“Cyber warfare is as much about psychological strategy as technical prowess.”
― James Scott
-

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More [email protected] (The Hacker News)
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten…
-

The Onboarding Password Mistake That Creates Unnecessary Risk [email protected] (The Hacker News)
Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary “first-day” password so employees can access systems for the first time. The issue is that these passwords don’t always stay temporary. They may be sent…
-

152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic [email protected] (The Hacker News)
Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family. The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: tabplugins[.]com, yowgames[.]com, and chromewallpaper[.]com. They have been collectively installed 105,000 times. TheRead More
-

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites [email protected] (The Hacker News)
An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under the attacker’s control and installed a hidden plugin that opened…
-

Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts [email protected] (The Hacker News)
Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations. “These accounts promoted fake offers, including free mobile internet packages, financial compensation, and government subsidy programs,” Group-IBRead More
-

Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw [email protected] (The Hacker News)
Palo Alto Networks has revealed that it has observed “active exploitation” of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication bypass flaw affecting the portal and gateway components of PAN-OS software that could be exploited…
-

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication [email protected] (The Hacker News)
Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. “In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or…
-

U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals [email protected] (The Hacker News)
Anthropic said on Friday it will “abruptly disable” its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether inside or outside the U.S., citing national security concerns. The AI company said it received…
-

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit [email protected] (The Hacker News)
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to…
-

400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer [email protected] (The Hacker News)
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to…
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.”
― Martina Navratilova
