¡Ya disponible! Investigación de Telegram 2025 — los principales insights del año 
Vulnerability News
Ir al canal en Telegram
Every day new posts about vulnerabilities and cybersecurity news. Get the latest news about the cyberspace! Group: @VulnerabilityNewsGroup
Mostrar más4 941
Suscriptores
+424 horas
+247 días
+13230 días
Carga de datos en curso...
Canales Similares
Nube de Etiquetas
Menciones Entrantes y Salientes
---
---
---
---
---
---
Atraer Suscriptores
junio '26
junio '26
+80
en 0 canales
mayo '26
+204
en 0 canales
Get PRO
abril '26
+187
en 0 canales
Get PRO
marzo '26
+254
en 0 canales
Get PRO
febrero '26
+116
en 0 canales
Get PRO
enero '26
+166
en 0 canales
Get PRO
diciembre '25
+134
en 0 canales
Get PRO
noviembre '25
+139
en 0 canales
Get PRO
octubre '25
+8
en 0 canales
Get PRO
septiembre '25
+12
en 0 canales
Get PRO
agosto '25
+13
en 0 canales
Get PRO
julio '25
+11
en 0 canales
Get PRO
junio '25
+12
en 0 canales
Get PRO
mayo '25
+18
en 1 canales
Get PRO
abril '25
+14
en 0 canales
Get PRO
marzo '25
+21
en 0 canales
Get PRO
febrero '25
+17
en 0 canales
Get PRO
enero '25
+15
en 1 canales
Get PRO
diciembre '24
+262
en 1 canales
Get PRO
noviembre '24
+206
en 1 canales
Get PRO
octubre '24
+166
en 0 canales
Get PRO
septiembre '24
+146
en 0 canales
Get PRO
agosto '24
+137
en 0 canales
Get PRO
julio '24
+96
en 1 canales
Get PRO
junio '24
+91
en 0 canales
Get PRO
mayo '24
+95
en 0 canales
Get PRO
abril '24
+104
en 0 canales
Get PRO
marzo '24
+149
en 0 canales
Get PRO
febrero '24
+279
en 0 canales
Get PRO
enero '24
+395
en 0 canales
Get PRO
diciembre '23
+327
en 0 canales
Get PRO
noviembre '23
+38
en 0 canales
Get PRO
octubre '23
+32
en 0 canales
Get PRO
septiembre '23
+47
en 0 canales
Get PRO
agosto '23
+53
en 0 canales
Get PRO
julio '23
+51
en 0 canales
Get PRO
junio '23
+42
en 0 canales
Get PRO
mayo '23
+43
en 0 canales
Get PRO
abril '23
+67
en 0 canales
Get PRO
marzo '23
+65
en 0 canales
Get PRO
febrero '23
+45
en 0 canales
Get PRO
enero '23
+67
en 0 canales
Get PRO
diciembre '22
+62
en 0 canales
Get PRO
noviembre '22
+71
en 0 canales
Get PRO
octubre '22
+70
en 0 canales
Get PRO
septiembre '22
+55
en 0 canales
Get PRO
agosto '22
+44
en 0 canales
Get PRO
julio '22
+54
en 0 canales
Get PRO
junio '22
+78
en 0 canales
Get PRO
mayo '22
+46
en 0 canales
Get PRO
abril '22
+77
en 0 canales
Get PRO
marzo '22
+105
en 0 canales
Get PRO
febrero '22
+48
en 0 canales
Get PRO
enero '22
+61
en 0 canales
Get PRO
diciembre '21
+99
en 0 canales
Get PRO
noviembre '21
+68
en 0 canales
Get PRO
octubre '21
+170
en 0 canales
Get PRO
septiembre '21
+72
en 0 canales
Get PRO
agosto '21
+104
en 0 canales
Get PRO
julio '21
+72
en 0 canales
Get PRO
junio '21
+292
en 0 canales
Get PRO
mayo '21
+1 344
en 0 canales
| Fecha | Crecimiento de Suscriptores | Menciones | Canales | |
| 15 junio | +4 | |||
| 14 junio | +4 | |||
| 13 junio | +3 | |||
| 12 junio | +6 | |||
| 11 junio | +7 | |||
| 10 junio | +4 | |||
| 09 junio | +2 | |||
| 08 junio | +8 | |||
| 07 junio | +8 | |||
| 06 junio | +8 | |||
| 05 junio | +2 | |||
| 04 junio | +8 | |||
| 03 junio | +6 | |||
| 02 junio | +4 | |||
| 01 junio | +6 |
Publicaciones del Canal
FBI disrupts massive AI-powered phishing service using a million URLs
In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords. [...]
https://www.bleepingcomputer.com/news/security/fbi-disrupts-massive-ai-powered-phishing-service-using-a-million-urls/
| 2 | U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals
Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether inside or outside the U.S., citing national security concerns.
The AI company said it received an order at 5:21 p.m. ET, instructing it to suspend
https://thehackernews.com/2026/06/us-orders-anthropic-to-suspend-fable-5.html | 176 |
| 3 | Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution.
The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system.
"In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary
https://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html | 154 |
| 4 | Anthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export Controls
Anthropic takes Fable 5 and Mythos 5 offline to comply with a directive from the Trump administration to prevent use by foreign nationals.
The post Anthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export Controls appeared first on SecurityWeek.
https://www.securityweek.com/anthropic-says-it-has-taken-its-latest-ai-models-offline-to-comply-with-new-export-controls/ | 119 |
| 5 | NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks
By default, npm install will no longer execute scripts from dependencies, unless explicitly allowed.
The post NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks appeared first on SecurityWeek.
https://www.securityweek.com/npm-12-will-change-script-execution-behavior-to-prevent-supply-chain-attacks/ | 90 |
| 6 | US Gov asks Anthropic to ban 'foreign national' access to Fable, Mythos
The US government has ordered Anthropic to block all foreign nationals from accessing Fable 5 and Mythos 5, forcing the company to suspend both models worldwide. Anthropic is complying but disputes the basis, calling the cited jailbreak narrow and the capability widely available elsewhere. [...]
https://www.bleepingcomputer.com/news/security/us-gov-asks-anthropic-to-ban-foreign-national-access-to-fable-mythos/ | 72 |
| 7 | Chinese hackers hijack auth flow, spy on isolated network for a decade
Chinese hackers took control of a target organization's authentication stack and maintained persistence for 10 years, with full visibility into the administrative activity. [...]
https://www.bleepingcomputer.com/news/security/chinese-hackers-hijack-auth-flow-spy-on-isolated-network-for-a-decade/ | 66 |
| 8 | Ex-school district employee jailed for hacks on former employer
A former IT employee at an Iowa school district was sentenced to 21 months in prison after conducting a prolonged cyberattack against the former employer that disrupted classroom operations, deleted accounts, and caused tens of thousands of dollars in damages. [...]
https://www.bleepingcomputer.com/news/security/ex-school-district-employee-jailed-for-hacks-on-former-employer/ | 81 |
| 9 | Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing
Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans.
The network is said to be behind the development and management of a phishing-as-a-service (PhaaS) software kit called Outsider, per the tech giant.
"The operation weaponized Gemini to help
https://thehackernews.com/2026/06/google-sues-chinese-smishing-network.html | 118 |
| 10 | Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.
The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux's community package collection, and it is separate
https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html | 114 |
| 11 | CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-35273 Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies, updating BOD 22-01. BOD 26-04 reinforces the importance of the KEV catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check whether threat actors compromised the system before the patch was applied.
While BOD 26-04 applies only to FCEB agencies, CISA encourages all organizations to adopt risk-based vulnerability management and prioritize remediation of KEV catalog vulnerabilities. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Aware of an exploited vulnerability not currently listed in the KEV catalog? Submit for potential addition: KEV Nomination Form. Potential KEV additions must have a CVE ID, evidence of exploitation, and clear mitigation guidance.
https://www.cisa.gov/news-events/alerts/2026/06/12/cisa-adds-one-known-exploited-vulnerability-catalog | 100 |
| 12 | Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters
Oracle has mitigated CVE-2026-35273, but it has not publicly confirmed the vulnerability’s in-the-wild exploitation.
The post Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters appeared first on SecurityWeek.
https://www.securityweek.com/google-confirms-exploitation-of-oracle-peoplesoft-zero-day-by-shinyhunters/ | 70 |
| 13 | Anthropic Disputes Fable 5 AI Jailbreak
An AI hacker claims to have achieved a prompt-based jailbreak shortly after Fable 5’s launch, but Anthropic says it’s not a real jailbreak.
The post Anthropic Disputes Fable 5 AI Jailbreak appeared first on SecurityWeek.
https://www.securityweek.com/anthropic-disputes-fable-5-ai-jailbreak/ | 72 |
| 14 | Chrome 149 Update Patches 28 Vulnerabilities
The browser refresh resolved critical and high-severity security defects, including a dozen use-after-free bugs.
The post Chrome 149 Update Patches 28 Vulnerabilities appeared first on SecurityWeek.
https://www.securityweek.com/chrome-149-update-patches-28-vulnerabilities/ | 45 |
| 15 | Ivanti Sentry Exploitation Attempts Hitting Honeypots
The critical-severity OS command injection vulnerability allows attackers to execute arbitrary code with root privileges.
The post Ivanti Sentry Exploitation Attempts Hitting Honeypots appeared first on SecurityWeek.
https://www.securityweek.com/ivanti-sentry-exploitation-attempts-hitting-honeypots/ | 47 |
| 16 | Iranian Cyber Group Handala Claims Cal Water Hack
The hackers published 5GB of data, including customer personal information and credentials for the RTKBase platform.
The post Iranian Cyber Group Handala Claims Cal Water Hack appeared first on SecurityWeek.
https://www.securityweek.com/iranian-cyber-group-handala-claims-cal-water-hack/ | 47 |
| 17 | Industry Reactions to Claude Fable 5: Feedback Friday
Industry professionals comment on various aspects of Fable 5, including dual-use capabilities, safeguards, and tiered access.
The post Industry Reactions to Claude Fable 5: Feedback Friday appeared first on SecurityWeek.
https://www.securityweek.com/industry-reactions-to-claude-fable-5-feedback-friday/ | 42 |
| 18 | In Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine
Other noteworthy stories that might have slipped under the radar: ICS device exposure remains flat as attack surface widens, Microsoft issues incident response playbook for AI, IBM and AT&T accused of hack cover-ups.
The post In Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine appeared first on SecurityWeek.
https://www.securityweek.com/in-other-news-google-security-layoffs-audia6-takedown-400-million-coupang-fine/ | 39 |
| 19 | Japanese energy firm loses drive with data of 10.9 million clients
Kyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. [...]
https://www.bleepingcomputer.com/news/security/japanese-energy-firm-loses-drive-with-data-of-109-million-clients/ | 35 |
| 20 | Over 73,000 French govt employees affected in Tchap messenger breach
The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. [...]
https://www.bleepingcomputer.com/news/security/french-govt-says-tchap-breach-affected-over-73-000-accounts/ | 40 |
