Security Affairs

Security Affairs General Google SAP 4d ago

Fake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications

SafeBreach tricked Gemini into obeying attackers via WhatsApp notifications, using hidden foreign-language text to bypass Google’s defenses and control smart...

Security Affairs →

Security Affairs CVE 5d ago

U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog

U.S.

1 IOC

Security Affairs →

Security Affairs CVE Cisco 5d ago

Critical Cisco Unified CM Bug Patched as Public Exploit Code Emerges

Cisco patched a critical Unified CM flaw with public PoC code that allows unauthenticated attackers to launch SSRF attacks remotely. Cisco has addressed a hi...

1 IOC

Security Affairs →

Security Affairs Vulnerability Disclosure Microsoft 5d ago

Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets

Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Tele...

Security Affairs →

Security Affairs Zero-Day Microsoft GitHub 5d ago

Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft’s Disclosure Process

A researcher publicly released a VS Code exploit within hours, citing past disputes with Microsoft over bug handling. The security researcher Ammar Askar fou...

Security Affairs →

Security Affairs Campaigns 5d ago

29 Arrests, Nine Crime Groups Dismantled: Another Blow to Illegal Streaming

International Operation KRATOS led by Europol dismantled illegal streaming networks, leading to 29 arrests and nine crime groups taken down.

Security Affairs →

Security Affairs Campaigns Microsoft Broadcom 6d ago

Cyber espionage campaign targeted stock exchange executive’s Outlook account

Attackers spent five months silently stealing emails from a stock exchange executive’s Outlook account in a suspected espionage operation. A threat actor qui...

Security Affairs →

Security Affairs Campaigns Intel 6d ago

Russia’s FSB Says Foreign Spies Infected Officials’ Phones With Malware

Russia’s FSB claims foreign intelligence planted malware on senior officials’ phones to intercept calls and activate cameras. No technical evidence, no count...

Security Affairs →

Security Affairs General Microsoft Google Amazon Linux 6d ago

U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

U.S.

Security Affairs →

Security Affairs CVE Google Amazon 6d ago

Google Patches Actively Exploited Android Flaw Affecting Millions of Devices

Google fixed 124 Android flaws, including CVE-2025-48595, an actively exploited privilege escalation bug linked to targeted attacks. Google has released its ...

T1548 T1598 1 IOC

Security Affairs →

Security Affairs CVE Rapid7 6d ago

Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold

Rapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7’s lat...

T1598 1 IOC

Security Affairs →

Security Affairs General Jun 2

Instagram Account Hijacks Expose the Security Risks of AI-Powered Support

Attackers exploited Meta’s AI support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes. Attackers abused Met...

Security Affairs →

Security Affairs CVE Palo Alto Networks Oracle Jun 2

U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog

U.S.

1 IOC

Security Affairs →

Security Affairs General Jun 2

ENISA NIS360 2026: Progress Across the Board, But the Sectors That Matter Most Are Still Falling Short

ENISA NIS360 2026 shows cybersecurity improving across EU critical sectors, but health, water, rail, and space remain in the risk zone. ENISA has published i...

Security Affairs →

Security Affairs TTPs WordPress Jun 2

GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure

Malware on approximately 2,000 WordPress sites hid C2 instructions in Steam profile comments using invisible Unicode. GoDaddy researchers spotted a command-a...

T1583

Security Affairs →

Security Affairs Ransomware Intel Jun 1

Ransomware Operators Keep Business Hours. The Data Proves It

16,699 ransomware leak posts over 2 years show 84% drop Monday–Friday, peak at European afternoon hours. October spikes yearly.

Security Affairs →

Security Affairs Ransomware Intel Jun 1

Ransomware Operators Keep Business Hours. The Data Proves It

16,699 ransomware leak posts over 2 years show 84% drop Monday–Friday, peak at European afternoon hours. October spikes yearly.

Security Affairs →

Security Affairs CVE Google WordPress Jun 1

CVE-2026-8732: The WP Maps Pro Flaw That Lets Anyone Create a WordPress Admin Without a Password

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create WordPress admin accounts. 2,858 attacks blocked in 24 hours.

1 IOC

Security Affairs →

Security Affairs Vulnerability Disclosure Linux Jun 1

CIFSwitch, a Linux Root Bug Hidden in Plain Sight for 19 Years

CIFSwitch is a 19-year-old Linux logic bug turning forged CIFS auth keys into root. Affects Mint, CentOS, Rocky, Kali, SLES.

T1548 T1598

Security Affairs →

Security Affairs CVE Palo Alto Networks Jun 1

U.S. CISA adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog

U.S.

1 IOC

Security Affairs →