“Cyber warfare is as much about psychological strategy as technical prowess.”
― James Scott
-

Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing [email protected] (The Hacker News)
Google on Friday said it’s pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans. The network is said to be behind the development and management of a phishing-as-a-service (PhaaS) software kit called Outsider, per the tech giant. “The operation…
-

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade [email protected] (The Hacker News)
Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant, says it backdoored the PAM and OpenSSH components that decide who is allowed to sign in, planting its access where…
-

Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code [email protected] (The Hacker News)
Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted using Sentry, an open-source error-tracking and performance-monitoring platform. “The…
-

Rethinking MDR as Attackers and Defenders Embrace AI [email protected] (The Hacker News)
For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn’t staff around the clock, couldn’t hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now. The threat landscape has changed faster than the MDR…
-

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution [email protected] (The Hacker News)
Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGraph is an open-source framework created by LangChain to build complex, stateful, and multi-agent artificial intelligence (AI) agentic applications. “An SQL injection in LangGraph’s function couldRead More
-
It’s time to update incident response for the AI era
Your latest cybersecurity incident might not be a threat actor, but an internal AI agent doing what it’s authorized to do. Incident response must evolve to accommodate AI.Read More
-

INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator [email protected] (The Hacker News)
An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday. The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countries in the Middle East and North Africa (MENA) region making 201 arrests. Included among them was…
-

Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs [email protected] (The Hacker News)
Authorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, said the dismantling of AudiA6 cut off a “key financial pipeline used to wash hundreds of millions in illicit profits.” The service is estimated to have been used to launder more than…
-

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities [email protected] (The Hacker News)
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google’s Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish…
-

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets [email protected] (The Hacker News)
Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and location pins that the agent executed without the victim ever seeing them. Varonis built…
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.”
― Martina Navratilova
