Security Issues, Vulnerabilities, Exploits & Government Alerts
Ravie LakshmananJun 15, 2026Cybersecurity / Hacking Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week…
Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary “first-day” password so employees can…
Ravie LakshmananJun 15, 2026Browser Security / Privacy Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family. The…
An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites. When a site administrator was logged in as…
Ravie LakshmananJun 15, 2026Social Engineering / Browser Security Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures,…
Ravie LakshmananJun 15, 2026Vulnerability / VPN Security Palo Alto Networks has revealed that it has observed “active exploitation” of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect…
Ravie LakshmananJun 13, 2026Vulnerability / Enterprise Software Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution.…
Anthropic said on Friday it will “abruptly disable” its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend access to the…
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a…
Ravie LakshmananJun 12, 2026Cybercrime / Artificial Intelligence Google on Friday said it’s pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages…