IdentityMicrosoft Azure’s CLI target of automated password spray attacksSteve ZurierJuly 1, 2026Huntress researchers saw 78 user accounts compromised across 64 organizations.
AI/ML‘BioShocking’ jailbreak tricks AI browsers into disclosing private dataLaura FrenchJuly 1, 2026A website framed as a game led AI assistants to submit private GitHub file contents.
Vulnerability ManagementCritical Oracle E-Business Suite bug actively exploitedSteve ZurierJune 30, 2026Critical Oracle EBS flaw now exploited, prompting urgent patching guidance.
MalwareAttack exploiting SimpleHelp vulnerability deploys novel loader, infostealerLaura FrenchJune 30, 2026The TaskWeaver loader delivers Djinn Stealer, which targets dev credentials and AI tokens.
Vulnerability Management2 Linux kernel flaw PoCs published, enabling local privilege escalationLaura FrenchJune 26, 2026One of the flaws, DirtyClone, is a variant of the DirtyFrag vulnerability class.
PhishingNew ‘Blacksite’ phishing kit bundles AiTM with scanner evasionLaura FrenchJune 25, 2026The kit includes Cloaked.gg, which displays benign sites to detected scanners and sandboxes.
MalwareStealC infrastructure takedown assisted by AI analysis, C2 infiltrationLaura FrenchJune 25, 2026Microsoft, Proofpoint, IBM, Europol and other partners took aim the StealC and Amadey “assembly line.”
Network SecurityFortiBleed campaign steals 110M credentials from FortiGate targetsLaura FrenchJune 24, 2026A tool called FortigateSniffer abuses a diagnostic utility to continuously monitor network traffic.
Vulnerability ManagementFFmpeg vulnerability ‘PixelSmash’ could enable RCE via video fileLaura FrenchJune 23, 2026An attacker can use a crafted file to trigger a heap buffer overflow and overwrite a function pointer.
PhishingMalware campaign uses VirusTotal manipulation, legitimate news sites to gain reputationLaura FrenchJune 18, 2026The clipboard hijacker campaign also uses “ghost networks” on social media to boost engagement.