Threat actor adds advanced ‘EDR killer’ tools to ransomware-as-a-service platform
The principle behind BYOVD is simple enough: once an attacker has gained admin privileges through an account takeover, they load a legitimate, but old and…
Month: June 2026
NIST NVD Update: What it Means For Vulnerability Management
Recently, NIST announced an update to how the National Vulnerability Database (NVD) handles CVE enrichment to address the massive surge in vulnerability submissions. In the…
Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin
Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. The flaw is tracked as CVE-2026-4020…
Chrome Extensions’ Critical Vulnerabilities Let Attackers Easily Compromise Millions of Browsers
Critical security flaws discovered in widely used Chrome extensions SiderAI and MaxAI are putting millions of users at risk, enabling attackers to fully compromise browser…
NSPM-12: The New Baseline for National Security Cybersecurity
National Security Presidential Memorandum 12 (NSPM-12), which was signed on June 12, 2026, creates a thorough national policy for National Security Systems (NSS) cybersecurity. Because…
eFAQ Investigates Alleged Scam and Reputation Attacks
New York, USA, June 19th, 2026, CyberNewswire eFAQ has published a documented investigation into a coordinated reputation attack campaign aimed at influencing brand perception in…
Meteor 3.0 Migration Helped Rocket.Chat Move Off End-of-Life Node.js Runtime
Node.js 14 went end-of-life on April 30, 2023, leaving some framework-dependent applications on an unsupported runtime while upstream projects completed major migration work. One of…
Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware
A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malicious trading and gambling tools appear trustworthy,…
Nearly 15,000 infected websites cleaned in SocGholish crackdown
We’re always happy to end the week with some positive news. A law enforcement action called Operation Endgame just delivered a major win against the…
Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips. That code…
Civil society: Police facial recognition must be strictly limited
Police facial recognition use in the UK must be limited to “strictly necessary and proportionate” cases to protect people’s collective and individual rights, says civil…
FBI Warns Of Malicious Traffic Distribution Systems
The FBI Warns of Malicious Traffic Distribution Systems being increasingly used by cybercriminals to redirect internet users to phishing pages, malware downloads, ransomware attacks, and…