TECHZONE™

Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar https://thehackernews.com/2026/06/your-automated-pentest-looks-clean-see.html Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report looks stable. Leadership reads "stable" as "secure." It usually isn't. The work slows down. The risk does not. That gap is what a The Hacker News webinar with Picus Security sets out to close. Autumn

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security

Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards https://thehackernews.com/2026/06/anthropic-releases-claude-fable-5-its.html On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability but by a layer of safety classifiers. Fable 5 goes to the public. Its twin, Claude Mythos 5, the same underlying model with the cyber safeguards lifted, stays locked to a vetted group of cyber

ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances https://thehackernews.com/2026/06/servicenow-flaw-exploited-to-gain.html ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. "On June 5, 2026, ServiceNow applied a security update to hosted customer instances," the company revealed in an advisory that requires customer access. "The update concerned a security issue that could allow an unauthenticated user, in

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet. "The exploit is a race condition, so it's a hit or miss," the researcher, who published the exploit under a new GitHub account, "MSNightmare" said. "I have managed to get a 100% success rate on

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS https://thehackernews.com/2026/06/six-proto6-vulnerabilities-in.html Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could result in remote code execution (RCE) and denial-of-service (DoS) attacks. "In affected environments, a single malicious protobuf schema, descriptor, or crafted payload could be enough to trigger

Cybercriminals: the 'auditors' you never hired https://www.welivesecurity.com/en/business-security/cybercriminals-auditors-never-hired/ Every organisation gets audited. The question is who does the auditing.

Meta to Use Off-Site Business Data for Feed and AI Personalization https://thehackernews.com/2026/06/meta-to-use-off-site-business-data-for.html Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads. "Businesses often share information about people's activity on their sites with us to make ads more relevant," Meta said in a statement. "We already use this data - like games you play

Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code https://thehackernews.com/2026/06/veeam-backup-replication-rce-flaw-lets.html Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory. It

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues https://thehackernews.com/2026/06/microsoft-restores-some-github-repos.html Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the broader ecosystem," a Microsoft spokesperson told The Hacker News via email. "We temporarily removed some

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer https://thehackernews.com/2026/06/hades-pypi-attack-19-packages-poisoned.html The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems. "The compromised releases shipped a *-setup.pth file that attempts to execute automatically

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command injection vulnerability that could allow any authenticated user to run arbitrary commands on the

One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public https://thehackernews.com/2026/06/one-character-linux-kernel-flaw-enables.html Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel's nf_tables packet-filtering code and was patched upstream on February 5, 2026. Exodus Intelligence released its full technical walkthrough on June 8, and it is not even

Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order https://thehackernews.com/2026/06/meta-blocks-nso-groups-new-whatsapp.html Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group. In addition, the tech giant said it's filing a federal court contempt order against the company for violating a permanent injunction that barred it from targeting WhatsApp and its users. "They tried to trick people into clicking on malicious links to drive them to external websites

Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups https://thehackernews.com/2026/06/critical-check-point-vpn-flaw-exploited.html Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker to bypass user

AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload https://thehackernews.com/2026/06/ai-phishing-is-crushing-socs-with-alert.html Phishing has always been a numbers game. AI has turned it into a volume machine. Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert that cannot be dismissed at a glance. As the queue grows, a credential theft attempt or malware delivery can easily

⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More https://thehackernews.com/2026/06/weekly-recap-instagram-account-hacks.html Monday again. The weekend was meant to be quiet. It wasn't. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked. A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes showed up again. And while everyone chased the loud stuff, quieter attackers sat in inboxes for months, reading mail and

The Hardest Fork https://thehackernews.com/2026/06/the-hardest-fork.html Mythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why. I get it. But I've seen the findings, and they're bad. These aren't "whoops, this line right here is wrong, and that's RCE." They're novel combinations of a few dozen issues out of thousands of things every SAST scanner already finds, chained together into something much worse. It's real creativity,

VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems. The activity has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo, which it said overlaps with hacking groups known as Clay Typhoon (Microsoft),

UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026. The activity has been attributed by Google Mandiant and Google Threat Intelligence Group (GTIG) to a threat actor dubbed UNC3753, which is also known as