Skip to content
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

Ravie LakshmananJun 04, 2026Malvertising / Browser Security Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the… 

Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

Swati KhandelwalJun 04, 2026Malware / Open Source Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like… 

Hackers Spied on a Stock Exchange Executive’s Outlook Mailbox for Five Months

Hackers Spied on a Stock Exchange Executive’s Outlook Mailbox for Five Months

Swati KhandelwalJun 04, 2026Cyber Espionage / Malware Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated… 

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

Ravie LakshmananJun 04, 2026Web Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited… 

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes .8 Million in Assets

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

Ravie LakshmananJun 04, 2026Cryptocurrency / Law Enforcement The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency… 

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

Swati KhandelwalJun 03, 2026Vulnerability / Artificial Intelligence A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini’s voice assistant on Android and made it open a victim’s connected… 

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

Ravie LakshmananJun 03, 2026Malware / Microsoft Defender Cybersecurity researchers have flagged a new malspam campaign that makes use of Google’s DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan… 

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

Swati KhandelwalJun 03, 2026Vulnerability / Mobile Security A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other… 

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

Ravie LakshmananJun 03, 2026Vulnerability / Software Development Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user’s GitHub token. “Just by clicking a…