Latest Cybersecurity News and Articles
03 June 2026
Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems.
The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active since January 2026 and impersonates Minecraft clients and mods to infect users. In all, 3820
02 June 2026
The order establishes a framework for the federal government to vet the national security risks of the most advanced AI systems for up to a month before their public release.
The post Trump Signs Executive Order That Invites Vetting of Top AI Models for National Security Risks appeared first on SecurityWeek.
02 June 2026
Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation.
Tracked as CVE-2025-48595 (CVSS score: 8.4), the security flaw has been described as a case of privilege escalation without requiring any user interaction. The
02 June 2026
The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation.
Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then used to retrieve an
02 June 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
The vulnerability, CVE-2024-21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access to take control of susceptible servers. It was
02 June 2026
As AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control.
The post Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis appeared first on SecurityWeek.
02 June 2026
A simple development setting bypassed protections designed to prevent unauthorized Android apps from accessing Microsoft account tokens, exposing billions of installations.
The post Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk appeared first on SecurityWeek.
02 June 2026
Google says the Android vulnerability CVE-2025-48595 has been exploited in limited, targeted attacks.
The post Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities appeared first on SecurityWeek.
02 June 2026
Only approximately 50 companies have had access to Mythos until now and they have found thousands of vulnerabilities in their products.
The post Anthropic Expanding Mythos Access to 150 New Organizations appeared first on SecurityWeek.
02 June 2026
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code.
The post The Zero-Knowledge Threat Actor and the End of Responsible Disclosure appeared first on SecurityWeek.
02 June 2026
A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device.
The post Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches appeared first on SecurityWeek.
02 June 2026
AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and indiscriminate exploitation observed across the internet is now measured in hours, not days.
The industry's
02 June 2026
The vulnerability is CVE-2024-21182 and it can be exploited without authentication to hack affected WebLogic servers.
The post Oracle WebLogic Vulnerability Exploited in the Wild appeared first on SecurityWeek.
02 June 2026
Exploiting a confused deputy weakness, the hackers simply asked the chatbot to link the account to a new email address.
The post Meta AI Hands Over High-Profile Instagram Accounts to Hackers appeared first on SecurityWeek.
02 June 2026
Most organizations now recognize that endpoint protection alone is no longer sufficient.
That's why adoption of endpoint detection and response (EDR) has accelerated rapidly in recent years. Organizations understand that modern attacks move faster, evade traditional prevention controls, and require continuous visibility into suspicious activity across the environment.
But owning EDR
02 June 2026
Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud.
The post Supply Chain Attack Hits 32 Red Hat NPM Packages appeared first on SecurityWeek.
02 June 2026
Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance with an open-source remote access trojan called Xeno RAT.
"The campaign opens with a spear phishing delivery - a ZIP archive containing a malicious LNK file bearing a carefully crafted Pashto-language filename,"
02 June 2026
Dashlane’s security systems automatically locked accounts to protect them against the hacking attempts.
The post Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads appeared first on SecurityWeek.
02 June 2026
Oracle’s monthly Critical Security Patch Update (CSPU) rollouts are meant to deliver critical fixes faster.
The post Oracle’s First Monthly Patches Resolve 77 Vulnerabilities appeared first on SecurityWeek.
01 June 2026
Password manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party.
On May 31, 2026, the company said an "external" threat actor launched a brute-force attack against certain Dashlane user accounts with the aim of breaking two-factor authentication (2FA)