Category: Cybersecurity

A malware campaign on the JetBrains Marketplace has put developer credentials at risk after at least 15 AI-themed plugins were found quietly forwarding users’ large-language-model API keys to an attacker-controlled server while continuing to perform the coding tasks they advertised.The plugins, listed under seven vendor accounts, were presented as coding assistants, code reviewers, bug finders, unit-test generators and Git commit-message tools. They invoked services familiar to developers using artificial intelligence inside IDEs, including OpenAI, DeepSeek and SiliconFlow. Combined marketplace download

NVIDIA has patched three high-severity vulnerabilities in its NeMo Framework, including a Linux command-injection flaw that could let low-privileged attackers run code, escalate access, alter data or expose information on affected AI development systems.The June security update covers NeMo Framework versions from 0.0 through 2.7.2, with users advised to move to version 2.7.3 or later. The flaws are tracked as CVE-2026-24155, CVE-2026-24252 and CVE-2026-24228, each carrying a CVSS v3.1 base score of 7.8, placing them in the high-severity category. The

Intersec Saudi Arabia has formed two advisory committees to steer the conference agenda for its 2026 edition, bringing senior security, aviation, infrastructure, fire-protection and emergency-management figures into the planning of the Future Security Summit and the Fire Protection & Technology Summit.The move places artificial intelligence, cyber-physical security, critical infrastructure resilience, predictive risk management and next-generation fire protection at the centre of the Riyadh event, scheduled for 16–18 November 2026 at Riyadh Front Exhibition & Conference Center. Organisers expect the eighth

Attackers tampered with JavaScript served by three widely used WordPress marketing plugins, exposing more than 1.2 million websites to rogue administrator accounts and concealed backdoors.The incident affected OptinMonster, TrustPulse and PushEngage, products operated under the Awesome Motive umbrella and embedded on sites for pop-ups, lead generation, social proof alerts and push notifications. The compromise did not arrive through a normal plugin update. Instead, malicious code was appended to legitimate front-end scripts delivered through vendor-controlled content delivery network endpoints, meaning fully

Attackers are probing vulnerable Jenkins servers after disclosure of a high-severity deserialisation flaw that can let a low-privileged user impersonate others, reach sensitive controller files and, in some cases, execute code through the Script Console.The bug, tracked as CVE-2026-53435, affects Jenkins 2.567 and earlier and Jenkins LTS 2.555.2 and earlier. Fixed versions, Jenkins 2.568 and LTS 2.555.3, were issued on 10 June as part of a wider security update covering several core vulnerabilities. The flaw has been scored 8.8 on

A network of 23 Chrome browser extensions has exposed about 758,000 users to privacy and phishing risks by taking control of default search settings and routing queries through monetised redirect systems.The campaign, tracked as SearchJack, shows how ordinary-looking browser tools can turn search traffic into affiliate revenue while giving users little practical visibility into who handles their queries. The extensions were presented as satellite imagery tools, map services, news readers, productivity aids and search helpers, but shared a common technical

Nintendo is facing an unverified data-extortion claim after a threat actor alleged it obtained nearly 859MB of employee-linked corporate records and demanded $2 million to prevent publication.The claim, attributed to an online actor using the handle SHADOWBYT3$, centres on data allegedly connected to TINYpulse, an employee engagement and feedback platform associated with WebMD Health Services. The material is said to include workforce survey records, corporate email addresses, staff names, internal analytics, exported reports, workplace feedback, payment-related PDFs and W-9 tax

XRP held near $1.22 on Tuesday, stabilising after a bruising sell-off as extreme bearish commentary around the token began drawing attention from traders looking for a contrarian rebound.The token’s sideways move followed a modest recovery of about 4 per cent over the past week, a gain that stood out against a cautious wider cryptocurrency market. Bitcoin and Ether also traded firmer, but investor conviction remained fragile after sharp swings across risk assets and thinner liquidity in several major digital tokens.Market

BingX has launched a stock-focused trading campaign with a prize pool of more than $1m, stepping up its attempt to draw crypto users into global equity-linked markets through a single multi-asset platform.The Stock Trading Carnival runs from 15 June to 4 July 2026 and is positioned as the third edition of the exchange’s Global Capital Gala series. The campaign allows eligible users to share rewards by inviting friends to trade stocks, taking part in trading activities and entering incentives aimed

A China-nexus hacking group maintained covert access to a segregated critical-infrastructure network for nearly a decade by tampering with Linux authentication tools that administrators rely on to control access.The operation, tracked as Velvet Ant and labelled Operation Highland by investigators, exposed a high-risk tactic in cyber espionage: rather than relying only on conventional malware, the intruders replaced trusted OpenSSH binaries and Pluggable Authentication Modules with altered versions that could steal credentials, log commands and allow unauthorised entry.The earliest forensic traces

A cross-border policing operation has dismantled AudiA6, a cryptocurrency laundering service accused of helping ransomware gangs and other cybercriminals move more than €336 million through hidden digital-asset channels.Two alleged administrators were arrested in Georgia on 10 June after investigators targeted the platform’s clear web and dark web infrastructure, seized domains, blocked Telegram accounts and replaced AudiA6 and Dark2Web pages with law-enforcement seizure banners. The action struck at a service that investigators say operated as a trusted cash-out pipeline for criminal

Russian military-linked hackers tracked as APT28 have shifted cyber operations into compromised internet routers, using the MooBot botnet and vulnerable edge devices to harvest credentials, route traffic and host malicious tools across dispersed global infrastructure.The technique marks an operational evolution for the group, also known as Fancy Bear, Sofacy, Forest Blizzard and Pawn Storm. Long associated with intelligence collection against NATO governments, Ukraine, defence contractors, political organisations and critical infrastructure, APT28 is no longer relying only on cloud servers, rented

Phishing is entering a leaner but more dangerous phase, as attackers use artificial intelligence, encrypted delivery and session hijacking kits to turn fewer attempts into higher-value intrusions.Zscaler’s ThreatLabz 2026 Phishing and Initial Access Report says overall phishing volume fell by about 20% year on year for a second consecutive year, but the decline masks a shift towards campaigns built for speed, credibility and credential theft. The findings point to a cybercrime market moving away from broad “spray and pray” emails

Cybercriminals are using counterfeit AI learning material and developer guides to lure professionals into opening files that trigger a multi-stage malware chain ending in AsyncRAT, a remote access trojan capable of surveillance, data theft and covert system control.The campaign targets Windows users with archives and documents framed as useful resources for artificial intelligence adoption, coding and marketing. One lure was presented as a developer guide for agentic coding with Claude Code, while other decoy titles referred to AI-ready data systems

GitHub has moved security scanning closer to the developer’s keyboard with a new Copilot CLI command that reviews code changes before they are committed, expanding the role of generative AI from code assistance into early-stage vulnerability detection.The /security-review slash command, introduced as an experimental public preview for GitHub Copilot CLI, allows developers to run an AI-driven security check inside the terminal. The feature is designed to inspect current code changes and flag weaknesses such as injection flaws, cross-site scripting, unsafe

AI coding agents can be manipulated into running attacker-chosen code through ordinary-looking bug reports, exposing a fresh security gap in the fast-expanding market for autonomous software development tools.Tenet Security researchers have described a technique they call “agentjacking”, in which a hostile actor plants malicious instructions inside a fake software error report and waits for a coding agent to read it during routine debugging. The attack does not require stolen passwords, malware on the developer’s machine or direct compromise of the

Companies are losing visibility over how workers use artificial intelligence, as staff turn to ChatGPT, Microsoft Copilot, Claude and other tools faster than governance teams can approve, monitor or secure them.The spread of so-called shadow AI has exposed a familiar weakness in corporate cybersecurity: organisations that struggled to control unapproved apps, unmanaged cloud storage and personal messaging channels are now facing the same problem with tools that can absorb sensitive data, generate code, summarise contracts and automate decisions. The difference

phpBB administrators have been urged to upgrade immediately after researchers disclosed two authentication weaknesses that could allow attackers to impersonate forum users, including administrators, on vulnerable bulletin boards.The flaws affect versions before phpBB 3.3.17, released on June 6 as a maintenance and security update for the 3.3. x branch. One issue exposes default installations using database authentication, while the other affects boards where administrators have enabled OAuth login through providers such as Google, Facebook or Bitly. The disclosures have raised

Hackers are turning TikTok and Instagram Reels into malware delivery channels, using polished tutorial-style clips that promise free premium software and then steer users towards malicious downloads or command-line instructions that compromise their devices.The campaign marks a shift in social engineering from email inboxes and fake websites to short-form video feeds, where attackers mimic creator culture, use casual language and rely on platform algorithms to amplify content. Videos typically advertise cracked or “activated” versions of popular products such as Spotify

A newly disclosed Microsoft Defender exploit has raised fresh concern among security teams after researchers said it could allow a local attacker to gain SYSTEM-level privileges on fully patched Windows machines.The vulnerability, named RoguePlanet by its publisher, was released with proof-of-concept code under the alias MSNightmare, adding to a turbulent sequence of Windows and Defender disclosures that have tested Microsoft’s patching process and the wider debate over vulnerability disclosure. The issue has not yet been assigned a public CVE, and

A fast-moving malware campaign tied to Shai-Hulud has expanded its attack on software developers through newly weaponised Python Package Index artefacts, raising concern that poisoned open-source dependencies are being used to steal credentials, compromise build systems and spread across trusted code repositories.The latest wave adds 23 malicious PyPI package-version artefacts to an operation already linked to Mini Shai-Hulud, Miasma and Hades activity. The broader campaign now spans hundreds of npm and PyPI artefacts, with security tracking indicating 471 affected artefacts

Apache HTTP Server 2.4.68 has been released with fixes for 13 security vulnerabilities affecting core functions and widely used modules, prompting administrators to prioritise upgrades across internet-facing systems that rely on the open-source web server.The update, released on 8 June 2026, addresses flaws spanning memory corruption, privilege escalation, denial of service, cross-site scripting and unsafe handling of backend responses. The affected versions stretch across much of the 2.4 branch, with several vulnerabilities present from 2.4.0 through 2.4.67. The 2.4.68 build

Software developers across close to 100 organisations have been targeted by a likely North Korea-linked hacking operation that used fake recruitment and code-review tasks to steal cryptocurrency, browser credentials and wallet data.The campaign, tracked by security researchers as UNK_DeadDrop, unfolded over April and May and reached targets in technology, finance, cryptocurrency, education, business services and other sectors. More than 250 phishing emails were sent during a six-week burst, with most victims approached through developer job or project-review lures that directed

CPX Holding has unveiled a refreshed brand identity in Abu Dhabi, positioning the G42 company for its next phase of growth as demand rises for AI-led cybersecurity, sovereign digital capability and stronger protection of critical infrastructure across the UAE.The new identity, built around the promise “Secure what’s next”, marks a shift in CPX’s public positioning from conventional cyber defence towards enablement, resilience and intelligence-led security. The move is intended to signal that organisations can pursue AI adoption, cloud migration and

Microsoft has warned that Anthropic’s Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, raising fresh concerns over how autonomous coding tools operate inside software delivery pipelines.The issue centres on the way Claude Code Action handled file-reading capabilities inside GitHub Actions runners. While subprocess paths such as Bash were subject to environment scrubbing and sandboxing controls, the agent’s Read tool was not covered by the same restriction. That gap allowed the tool to

Security teams are facing a fresh warning over enterprise use of AI coding agents after researchers identified a man-in-the-middle attack path that can redirect Claude Code traffic, capture OAuth tokens and preserve access to connected software-as-a-service platforms.The technique targets the way Anthropic’s Claude Code interacts with Model Context Protocol servers, a fast-growing mechanism used to connect AI agents with external systems such as Jira, Confluence, GitHub, databases and internal application programming interfaces. The risk centres on the local Claude Code

Cybersecurity teams are being urged to review exposed Microsoft IIS servers after a China-linked espionage cluster was found using a custom web shell framework built to evade conventional detection and maintain access inside compromised networks.The activity, tracked as OP-512, targeted an internet-facing Windows Server 2016 system running Internet Information Services and an end-of-life. NET Framework 4.0 application. The operation involved three purpose-built web shells using ASPX and ASHX files, allowing attackers to manage files, execute commands and automatically report the

Ubiquiti has patched a chain of critical UniFi OS Server vulnerabilities that could allow an unauthenticated attacker with network access to execute commands with root privileges on exposed systems, raising concerns for organisations that use UniFi consoles as central management points for networks, cameras, access controls and identity services.The flaws, disclosed on 21 May 2026 and updated a day later under Security Advisory Bulletin 064, are tracked as CVE-2026-34908, CVE-2026-34909 and CVE-2026-34910. Each has been assigned a maximum CVSS 3.1

Hola Browser’s Windows installer was compromised to deliver an undeclared cryptocurrency-mining executable to some users, exposing a supply-chain weakness in a product that had passed application certification checks before the anomaly was detected.The affected version, Hola Browser for Windows 1.251.91.0, wrote an unexpected file named me. exe to C:Program FilesHola on some systems. The executable was not part of the certified software footprint, was not digitally signed, carried no timestamp, used obfuscated code and had memory-write capabilities, raising immediate concerns

A serious flaw in Hugging Face’s Transformers library has widened concern over the security of model-sharing ecosystems after researchers showed that a poisoned model configuration could trigger remote code execution during a routine load operation.Tracked as CVE-2026-4372, the vulnerability affects Transformers versions before 5.3.0 and centres on the handling of the attnimplementationinternal field inside a model’s config. json file. Security researchers found that an attacker could set that field to point to a repository under their control, causing the library

Cybersecurity teams are warning that VECT 2.0, a ransomware strain promoted as a recovery-for-payment tool, can leave victims with files that even its operators may be unable to restore, widening concern over a campaign that behaves closer to a destructive wiper than conventional extortion malware.The latest technical findings show that VECT 2.0 suffers from multiple encryption and file-handling flaws, including a failure to preserve critical nonce values needed to decrypt parts of larger files. The weakness means that files above

A China-linked cyber-espionage group tracked as VerdantBamboo has been tied to a BRICKSTORM malware operation targeting Linux-based virtual appliances, firewalls and enterprise infrastructure, sharpening concerns over the security of systems that often sit outside mainstream endpoint monitoring.The activity came to light after suspicious traffic was detected from a Linux-based virtual machine appliance during an incident response investigation. The inquiry found that attackers had used stolen administrative credentials to access a firewall, enabled web SSL VPN access and then moved further

Developers using npm packages were put on alert after a fast-moving supply chain attack compromised at least 57 packages and pushed more than 286 malicious versions to the registry in less than two hours on June 3, exposing a fresh weakness in the way JavaScript projects handle native build files.The campaign began at about 23:30 UTC with the compromise of @vapi-ai/server-sdk, the official server-side software development kit for Vapi. ai’s voice AI platform. The package has more than 408,000 monthly

Hackers are using large-scale online advertising campaigns to deliver FlutterShell, a newly identified macOS backdoor that marks a sharper turn in financially motivated malware operations targeting Apple users.The campaign, tracked as Operation FlutterBridge, is linked to a broader cybercrime cluster known as CL-CRI-1089, which has operated since at least 2023. The group has used paid advertisements, verified advertiser accounts and shell companies to place malicious promotions in front of users searching for desktop applications. The activity shows how threat actors