1010.cx – Page 15 – cybersecurity / defense / intelligence

Hackers Abuse Microsoft OAuth Device Code Flow to Take Over Microsoft 365 Accounts

·

cyber security, Cyber Security News, Microsoft

An active campaign in which attackers are abusing Microsoft’s OAuth 2.0 Device Authorization Grant (device code) flow to take over Microsoft 365 accounts. Rather than capturing credentials with a fake login page, the threat actors persuade victims to complete a genuine Microsoft authentication process that, unbeknownst to them, authorizes an attacker-controlled “device.” The result: fully […]

The post Hackers Abuse Microsoft OAuth Device Code Flow to Take Over Microsoft 365 Accounts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
OptinMonster Plugin Vulnerability Exposes 1.2 Million WordPress Sites to Cyberattacks

·

cyber security, Cyber Security News, vulnerability, Word press, Wordpress

A large-scale supply chain attack targeting the popular OptinMonster WordPress plugin has exposed more than 1.2 million websites to active compromise. The campaign also affects the TrustPulse and PushEngage plugins, both developed by Awesome Motive, significantly amplifying the attack surface across millions of WordPress deployments. The attackers tampered with legitimate JavaScript files delivered via Awesome […]

The post OptinMonster Plugin Vulnerability Exposes 1.2 Million WordPress Sites to Cyberattacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware

·

The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT. “The attack email contained a message impersonating an MS account security alert,” the Genians Security Center (GSC) said. “It was designed to create concern over possible

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Rhysida and Interlock Ransomware Groups Linked to Initial Access Brokers and Crypter Ecosystem

·

cyber security, Cyber Security News, Ransomware

Rhysida and Interlock sit inside the same ransomware supply chain, but their latest observed behavior shows a more nuanced relationship than simple code reuse. IBM X-Force’s long-term analysis ties both groups to initial access brokers, private crypters, downloaders, and backdoors that help them stage intrusion chains before encryption. The core finding is that both operations […]

The post Rhysida and Interlock Ransomware Groups Linked to Initial Access Brokers and Crypter Ecosystem appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Russian and Chinese Actors Use AI Translation and Visual Content in Malign Influence Operations

·

AI, cyber security, Cyber Security News

AI is reshaping foreign malign influence operations in subtle but consequential ways. Our analysis of pro-Russia and pro-China inauthentic accounts on X across 2024–2026 shows actors are not leveraging AI primarily to flood platforms with volume. Instead, they are using AI to refine content quality, create more believable personas, and broaden linguistic and visual reach […]

The post Russian and Chinese Actors Use AI Translation and Visual Content in Malign Influence Operations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw

·

Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0. “A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

·

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026. The vulnerability in question is CVE-2026-54420 (CVSS score: 8.5), which has been described as a case of privilege

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
The Gentlemen RaaS Scales to 166 Victims as Ransomware Groups Compete for Affiliates

·

cyber security, Cyber Security News, Ransomware

Two new Ransomware-as-a-Service (RaaS) entrants publicly recruited affiliates, underscoring a rapid reconsolidation of the ransomware market and a sharpening competition for skilled operators. An actor using the handle hyflock123 posted a recruitment thread on Duty-Free on May 14 claiming prior work with LockBit and Qilin and launching “Hyflock.” The next day hastalamuerte, founder and administrator […]

The post The Gentlemen RaaS Scales to 166 Victims as Ransomware Groups Compete for Affiliates appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
PRC-Nexus Hackers Abuse REDCap Servers to Monitor US Medical Research Organizations

·

cyber security, Cyber Security News

A sophisticated, long-running cyberespionage campaign attributed to UNC6508, a People’s Republic of China (PRC)-nexus threat actor, that systematically targets North American academic, medical, and military research institutions. The campaign, active since at least September 2023, remained undetected for over a year while the threat actor silently harvested credentials, exfiltrated sensitive communications, and maintained persistent access across victim […]

The post PRC-Nexus Hackers Abuse REDCap Servers to Monitor US Medical Research Organizations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Hackers Use The Quarry PhaaS Ecosystem to Target U.S. Victims With IRS Phishing

·

cyber security, Cyber Security News, Phishing

A single developer-known online as RockyBelling has assembled a highly modular PhaaS/MaaS ecosystem that affiliates worldwide use to launch highly targeted IRS and SSA-themed phishing campaigns that predominantly hit U.S. victims. SOCRadar research spanning April 2025–April 2026 ties almost 200 affiliates to a commercial toolkit that combines sophisticated cloaking, flexible payload options, real-time victim telemetry […]

The post Hackers Use The Quarry PhaaS Ecosystem to Target U.S. Victims With IRS Phishing appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶