Breaking News – Cyber Threats (last 6h)
Generated: 2026-06-09 08:00 PDT
- New Veeam vulnerability exposes backup servers to RCE attacks
BleepingComputer • 2026-06-09 07:27 • www.bleepingcomputer.com
Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. […]
https://www.bleepingcomputer.com/news/security/new-veeam-vulnerability-exposes-backup-servers-to-rce-attacks/ - WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
The Hacker News • 2026-06-09 05:26 • thehackernews.com
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released.The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and SHADOW-EARTH-066 (aka UAC-0226). It involves the exploitation of CVE-2025-8088, a path traversal flaw that allows an
https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html - Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
The Hacker News • 2026-06-09 04:59 • thehackernews.com
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself, all without human intervention and without touching a commercial AI service.The preprint, posted to arXiv on
https://thehackernews.com/2026/06/researchers-build-self-replicating-ai.html - Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild – Patch Now
The Hacker News • 2026-06-09 04:58 • thehackernews.com
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild.The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome’s JavaScript and WebAssembly engine.
“Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103
https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html - The Hidden Security Risk in Modern Networks: The Work Between Tools
The Hacker News • 2026-06-09 04:30 • thehackernews.com
Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort.But the same challenges persist. Outages still last hours, causing significant financial losses, operational disruption, and reputational impact. Threat response and mean time to
https://thehackernews.com/2026/06/the-hidden-security-risk-in-modern.html - French govt messaging service breached in account hijacking attack
BleepingComputer • 2026-06-09 03:53 • www.bleepingcomputer.com
DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government’s encrypted messaging platform. […]
https://www.bleepingcomputer.com/news/security/french-govt-messaging-service-breached-in-account-hijacking-attack/ - New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
The Hacker News • 2026-06-09 02:50 • thehackernews.com
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt.You open the page, leave the tab sitting there, and it watches the drive for contention in the background.
Researchers at Graz University of Technology built it and
https://thehackernews.com/2026/06/new-frost-attack-lets-websites-track.html - Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
The Hacker News • 2026-06-09 02:13 • thehackernews.com
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems.“The compromised releases shipped a *-setup.pth file that attempts to execute automatically
https://thehackernews.com/2026/06/hades-pypi-attack-19-packages-poisoned.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
