1010.cx – Page 6 – cybersecurity / defense / intelligence

Dropping Elephant Hackers Use China-Themed Loader Chain to Deploy In-Memory RAT

·

cyber security, Cyber Security News

A sophisticated malvertising and social-engineering campaign that pivoted from weaponized GitLab Pages to abusing claude.ai’s shared chat feature, enabling operators to deliver an in-memory remote-access trojan (RAT) via a China-themed loader chain. Across seven weeks (April 8–June 14, 2026) investigators tracked 106 unique malicious hostnames across six attack waves, revealing rapid infrastructure rotation, targeted geographic […]

The post Dropping Elephant Hackers Use China-Themed Loader Chain to Deploy In-Memory RAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
AWS Launches Continuum to Detect and Fix Code Vulnerabilities at Machine Speed

·

Amazon AWS, AWS, cyber security, Cyber Security News

AWS has introduced “Continuum,” a new security capability designed to detect, validate, and remediate code vulnerabilities at machine speed, signaling a shift away from traditional telemetry-heavy security models toward automated, context-driven remediation. Announced on June 17, 2026, in a gated preview, AWS Continuum leverages advanced AI models to address the growing volume of vulnerabilities generated […]

The post AWS Launches Continuum to Detect and Fix Code Vulnerabilities at Machine Speed appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Hackers Could Abuse SQL Server 2025 AI Features to Steal Sensitive Data

·

cyber security, Cyber Security News, MySQL

A new security analysis has revealed that Microsoft SQL Server 2025’s native AI capabilities can be repurposed by attackers to stealthily exfiltrate sensitive data and establish command-and-control (C2) channels directly within the database engine, significantly expanding the post-exploitation attack surface. Security researcher Justin Kalnasy of SpecterOps demonstrated that newly introduced AI-focused features, intended to support […]

The post Hackers Could Abuse SQL Server 2025 AI Features to Steal Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
The Scripts on Your Checkout Page Are Now a PCI DSS Problem

·

An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the full QSA assessment here → When a customer types their card number into your checkout, their browser is running far more than your code. Analytics tags, a tag manager, a support widget, a payment iframe: a modern checkout loads dozens of third-party scripts, and any one of them can be turned

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Windows 11 June Patch Triggers Microsoft Office Startup Issues

·

cyber security, Cyber Security News, Windows

Microsoft’s June 2026 cumulative update for Windows 11 (KB5095051, OS Build 28000.2269) introduces an unexpected application compatibility issue that may disrupt enterprise workflows, as users report that Microsoft Office applications fail to launch when opened via certain third-party applications. The update, released on June 9, 2026, targets Windows 11 version 26H1 and bundles critical security […]

The post Windows 11 June Patch Triggers Microsoft Office Startup Issues appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Hackers Exploit WordPress SMTP Plugin With 100,000+ Installs to Steal Sensitive Data

·

cyber security, Cyber Security News, vulnerability, Word press, Wordpress

Threat actors are actively exploiting a critical security flaw in the widely used Gravity SMTP WordPress plugin to extract sensitive configuration data, including API keys and authentication tokens. The vulnerability, tracked as CVE-2026-4020 with a CVSS score of 5.3, affects all versions up to and including 2.1.4 and exposes more than 100,000 websites to potential […]

The post Hackers Exploit WordPress SMTP Plugin With 100,000+ Installs to Steal Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Splunk AI Toolkit Vulnerability Allows Arbitrary OS Command Execution

·

CVE/vulnerability, cyber security, Cyber Security News, Vulnerabilities, vulnerability

Splunk has disclosed a critical security vulnerability in its AI Toolkit that could allow authenticated administrators to execute arbitrary operating system commands on affected systems, raising significant concerns for enterprises that rely on Splunk for security analytics and automation. The flaw, tracked as CVE-2026-20266, affects Splunk AI Toolkit versions before 5.7.4 and has been assigned […]

The post Splunk AI Toolkit Vulnerability Allows Arbitrary OS Command Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Agentjacking: Researchers Show How One Fake Bug Report Can Hijack AI Coding Agents

·

Agentjacking, AI, AI Coding, Artificial Intelligence, Bug Report, Cyber Attack, cybersecurity, RCE, Security, Tenet, vulnerability

Tenet researchers reveal how fake Sentry bug reports can trick AI coding agents into running code, exposing a new Agentjacking risk for developers today.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Microsoft Confirms RoguePlanet Zero-Day Exploit Targeting Defender

·

cyber security, Cyber Security News, Microsoft, vulnerability, Windows, Zero-Day, zeroday

Microsoft has confirmed a newly disclosed zero-day vulnerability, tracked as CVE-2026-50656, affecting Microsoft Defender, following the public release of a proof-of-concept (PoC) exploit dubbed “RoguePlanet” by security researcher NightmareEclipse. The vulnerability, classified as an elevation-of-privilege flaw, was officially published on June 16, 2026, and is already drawing attention due to its reliability and ability to […]

The post Microsoft Confirms RoguePlanet Zero-Day Exploit Targeting Defender appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
FortiBleed Exploit Campaign Hits 70,000+ Fortinet Firewalls Worldwide

·

cyber security, Cyber Security News

A large-scale cyber espionage campaign dubbed “FortiBleed” has compromised more than 70,000 Fortinet firewalls and VPN gateways worldwide, exposing enterprise networks across 194 countries. The activity, first identified by security researcher Volodymyr Diachenko and further analyzed by Hudson Rock and Kevin Beaumont, reveals a coordinated effort targeting internet-exposed FortiGate management interfaces. The dataset contains 73,932 […]

The post FortiBleed Exploit Campaign Hits 70,000+ Fortinet Firewalls Worldwide appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶