Xpykerz

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels #News Posted On 📆 : Tue, 16 Jun 2026 01:02:52 +0530 Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi). According to a report published by Proofpoint, the threat actor has been found orchestrating phishing campaigns using developer role recruitment or code review themes 😍Share And Support😍 ➖@Xpykerz➖

Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails #News Posted On 📆 : Tue, 16 Jun 2026 01:14:06 +0530 A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the unusual part: the attackers rewired the victims' own Google Workspace rules to copy any message 😍Share And Support😍 ➖@Xpykerz➖

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation #News Posted On 📆 : Tue, 16 Jun 2026 11:11:52 +0530 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026. The vulnerability in question is CVE-2026-54420 (CVSS score: 8.5), which has been described as a case of privilege 😍Share And Support😍 ➖@Xpykerz➖

Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw #News Posted On 📆 : Tue, 16 Jun 2026 11:35:58 +0530 Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0. "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or 😍Share And Support😍 ➖@Xpykerz➖

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware #News Posted On 📆 : Tue, 16 Jun 2026 13:44:55 +0530 The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT. "The attack email contained a message impersonating an MS account security alert," the Genians Security Center (GSC) said. "It was designed to create concern over possible 😍Share And Support😍 ➖@Xpykerz➖

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth #News Posted On 📆 : Tue, 16 Jun 2026 15:14:34 +0530 Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. "The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS," ESET said in a report shared with The Hacker News. "Both come with a hard-coded C&C [command-and-control] configuration and support communication over TCP, UDP, 😍Share And Support😍 ➖@Xpykerz➖

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week #News Posted On 📆 : Tue, 16 Jun 2026 16:00:41 +0530 Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours. CVE-2026-39813 (CVSS score: 9.1) refers to a path traversal vulnerability in FortiSandbox JRPC API that could 😍Share And Support😍 ➖@Xpykerz➖

Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive #News Posted On 📆 : Tue, 16 Jun 2026 17:00:00 +0530 Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and platforms. Yet despite this abundance of information, many organizations continue to face a fundamental challenge: sifting through the noise to understand who is behind an IP and 😍Share And Support😍 ➖@Xpykerz➖

New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds #News Posted On 📆 : Tue, 16 Jun 2026 18:40:17 +0530 Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends SMS, rewrites the clipboard to redirect crypto payments, and switches off Google Play 😍Share And Support😍 ➖@Xpykerz➖

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures #News Posted On 📆 : Tue, 16 Jun 2026 23:11:28 +0530 Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader, observed in April 2026, have targeted education and financial organizations. "Earlier BabaDeda activity was known for 😍Share And Support😍 ➖@Xpykerz➖

Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw #News Posted On 📆 : Mon, 15 Jun 2026 11:47:32 +0530 Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication bypass flaw affecting the portal and gateway components of PAN-OS software that could be exploited by bad 😍Share And Support😍 ➖@Xpykerz➖

Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts #News Posted On 📆 : Mon, 15 Jun 2026 12:00:22 +0530 Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations. "These accounts promoted fake offers, including free mobile internet packages, financial compensation, and government subsidy programs," Group-IB 😍Share And Support😍 ➖@Xpykerz➖

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites #News Posted On 📆 : Mon, 15 Jun 2026 15:29:38 +0530 An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under the attacker's control and installed a hidden plugin that opened a way back in. Ordinary visitors did not trigger it 😍Share And Support😍 ➖@Xpykerz➖

152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic #News Posted On 📆 : Mon, 15 Jun 2026 16:37:50 +0530 Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family. The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: tabplugins[.]com, yowgames[.]com, and chromewallpaper[.]com. They have been collectively installed 105,000 times. The 😍Share And Support😍 ➖@Xpykerz➖

The Onboarding Password Mistake That Creates Unnecessary Risk #News Posted On 📆 : Mon, 15 Jun 2026 17:00:00 +0530 Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary "first-day" password so employees can access systems for the first time. The issue is that these passwords don't always stay temporary. They may be sent over email or SMS, reused across accounts, 😍Share And Support😍 ➖@Xpykerz➖

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More #News Posted On 📆 : Mon, 15 Jun 2026 19:19:29 +0530 Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software keeps becoming someone else's entry point. Scroll through the full Monday Cybersecurity 😍Share And Support😍 ➖@Xpykerz➖

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes #News Posted On 📆 : Mon, 15 Jun 2026 20:39:05 +0530 A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL filtering tools were 😍Share And Support😍 ➖@Xpykerz➖

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers #News Posted On 📆 : Mon, 15 Jun 2026 22:09:01 +0530 A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one OpenAI-compatible interface. A server takeover exposes every provider key it holds, the secrets that 😍Share And Support😍 ➖@Xpykerz➖

Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing #News Posted On 📆 : Sat, 13 Jun 2026 00:29:32 +0530 Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans. The network is said to be behind the development and management of a phishing-as-a-service (PhaaS) software kit called Outsider, per the tech giant. "The operation weaponized Gemini to help 😍Share And Support😍 ➖@Xpykerz➖

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit #News Posted On 📆 : Sat, 13 Jun 2026 01:03:25 +0530 Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux's community package collection, and it is separate 😍Share And Support😍 ➖@Xpykerz➖