-
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL filtering tools were
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software keeps becoming someone else’s entry point. Scroll through the full Monday Cybersecurity
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
·
Both CFAKE and SOCFAKE (CFAKE.com and SOCFAKE.com) were seized after prosecutors said they hosted nonconsensual nude digital forgeries of famous women.¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
This week in cybersecurity from the editors at Cybercrime Magazine
Sausalito, Calif. – Jun. 15, 2026– Read the full story from CMBlog
By harnessing AI, cybercriminals are developing increasingly sophisticated techniques to commit their crimes, posing a growing threat to businesses, institutions, and individuals worldwide.
The threat hit close to home earlier this year when the hacking group ShinyHunters executed a major multi-wave breach on Instructure’s Canvas Learning Management System, compromising data of up to 275 million users across nearly 9,000 institutions worldwide, including DeVry University. The attack is a reminder of just how fast the threat landscape is evolving.
AI is accelerating that evolution. Cybersecurity Ventures predicts that ransomware attacks will occur every two seconds by 2031.
To fight the ongoing war against cybercrime, many more highly skilled cybersecurity experts are needed throughout the business sector, government agencies, in healthcare and educational institutions. Although approximately 1.34 million cybersecurity professionals are currently working in the U.S., the demand is very high — with over 514,000 job openings nationally in the field, according to CyberSeek.
Despite this rising demand for cybersecurity professionals, early-career talent is often shut out due to their lack of experience, making the shortage worse.
“The cyber workforce gap is real, and AI is changing what entry-level jobs look like,” said Dr. Jingdi “Rebecca” Zeng, senior professor and curriculum chair, DeVry University. “That means part of learning that used to happen on the job now needs to happen earlier, in the classroom.”
To prepare the next generation of cyber leaders, DeVry University’s Cybersecurity Center of Excellence is tackling the challenge head-on. By partnering with industry leaders, the university has designed a curriculum that aims to help close the skills gap by equipping early-career professionals with the knowledge and experiences they need to thrive in today’s rapidly evolving cyber landscape.
Cybercrime Magazine is Page ONE for Cybersecurity. Go to any of our sections to read the latest:
- SCAM. The latest schemes, frauds, and social engineering attacks being launched on consumers globally.
- NEWS. Breaking coverage on cyberattacks and data breaches, and the most recent privacy and security stories.
- HACK. Another organization gets hacked every day. We tell you who, what, where, when, and why.
- VC. Cybersecurity venture capital deal flow with the latest investment activity from various sources around the world.
- M&A. Cybersecurity mergers and acquisitions including big tech, pure cyber, product vendors and professional services.
- BLOG. What’s happening at Cybercrime Magazine. Plus the stories that don’t make headlines (but maybe they should).
- PRESS. Cybersecurity industry news and press releases in real time from the editors at Business Wire.
- PODCAST. New episodes daily on the Cybercrime Magazine Podcast feature victims, law enforcement, vendors, and cybersecurity experts.
- RADIO. Tune into WCYB Digital Radio at Cybercrime.Radio, the first and only round-the-clock internet radio station devoted to cybersecurity.
Contact us to send story tips, feedback and suggestions, and for sponsorship opportunities and custom media productions.
The post Cybercrime is Accelerating: Preparing the Next Wave of Cybersecurity Experts appeared first on Cybercrime Magazine.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A financially motivated campaign dubbed “Payroll Pirate” has emerged using advanced phishing and adversary-in-the-middle (AiTM) session hijacking to bypass multifactor authentication (MFA) and reroute payroll disbursements. This operation targets payroll and HR portals at mid-market and enterprise organizations, chaining credential theft, real-time session interception, and subtle profile changes to siphon funds without triggering conventional alarms. […]
The post Payroll Pirate Campaign Uses AiTM Session Hijacking to Bypass MFA and Redirect Salaries appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A remote code execution (RCE) vulnerability in Jenkins, tracked as CVE-2026-53435, is now actively exploited in the wild. The flaw, stemming from insecure deserialization during Jenkins’ config.xml processing, allows unauthenticated or low-privileged attackers to execute arbitrary code on vulnerable instances, posing a severe risk to organizations that rely on the popular CI/CD automation server. Jenkins RCE Flaw […]
The post Jenkins RCE Flaw Exploited by Attackers in the Wild appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Handala hacking group claims it has targeted California Water Service, leaking 5GB of customer database and GPS network files in its latest infrastructure attack.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Windows 11 cumulative update KB5094126, released on June 9, 2026, for builds 26200.8655 and 26100.8655, is triggering a wave of user reports about system freezes, forced BitLocker recovery screens, and broken OneDrive integration in File Explorer on some devices. While Microsoft positions the patch as a critical security and reliability update, early feedback suggests serious […]
The post Windows 11 Update Causes System Freezes, Triggers BitLocker Recovery, and Breaks OneDrive appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A long-running, highly disciplined intrusion attributed to the China-nexus actor known as Velvet Ant has been revealed as a near-decade campaign of silent access that culminated in the replacement of core authentication components OpenSSH binaries and PAM modules across a segregated critical-infrastructure network. The intrusion chain began with compromises of internet-facing systems where the operator […]
The post Velvet Ant Hackers Backdoor OpenSSH and PAM to Spy on Critical Infrastructure Network appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary “first-day” password so employees can access systems for the first time. The issue is that these passwords don’t always stay temporary. They may be sent over email or SMS, reused across accounts,
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
