Skip to content
Security News, Assessments & Alerts Page 14

Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

Ravie LakshmananJun 29, 2026Cloud Security / Malware A Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025. Slovakian… 

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

Swati KhandelwalJun 29, 2026Vulnerability / Open Source A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client,… 

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. “This attack avoids the most… 

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

Ravie LakshmananJun 27, 2026Messaging Security / Cyber Espionage The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to… 

FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys

FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys

Swati KhandelwalJun 26, 2026Secure Messaging / Social Engineering The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step: they now coax targets into handing over… 

New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks

New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks

A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts. Kaspersky, which is tracking the… 

Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign

Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign

Ravie LakshmananJun 26, 2026Cyber Espionage / Malware A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks aimed at government entities and critical… 

Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

Swati KhandelwalJun 26, 2026AI Security / Vulnerability A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer’s cloud credentials. The path was short: a developer opens the repo,…