Malware

Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built…

Ravie LakshmananJun 12, 2026Cybercrime / Artificial Intelligence Google on Friday said it’s pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent…

The UK’s Metropolitan Police has reached an agreement with Apple designed to make stolen iPhones harder to resell and less attractive to thieves. The approach combines stronger technical protections with…

Ravie LakshmananJun 12, 2026Artificial Intelligence / Vulnerability Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running…

Online gamers should watch out for a convincing scam that aims to steal your Steam account. The scam uses fake FACEIT verification pages that look legitimate, complete with official branding,…

Ravie LakshmananJun 12, 2026Cybercrime / Phishing An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday. The effort, codenamed Operation…

Build something that doesn’t exist. Don’t collect any data while you do it. Get it wrong and the CEO could face criminal charges. That’s close to the ultimatum the UK…

Swati KhandelwalJun 11, 2026Vulnerability / Data Breach The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep…

Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data…

VRChat, Inc. has filed a data breach notice revealing that the information of more than 2.4 million users was involved in a data breach. According to the notice, VRChat experienced…

For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was…

Ravie LakshmananJun 11, 2026Developer Security / Software Supply Chain GitHub has announced what it said are “breaking changes” coming to npm version 12, one of which turns off install scripts…

What would you trade for a technology that can do almost anything? For many people, the answer is clear: Everything they thought they could trust. In a few, short years,…

A German court has ruled that Google can be held directly responsible for defamatory claims produced by its AI Overviews. Basically, the court said that telling people they should double-check…

This month’s Patch Tuesday fixes 206 security flaws in Microsoft software, making it the biggest Patch Tuesday release ever. The update includes 32 critical vulnerabilities, as well as three publicly disclosed…

Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware. We’ve already seen attackers move away from traditional phishing emails and toward tactics that…

Cybersecurity researchers have warned of a “resurgence and expansion” of JDY, a covert network associated with China-nexus state-sponsored threat actors. “The JDY botnet comprises over 1,500 SOHO [small office and…

The Hacker NewsJun 10, 2026Pentesting / Security Validation Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry…

Ravie LakshmananJun 10, 2026Zero-Day / Vulnerability The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day…

Google has issued updates for the Chrome browser, patching a number of high‑severity vulnerabilities.  The update includes fixes for 74 vulnerabilities, including one that is being actively exploited in the wild. The…

Scammers go phishing wherever the victims are. In the UK, that means Facebook, Instagram, and WhatsApp, according to Lloyds Bank. It just revealed that Meta platforms account for over two…

Ravie LakshmananJun 09, 2026Privacy / Artificial Intelligence Meta on Tuesday announced that it will use information shared by other businesses to personalize users’ feed and responses from its artificial intelligence…

Ravie LakshmananJun 09, 2026Vulnerability / Cyber Espionage Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches…

Meta’s smart glasses are once again at the center of a privacy debate due to face recognition. WIRED reports that Meta had quietly embedded unreleased face-recognition code, internally called “NameTag,”…

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs…

Swati KhandelwalJun 08, 2026Linux / Vulnerability Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break…

A new Windows malware campaign hides inside pirated PC games and modified installers for franchises like Far Cry, Need for Speed, FIFA, and Assassin’s Creed. Researchers estimate that more than…

Ravie LakshmananJun 08, 2026Spyware / Mobile Security Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group. In addition, the tech giant said…

The 2025 Federal Bureau of Investigation (FBI) Internet Crime Report shows that Americans reported $893,346,472 in AI‑related scam losses. Those losses stem from 22,364 AI-related complaints. And these figures represent…