uz
Feedback
Latest Cyber-Attack News

Latest Cyber-Attack News

Kanalga Telegram’da o‘tish

Latest cybersecurity incidents and malware threats.

Ko'proq ko'rsatish
AQSH8 671Texnologiyalar & Aralashmalar26 460
2 832
Obunachilar
+224 soatlar
+197 kunlar
+530 kunlar

Ma'lumot yuklanmoqda...

O'xshash kanallar
The Hacker News
161.7K
The Hacker News
Cyber Security News
55.5K
Cyber Security News
Blue Team | SOC | DFIR | Cloud Security
25.7K
Blue Team | SOC | DFIR | Cloud Security
BleepingComputer
10.8K
BleepingComputer
Vulnerability Management and more
2.8K
Vulnerability Management and more
avatar
1
Ko'proq kanallar
Taglar buluti
threat28
attack21
researcher18
actor15
cybercriminal14
cybersecurity11
breach10
cryptocurrency9
deepseek9
exploitation9
hacker8
cve-20257
gridinsoft7
captcha6
exploit6
microsoft6
cyber5
database5
developer5
engineering5
Kirish va chiqish esdaliklari
---
---
---
---
---
---
Obunachilarni jalb qilish
Iyun '26
Iyun '26
+44
0 kanalda
May '26
+36
0 kanalda
Get PRO
Aprel '26
+24
0 kanalda
Get PRO
Mart '26
+34
0 kanalda
Get PRO
Fevral '26
+35
0 kanalda
Get PRO
Yanvar '26
+42
0 kanalda
Get PRO
Dekabr '25
+91
0 kanalda
Get PRO
Noyabr '25
+90
0 kanalda
Get PRO
Oktabr '25
+131
0 kanalda
Get PRO
Sentabr '25
+149
0 kanalda
Get PRO
Avgust '25
+175
0 kanalda
Get PRO
Iyul '25
+154
0 kanalda
Get PRO
Iyun '25
+126
0 kanalda
Get PRO
May '25
+74
0 kanalda
Get PRO
Aprel '25
+162
0 kanalda
Get PRO
Mart '25
+103
0 kanalda
Get PRO
Fevral '25
+100
0 kanalda
Get PRO
Yanvar '25
+96
0 kanalda
Get PRO
Dekabr '24
+83
0 kanalda
Get PRO
Noyabr '24
+72
0 kanalda
Get PRO
Oktabr '24
+80
0 kanalda
Get PRO
Sentabr '24
+73
0 kanalda
Get PRO
Avgust '24
+90
0 kanalda
Get PRO
Iyul '24
+89
0 kanalda
Get PRO
Iyun '24
+64
0 kanalda
Get PRO
May '24
+71
0 kanalda
Get PRO
Aprel '24
+72
0 kanalda
Get PRO
Mart '24
+83
0 kanalda
Get PRO
Fevral '24
+73
0 kanalda
Get PRO
Yanvar '24
+70
0 kanalda
Get PRO
Dekabr '23
+1 478
0 kanalda
Sana
Obunachilarni jalb qilish
Esdaliklar
Kanallar
15 Iyun+2
14 Iyun+3
13 Iyun+3
12 Iyun+3
11 Iyun+3
10 Iyun+3
09 Iyun+3
08 Iyun+6
07 Iyun+1
06 Iyun+1
05 Iyun+5
04 Iyun0
03 Iyun+3
02 Iyun+4
01 Iyun+4
Kanal postlari
Latest Cyber-Attack News
Fake Slack Download Malware: Hidden Desktop Cleanup A fake Slack download is not a Slack problem; it is a source-verification
Fake Slack Download Malware: Hidden Desktop Cleanup A fake Slack download is not a Slack problem; it is a source-verification problem. Slack is legitimate software, but a lookalike download from an unfamiliar domain can install the real app while a second loader works in the background. In the slacks[.]pro campaign reported in April 2026, the file name looked like a normal… https://blog.gridinsoft.com/fake-slack-download-malware/

2
Fake FACEIT Steam Login Scam A convincing fake FACEIT verification page is using a copied Steam sign-in window to steal gamer
Fake FACEIT Steam Login Scam A convincing fake FACEIT verification page is using a copied Steam sign-in window to steal gamer accounts, Steam Guard codes, and valuable CS2 items. Malwarebytes reported the campaign on June 12, 2026, after finding lookalike verification domains that push players toward a fake “Sign in through Steam” flow instead of the real Steam login… https://blog.gridinsoft.com/faceit-steam-login-scam/
178
3
TikTok Tutorials Push Vidar Stealer Through PowerShell Short-form tutorials on TikTok and Instagram Reels are being used as a
TikTok Tutorials Push Vidar Stealer Through PowerShell Short-form tutorials on TikTok and Instagram Reels are being used as a malware delivery channel, with videos promising free Spotify Premium, Windows activation, Microsoft Office, or similar shortcuts. ReversingLabs reported two active social-video lure patterns on June 9, 2026: one pushes viewers toward suspicious download pages, while another walks them through copy-pasting PowerShell commands… https://blog.gridinsoft.com/tiktok-vidar-powershell-videos/
205
4
FlutterShell Backdoor on Mac: Operation FlutterBridge Cleanup Guide FlutterShell is a macOS backdoor reported in the Operatio
FlutterShell Backdoor on Mac: Operation FlutterBridge Cleanup Guide FlutterShell is a macOS backdoor reported in the Operation FlutterBridge malvertising campaign. If you installed a Mac app such as a podcast player or PDF tool from a sponsored result, YouTube ad, or unfamiliar download page, treat the Mac as potentially exposed until you check the app, Chrome settings, Login Items, LaunchAgents,… https://blog.gridinsoft.com/fluttershell-mac-backdoor/
207
5
$ETHFI and Kinetiq Vote Rewards Scam: Fake Vote Pages Fake $ETHFI Vote Rewards and Kinetiq Vote Rewards pages are crypto wall
$ETHFI and Kinetiq Vote Rewards Scam: Fake Vote Pages Fake $ETHFI Vote Rewards and Kinetiq Vote Rewards pages are crypto wallet-drainer scams, not legitimate governance or staking rewards. The known lures use domains such as vote-ethfi.app and reward-kinetiq.xyz to push a wallet connection, token approval, or signature request. Do not connect a wallet, do not approve transactions, and never… https://blog.gridinsoft.com/ethfi-kinetiq-vote-rewards-scam/
183
6
Ghost-Sender Spoofing Ghost-Sender is a newly disclosed Exchange Online spoofing issue that matters most to organizations usi
Ghost-Sender Spoofing Ghost-Sender is a newly disclosed Exchange Online spoofing issue that matters most to organizations using Microsoft 365 mailboxes behind an external MX gateway, such as a third-party spam filter or on-premises mail gateway. InfoGuard researchers found that in vulnerable setups, an attacker can send mail directly to the tenant’s Exchange Online Protection endpoint and… https://blog.gridinsoft.com/ghost-sender-exchange-online-spoofing/
230
7
Chrome CVE-2026-11645 Zero-Day Google has released Chrome 149 for Windows, macOS, Linux, and Android after fixing 74 security
Chrome CVE-2026-11645 Zero-Day Google has released Chrome 149 for Windows, macOS, Linux, and Android after fixing 74 security issues. The urgent item for everyday users is CVE-2026-11645, an out-of-bounds memory access flaw in V8. Google says an exploit for this CVE exists in the wild, so the practical response is simple: update Chrome and fully… https://blog.gridinsoft.com/chrome-cve-2026-11645-zero-day/
232
8
Argamal RAT in Game Archives A recent security investigation details Argamal, a Windows remote access trojan distributed thro
Argamal RAT in Game Archives A recent security investigation details Argamal, a Windows remote access trojan distributed through trojanized adult-game downloads. The practical risk is not the game category itself, but the archive workflow: a user follows a download link, receives a ZIP package, runs the game, and a modified library chain quietly drops a RAT that can give… https://blog.gridinsoft.com/argamal-rat-trojanized-game-downloads/
277
9
Fake Crypto Casino Scams: Celebrity Promos and Withdrawal Traps A fake crypto casino scam is not just a risky gambling site.
Fake Crypto Casino Scams: Celebrity Promos and Withdrawal Traps A fake crypto casino scam is not just a risky gambling site. It is usually a staged platform built to make a bonus balance look real, then block withdrawals until the victim sends a cryptocurrency “verification” deposit. If a casino link came from Discord, Facebook, TikTok, YouTube Shorts, a hacked friend, or a celebrity… https://blog.gridinsoft.com/fake-crypto-casino-scam/
350
10
Hola Browser Miner Sophos X-Ops says a Windows build path for Hola Browser delivered an unexpected executable named me.exe th
Hola Browser Miner Sophos X-Ops says a Windows build path for Hola Browser delivered an unexpected executable named me.exe that behaves like a cryptominer. The practical issue is not just the browser name: users who installed or updated Hola Browser should check whether C:Program FilesHolame.exe, HolaMonitorService.exe, or the Windows service… https://blog.gridinsoft.com/hola-browser-miner-me-exe/
310
11
WeedHack Minecraft Malware McAfee Labs is warning about WeedHack, a Minecraft-focused malware-as-a-service campaign that hide
WeedHack Minecraft Malware McAfee Labs is warning about WeedHack, a Minecraft-focused malware-as-a-service campaign that hides inside fake mods, hacked clients, cheats, and utilities. The practical risk is simple: a downloaded JAR that looks like a game add-on can steal Minecraft session data, browser passwords, cryptocurrency wallet data, Discord or Steam tokens, and in paid builds even give… https://blog.gridinsoft.com/weedhack-minecraft-malware/
349
12
Android CVE-2025-48595 Patch Google’s June 2026 Android Security Bulletin includes a warning that CVE-2025-48595, a high-seve
Android CVE-2025-48595 Patch Google’s June 2026 Android Security Bulletin includes a warning that CVE-2025-48595, a high-severity Android Framework escalation-of-privilege flaw, may already be used in limited, targeted attacks. The practical step is straightforward: install the June 2026 Android security update as soon as your device maker provides it, then confirm that the security patch level… https://blog.gridinsoft.com/android-cve-2025-48595-patch/
341
13
Steam C2 Backdoor WordPress site owners should treat the new Steam Community profile abuse reported by GoDaddy Security as a
Steam C2 Backdoor WordPress site owners should treat the new Steam Community profile abuse reported by GoDaddy Security as a backdoor cleanup problem, not as a gaming-platform issue. Researchers say the malware hides command-and-control data inside Steam profile comments with invisible Unicode characters, decodes that data inside WordPress, injects an external JavaScript file on public pages, and… https://blog.gridinsoft.com/steam-c2-wordpress-malware-backdoor/
346
14
World Cup 2026 Ticket Scam: Fake FIFA Sites to Avoid A World Cup 2026 ticket scam usually starts with a site, ad, message, or
World Cup 2026 Ticket Scam: Fake FIFA Sites to Avoid A World Cup 2026 ticket scam usually starts with a site, ad, message, or resale offer that looks close to FIFA but is not part of the official FIFA ticketing flow. If you are trying to buy match tickets or hospitality packages, type FIFA.com/tickets yourself, check the exact domain before logging in, and… https://blog.gridinsoft.com/world-cup-2026-ticket-scam/
323
15
Netlogon CVE-2026-41089 RCE The Centre for Cybersecurity Belgium has updated its May Microsoft Patch Tuesday warning to say t
Netlogon CVE-2026-41089 RCE The Centre for Cybersecurity Belgium has updated its May Microsoft Patch Tuesday warning to say that CVE-2026-41089, a critical Windows Netlogon remote code execution flaw, is now being exploited in the wild. The practical audience is narrow but important: organizations running Windows Server domain controllers should treat this as an emergency patch… https://blog.gridinsoft.com/netlogon-cve-2026-41089-rce/
284
16
WP Maps Pro CVE-2026-8732 WP Maps Pro CVE-2026-8732 is a critical WordPress plugin flaw that can let an unauthenticated attac
WP Maps Pro CVE-2026-8732 WP Maps Pro CVE-2026-8732 is a critical WordPress plugin flaw that can let an unauthenticated attacker create a new administrator account on sites running vulnerable versions. For a site owner, that is a takeover path, not a minor plugin bug: once a rogue admin exists, the attacker can install plugins, edit theme files, inject… https://blog.gridinsoft.com/wp-maps-pro-cve-2026-8732-admin-takeover/
262
17
Flowise Chatflow RCE Flowise administrators should treat shared chatflow files as executable risk, not just configuration. CV
Flowise Chatflow RCE Flowise administrators should treat shared chatflow files as executable risk, not just configuration. CVE-2026-40933 lets an attacker turn a malicious Flowise chatflow import into server-side command execution through the Custom MCP stdio adapter. GitHub lists Flowise and flowise-components versions up to 3.0.13 as affected and 3.1.0 as the patched advisory version, while Obsidian Security’s… https://blog.gridinsoft.com/flowise-cve-2026-40933-chatflow-rce/
284
18
Dutch Botnet Takedown Cuts Off 17M Devices Dutch police and the Netherlands National Cyber Security Centre (NCSC) say they ha
Dutch Botnet Takedown Cuts Off 17M Devices Dutch police and the Netherlands National Cyber Security Centre (NCSC) say they have taken a large botnet offline after identifying about 200 servers in the Netherlands that controlled at least 17 million infected devices. The affected pool included computers, tablets, smartphones, routers, and other connected devices that could be abused for cyberattacks. The practical… https://blog.gridinsoft.com/dutch-botnet-17-million-devices/
284
19
PAN-OS CVE-2026-0257 Patch Palo Alto Networks has updated its advisory for CVE-2026-0257, a PAN-OS GlobalProtect authenticati
PAN-OS CVE-2026-0257 Patch Palo Alto Networks has updated its advisory for CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass flaw, after limited exploit attempts were observed against unpatched devices. CISA added the vulnerability to the Known Exploited Vulnerabilities catalog on May 29, 2026, with a June 1 remediation date for covered federal systems. The practical risk is… https://blog.gridinsoft.com/pan-os-cve-2026-0257-globalprotect-vpn/
320
20
Gogs RCE Zero-Day: Check Open Registration Before a Patch Arrives Rapid7 has disclosed a critical, still-unpatched remote cod
Gogs RCE Zero-Day: Check Open Registration Before a Patch Arrives Rapid7 has disclosed a critical, still-unpatched remote code execution flaw in Gogs, the self-hosted Git service. The issue matters most for public or semi-public Gogs instances because the attack only needs an authenticated account, and default-style deployments may let outsiders create that account themselves. The flaw is an argument-injection bug in the Rebase… https://blog.gridinsoft.com/gogs-rce-zero-day-open-registration/
391
Barcha postlarni ko‘rish