Security & IT News

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the two attack chains is

Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. [...]

Hackers are convincing Meta’s AI support chatbot to let them take over other peoples’ accounts: A video posted on X showed the step-by-step process to hack someone’s Instagram account. The hacker allegedly used a VPN to spoof the targets’ presumed location to avoid triggering Instagram’s automated account protections. Then, the hacker opened a chat with Meta AI Support Assistant and asked the bot to add a new email address to the target’s account. The chatbot can be seen sending a verification code to the email address provided by the hacker; the hacker then shares the verification code with the chatbot, which prompts the chatbot to show a button to “Reset Password.” The hacker enters a new password and takes over the victim’s account. […] On Monday, Instagram spokesperson Andy Stone said in a reply to Wong’s post and others that the issue was now fixed. It’s unclear how many Instagram users had their accounts improperly accessed. It’s not that easy. Probably this particular tactic is now blocked. But there are others, many others, and they cannot be blocked as a class. The real problem is that LLM chatbots are not trustworthy enough for this application. Another news article .

Five Eyes warns that Chinese spies are using fake job ads on LinkedIn, Indeed, and Upwork to target military staff and steal sensitive data.

Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework. "The sites are well-designed and often look like legitimate project portals at a glance, sometimes referencing

Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black's Threat Hunter Team reported the campaign this week. This points to espionage, not a money grab:

Cybersecurity and business leaders with experience of dealing with major incidents from within the NCSC and at JLR detail what you need to prioritize if your organization is hit by a cyber-attack

Former Ukrainian foreign minister, Dmytro Kuleba, urges Infosecurity Europe attendees to fight the good fight

Forescout VP of security intelligence, Rik Ferguson, warns that Q-day is fast approaching

I've been using the GnuWin32 CoreUtils for Windows for many years now (it gives you many *nix core commands on Windows). Microsoft has just released their coreutils version for Windows. You can install them with a winget command (winget install Microsoft.Coreutils) or with the installer released on GitHub . It takes just a few clicks: It installs a single executable compiled with Rust (coreutils.exe) in the program files folder: And each individual command is a hard link to this executable: Here is the full list of commands: arch.cmd b2sum.cmd base32.cmd base64.cmd basename.cmd basenc.cmd cat.cmd cksum.cmd comm.cmd cp.cmd csplit.cmd cut.cmd date.cmd df.cmd dirname.cmd du.cmd echo.cmd env.cmd expr.cmd factor.cmd false.cmd find.cmd fmt.cmd fold.cmd grep.cmd head.cmd hostname.cmd join.cmd link.cmd ln.cmd ls.cmd md5sum.cmd mkdir.cmd mktemp.cmd mv.cmd nl.cmd nproc.cmd numfmt.cmd od.cmd pathchk.cmd pr.cmd printenv.cmd printf.cmd ptx.cmd pwd.cmd readlink.cmd realpath.cmd rm.cmd rmdir.cmd seq.cmd sha1sum.cmd sha224sum.cmd sha256sum.cmd sha384sum.cmd sha512sum.cmd shuf.cmd sleep.cmd sort.cmd split.cmd stat.cmd sum.cmd tac.cmd tail.cmd tee.cmd test.cmd touch.cmd tr.cmd true.cmd truncate.cmd tsort.cmd unexpand.cmd uniq.cmd unlink.cmd uptime.cmd wc.cmd xargs.cmd yes.cmd Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by transnational

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. [...]

Restore data from an iCloud backup without the necessity of resetting your iPhone. Discover proven methods to get back your photos, messages, contacts, and many more things in a very easy way.

The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. [...]

CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors. [...]

A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term memory. No malicious app on the phone is required. The assistant just had to treat a hostile

A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. [...]

The breach at wearable ring maker Ultrahuman stemmed from credentials stolen from a malware-infected employee laptop.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted