News
Opera Browser Adds Native Paste Protect to Stop Clipboard Hijacking and Code Injection Attacks
4+ hour, 51+ min ago (483+ words) Opera has announced a new native security feature called "Paste Protect," which aims to combat clipboard hijacking and command injection attacks directly within the browser. This marks a significant advancement in proactive endpoint protection at the user interaction level. Introduced…...
Apple Hide My Email Vulnerability Lets Attackers Reveal Users" Real Email Addresses
9+ hour, 7+ min ago (318+ words) Apple's Hide My Email privacy feature currently faces a significant flaw that may expose users' real email addresses, compromising one of i Cloud+'s core anonymity protections. According to 404 Media and independent tests, this issue has reportedly remained unaddressed for…...
CISA Adds Actively Exploited Microsoft Share Point Vulnerability to KEV Catalog
6+ hour, 54+ min ago (319+ words) The Cybersecurity and Infrastructure Security Agency (CISA) has recently added a newly discovered vulnerability in Microsoft Share Point Server, tracked as CVE-2026-45659, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition highlights the active exploitation risks present in enterprise environments....
Jet Brains Patches Critical Hub Authentication Bypass and Account Takeover Vulnerabilities
8+ hour, 10+ min ago (488+ words) Jet Brains has released patches for several critical vulnerabilities in Jet Brains Hub that could allow for full authentication bypass, account takeover, and unauthorized privilege escalation across integrated Jet Brains services. Administrators are urged to update their Hub instances immediately....
Valley RAT Uses RC4 Encryption, Donut Shellcode, and rundll32 Injection for Stealth
8+ hour, 41+ min ago (535+ words) First named by Proofpoint in 2023, Valley RAT continues to evolve: Level Blue's telemetry shows a marked increase in successful detections beginning May 2025 and accelerating into 2026. The threat now presents through two primary vectors fake installers and malicious email campaigns each…...
LSHIY Password Spray Attack Hits Microsoft 365 Accounts With 81 Million Login Attempts
12+ hour, 25+ min ago (617+ words) A large-scale password spray campaign linked to the infrastructure provider LSHIY LLC has targeted Microsoft 365 environments, resulting in over 81 million login attempts. This campaign has led to at least 78 confirmed account compromises across 64 organizations between June 12 and June 26, 2026. According to…...
Browser-Only Ransomware Uses File System Access API to Encrypt Files Without Malware Installation
12+ hour, 47+ min ago (500+ words) A novel, practical ransomware technique that runs entirely inside the browser by abusing the File System Access API, demonstrating how AI can turn high-level malicious ideas into operational attack chains without any native payload. The proof-of-concept leverages a social engineering…...
Turning Indicators into Intelligence in Open CTI with Criminal IP
1+ day, 2+ hour ago (307+ words) Torrance, California, USA, July 1st, 2026, Cyber Newswire Cyber threat intelligence becomes more valuable when indicators are enriched with context that supports investigation, correlation, and decision-making. Through the Criminal IP integration with Open CTI, security teams can transform IP addresses, domains, and…...
New Rust Duck Botnet Targets Io T Devices and Servers With Weak Passwords and RCE Exploits
1+ day, 10+ hour ago (331+ words) A sophisticated new botnet family dubbed Rust Duck emerged in early 2026, leveraging a two-stage Loader and Core architecture to compromise Io T devices, routers, and enterprise servers through brute-force credential attacks and remote code execution vulnerabilities. Rust Duck employs a…...
Fluentd Security Flaws Enable Remote Code Execution, SSRF, Do S, and Credential Exposure
1+ day, 7+ hour ago (309+ words) Fluentd, a widely used open-source data collector for unified logging, has reported several high-impact vulnerabilities that could enable attackers to achieve remote code execution (RCE), server-side request forgery (SSRF), denial-of-service (Do S), and the exposure of sensitive credentials. These issues, documented…...