Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access | Cybersecurity
Ravie LakshmananJun 25, 2026Vulnerability / Threat Intelligence An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before…
Read moreWatch out for renewal scams pretending to be Malwarebytes | Malware
Fake subscription renewal notices are doing the rounds again. Some of these scams impersonate Malwarebytes, and we’ve also seen them reach our customers. You’re more likely to trust the message…
Read moreCISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited | Cybersecurity
Ravie LakshmananJun 24, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series…
Read morePixelSmash flaw turns video files into attack tools | Malware
A newly discovered vulnerability in FFmpeg’s MagicYUV decoder can turn a tiny, malformed video into a foothold for attackers. Researchers have disclosed PixelSmash, a critical vulnerability tracked as CVE-2026-8461, in…
Read moreAmadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered | Cybersecurity
A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. “The…
Read more“Total access to all your devices.” Sextortion scammers strike again | Malware
At the moment, we’re seeing all kinds of sextortion emails. The scam is cheap to run, easy to automate, and apparently profitable enough that cybercriminals keep using it. Some criminals…
Read moreDoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering | Cybersecurity
Ravie LakshmananJun 24, 2026Money Laundering / Cybercrime The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based…
Read moreCisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root | Cybersecurity
Ravie LakshmananJun 24, 2026Vulnerability / Network Security Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager…
Read moreHackers steal passport and driver’s license data of 3 million Texans | Malware
You can change a password and cancel a card. But replacing a passport or driver’s license number every time someone leaves yours unsecured in a vendor database isn’t so easy….
Read moreInside the dark web: Stolen identities for 95¢, malware, and scams-for-hire | Malware
Most people have heard of the dark web, but few understand what it actually looks like or what goes on there. To separate fact from fiction, our research team spent…
Read moreFortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation | Cybersecurity
Ravie LakshmananJun 23, 2026Initial Access Broker / Firewall Security A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as…
Read moreMeta pauses controversial employee-tracking program after security review | Malware
Meta has paused a controversial employee‑tracking program after an internal security review found that highly granular keystroke and screen‑capture data from staff laptops was far more widely accessible inside the…
Read moreFake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents | Cybersecurity
Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts….
Read moreMalicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT | Cybersecurity
Ravie LakshmananJun 23, 2026Supply Chain Attack / Developer Security Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT)….
Read moreWhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool | Cybersecurity
Ravie LakshmananJun 23, 2026Malware / Social Engineering Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate…
Read moreDocument delivery scams: What are they and what’s their goal? | Malware
One of Malwarebytes’ managers recently received a call from scammers pretending to be a document delivery service. The voicemail sounded official: “I am calling on behalf of document delivery services….
Read moreShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack | Cybersecurity
Ravie LakshmananJun 22, 2026Supply Chain Attack / Malware Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official…
Read moreThousands of D-Link routers under control of AryStinger botnet | Malware
Researchers have found that the recently discovered AryStinger botnet has quietly hijacked thousands of end‑of‑life D‑Link routers and some network-attached storage (NAS) devices, turning them into a distributed scanning and…
Read more29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP Requests | Cybersecurity
Swati KhandelwalJun 22, 2026Vulnerability / Server Security A heap over-read in the Squid web proxy can leak another user’s cleartext HTTP request, including any credentials or session tokens it carries,…
Read moreA week in security (June 15 – June 21) | Malware
Last week on Malwarebytes Labs: Nearly 15,000 infected websites cleaned in SocGholish crackdown Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap Microsoft working on a…
Read moreCanada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices | Cybersecurity
Canada’s spy service got a judge’s permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federal Court released a…
Read moreHackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys | Cybersecurity
Ravie LakshmananJun 20, 2026Vulnerability / Web Security Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that’s installed on about 100,000 sites. The vulnerability,…
Read moreUnpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain | Cybersecurity
Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips. That code is burned into the silicon…
Read moreNearly 15,000 infected websites cleaned in SocGholish crackdown | Malware
We’re always happy to end the week with some positive news. A law enforcement action called Operation Endgame just delivered a major win against the long‑running SocGholish (aka FakeUpdates) operation….
Read moreAutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution | Cybersecurity
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker’s web…
Read moreApple patches Beats Studio Buds flaw that could turn earbuds into a wiretap | Malware
Apple has patched a Bluetooth flaw in Beats Studio Buds that could potentially turn your earbuds into a nearby wiretap. When you buy a pair of Bluetooth earbuds, you expect…
Read moreForget Data Leakage: Shadow AI’s Real Threat Is Access Control | Cybersecurity
The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive data into public AI tools. Security teams responded with usage policies, domain blocks, and data…
Read moreApple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone | Cybersecurity
Ravie LakshmananJun 19, 2026Mobile Security / Vulnerability Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop…
Read moreKodak confirms breach as ShinyHunters’ leak threat reaches deadline | Malware
The Eastman Kodak Company (Kodak) confirmed to BleepingComputer that it is investigating a security breach after the ShinyHunters extortion group claimed responsibility for the incident. Kodak is the latest organization…
Read moreF5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution | Cybersecurity
Ravie LakshmananJun 18, 2026Vulnerability / Cloud Security F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution…
Read more