An Iran-linked advanced persistent threat (APT) actor has been using a modular command-and-control (C&C) framework in recent attacks targeting organizations in Israel, Check Point reports. Tracked as Cavern Manticore, the APT focuses on government entities and IT providers, and appears linked to Iran's MOIS (Ministry of Intelligence and Security), with possible ties to the OilRig subgroup Lyceum (also known as Hexane and SiameseKitten). READ MORE...
Attackers are impersonating major companies and recruiters to target marketing professionals, using trusted services and browser tricks to make the scam look legitimate. A BleepingComputer article detailing the campaign found at least 34 domains impersonating high-value companies, including Netflix, Coca-Cola, Adidas, and FIFA. The lure is a fake job interview or scheduling request from a "recruiter" representing one of these major companies. READ MORE...
Civil liberties groups have accused the EU of dragging its feet in implementing key measures to prevent spyware infections after Citizen Lab revealed a former member of European Parliament was placed under surveillance during his time in office. Stelios Kouloglou, a former investigative journalist, served as a Greek MEP between 2014 and 2023 and was a substitute member of the inquiry into the use of Pegasus and other spyware (PEGA Committee). READ MORE...
Artificial intelligence is claiming many firsts as it permeates every layer of technology, including the tools cybercriminals use to break into networks, steal sensitive data, hop into connected systems and deploy malware. This includes, for the first time, according to Sysdig researchers, a case of agentic ransomware managing an extortion operation spanning reconnaissance, credential theft, lateral movement, persistence, encryption, destruction and the delivery of the ransom note itself. READ MORE...
A previously unknown advanced persistent threat (APT) group is targeting government agencies and critical infrastructure organizations in multiple countries with an extensive sophisticated malware toolkit designed to steal credentials, sensitive documents, and other high-value data. The campaign, which researchers at Kaspersky are tracking as "Armored Likho," has so far claimed victims in Russia, Brazil, and Kazakhstan. READ MORE...
A photo of an injured dog by the roadside. A dating profile with pictures that look almost too perfect. A donation appeal showing a family stranded on a rooftop after a flood. Scammers are already using AI-generated images to support fake stories, build trust, and persuade people to send money or share personal information. Instead of asking whether an image looks real, it's better to ask whether there's any evidence that it's genuine. READ MORE...
Anthropic quickly removed a tracker secretly monitoring Claude Code users in China after a security researcher exposed the hidden code and condemned the spyware-like tracking as a "serious breach of user trust." Last week, a web developer known as "Thereallo" was researching privacy issues in Claude Code and was shocked to find that the AI firm was using "prompt steganography" to hide code that tracks Chinese users "in plain sight." READ MORE...
A 16-year-old Linux kernel vulnerability, dubbed Januscape, allows attackers to escape a virtual machine and execute arbitrary code on the host. According to Hyunwoo Kim, the security researcher who discovered it, this guest-to-host escape flaw (tracked as CVE-2026-53359) stems from a use-after-free weakness in the shadow MMU emulation of KVM/x86, the kernel-based virtual machine built for x86 and x86_64 (AMD64) processor architectures. READ MORE...
Threat actors are exploiting a recently patched vulnerability in Adobe ColdFusion that carries a maximum severity rating. Tracked as CVE-2026-48282 (CVSS score of 10/10), the security defect is described as a path traversal that could lead to arbitrary code execution. It was patched on June 30 alongside five other max severity flaws in Adobe's rapid application development platform that could be exploited for code execution. READ MORE...
Another NetScaler security vulnerability in the vein of the infamous "CitrixBleed" flaw has come under attack, which could leak risky corporate information. Citrix on June 30 took the wraps off CVE-2026-8451, the memory overread vulnerability in the company's Netscaler product line that received a CVSS score of 8.8. The high-severity flaw affects Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices that are configured as a SAML identity provider (IDP). READ MORE...