The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. [...]
Cybersecurity News and Vulnerability Aggregator
Cybersecurity news aggregator
Updated: 1:00 pm
J/K Navigate / Search S Save V Open Link
— or
treemd <(curl -sL https://allsec.sh/md) (as Markdown) Top Cybersecurity Stories Today
Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted using Sentry, an open-source error-tracking and performance-monitoring platform. "The attack
Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials. [...]
Microsoft has fixed a known issue that caused Windows updates released since May 2025 to fail when installed via the Windows Update Standalone Installer (WUSA) from a network share. [...]
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its advisory until June 10, so the bug was a
Latest
Friday, June 12
a fake bug fix PR hid a credential stealer in astro.config.mjs that used blockchain to receive commands
a malicious pull request was submitted in a 57k star github repo Egonex-AI/Understand-Anything and the pr description was also convincing, the test plan was fake and the real payload is hidden behind hundreds of whitespace characters on the last diff line. `astro.config.mjs` runs as a live nodejs module on every dev or preview. there is no sandbox which basically means it will affect more than a postinstall script. The second stage actually pulled commands from a tron blockchain address which is a public RPC nodes only so IP blocking does nothing. complete breakdown is in the article
An AI hacker claims to have achieved a prompt-based jailbreak shortly after Fable 5’s launch, but Anthropic says it’s not a real jailbreak.
Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted using Sentry, an open-source error-tracking and performance-monitoring platform. "The attack
Microsoft has fixed a known issue that caused Windows updates released since May 2025 to fail when installed via the Windows Update Standalone Installer (WUSA) from a network share. [...]
BLUF: Used a subscription-based lab environment that made me completely doubt my experience in threat hunting. I have used SIEM and threat hunting tools in the past through other lab environments and on the job. Am I the only one? ​ ​ Website: https://www.threathuntinglabs.com/ ​ I could not find anything about it but from some colleagues of mine and was interested in increasing my threat hunting skills. ​ At first, the website was very flashy and had a lot going on. It even looked pretty well structured. I decided to get a membership since it looked like it was right up my alley (big mistake). ​ I purchased a subscription and everything kinda fell apart from there. They provided "lab" environments (either Elastic or Splunk) which I could not even access and made me do everything via a query language in a console. I was really hoping to do the labs with a SIEM, but that wasn't the case. ​ After that, some of the questions were not straight-forward. Some of them were not simple, for example, what was the process used for LOTL? Those was easy to figure out. ​ Then another question asked was along the lines of what does powershell command is used for running code? Easy, IEX, right? Wrong. It was a whole sentence needing to explain PowerShell and the use of IEX. I understand context helps, but it was irrelevant to looking through the logs. ​ Last thing that took the cake was answering the questions. I would give two wrong answers then it would just flat out give me the correct answer, which removes the point of learning? At that point you will just remember answers and get them all correct. ​ Please let me know if either I just need to "get good" or if you have had a similar experience. Thanks! Edit: added some context to the labs
Real Microsoft sender, malicious message: trusted notification systems are becoming phishing delivery
I’ve been digging into the recent reports of scammers sending spam/phishing messages from [msonlineservicesteam@microsoftonline.com](mailto:msonlineservicesteam@microsoftonline.com), a legitimate Microsoft account alert sender. The interesting part is that this does **not** look like normal spoofing. The better model is: Trusted sender + legitimate notification trigger + attacker-controlled dynamic field In other words, attackers are abusing places where SaaS platforms render customer-controlled text in real notification emails, such as tenant names, alert descriptions, document titles, merchant/customer service fields, envelope names, etc. The platform then generates and signs the message, so SPF/DKIM/DMARC can all pass, even though the lure itself is still malicious. This pattern shows up beyond Microsoft, too: * Microsoft Entra tenant-branding / verification notification abuse * Azure Monitor callback phishing alerts * PayPal subscription/billing notification abuse * DocuSign envelope abuse * Compromised marketing/communications platforms like the Betterment and Namecheap cases "The sender is real” is no longer enough. We need to inspect whether the notification context makes sense. A Microsoft verification email should not contain a PayPal-style payment dispute. A cloud monitoring alert should not ask a consumer to call a support number. A DocuSign envelope should not push credential collection through a suspicious QR path. I wrote up the mechanics, likely abuse path, detection ideas, and platform-owner controls here: [https://phishpond.dev/articles/trusted-notification-system-abuse-phishing-trend](https://phishpond.dev/articles/trusted-notification-system-abuse-phishing-trend) Curious what others are seeing in the wild. Are you adding special handling for authenticated platform notifications, or are these still mostly treated as trusted-sender allow-list exceptions?
For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now. The threat landscape has changed faster than the MDR model can adapt. Attackers are using AI to move faster, generate more
What happens when the bits of an RSA private key are heavily biased toward 0 instead of being randomly generated? The public key’s bits could be biased enough for us to detect these incorrectly generated keys in the wild. Together with Hanno Böck of the badkeys project, we found hundreds of unique keys that not only have this property, but can be quickly factored. We also found the bug that led to many of these keys and analyzed historical data to track the issue over time. Surprisingly, the pattern of 0 bits is often highly structured, allowing us to develop a powerful polynomial-based cryptanalytic technique that exploits the pattern. Figure 1: Two patterns of RSA moduli with repeated blocks of 0 bits seen in real-world examples. These “short-sleeve” keys, named for how the 0 bits don’t fully cover the limbs of the big integers, largely fell into two patterns. Pattern 1 remains unexplained, but we traced pattern 2 to a type mismatch in big-integer code from old versions of the CompleteFTP file transfer software. The CompleteFTP bug also generated vulnerable short-sleeve DSA keys, and we recovered 603 unique RSA private keys and 74 DSA keys from internet scans. If you used CompleteFTP to generate host keys between December 2016 and December 2023, CompleteFTP has released a tool to check whether your keys need to be regenerated. How we found
Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials. [...]
An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday. The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countries in the Middle East and North Africa (MENA) region making 201 arrests. Included among them was Guedz, the primary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. [...]
The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. [...]
Authorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, said the dismantling of AudiA6 cut off a "key financial pipeline used to wash hundreds of millions in illicit profits." The service is estimated to have been used to launder more than €336 million (~$389 million) since the
Marking Your Own Homework (Check Point Remote Access VPN IKEv1 Authentication Bypass CVE-2026-50751)
It is yet another day in this parallel universe of security, where the devices we bolt onto the edge of our networks to keep the bad people out are, with remarkable consistency, the exact thing that let the bad people in. While we’ve seemingly had a breather from traditional SSL VPN exploitation season (you know, the one where every edge appliance vendor takes it in turns to have a very bad week ), it’s now time to pull up a chair and welcome ourselves back to another group therapy session. Welcome back to another watchTowr Labs blog post. On the 8th of June 2026, Check Point released hotfixes for a pair of vulnerabilities in their Mobile Access/SSL VPN, Remote Access VPN, and Spark Firewall products, specifically within the "deprecated" IKEv1 VPN code. The headline act was CVE-2026-50751, with a CVSS score of 9.3 for an Authentication Bypass. For the AI threat intel bots scraping our posts every few minutes (yes, we know), these vulnerabilities align with CWE-1337 Fun Fridays. Naturally, when the words “VPN” and “Authentication Bypass” are in the vicinity, a CISA KEV listing is not far behind - and this time is no exception. Various sources indicate that this vulnerability has been exploited in the wild since 7th May 2026 (roughly a month before anyone received a patch), and that, per Check Point, there were "a few dozen targeted organizations".
*A former Saydel Community School District information technology worker in Iowa was sentenced June 11 after prosecutors said he disrupted school technology systems used by students and staff.* *The disruptions affected classroom technology, staff accounts and district-managed devices after Ezekiel Dean Potter left the district. Saydel Community School District serves the Des Moines area and has about 1,400 students across three schools.*
Thursday, June 11
Kyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. [...]
[https://www.youtube.com/watch?v=a8UMAc\_8L5c](https://www.youtube.com/watch?v=a8UMAc_8L5c)
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its advisory until June 10, so the bug was a
A WIRED investigation found dozens of “nudified” deepfake images and videos on Grok's website, including nonconsensual depictions of celebrities and at least one prominent US politician.
They claim to be state of the art for cybersecurity, but every one of my questions are getting flagged down to 4.8. And it's not even related to offsec, just doing software security research. Honestly feels like Anthropic is trying to FOMO researchers into adopting their paid plans to use this model after June 22nd. "**This model has measures that flagged something in this session. This sometimes happens with safe, normal conversations. These measures let us bring you Mythos-level capability in other areas sooner, and we're working to refine them. Switched to Opus 4.8. Send feedback with /feedback or learn more: https://support.claude.com/en/articles/15363606"**
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender. "This was an accidental discovery, it took a total of 4 hours to find this," the researcher said in a post on Blogger. "If you ever attempted to use Windows Defender Offline Scan, you're
On June 2, the White House signed a new executive order (EO), “Promoting Advanced Artificial Intelligence Innovation and Security.” While most coverage has focused on the voluntary framework for frontier model access, there’s language around defensive cybersecurity that also deserves attention from security leaders.The order directs CISA to establish or expand federal programs and cybersecurity […] The post What the New AI Executive Order Means for Federal Security Testing appeared first on Synack .
A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and Medusa (aka Venomous Mantis). According to a detailed report
Reverse engineered BLE protocol of a $7 generic Chinese smart ring from Temu, and built an iOS app around it
[https://www.cyderes.com/howler-cell/rogueplanet-windows-zero-day](https://www.cyderes.com/howler-cell/rogueplanet-windows-zero-day)
Despite all the hype around Mythos, Claude Fable 5 returned pretty mid-tier results on coding tasks: 59.8% passing functional solves and just 19.0% passing security solves on a benchmark of 200 real-world tasks.
A joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine bait for illegal pharmacy and scam sites.
Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. [...]
Overview A vulnerability has been discovered in the Haskell TLS software stack, commonly used by applications built in the Haskell programming language to securely connect to servers over the internet. Specifically, the libraries "crypton-x509-validation" fail to enforce a key security feature called NameConstraints, a standard defined in RFC 5280 that helps organizations control which domains a certificate authority (CA) is allowed to issue certificates for. This vulnerability allows an attacker with access to the sub-CA to create certificates that will validate successfully with any Haskell TLS connection, allowing the attacker access to full session visibility. Version 1.91 for crypton-x509-validation have been released to address the vulnerability, tracked as CVE-2026-9648. Description Haskell is a programming language often used in enterprise, academic, and financial systems such as banks, insurance companies, and data processing platforms, which use it for backend services like fraud detection, risk modeling, and other sensitive connections. The Haskell TLS software stack is the implementation used by Haskell applications to establish secure HTTPS or TLS connections to servers, just like OpenSSL or Go’s TLS libraries do in other ecosystems. A vulnerability has been discovered within the stack; crypton-x509-validation , which do not enforce the NameContstraints security feature that other libraries, such as OpenSSL or Go, do. The description for CVE-2026-9648 is as follows: The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA
AI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automation, and recovery are becoming essential. [...]
Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason is simple. Cybersecurity is full of work that deserves recognition and rarely gets it. Products that quietly close real gaps. Teams that stop incidents nobody reads about. Companies that raise the
The new open-source project could serve as the basis for a future of apps with features as complex as Slack, Discord, or Google Docs—but with added protection against surveillance.
I designed a 99‑fixture adversarial PE corpus, where each binary contains one controlled corruption pattern with full ground‑truth metadata. The goal was to answer a simple question: **How do PE tools behave when the binary stops playing by the rules?** The fixtures cover 8 anomaly classes: * entrypoint manipulation * section‑table corruption * Optional Header inconsistencies * directory contradictions * TLS anomalies * resource‑tree recursion * Authenticode corruption * entropy edge cases I tested 6 tools representing the major parsing philosophies: * IOCX * Ghidra * Detect It Easy * radare2 * PEview * CFF Explorer **The results were eye‑opening:** * **Literal tools** (r2, PEview) preserved bytes but surfaced no warnings * **Semantic tools** (CFF) normalised malformed fields, obscuring anomalies * **Heuristic tools** (DIE) ignored structure entirely * **Reconstructive loaders** (Ghidra) reconstructed internal models, omitting conflicting metadata and encountering crashes on entropy fixtures * **Hybrid literal‑semantic tools** (IOCX) preserved raw metadata and surfaced anomalies explicitly **Full write-up:** [The Adversarial PE Analysis Series, Part 1 — Why PE Parsers Break](https://medium.com/@malx-labs/the-adversarial-pe-analysis-series-part-1-why-pe-parsers-break-introducing-the-99-adversarial-1769556ab473?source=friends_link&sk=a053eaffcc2642062af3931c49ba6064) **Corpus and fixture spec**: [https://github.com/iocx-dev/iocx](https://github.com/iocx-dev/iocx) (fixtures are under `/tests/contract/fixtures/layer3_adversarial)`
For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that work. Today, that buffer is gone. AI didn't make your team slower. It changed the other side of the
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code using npm lifecycle hooks. "Npm install" is used to download and install all the necessary
Entra Agent ID is an extension of Entra's application model that provides identities for AI agents. Unlike applications, the agent identity model allows linking a single app registration (blueprint) to multiple identities and their associated privileges, increasing the potential blast radius of a compromised agent.
Wednesday, June 10
“Defenders cannot afford to take weeks to patch,” one Cybersecurity and Infrastructure Security Agency official warned on Wednesday.
US lawmakers are alarmed that Bill Pulte, a housing official with no intelligence experience, is poised to take charge of one of the government's most powerful surveillance tools.
The curl project, one of the most important pieces of software on the internet, just shut down its bug bounty program. Not because the project is less important. Not because the community gave up. But because 95% of the vulnerability reports it received were not valid. About a fifth were outright AI-generated noise. Only around […] The post Nobody’s in the Cockpit: The Real Risk of Fully Autonomous AI Security Testing appeared first on Synack .
Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlled, high-performance scanner used to discover, fingerprint, and continuously map exposed services at scale," Lumen's
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It's tracked as CVE-2026-25089 (CVSS score: 9.1). "An
A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations. "The 'POST /api/v2/
The ACLU is suing two Florida police departments over the arrest of a Fort Myers man in a child-abduction case, saying officers treated a flawed face-recognition match as a near-certain ID.
Most US World Cup stadiums are surrounded by surveillance cameras. Want to know if you’re being watched on your way to a match? These maps will help you.
From anti-drone tech to face recognition, 2026 World Cup stadiums in the US, Canada, and Mexico are subjecting fans to an array of surveillance tech. Here’s what you need to know.
The organization claims that the FIFA tournament could have impacts on the rights of local people and visiting soccer fans in all three host countries.
Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security
certSIGN: Inconsistent revocation status (CRL "revoked" vs OCSP "good") for intermediate CA "certSIGN Web CA"
certSIGN seems to have revoked a commonly-used intermediate cert. At least their CRL seems to say that.
Cybersecurity failures now happen beyond the OSI stack. Faulty governance, the human factor, and AI tools create new attack surfaces. After seven years working across cybersecurity, cloud infrastructure, and Zero Trust architecture, Jayal Yadav explains how we got here and what organizations still get wrong. “The original seven layers of the OSI model still matter. […] The post The OSI Model and Its Two Missing Layers appeared first on Heimdal Security Blog .
GhostTrace – a Windows forensic scanner that finds what "Uninstall" leaves behind (22 modules, read-only, offline)
I built a CLI tool for Windows that investigates software remnants across 22 forensic modules in a single pass. The problem it solves: after uninstalling software, Windows rarely cleans everything. Registry keys, prefetch entries, scheduled tasks, WMI subscriptions, BAM/DAM timestamps and more often stay behind. GhostTrace finds all of it in one scan. **Forensic coverage:** * **Persistence (MITRE ATT&CK TA0003):** Run/RunOnce keys, services with suspicious ImagePath (T1543.003), IFEO debugger, AppInit\_DLLs, LSA packages, scheduled tasks via Task Scheduler COM API, WMI EventFilter/Consumer bindings (T1546.003), Ghost Tasks in TaskCache\\Tree (T1053.005) * **Execution evidence (TA0002):** Shimcache/AppCompatCache, Prefetch with XPRESS-Huffman decode (versions 26/30/31), BAM/DAM with per-SID last-run timestamps, UserAssist (ROT13 decoded), MUICache * **User activity:** PowerShell history with cradle/encoded payload detection (T1059.001), RDP outbound history (T1021.001), RecentDocs, USB device history via USBSTOR (T1052/T1091), network artifacts (hosts redirects + connected networks with dates) * **Installed software and disk residue:** Uninstall entries with publisher/path/uninstall string, startup approved state, filesystem trace in Program Files/ProgramData/AppData **Design decisions relevant to forensics:** * Read-only by default — scan never modifies anything * Execution caches and history are excluded from cleanup — evidence is preserved * Cleanup requires explicit typed confirmation * Zero network calls, zero telemetria — safe in air-gapped environments * Suspicious signal is data for analysis, not an automatic verdict * Each cleanup generates an audit log **Stack:** C# · .NET 10 · Spectre.Console · Windows 10/11 x64 Download: [github.com/Devzinh/GhostTrace](https://github.com/Devzinh/GhostTrace) Happy to answer questions about the forensic modules or implementation decisions.
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite 1,000 breaches is one hell of a milestone. It's not just the process of getting data, verifying it, loading it, sending notifications etc, it's all the other stuff that goes into keeping the whole thing afloat. Legal docs. Trademarks. Accounting. Agreements. The most mind-numbingly boring stuff you can imagine happening in the background so that the stuff you see in the foreground can all work. And then there are those "other things" I had to deal with along the way, but more of that in this week's video. Thanks to everyone who has stuck around to see this thing reach such a milestone
More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520)
Today, Ivanti published an advisory. “No way?” we hear you say. "Yes way!" Today’s advisory outlines two vulnerabilities in Ivanti’s Sentry product, appealing directly to our inner desire for sophisticated server-side, pre-authenticated vulnerabilities. CVE-2026-10520 An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution (Credit to Unknown, but not us) CVE-2026-10523 An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access (Credit to Bryan Lam)
Tuesday, June 9
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company’s monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft’s most dire “critical” rating, and exploit code for at least three of the weaknesses is now publicly available. The software giant said in a blog post last month that both its engineers and the security community are increasing using artificial intelligence tools to find bugs, meaning this month’s heavy Patch Tuesday may start to become the norm, said Satnam Narang , senior staff research engineer at Tenable . “Some surveys put AI usage among security professionals generally at 90%, so it’s unsurprising that this volume of patches may be the norm,” Narang said. “Pandora’s proverbial box has been opened, and as more advanced AI models become available, we expect the norm to continue upward across the board, not just for Patch Tuesday.” June’s zero-day bugs include CVE-2026-49160 , a denial of service vulnerability affecting a range of web servers, including Microsoft Internet Information Services (IIS). Microsoft says the flaw was reported by OpenAI’s Codex. Two of the zero-days addressed this month appear to stem from recent vulnerability disclosures by Nightmare Eclipse , the nickname chosen by a security researcher who has been dropping exploits for various Windows flaws. One of those, dubbed “GreenPlasma,” leverages an elevation of privilege weakness in the Windows Collaborati
Writing my own virtualized loader is something I’ve been wanting to do since I first read Microsoft’s deep dive on FinFisher’s multi-layered VM obfuscation back in 2018. FinFisher didn’t just use one layer of protection, it implemented a custom virtual machine with 32 opcode handlers, wrapped that in spaghetti code and anti-debug checks, and then buried a second VM inside the 64-bit payload. Microsoft’s researchers had to write their own IDA plugins and build a full opcode interpreter just to understand what the malware was doing. The idea that you could interpose an entire bytecode interpreter between your real logic and an analyst’s tools, making both static and dynamic analysis incredibly difficult, stuck with me. I made real progress toward this over
AI is changing the economics of offensive security. Models can now accelerate vulnerability discovery, reason about attack paths, draft exploit logic, and speed up remediation guidance. For defenders, that is a meaningful step forward. It is also the hard part. The capabilities that help defenders move faster also help attackers because cyber AI is dual-use […] The post Trusted Access, Human Validation, and the Future of AI Pentesting appeared first on Synack .
Overview Microsoft-signed UEFI bootloaders of the open-source shim project, primarily from version 0.9 and earlier, were identified as vulnerable to Secure Boot bypass. To mitigate this risk, the affected bootloaders will be added to the Microsoft UEFI Forbidden Signature Database (DBX). Once the DBX update is applied, these bootloaders will no longer be trusted for execution during the boot process. An attacker could exploit these vulnerable shim bootloaders using a Bring Your Own Vulnerable Driver (BYOVD)-style technique to execute arbitrary code during the early boot phase, prior to operating system initialization, thereby bypassing Secure Boot protections. Description The Unified Extensible Firmware Interface (UEFI) standard defines the modern firmware architecture used to initialize hardware and transfer control to the operating system during system startup. On systems with Secure Boot enabled, UEFI applications and drivers must be cryptographically signed and verified before execution. Trust for these signatures is established through several firmware-managed databases, including the authorized signature database (DB), which commonly contains the "Microsoft Corporation UEFI CA 2011" certificate. This Microsoft certificate is widely used to sign third-party boot components intended to run under Secure Boot. The open-source UEFI shim project is a small, signed bootloader that Microsoft signed using the "Microsoft Corporation UEFI CA 2011" certificate. Shim acts as a bridge between the motherboard's UEFI firmware and the operating system (typically a Linux distribution). Its purpose is to allow Linux distributions to boot with Secure Boot enabled without requiring every individual distribution's key to be built into the motherboard's NVRAM settings. In doing so, shim allows Linux distributions and other third parties to esta
Anthropic is releasing Claude Mythos 5 to trusted organizations and Claude Fable 5 to the public, a version it says can’t be used for cyberattacks.
Tech company says it ‘caught and disrupted’ NSO Group’s attempts to access accounts in Jordan and Lebanon A spyware firm has been targeting WhatsApp users with malicious links in contravention of a US court order forbidding it from doing so, Meta has said. In a post, Meta said WhatsApp had “caught and disrupted spear phishing attempts” by NSO Group, which a spokesperson said targeted a handful of users in Jordan and Lebanon. It had also caught the group creating “test accounts and groups” on WhatsApp. Continue reading...
Worm is a desktop forensic acquisition tool for authorized investigations. It brings disk imaging, memory acquisition, Android collection, hash verification, case output handling, image viewing, and reporting into one native application. The app runs as a real desktop window on Linux and Windows. [https://github.com/noirlang/worm](https://github.com/noirlang/worm) [https://worm.noirlang.tr/](https://worm.noirlang.tr/)
I scanned Chrome extension manifests for **chrome\_settings\_overrides** and found 23 extensions silently routing 758,000 users' searches through hidden monetization networks. The pattern: install a free extension (satellite imagery, maps, news reader), your default search gets quietly replaced and every query goes through the operator's middleware before reaching a search network, generating affiliate revenue you never consented to. Key findings: * 8 distinct brokers behind these extensions. If one extension gets pulled, another goes up under a different name. * Several extensions have zero functionality beyond the search override * One extension affirmatively claims "We don't track your searches" while its own privacy policy says otherwise * One uses runtime **declarativeNetRequest** injection so the real behavior is invisible to static analysis The \`hspart\` parameter in the final search redirect URL is the clustering key. One value maps an entire broker network regardless of extension name, domain, or publisher identity. Full report: [https://malext.io/reports/SearchJack/](https://malext.io/reports/SearchJack/)
Monday, June 8
The code WIRED identified is gone from the latest version of Meta AI, the companion app for the company’s smart glasses. Meta won’t say why or whether it’s coming back.
COPENHAGEN, Denmark, June 8, 2026 – Heimdal has achieved ISAE 3000 SOC 2 Type II certification for the sixth consecutive year, reflecting the company’s continued focus on operational security, accountability, and data protection. The 2026 audit covered the period from 1 April 2025 to 31 March 2026 and examined Heimdal’s controls across access management, data […] The post Heimdal® Marks Six Years of Consecutive ISAE 3000 SOC 2 Type II Certification appeared first on Heimdal Security Blog .
To reduce the amount of noise from questions, we have disabled self-posts in favor of a unified questions thread every week. Feel free to ask any question about reverse engineering here. If your question is about how to use a specific tool, or is specific to some particular target, you will have better luck on the [Reverse Engineering StackExchange](http://reverseengineering.stackexchange.com/). See also /r/AskReverseEngineering.
A WIRED timeline shows how dozens of governments, companies, and other organizations across Europe are moving, or planning to shift, away from US Big Tech.
Sunday, June 7
Slapping an LLM onto a security tool without guardrails is a massive liability. In digital forensics and incident response (DFIR), an AI hallucination can ruin an entire chain of custody. An answer without mathematical, binary proof is completely worthless. If an AI agent cannot anchor its reasoning to exact offsets, hashes, and unmanipulated timestamps, it has no business touching forensic data. With **Crow-Eye v0.11.0**, we are pushing a massive update to our full-spectrum forensic lifecycle platform. This release introduces a hardened AI compliance architecture and completely upgrades the core correlation engines. We are treating the underlying intelligence layer like a highly supervised junior analyst. Everything it sees is hashed, everything it thinks is visible, its memory management is strictly audited, and its ability to alter rules is completely sandboxed. Here is exactly how we are enforcing forensic integrity under the hood in v0.11.0: # 1. AI Compliance & Governance # Evidence Seal & Cryptographic Chain of Custody Every single time the AI interacts with your forensic data, it is cryptographically verified. * **The Process:** Before any payload is passed to the AI model, the `evidence_seal.py` service steps in. * **Hashing & Provenance:** It calculates the SHA-256 hash of the exact bytes being sent and attaches metadata tracking the absolute source (e.g., `database:table:rowid`), token count, and the specific AI model used. * **Hash-Chaining:** This metadata is written to an append-only JSONL ledger. Each new record incorporates the hash of the previous record. If a single byte of historical evidence is tampered with, the entire cryptographic chain breaks instantly. # The TruncationAuditor Service (Context Auditing) AI context windows are a massive compliance bottleneck. Silent truncation—where a tool quietly drops data when limits are exceeded—is unacceptable in an investigation. The `TruncationAuditor` service acts as a strict forensic bookkeeper to log exactly how history is modified during our Self-Healing Context routine. * **The Append-Only Audit Log:** Events are permanently written to `<case>/EYE_Logs/truncation_audit.log`, tracking whether data was compressed (`SUMMARIZED`) or entirely removed (`TRUNCATED`). * **High-Fidelity Tracking:** Every single dropped or compressed message records its unique Message ID, token count, reason (e.g., `budget_exceeded`), extra JSON metadata, and a SHA-256 Content Hash of the exact message text to mathematically prove what was removed. * **Tamper-Evident Hash-Chaining:** Each log entry combines its content with the hash of the previous log line using a `chain=...` signature. If a rogue actor manually deletes a record from the text log to hide missed evidence, the chain breaks instantly, and the `verify_chain()` check fails. * **Protocol Compliance Panel:** The auditor exports this ledger into a structured JSON array (`audit_trail.json`). The React UI reads this to give investigators a clean visual timeline of exactly what was preserved, summarized, or dropped. https://preview.redd.it/7yysi31xgu5h1.png?width=3394&format=png&auto=webp&s=16032abda1bbbccd2986be1479e37a0c45ec5a69 # The ThinkingStep Protocol (Anti-Black-Box Streaming) The AI is hard-coded to "show its work." The `ThinkingStep` protocol bridges the Python backend (`eye_bridge.py` and `query_processor.py`) and the React frontend (`EyeDialogue.tsx`), streaming real-time updates over `QWebChannel` across 4 distinct, auditable phases: * **Phase 1: thinking (Intent Detection):** The backend queries the LLM to determine intent (e.g., separating general questions from direct MFT queries). The UI displays "Analyzing request..." * **Phase 2: rag (Retrieval-Augmented Generation):** The backend searches local forensic rules inside `configs/knowledge_base/` (like pulling up Living off the Land tactics for PowerShell analysis) and shows you exactly what was fetched. * **Phase 3: tool\_call (Execution):** If the AI needs hard data, it sends a structured command to the backend to fire off a tool (e.g., executing a raw SQLite database query). The UI displays a dedicated "Tool Execution" block exposing the exact arguments, execution status, and raw JSON payloads returned. This layer loops sequentially if multiple tools are required. If a tool fails on a bad SQL query, the step turns red, exposes the raw Python exception, and allows the AI to catch the error in its context to heal and try a corrected query. * **Phase 4: synthesis (Final Generation):** The backend bundles the RAG knowledge and tool results securely using the Evidence Seal, routing them to the model to stream out the final human-readable response. * **UI Transparency:** In the frontend, these phases are rendered as interactive, collapsible accordion blocks. You can expand a tool block to verify every database query syntax or piece of documentation the AI used before arriving at its final conclusion. # Governance Enforcement Protocols (GEP Rules 9-11) When the AI acts as an author (like generating correlation rules), it is locked down: * **Reasoning Required (R9):** The AI cannot create or edit any rule without rendering a clear text justification. * **Evidence Linking (R10):** The AI cannot hallucinate a rule. It must bind it back to the exact physical forensic artifact (`related_evidence`) that prompted it. * **Read-Only Built-ins (R11):** The AI is strictly sandboxed from modifying human-authored rules or built-in system defaults. # 2. Core Engine Upgrades With the AI heavily supervised, v0.11.0 also delivers massive architectural upgrades to the data engines feeding the platform. **Advanced Core Correlation Engine Upgrade** An adversary leaves footprints across multiple layers of the system simultaneously. * **Deep Artifact Stitching:** Crow-Eye automatically maps the connective tissue between Master File Table (MFT) records, Registry hives, LNK files, and Jump Lists. * **Instant Timeline Reconstruction:** The engine identifies non-obvious relationships instantly, allowing you to trace an execution lifecycle from initial file access straight to system persistence without manual cross-referencing. **Ironclad Identity Engine Upgrade** Attributing actions to specific security identifiers (SIDs) in modern Windows 11 environments can get incredibly messy during high-stress triage. * The upgraded **Identity Engine** brings precise, deterministic execution-context tracking. It resolves user sessions, elevation states, and mapped SIDs with absolute certainty, eliminating ambiguity during credential abuse investigations. For the next release, I am focusing completely on user bugs and performance edge-cases. Please feel free to contact me for any bug reports or support queries you can find all of my direct contact details on the official website:https://crow-eye.com/ **GitHub:**[https://github.com/Ghassan-elsman/Crow-Eye](https://github.com/Ghassan-elsman/Crow-Eye) for the full details of the Resale notes please check [https://github.com/Ghassan-elsman/Crow-Eye/releases/tag/0.11.0](https://github.com/Ghassan-elsman/Crow-Eye/releases/tag/0.11.0) Good hunting,
EDRChoker uses **Policy-based Quality of Service (QoS)** to set hard bandwidth caps (throttling) on Endpoint Detection and Response (EDR) agents, causing them to always time out - effectively blocking them.
I recently learned about multiple sandbox bypasses discovered in Twig by project Glasswing. From the descriptions, only CVE-2026-46640 and CVE-2026-46633 seemed universally exploitable, so I decoded to research them. This writeup documents my development of payloads for the CVE-2026-46640 and the corresponding SSTImap module.
Saturday, June 6
Plus: Hackers use Meta’s AI bots to hack Instagram accounts, Anthropic helps NSA hackers, a decades-long GPS satellite mystery may have been solved, and more.
Friday, June 5
At Gartner SRM 2026 this week I gave a talk called “Cutting Through AI Noise: Defending Against Machine-Speed Cyber Adversaries.” The room was full of security leaders who’ve been through enough hype cycles to be skeptical of seeing AI on the label. That skepticism is warranted, and I built the session around it. Here’s what […] The post What I Told Security Leaders at Gartner SRM 2026 appeared first on Synack .