

A newly disclosed Linux kernel vulnerability combining a Copy-on-Write (COW) page-cache corruption flaw with the net/sched subsystem’s act_pedit component is enabling unprivileged local attackers to escalate privileges to full root access on several major Linux distributions. The exploit, dubbed packet_edit_meme, has been verified in June 2026 against actively maintained enterprise and consumer kernels. The root […]

The post New Linux pedit COW Exploit Allows Attackers to Gain System Root Access appeared first on Cyber Security News.

A sophisticated Phishing-as-a-Service (PhaaS) platform called Bluekit has been confirmed operational at scale, with cybersecurity firm Netcraft detecting approximately 70 live hostnames in a single week. First documented by Varonis Threat Labs as an emerging tool still in development, Bluekit has since matured into a fully operational threat capable of bypassing multi-factor authentication (MFA) and […]

The post New Bluekit Phishing-as-a-Service Bypasses MFA to Steal Microsoft Login Credentials appeared first on Cyber Security News.

Water utilities across the United States and Europe are under growing pressure as hackers continue to find easy ways in. Nation-state actors and affiliated groups have been quietly exploiting internet-facing control systems and weak login credentials to access water and wastewater infrastructure — systems that millions of people depend on every day. The threat has […]

The post Hackers Exploit Weak Credentials and Internet-Facing PLCs to Breach Water Utilities appeared first on Cyber Security News.

A newly documented attack chain tied to threat actor group UAC-0226 is putting Windows users at serious risk. The campaign uses booby-trapped WinRAR archives, hidden file streams, and a sophisticated memory-loading technique to deliver GIFTEDCROOK, a stealer malware designed to quietly drain browser credentials, cookies, and sensitive documents from infected machines. The attack has shown […]

The post New GIFTEDCROOK Chain Abuses WinRAR ADS and Reflective Loading to Steal Browser Data appeared first on Cyber Security News.

Hackers are no longer waiting in your inbox. A newly identified scam technique places fake invoices directly inside shopping app order histories, making them feel more credible than a typical phishing email. Researchers have observed fraudulent receipts appearing inside the Shop app, the popular order-tracking application from Shopify, catching users off guard in a space […]

The post Hackers Leveraged Shopify Oder-Tracking App Shop to Push Fake Invoices appeared first on Cyber Security News.

A serious cybersecurity breach has come to light in Japan, where the country’s Ground Self-Defense Force (JGSDF) unknowingly used malware-infected USB drives on computers connected to classified military networks. The incident lasted for nearly a year before anyone noticed. What makes this case especially alarming is not just the breach itself, but the fact that […]

The post Nikkei Warns of Japan’s Ground Self-Defense Force Used USB Drives Infected with a China-linked Malware appeared first on Cyber Security News.

A critical authentication bypass vulnerability in the python.org release management API could have allowed attackers to impersonate administrators, potentially redirecting millions of users to malicious download URLs. The flaw, responsibly disclosed on February 23, 2026, by Splitline Ng of the DEVCORE Research Team, was patched within 48 hours of the initial report. The vulnerability resided […]

The post Critical python.org Vulnerability Allowed Attackers to Forge Admin-Level API Requests appeared first on Cyber Security News.

A newly uncovered infostealer called KuinaExtractor has been quietly evolving for over six months, posing a serious and growing threat to users across multiple platforms. Written in the Rust programming language, the malware targets browser data, cryptocurrency wallets, and credentials for popular services including Roblox, Steam, and Discord. What makes this threat particularly concerning is […]

The post KuinaExtractor Uses Telegram Exfiltration, UAC Bypass, and Sandbox Detection for Stealth appeared first on Cyber Security News.

Russian authorities deployed Cellebrite’s Universal Forensic Extraction Device (UFED) to breach the iPhone of opposition politician Andrey Pivovarov in June 2021, months after the Israeli surveillance firm publicly announced it had terminated all contracts with Russian customers, according to a forensic investigation published by the Citizen Lab at the University of Toronto. On May 31, […]

The post Russia Used Cellebrite Tool to Hack Activist’s iPhone Despite Contract Cancellation appeared first on Cyber Security News.

The clock has run out. As of June 24, 2026, the first of Microsoft’s original Secure Boot certificates, the Microsoft Corporation KEK CA 2011, has officially expired, with the Microsoft UEFI CA 2011 following on June 27, 2026. A third, the Microsoft Windows Production PCA 2011, is set to expire on October 19, 2026. Together, these certificates […]

The post Windows Secure Boot Certificate Expired — Billions of PCs Affected Including Linux Distros appeared first on Cyber Security News.

A critical security flaw lurking in curl for over 25 years has been patched, as part of a record-breaking security release that fixed 18 CVEs, the most ever issued in a single curl version. The vulnerability, CVE-2026-8932, was first shipped in curl version 7.7 on March 22, 2001, making it the oldest curl security issue […]

The post 25-Year-Old Vulnerability in cURL Used by 30 Billion Devices Finally Patched appeared first on Cyber Security News.

LokiBot, one of the oldest credential-stealing malware families still active today, has resurfaced in a new multi-stage campaign designed to steal credentials from a wide range of applications. The campaign uses a JScript email attachment as its entry point, quietly setting off a chain of events that ends with sensitive data being silently lifted from […]

The post LokiBot Campaign Uses JScript Attachment, .NET Injector, and Process Injection to Steal Credentials appeared first on Cyber Security News.

A new wave of malicious npm packages is targeting developers who work with cloud and serverless infrastructure. The threat, known as the Shai-Hulud payload carrying the Hades malware family, has now expanded its reach to the Leo/RStreams ecosystem, a set of libraries widely used for AWS-native event streaming and data pipelines. Security teams are raising […]

The post Shai-Hulud Payload Steals GitHub, npm, Cloud, CI/CD, and SSH Credentials From Developers appeared first on Cyber Security News.

A newly discovered phishing kit is targeting Amazon Web Services users by silently stealing login credentials and multi-factor authentication codes the moment a victim types them in. Unlike older tools that captured passwords for later use, this kit works in real time, meaning attackers can access a victim’s AWS console before the victim realizes something […]

The post AWS AiTM Phishing Kit Steals Console Credentials and MFA Codes in Real Time appeared first on Cyber Security News.

A newly identified Rust-based macOS backdoor has raised alarms across the security community, combining a hidden interactive shell with Telegram-based file uploads to quietly steal data from Apple users. Discovered in early June 2026, the threat surfaced when an Apple XProtect update flagged a suspicious file uploaded to VirusTotal on May 22. Despite being caught […]

The post Rust macOS Backdoor Uses Interactive Shell and Telegram File Uploads for Data Theft appeared first on Cyber Security News.

ManageEngine has disclosed a high-severity vulnerability, tracked as CVE-2026-11374, affecting several of its identity and access management solutions when integrated with AD360. The flaw could allow unauthenticated attackers to predict single sign-on (SSO) tokens, potentially leading to account takeover and exposure of sensitive user information. The issue affects ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, […]

The post ManageEngine AD360 Integration Flaw Exposes User Identity and Role Information to Attackers appeared first on Cyber Security News.

Google has officially released Gemini 3.5 Flash with native “computer use” capabilities, marking a significant shift toward autonomous AI agents that can interact directly with digital environments. Announced on June 24, 2026, the update enables developers to build intelligent agents capable of performing actions across browsers, mobile devices, and desktop systems. The newly integrated feature […]

The post Gemini 3.5 Flash Released With Computer Use Capabilities that Build Agents appeared first on Cyber Security News.

WhatsApp is rolling out a new security warning on both Android and iOS that appears before users even open a conversation with an unknown phone number. WABetaInfo noted that the feature displays the country where the number is registered, whether it’s saved as a contact, and whether any groups are shared, prompting users to pause […]

The post WhatsApp to Warn Users Before Starting Chats With New Phone Numbers appeared first on Cyber Security News.