TECHZONE™

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites https://thehackernews.com/2026/06/popular-wordpress-plugin-scripts.html An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under the attacker's control and installed a hidden plugin that opened a way back in. Ordinary visitors did not trigger it

Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts https://thehackernews.com/2026/06/sniper-dz-scams-target-mena-users-via.html Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations. "These accounts promoted fake offers, including free mobile internet packages, financial compensation, and government subsidy programs," Group-IB

Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw https://thehackernews.com/2026/06/palo-alto-warns-of-active-exploitation.html Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication bypass flaw affecting the portal and gateway components of PAN-OS software that could be exploited by bad

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication https://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. "In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary

U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals https://thehackernews.com/2026/06/us-orders-anthropic-to-suspend-fable-5.html Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether inside or outside the U.S., citing national security concerns. The AI company said it received an order at 5:21 p.m. ET, instructing it to suspend

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux's community package collection, and it is separate

Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing https://thehackernews.com/2026/06/google-sues-chinese-smishing-network.html Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans. The network is said to be behind the development and management of a phishing-as-a-service (PhaaS) software kit called Outsider, per the tech giant. "The operation weaponized Gemini to help

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade https://thehackernews.com/2026/06/china-linked-hackers-backdoored-linux.html Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant, says it backdoored the PAM and OpenSSH components that decide who is allowed to sign in, planting its access where ordinary cleanup could not reach it. The network it targeted had no

Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted using Sentry, an open-source error-tracking and performance-monitoring platform. "The attack

Rethinking MDR as Attackers and Defenders Embrace AI https://thehackernews.com/2026/06/rethinking-mdr-as-attackers-and.html For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now. The threat landscape has changed faster than the MDR model can adapt. Attackers are using AI to move faster, generate more

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution https://thehackernews.com/2026/06/langgraph-flaw-chain-exposes-self.html Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGraph is an open-source framework created by LangChain to build complex, stateful, and multi-agent artificial intelligence (AI) agentic applications. "An SQL injection in LangGraph's function could

INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday. The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countries in the Middle East and North Africa (MENA) region making 201 arrests. Included among them was Guedz, the primary

Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html Authorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, said the dismantling of AudiA6 cut off a "key financial pipeline used to wash hundreds of millions in illicit profits." The service is estimated to have been used to launder more than €336 million (~$389 million) since the

OceanLotus: From external espionage to domestic targeting https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/ A shift in operational pattern of the infamous Vietnam-aligned APT group

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its advisory until June 10, so the bug was a

AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS. https://thehackernews.com/2026/06/ai-broke-vulnerability-management-thats.html For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that work. Today, that buffer is gone. AI didn't make your team slower. It changed the other side of the

OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks https://thehackernews.com/2026/06/github-to-disable-npm-install-scripts.html GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code using npm lifecycle hooks. "Npm install" is used to download and install all the necessary

SMB cyber-readiness: What makes or breaks it https://www.welivesecurity.com/en/business-security/smb-cyber-readiness-what-makes-breaks-it/ A company that's expecting a cyberattack but hasn’t actively prepared for it risks making the hardest decisions at the worst possible moment

China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance https://thehackernews.com/2026/06/china-linked-jdy-botnet-expands-to-1500.html Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlled, high-performance scanner used to discover, fingerprint, and continuously map exposed services at scale," Lumen's