4+ hour, 36+ min ago  (321+ words) At first glance the extensions promise useful features satellite imagery, productivity tools, news readers, maps but their true purpose is affiliate search monetization, primarily using hosted search partners such as Yahoo and multi-network affiliate brokers. Malicious behavior in Search Jack…...

8+ hour, 25+ min ago  (260+ words) A critical security flaw in Wazuh Manager could allow unauthenticated threat actors to tamper with alerts, delete forensic evidence, and execute arbitrary Open Search operations by exploiting an input validation weakness in the platform's new inventory synchronization pipeline. Tracked under…...

7+ hour, 26+ min ago  (515+ words) CVE-2025-8088, a Win RAR path traversal vulnerability patched in July 2025, remains a potent initial access vector for multiple intrusion sets targeting Ukraine. Analysis of attacks through April 2026 shows at least two distinct campaigns exploiting this vulnerability: a compiled-stealer chain attributed…...

4+ hour, 1+ min ago  (432+ words) A newly enhanced version of the open-source DPAPISnoop tool is drawing attention in the security community after researchers demonstrated its ability to extract offline-crackable hashes from Windows DPAPI credential history (CREDHIST) files, potentially exposing historical password material and enabling deeper…...

8+ hour, 56+ min ago  (420+ words) The incident, documented on June 11, 2026, began with routine threat intelligence monitoring on X (formerly Twitter), where a suspicious software download domain was shared as a potential indicator of compromise (IOC). Initial analysis suggested a typical fake download portal, but deeper…...

2+ hour, 33+ min ago  (507+ words) A long-running, highly disciplined intrusion attributed to the China-nexus actor known as Velvet Ant has been revealed as a near-decade campaign of silent access that culminated in the replacement of core authentication components Open SSH binaries and PAM modules across…...

8+ hour, 21+ min ago  (477+ words) APT37 is using Narwhal RAT in a tightly engineered intrusion chain that starts with Microsoft-themed spear-phishing, pivots through malicious LNK files and Power Shell, and ends with a Python-based backdoor with dead-drop C2 via p Cloud. The campaign is notable for its…...

6+ hour, 1+ min ago  (413+ words) Palo Alto Networks has issued an urgent warning after confirming active exploitation of a Global Protect VPN vulnerability, tracked as CVE-2026-0257, impacting PAN-OS deployments with specific configurations. The flaw, which affects the Global Protect portal and gateway components, enables an…...

5+ hour, 29+ min ago  (354+ words) The claim surfaced on June 13, 2026, via underground monitoring channels and was later amplified by threat intelligence platform Hackmanac. At the time of writing, the incident remains unverified, and Nintendo has not publicly confirmed any breach. According to the threat actor's…...

9+ hour, 26+ min ago  (373+ words) The Office of the Maine Attorney General has temporarily taken its public data breach reporting portal offline following the discovery of fraudulent submissions falsely claiming security incidents at VRChat and Discord. The incident, disclosed in an official statement on June…...