TECHZONE™
Открыть в Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Больше594
Подписчики
Нет данных24 часа
Нет данных7 дней
-630 день
Архив постов
594
FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys
https://thehackernews.com/2026/06/fbi-warns-russian-intelligence-hackers.html
The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step: they now coax targets into handing over their Signal Backup Recovery Key.
Hand it over once, and the attacker can restore the account's backup, read the private and group message history, and take over the account. Worse, the key keeps working.
594
New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
https://thehackernews.com/2026/06/new-sharkloader-malware-deploys-cobalt.html
A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts.
Kaspersky, which is tracking the activity under the moniker StrikeShark, said the campaign has targeted a diplomatic organization in Indonesia, government organizations in Taiwan,
594
Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign
https://thehackernews.com/2026/06/chinese-speaking-apt-deploys-new.html
A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks aimed at government entities and critical infrastructure in Southeast Asia.
The activity, particularly aimed at state-owned enterprises in the energy and government sectors, has been attributed to a threat actor called CL-STA-1062, which Palo Alto Networks
594
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
https://thehackernews.com/2026/06/miasma-malware-targets-npm-packages-and.html
Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem.
"The latest activity includes malicious npm releases affecting LeoPlatform and RStreams packages, GitHub Actions workflow abuse, and a related Go
594
Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant
https://thehackernews.com/2026/06/microsoft-warns-of-photo-zip-phishing.html
An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and dig into front-desk machines, Microsoft says.
The company has not attributed the activity to a known threat actor, and the operators' end goal is still unclear.
The lure plays to how hotels work.
594
Russia Used Cellebrite on Jailed Activist's iPhone Months After Sales Cutoff
https://thehackernews.com/2026/06/russia-used-cellebrite-on-jailed.html
Russian authorities used Cellebrite's UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite said it would stop selling its tools and services to Russia and Belarus.
The finding, published June 25 by the Citizen Lab, rests on two things that rarely line up: traces on the phone itself and an official Russian
594
Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
https://thehackernews.com/2026/06/google-details-turlas-new-stockstay.html
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy.
Describing the Windows backdoor as continually developed by the hacking group, Google Threat Intelligence Group (
594
Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances
https://www.welivesecurity.com/en/eset-research/gamaredon-2025-leveraging-tunnels-workers-dead-drops-new-alliances/
ESET Research analyzes Gamaredon’s new toolset and the group’s growing reliance on legitimate online services to hide its C&C infrastructure and exfiltrate stolen data
594
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
https://thehackernews.com/2026/06/chrome-ad-blocker-with-10m-installs.html
An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code.
According to Island, the extension, named Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), has more than 10 million installs and carries a Featured badge on the Chrome Web Store.
The extension description states that it allows users to prevent web
594
ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories
https://thehackernews.com/2026/06/threatsday-bulletin-smart-tv-proxyware.html
It’s dumb out there again.
This week has the usual smell of prod on fire and nobody wanting to admit who left the door open — old creds still working, trusted apps doing sketchy crap, browser tricks jumping the fence, and “normal” workflows turning into phishing pipes because apparently email was not enough hell already.
The worst part is how cheap some of it feels. Not elite. Not cinematic.
594
Surviving the Mythos Era: Richard Bejtlich on the Case for NDR
https://thehackernews.com/2026/06/surviving-mythos-era-richard-bejtlich.html
Despite the abundance of telemetry at analysts’ disposal, many security operations teams struggle to answer a few basic questions during incident investigation: What happened? What evidence do we have? How do we know we’re seeing it all, in context?
Answering these questions requires teams to go beyond alerts, the most common basis for initial triage. But investigations (and their outcomes)
594
New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis
https://thehackernews.com/2026/06/new-gaslight-macos-malware-uses-prompt.html
A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst's artificial intelligence (AI) tools and trick it into aborting or refusing an analysis of the artifact.
The malware has been codenamed Gaslight owing to this deceptive behavior. It's been assessed with high confidence that the tool is
594
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
https://thehackernews.com/2026/06/new-mistic-backdoor-linked-to-kongtuke.html
A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026.
According to Symantec and Carbon Black's Threat Hunter Team, the backdoor, also tracked as MLTBackdoor, is said to be linked to an initial access broker (IAB) named
594
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
https://thehackernews.com/2026/06/cisco-catalyst-sd-wan-zero-day-cve-2026.html
An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant.
The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated, local attacker to execute arbitrary commands with elevated privileges
594
ESET takes part in Operation Endgame to disrupt Amadey and Stealc
https://www.welivesecurity.com/en/eset-research/eset-takes-part-operation-endgame-disrupt-amadey-stealc/
ESET researchers assisted in the global disruption of the Amadey botnet and Stealc infostealer, providing technical analysis, infrastructure tracking, and affiliate-level insights
594
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
https://thehackernews.com/2026/06/cisa-warns-critical-lantronix-eds5000.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026.
The vulnerability in question is CVE-2025-67038 (CVSS score: 9.8), a code injection flaw that could result in the execution
594
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
https://thehackernews.com/2026/06/amadey-and-stealc-malware-network.html
A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC.
"The main common goal was to disrupt the 'assembly lines' cybercriminals use to launch ransomware, financial fraud, and attacks on critical infrastructure," Europol said in
594
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
https://thehackernews.com/2026/06/cordyceps-cicd-flaws-expose-300-github.html
Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains.
The "critical exploitable pattern" has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositories at dozens of the largest organizations worldwide, including Microsoft, Google, Apache, and
594
Dawn of the Apex Agentic Adversary
https://thehackernews.com/2026/06/dawn-of-apex-agentic-adversary.html
We are standing at the end of an era we never thought to mourn: the era of human-speed threats.
For years, cybersecurity moved to a rhythm organizations could follow. A researcher found a bug, a CVE was cataloged, a vendor navigated a patch cycle, and weeks or even months later, a fix was deployed. In this era, dwell time was measured in days, sometimes weeks. We are now approaching an
594
DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering
https://thehackernews.com/2026/06/doj-seizes-huione-cloud-account-tied-to.html
The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked to Prince Group.
"These subsidiaries are alleged to have assisted individuals and organizations in transferring proceeds of
