TECHZONE™

AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload https://thehackernews.com/2026/06/ai-phishing-is-crushing-socs-with-alert.html Phishing has always been a numbers game. AI has turned it into a volume machine. Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert that cannot be dismissed at a glance. As the queue grows, a credential theft attempt or malware delivery can easily

⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More https://thehackernews.com/2026/06/weekly-recap-instagram-account-hacks.html Monday again. The weekend was meant to be quiet. It wasn't. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked. A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes showed up again. And while everyone chased the loud stuff, quieter attackers sat in inboxes for months, reading mail and

The Hardest Fork https://thehackernews.com/2026/06/the-hardest-fork.html Mythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why. I get it. But I've seen the findings, and they're bad. These aren't "whoops, this line right here is wrong, and that's RCE." They're novel combinations of a few dozen issues out of thousands of things every SAST scanner already finds, chained together into something much worse. It's real creativity,

VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems. The activity has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo, which it said overlaps with hacking groups known as Clay Typhoon (Microsoft),

UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026. The activity has been attributed by Google Mandiant and Google Threat Intelligence Group (GTIG) to a threat actor dubbed UNC3753, which is also known as

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks https://thehackernews.com/2026/06/vs-code-adds-2-hour-extension-auto.html Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in an attempt to tackle software supply chain threats. "When automatic updates are enabled, new versions are auto-updated two hours after they are published, adding an extra layer of protection

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration https://thehackernews.com/2026/06/new-chatgpt-lockdown-mode-limits-tools.html OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection guarantees. Lockdown Mode is available to logged-in users across Free, Go, Plus, and Pro, and

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI https://thehackernews.com/2026/06/free-apps-are-quietly-turning-smart-tvs.html A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the AI industry. The company, the successor to Luminati, operates what it calls the largest residential proxy network in the world,

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog https://thehackernews.com/2026/06/cisa-adds-actively-exploited-solarwinds.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs https://thehackernews.com/2026/06/ai-agent-uncovers-21-zero-days-in.html Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped Chrome 149 with patches for 429 security bugs, the most ever in a single release. Only the FFmpeg bugs were found by AI.

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack https://thehackernews.com/2026/06/miasma-worm-hits-73-microsoft-github.html Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, per OpenSourceMalware. The development has GitHub to disable access to those repositories. "Access to this

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available https://thehackernews.com/2026/06/cisco-catalyst-sd-wan-manager-cve-2026.html Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types - On-Prem Deployment Cisco SD-WAN Cloud-Pro Cisco SD-WAN Cloud (Cisco Managed) Cisco SD-WAN for Government (FedRAMP) "A

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks https://thehackernews.com/2026/06/ironworm-and-new-miasma-worm-variant.html Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer "scrapes every secret it can find on a developer's machine, hides behind an eBPF kernel rootkit, and

Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps https://thehackernews.com/2026/06/android-spyware-asin-targets-arabic.html Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites mimicking utilities, war-related updates, and a government news source: govlens[.]net, which

New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework https://thehackernews.com/2026/06/new-threat-cluster-op-512-targets.html Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework. ReliaQuest has assessed with moderate to high confidence that the espionage-focused activity is linked to China. "OP-512 was highly likely conducting espionage through a

Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver https://thehackernews.com/2026/06/only-10-of-socs-say-theyre-getting.html Eighteen months ago, the AI SOC was a marketing line. Today it's a budget item. The category has crossed over from interesting to inevitable, with billions of dollars now flowing into AI-powered security operations platforms, agentic SOC tools, and AI co-pilots built into every layer of the security stack. The data shows SOCs are buying, deploying, and standing up AI capabilities at the fastest

Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It https://thehackernews.com/2026/06/agentic-ai-is-transforming-defense-but.html Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's Claude Mythos model was made available to a limited set of organizations as a technical preview, it was reported that an unauthorized group claimed that it had gained access within hours. The incident, if true, was

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets https://thehackernews.com/2026/06/doj-disrupts-southeast-asia-crypto.html The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by transnational

Lessons for life: Why children’s data is a long-term identity risk https://www.welivesecurity.com/en/kids-online/lessons-life-childrens-data-long-term-identity-risk/ Your child’s first data breach may happen before they’ve even opened a bank account. Here’s how to keep their digital life safe.

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android https://thehackernews.com/2026/06/whatsapp-slack-notifications-could.html A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term memory. No malicious app on the phone is required. The assistant just had to treat a hostile