@www.cryptika.com@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
Cryptika Cyber Security
Site URL: www.cryptika.com
Feed URL: cryptika.com/feed
Posts: 57
Followers: 1
Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface Management
Published: June 14, 2026 18:28
Torrance, United States / California, June 11th, 2026, CyberNewswire Criminal IP by AI SPERA, a cyber threat intelligence platform delivering decision-ready intelligence and attack surface visibility to security teams worldwide, ... The post Criminal IP at…
Maine Takes Data Breach Reporting Portal Offline After Fake VRChat and Discord Filings
Published: June 14, 2026 02:57
June 14, 2026 The Office of the Maine Attorney General has temporarily taken its public-facing data breach reporting database offline after discovering that an unknown entity submitted fabricated breach notifications ... The post Maine Takes Data Breach…
152 Chrome Extensions Hide Ad Tracking and Fake Google Search Traffic
https://www.cryptika.com/152-chrome-extensions-hide-ad-tracking-and-fake-google-search-traffic/
Published: June 14, 2026 02:42
June 14, 2026 152 Chrome “live wallpaper” extensions on the Chrome Web Store have been caught secretly logging user data and faking Google “organic search” traffic to inflate ad revenue, ... The post 152 Chrome Extensions Hide Ad Tracking and Fake Google…
New Agentjacking Attack Hijacks Your AI Coding Agent to Run Code From a Hacker’s Server
Published: June 13, 2026 16:48
June 13, 2026 New “Agentjacking” attack that hijacks AI coding agents and silently executes attacker-controlled code on developer machines using nothing more than a single injected Sentry error. The technique ... The post New Agentjacking Attack Hijacks…
BugHunter – Bug Bounty Toolkit Powered by Claude and Free AI Providers
https://www.cryptika.com/bughunter-bug-bounty-toolkit-powered-by-claude-and-free-ai-providers/
Published: June 13, 2026 13:33
June 13, 2026 A new open-source bug bounty hunting toolkit called BugHunter, built on top of Anthropic’s Claude Code and now extended to support free AI providers like Ollama and ... The post BugHunter – Bug Bounty Toolkit Powered by Claude and Free AI…
Splunk Enterprise Pre-Auth RCE Chain Exposes Database With Zero Authentication
Published: June 13, 2026 11:12
A critical vulnerability chain in Splunk Enterprise has been disclosed, enabling unauthenticated attackers to achieve remote code execution (RCE) through a misconfigured PostgreSQL sidecar service. Tracked as CVE-2026-20253, the flaw ... The post Splunk…
Anthropic Fable 5 and Mythos 5 Access Blocked to All Users Following Government Directive
Published: June 13, 2026 03:38
June 13, 2026 Anthropic has disabled its two most capable AI models, Fable 5 and Mythos 5, after the U.S. government issued an export control directive late on June 12 ... The post Anthropic Fable 5 and Mythos 5 Access Blocked to All Users Following…
Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy Cyberattacks
Published: June 12, 2026 18:30
One of the most persistent hacking groups in the world has found a new way to stay hidden. The threat actor known as Fancy Bear, formally tracked as APT28 and ... The post Fancy Bear Hackers Abuse EdgeRouters and Cloud Services to Launch Stealthy…
Hackers Abuse Legitimate NinjaOne RMM Software to Bypass Traditional Malware Detection
Published: June 12, 2026 18:10
June 12, 2026 A newly documented phishing campaign is using a legitimate remote management tool to silently take over victims’ computers, without deploying a single line of traditional malware. Researchers ... The post Hackers Abuse Legitimate NinjaOne RMM…
Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets
Published: June 12, 2026 16:01
June 12, 2026 A fresh wave of supply chain attacks is putting blockchain developers, Web3 teams, and cloud engineers at serious risk. Researchers have uncovered a coordinated campaign involving multiple ... The post Malicious npm Campaign Steals SSH Keys,…
Hackers Use OnyxC2 Malware-as-a-Service to Steal Credentials From 210 Applications
Published: June 12, 2026 14:42
June 12, 2026 A new and dangerous credential-stealing tool called OnyxC2 has emerged in the cybercrime underground, showing just how easy it has become for even low-skilled attackers to run ... The post Hackers Use OnyxC2 Malware-as-a-Service to Steal…
400+ Arch Linux AUR Packages Compromised in a Supply Chain Attack Deploying Infostealers
Published: June 12, 2026 13:39
June 12, 2026 A massive supply chain attack targeting the Arch User Repository (AUR) has compromised more than 400 community-maintained packages, with attackers injecting malicious build scripts designed to deploy ... The post 400+ Arch Linux AUR Packages…
Critical Vulnerability Chain in LangGraph Allows Attackers to Gain Full Server Control
Published: June 12, 2026 13:18
June 12, 2026 A critical vulnerability chain discovered in LangGraph, a popular open-source AI agent framework developed by the creators of LangChain, could allow attackers to gain full server control ... The post Critical Vulnerability Chain in LangGraph…
Authorities Dismantle Cryptocurrency Laundering Services ‘AudiA6’ Used by Ransomware Gangs
Published: June 12, 2026 10:38
June 12, 2026 Authorities have dismantled a major cryptocurrency laundering service known as “AudiA6,” widely used by ransomware groups and cybercriminal networks to obscure illicit financial flows and cash out ... The post Authorities Dismantle…
Hackers Use Free Spotify Premium Hacks on TikTok and Instagram to Spread Vidar Infostealer
Published: June 12, 2026 09:23
June 12, 2026 Hackers are now turning popular social media platforms into malware delivery channels, using the promise of free software to trap unsuspecting users. Short-form video platforms like TikTok ... The post Hackers Use Free Spotify Premium Hacks…
Solana FakeFix Campaign Uses 25 Malicious npm and PyPI Packages to Steal Developer Secrets
Published: June 12, 2026 09:13
June 12, 2026 A newly discovered supply chain campaign is putting Solana developers at serious risk, with attackers hiding malicious code inside fake developer packages on npm and PyPI. The ... The post Solana FakeFix Campaign Uses 25 Malicious npm and…
Microsoft Teams for Android Vulnerability Allows Attackers to Disclose Sensitive Data
Published: June 12, 2026 04:00
June 12, 2026 Microsoft has disclosed a significant security vulnerability in Microsoft Teams for Android that could allow an authenticated attacker to expose sensitive information over a network. The flaw, ... The post Microsoft Teams for Android…
CISA Requires Federal Agencies to Patch Critical Vulnerabilities Within 3 Days
Published: June 11, 2026 17:27
June 11, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 26-04, titled “Prioritizing Security Updates Based on Risk,” compelling all Federal Civilian Executive ... The post CISA Requires…
GitHub to Automate Disable npm Script Installs to Block Supply Chain Attacks
Published: June 11, 2026 15:55
June 11, 2026 GitHub has announced a major security-focused update to the Node Package Manager (npm), introducing breaking changes in the upcoming npm v12 release to reduce software supply chain ... The post GitHub to Automate Disable npm Script Installs…
Claude Mythos Turning N-Days Into N-Hours With Rapid Working Exploit Creation
Published: June 11, 2026 15:50
June 11, 2026 A new study has revealed that advanced large language models (LLMs), particularly Anthropic’s Claude Mythos Preview, are dramatically accelerating the development of N-day exploits, reducing timelines from ... The post Claude Mythos Turning…
Cybercriminals Abuse Chinese-Language Guarantee Marketplaces to Trade Stolen Credentials
Published: June 11, 2026 13:58
June 11, 2026 A network of Chinese-language online marketplaces operating on Telegram has quietly become one of the most powerful financial engines behind global cybercrime. These platforms, known as “guarantee” ... The post Cybercriminals Abuse…
Ivanti Command Injection Vulnerability Exploited in Attacks Following PoC Release
Published: June 11, 2026 12:20
June 11, 2026 Threat actors have begun actively exploiting a critical Ivanti Sentry command injection vulnerability just days after a proof-of-concept (PoC) exploit was made public, according to new internet ... The post Ivanti Command Injection…
PoC Exploit Released for Guest-to-Host Escape Linux Kernel Vulnerability
https://www.cryptika.com/poc-exploit-released-for-guest-to-host-escape-linux-kernel-vulnerability/
Published: June 11, 2026 11:58
June 11, 2026 A proof-of-concept (PoC) exploit has been released for a critical Linux kernel vulnerability, CVE-2026-46316, that enables a guest-to-host escape in KVM environments on arm64 systems. The flaw, ... The post PoC Exploit Released for…
Oracle Emergency Security Update to Fix Critical RCE Vulnerability
https://www.cryptika.com/oracle-emergency-security-update-to-fix-critical-rce-vulnerability/
Published: June 11, 2026 11:56
June 11, 2026 Oracle has issued an emergency Security Alert to address a critical remote code execution vulnerability (CVE-2026-35273) affecting PeopleSoft Enterprise PeopleTools. The vulnerability carries a CVSS v3.1 score ... The post Oracle Emergency…
Ivanti Endpoint Manager Mobile Vulnerability Enables Remote Code Execution Attacks
Published: June 11, 2026 04:31
June 11, 2026 A high-severity vulnerability, CVE-2026-6973, in Ivanti Endpoint Manager Mobile (EPMM) could allow authenticated attackers to achieve remote code execution by injecting malicious Apache configuration directives. The flaw, ... The post Ivanti…
Anthropic’s Claude Fable 5 Jailbroken to Generate Stack Exploits
https://www.cryptika.com/anthropics-claude-fable-5-jailbroken-to-generate-stack-exploits/
Published: June 11, 2026 03:06
June 11, 2026 Anthropic launched Claude Fable 5 on June 9, 2026, as the first publicly available model in its new Mythos class, its most capable AI to date, excelling ... The post Anthropic’s Claude Fable 5 Jailbroken to Generate Stack Exploits first…
Hackers Abuse Fake Utility Downloads to Install ScreenConnect and Mine Cryptocurrency
Published: June 10, 2026 17:18
June 10, 2026 Hackers are turning everyday software searches into a trap. A sophisticated cryptojacking campaign is actively targeting users who search for popular PC utilities online, luring them into ... The post Hackers Abuse Fake Utility Downloads to…
Hackers Use Tax Phishing Emails to Deploy In-Memory Malware on Windows Systems
Published: June 10, 2026 17:11
June 10, 2026 Hackers are using fake tax notification emails to trick Windows users into downloading dangerous multi-stage malware that runs entirely in memory, leaving almost no trace behind. The ... The post Hackers Use Tax Phishing Emails to Deploy…
Windows Collaborative Translation Framework 0-Day Vulnerability Allows Privilege Escalation
Published: June 10, 2026 15:15
June 10, 2026 Windows administrators should quickly deploy Microsoft’s June 9, 2026 security updates to fix a newly disclosed zero‑day in the Windows Collaborative Translation Framework (CTFMON), tracked as CVE‑2026‑45586. ... The post Windows…
Hackers Deploy MLTBackdoor Malware via Multi-Stage ClickFix Infection Chain
Published: June 10, 2026 08:10
June 10, 2026 A newly discovered backdoor malware called MLTBackdoor is making waves in the cybersecurity community after being spotted in a carefully designed, multi-stage attack chain. Identified in May ... The post Hackers Deploy MLTBackdoor Malware via…
Hackers Abuse TikTok and Instagram Reels to Spread Malware via Fake Free Software Tutorials
Published: June 10, 2026 08:04
June 10, 2026 Cybercriminals are now turning to short-form video platforms as a new attack surface, using fake software tutorials on TikTok and Instagram Reels to push malware onto unsuspecting ... The post Hackers Abuse TikTok and Instagram Reels to…
Windows BitLocker 0-Day Vulnerability Allows Attackers to Bypass Security Feature
Published: June 10, 2026 06:13
June 10, 2026 Microsoft disclosed a new Windows BitLocker Security Feature Bypass vulnerability, tracked as CVE-2026-50507, on June 9, 2026, as part of its June Patch Tuesday security release. The flaw, ... The post Windows BitLocker 0-Day Vulnerability…
Anthropic Released Claude Fable 5, the First Model in Mythos Class
https://www.cryptika.com/anthropic-released-claude-fable-5-the-first-model-in-mythos-class/
Published: June 10, 2026 04:55
June 10, 2026 Anthropic has released Claude Fable 5, the first publicly available model in its new Mythos capability tier, a class powerful enough that the company says it ships ... The post Anthropic Released Claude Fable 5, the First Model in Mythos…
New Windows Defender 0-Day Exploit “RoguePlanet” Grants SYSTEM Access to Attackers
Published: June 10, 2026 03:14
June 10, 2026 A researcher known as Nightmare Eclipse (also tracked as Chaotic Eclipse or Dead Eclipse) has publicly released a new proof-of-concept (PoC) exploit named RoguePlanet, targeting a previously ... The post New Windows Defender 0-Day Exploit…
New MagicAd Android Malware Flood Device With Ads Bypassing Restrictions
https://www.cryptika.com/new-magicad-android-malware-flood-device-with-ads-bypassing-restrictions/
Published: June 9, 2026 18:20
June 9, 2026 A newly discovered Android trojan called MagicAd has been found flooding infected devices with ads, cleverly slipping past the built-in restrictions of the Android operating system. What ... The post New MagicAd Android Malware Flood Device…
New Browser-in-the-Browser Phishing Attack to Steal Microsoft 365 Logins
https://www.cryptika.com/new-browser-in-the-browser-phishing-attack-to-steal-microsoft-365-logins/
Published: June 9, 2026 17:59
June 9, 2026 A new and sophisticated Browser-in-the-Browser phishing campaign has been discovered targeting Microsoft 365 users, using a fake login popup that is nearly impossible to tell apart from ... The post New Browser-in-the-Browser Phishing Attack…
Microsoft Patch Tuesday June 2026 – 198 Vulnerabilities Fixed, Including 3 Zero-days
Published: June 9, 2026 17:23
June 9, 2026 Microsoft has released its June 2026 Patch Tuesday security updates, addressing a hefty 198 vulnerabilities across its product ecosystem. The June rollout, published on June 9, 2026, ... The post Microsoft Patch Tuesday June 2026 – 198…
North Korea-Aligned Hackers Abuse GitHub Repositories to Infect Developers
https://www.cryptika.com/north-korea-aligned-hackers-abuse-github-repositories-to-infect-developers/
Published: June 9, 2026 16:02
June 9, 2026 North Korea-aligned hackers are once again targeting the developer community, this time by hiding malicious code inside seemingly legitimate GitHub repositories. The campaign, tracked under the name ... The post North Korea-Aligned Hackers…
How Threat Intelligence Feeds Help Automate SOCs to Reduce MTTR
https://www.cryptika.com/how-threat-intelligence-feeds-help-automate-socs-to-reduce-mttr/
Published: June 9, 2026 15:33
Security operations center (SOC) automation has become one of the biggest trends in cybersecurity. Organizations are investing heavily in AI, orchestration, and automated response technologies in pursuit of faster detection ... The post How Threat…
Fortinet FortiSandbox Vulnerability Allows Attackers to Execute Unauthorized Commands
Published: June 9, 2026 14:51
Fortinet has disclosed a critical security vulnerability in its FortiSandbox product line that could allow unauthenticated remote attackers to execute arbitrary OS commands through the web interface. The flaw, tracked ... The post Fortinet FortiSandbox…
New Weedhack Malware-as-a-Service Targets Minecraft Players to Steal Credentials, and Hijack Accounts
Published: June 9, 2026 12:46
June 9, 2026 A new and dangerous threat has emerged in the gaming world, one that turns a beloved pastime into a gateway for cybercrime. Weedhack, a Minecraft-focused Malware-as-a-Service (MaaS) ... The post New Weedhack Malware-as-a-Service Targets…
New NFCShare Android Malware Delivered via Weaponized Versions of Egitimate Banking Apps
Published: June 9, 2026 11:56
June 9, 2026 A newly evolved strain of Android malware known as NFCShare is being spread through fake versions of legitimate banking apps, putting mobile users across Europe at serious ... The post New NFCShare Android Malware Delivered via Weaponized…
Microsoft Defender Now Monitors RPC Protocol Abuse by Hackers
https://www.cryptika.com/microsoft-defender-now-monitors-rpc-protocol-abuse-by-hackers/
Published: June 9, 2026 10:09
June 9, 2026 Microsoft has expanded Microsoft Defender’s capabilities to monitor, detect, and disrupt attacks that abuse Remote Procedure Call (RPC), a core Windows protocol long exploited by threat actors ... The post Microsoft Defender Now Monitors RPC…
Hackers Exploiting LiteLLM RCE Vulnerability in the Wild to Run Arbitrary Commands
Published: June 9, 2026 09:25
June 9, 2026 Threat actors are actively exploiting a critical chained vulnerability in LiteLLM, a popular open-source AI gateway proxy, allowing unauthenticated remote code execution (RCE) on vulnerable deployments. Researchers ... The post Hackers…
Apache HTTP Server 2.4.68 Released With Fix For Use-After-Free, DoS, XSS, and Buffer Overflow Flaws
Published: June 9, 2026 03:16
June 9, 2026 The Apache Software Foundation released Apache HTTP Server version 2.4.68 on June 8, 2026, addressing 13 security vulnerabilities spanning multiple modules. The patched flaws include use-after-free conditions, ... The post Apache HTTP Server…
21 0-Day Vulnerabilities in FFmpeg Enables Remote Code Execution Attacks
https://www.cryptika.com/21-0-day-vulnerabilities-in-ffmpeg-enables-remote-code-execution-attacks/
Published: June 9, 2026 02:59
June 9, 2026 An autonomous security agent uncovered 21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with ... The post 21 0-Day Vulnerabilities…
New China-Linked Threat Cluster OP-512 Targets IIS Servers With Cryptographically Unique Web Shell Framework
Published: June 8, 2026 19:12
June 8, 2026 A newly identified threat cluster with suspected ties to China has been caught targeting Internet Information Services (IIS) web servers using a purpose-built web shell framework. Tracked ... The post New China-Linked Threat Cluster OP-512…
Check Point VPN 0-day Vulnerability Exploited in the Wild to Deploy Ransomware
Published: June 8, 2026 17:18
June 8, 2026 Check Point Research has uncovered active exploitation of CVE-2026-50751, a critical authentication bypass vulnerability (CVSS 9.3) in Check Point Remote Access VPN and Mobile Access deployments, with ... The post Check Point VPN 0-day…
Malspam Attack Uses Google DoubleClick Redirects to Deliver Fileless .NET Loader
Published: June 8, 2026 16:01
June 8, 2026 Cybercriminals have found a new way to sneak malware past email security tools, and this time they are hiding behind a name that most systems trust without ... The post Malspam Attack Uses Google DoubleClick Redirects to Deliver Fileless .NET…
UNC3753 Attacking US Law Firms Using Vishing and RMM Tools to Exfiltrate Data
Published: June 8, 2026 15:21
June 8, 2026 A sophisticated cybercriminal group known as UNC3753 has been running an aggressive campaign against US law firms since early 2026, using phone calls, screen-sharing tricks, and remote ... The post UNC3753 Attacking US Law Firms Using Vishing…
OWASP Releases AI Security Report to Empower Security Professionals with New Tools
Published: June 8, 2026 11:42
June 8, 2026 OWASP has released the “State of Agentic AI Security and Governance v2.01” report, a technical blueprint aimed at security teams racing to secure rapidly proliferating autonomous AI ... The post OWASP Releases AI Security Report to Empower…
Internet Explorer WebBrowser Control Attack Chain Turns Clicks Into RCE
https://www.cryptika.com/internet-explorer-webbrowser-control-attack-chain-turns-clicks-into-rce/
Published: June 8, 2026 10:06
June 8, 2026 Internet Explorer’s legacy WebBrowser control can still be abused to turn a single user click into full remote code execution (RCE) on Windows systems, even though the ... The post Internet Explorer WebBrowser Control Attack Chain Turns Clicks…
Multiple VMware Stored XSS Vulnerabilities Allow Attackers to Inject Malicious Scripts
Published: June 8, 2026 09:02
June 8, 2026 Broadcom has disclosed three stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation Operations and several related products, warning that authenticated attackers could inject malicious scripts to ... The post…
UniFi OS Server Critical RCE Chain Allows Root Access Without Credentials
https://www.cryptika.com/unifi-os-server-critical-rce-chain-allows-root-access-without-credentials/
Published: June 8, 2026 08:54
June 8, 2026 A critical vulnerability chain in the UniFi OS Server software has put thousands of organizations at serious risk. Researchers confirmed that an attacker can gain full root ... The post UniFi OS Server Critical RCE Chain Allows Root Access…
Critical Redis RCE Vulnerability Enable Attackers to Gain Complete Control to Host Server
Published: June 8, 2026 08:30
June 8, 2026 In May 2026, Redis developers fixed a dangerous post-authentication remote code execution vulnerability, dubbed DarkReplica (CVE-2026-23631), that allowed attackers to gain full control of a Redis host. ... The post Critical Redis RCE…
Microsoft Warns Claude Code GitHub Action Could Leak CI/CD Workflow Secrets
Published: June 8, 2026 05:54
June 8, 2026 AI-powered coding tools are rapidly changing how developers build and ship software. But as these tools enter everyday development pipelines, they are also opening new doors for ... The post Microsoft Warns Claude Code GitHub Action Could Leak…
Hackers Can Hijack Claude Code MCP Traffic to Steal OAuth Tokens
https://www.cryptika.com/hackers-can-hijack-claude-code-mcp-traffic-to-steal-oauth-tokens/
Published: June 8, 2026 02:16
A five-step attack chain that silently redirects Claude Code’s Model Context Protocol (MCP) traffic through attacker-controlled infrastructure, intercepting OAuth bearer tokens that grant persistent, broadly scoped access to connected SaaS ... The post…