TECHZONE™

INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific https://thehackernews.com/2026/06/interpol-warns-phishing-ransomware-and.html A new report from INTERPOL has revealed a "dramatic increase" in cybercrime in Asia and the South Pacific, fueled by rapid digitalization, internet penetration, new technologies, organized criminal networks, and a disparity in cybersecurity maturity. According to INTERPOL's 2025/2026 Asia and South Pacific Cyberthreat Assessment Report, phishing has emerged as the most widespread and

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys https://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens

Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain https://thehackernews.com/2026/06/unpatchable-usbliter8-exploit-breaks.html Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips. That code is burned into the silicon at manufacture. No software update can reach it. Affected devices will carry this flaw for as long as they stay in use. This is not a remote attack. It requires

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes https://thehackernews.com/2026/06/the-gentlemen-raas-uses-gentlekiller.html The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affiliates for impairing system defenses before deploying the encryptor. This mature portfolio of EDR-terminating tools is centered around a framework that's known as GentleKiller. "They also incorporate third-party or

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution https://thehackernews.com/2026/06/autojack-attack-lets-one-web-page.html Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker's web page, and that page's JavaScript can reach a privileged local service on the same machine and spawn a process on the host. No credentials, no sign-in screen, and no further user interaction once

Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites https://thehackernews.com/2026/06/operation-endgame-disrupts-socgholish.html Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites. "With these actions we deprive cybercriminals of access to infected computer systems," Maikel Rollman of the Netherlands National High Tech Crime Unit said. "This prevents

CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices https://thehackernews.com/2026/06/cisa-warns-fortinet-customers-as.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices. The sweeping campaign, believed to be the work of Russian-speaking threat actors, has been codenamed FortiBleed. The number of compromised devices stands at

From Assistive to Agentic: The AI Shift That's Redefining Threat Management https://thehackernews.com/2026/06/from-assistive-to-agentic-ai-shift.html Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset data. But often, these tools are working in siloes, generating (overlapping) alerts and data. And yet, breach dwell times remain stubbornly long (~43 days), response windows keep closing before teams can act, and analysts burn out triaging noise instead

Forget Data Leakage: Shadow AI's Real Threat Is Access Control https://thehackernews.com/2026/06/forget-data-leakage-shadow-ais-real.html The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive data into public AI tools. Security teams responded with usage policies, domain blocks, and data loss prevention rules. That response made sense at the time. It doesn't fit the problem anymore. Shadow AI has shifted from a data leakage concern to an access control problem. The threat isn't

Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data https://thehackernews.com/2026/06/salesforce-disables-klue-app.html Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To that end, organizations will be unable to connect to Salesforce via the app until further notice, the American cloud-based software company noted in an alert published this week. "Salesforce took

Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone https://thehackernews.com/2026/06/apple-patches-beats-studio-buds-flaw.html Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting the Airoha Bluetooth audio SDK that makes it possible to pair a Bluetooth audio device without user consent.

Killing me gently: Inside Gentlemen’s EDR killer framework https://www.welivesecurity.com/en/eset-research/killing-me-gently-inside-gentlemens-edr-killer-framework/ ESET Research shares the results of a months-long investigation into the suite of EDR killers maintained by the RaaS gang Gentlemen

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution https://thehackernews.com/2026/06/f5-patches-two-critical-nginx-open.html F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below - CVE-2026-42530 (CVSS v4 score: 9.2) - A use-after-free vulnerability in the ngx_http_v3_module that could be triggered by a remote unauthenticated attacker when NGINX Open Source is

Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network https://thehackernews.com/2026/06/orphaned-ai-agents-how-to-find-hidden.html If an autonomous AI agent interacts with your company's core intellectual property today, can your security team instantly name the person who authorized it? For most enterprises, the answer is a simple no. The rush to adopt internal AI tools has left a massive trail of administrative debt: orphaned agents (AI tools left running after their creator leaves the company) and standing privileges (

The Scripts on Your Checkout Page Are Now a PCI DSS Problem https://thehackernews.com/2026/06/the-scripts-on-your-checkout-page-are.html An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the full QSA assessment here → When a customer types their card number into your checkout, their browser is running far more than your code. Analytics tags, a tag manager, a support widget, a payment iframe: a modern checkout loads dozens of third-party scripts, and any one of them can be turned

Protecting legacy OT systems against modern cyberthreats https://www.welivesecurity.com/en/critical-infrastructure/protecting-legacy-ot-systems-modern-threats/ Many manufacturing plants depend on OT systems that stay in service for many years. That long run can hide significant cybersecurity risks.

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments https://thehackernews.com/2026/06/crypto-clipper-campaign-abuses-fake.html An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phishing page that acts as the central hub, alongside GitHub and SourceForge projects promoted by fake accounts, a YouTube channel, and a

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development https://thehackernews.com/2026/06/microsoft-confirms-rogueplanet-defender_02022423645.html Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a privilege escalation flaw. "Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline https://thehackernews.com/2026/06/junior-hacker-used-tailscale-and.html A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim's machine, building a way back in that did not run through the C2 at all. When the Havoc server went offline the next

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats https://thehackernews.com/2026/06/malicious-jetbrains-plugins-steal-ai.html Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys. "Every plugin poses as an AI coding assistant built on DeepSeek and other large language models, offering chat, commit messages, code review, bug finding, and unit tests,"