AI-built ransomware toolkit automates EDR evasion, AD discovery
AI-built ransomware toolkit automates EDR evasion, AD discovery By Bill Toulas June 2, 2026 04:01 PM A threat actor is using an AI-built ransomware attack toolkit that automates Active…
Search
Max severity Cisco Secure Workload flaw gives Site Admin privileges
…New Cisco DoS flaw requires manual reboot to revive devices Critical Cisco IMC auth bypass gives attackers Admin access Hackers exploit React2Shell in automated credential theft campaign Hackers bypass SonicWall VPN MFA…
Google accidentally exposed details of unfixed Chromium flaw
…An automated email informed Rebane that she had been awarded a bug bounty of $1,000. All access restrictions on Chromium Issue Tracker were removed on May 20, since the bug had…
ShapedPlugin update flow hacked to infect WordPress sites
ShapedPlugin update flow hacked to infect WordPress sites By Bill Toulas June 18, 2026 08:55 AM Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected…
Chinese hackers hijack auth flow, spy on isolated network for a decade
Chinese hackers hijack auth flow, spy on isolated network for a decade By Bill Toulas June 13, 2026 10:06 AM Chinese hackers took control of a target organization's authentication stack…
Microsoft backpedals: Edge to stop loading passwords into memory
…mode after hackers began leveraging zero-day exploits in the Chakra JavaScript engine to access target devices. The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver…
GitHub confirms breach of 3,800 repos via malicious VSCode extension
…GitHub investigates internal repositories breach claimed by TeamPCP 7-Eleven confirms data breach claimed by the ShinyHunters gang Grafana says stolen GitHub token let hackers steal codebase TeamPCP hackers advertise Mistral AI…
Microsoft Self-Service Password Reset abused in Azure data theft attacks
…To make the ruse more convincing, the hacker poses as an IT support employee requiring urgent verification of the account. The hacker then reset the password, removed the MFA controls, and enrolled…
Microsoft warns of Exchange zero-day flaw exploited in attacks
…EEMS runs as a Windows service on Exchange Mailbox servers and is automatically enabled on servers with the Mailbox role. The security feature was added after many hacking groups exploited ProxyLogon and…
Critical vm2 sandbox bug lets attackers execute code on hosts
…It is commonly employed by online coding platforms, automation tools, and SaaS apps that execute user-supplied scripts. The library attempts to isolate sandboxed code from the host system and block access…