Breaking News – Cyber Threats (last 6h)
Generated: 2026-06-12 13:00 PDT
- Maine disables data breach notification portal after fake disclosures
BleepingComputer • 2026-06-12 12:33 • www.bleepingcomputer.com
Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state’s website, prompting a review of procedures to prevent abuse in the future. […]
https://www.bleepingcomputer.com/news/security/maine-disables-data-breach-notification-portal-after-fake-disclosures/ - 400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer
The Hacker News • 2026-06-12 12:24 • thehackernews.com
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux’s community package collection, and it is separate
https://thehackernews.com/2026/06/400-arch-linux-aur-packages-hijacked-to.html - Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing
The Hacker News • 2026-06-12 11:59 • thehackernews.com
Google on Friday said it’s pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans.The network is said to be behind the development and management of a phishing-as-a-service (PhaaS) software kit called Outsider, per the tech giant.
“The operation weaponized Gemini to help
https://thehackernews.com/2026/06/google-sues-chinese-smishing-network.html - Privacy own-goal: World Cup blunder leaks Lionel Messi’s passport details
Graham Cluley • 2026-06-12 11:48 • www.bitdefender.com
Argentina’s World Cup squad had their passport numbers leaked before a ball was kicked – not by hackers, but by someone who failed to redact a document properly. document. It’s a mistake that has been made many times in the past…Read more in my article on the Hot for Security blog.
https://www.bitdefender.com/en-us/blog/hotforsecurity/privacy-own-goal-world-cup-blunder-leaks-lionel-messis-passport-details - phpBB forum fixes auth bypass bug lurking for a decade
BleepingComputer • 2026-06-12 11:19 • www.bleepingcomputer.com
A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. […]
https://www.bleepingcomputer.com/news/security/phpbb-forum-fixes-auth-bypass-bug-lurking-for-a-decade/ - China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
The Hacker News • 2026-06-12 11:17 • thehackernews.com
Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself.Sygnia, which tracks the group as Velvet Ant, says it backdoored the PAM and OpenSSH components that decide who is allowed to sign in, planting its access where ordinary cleanup could not reach it. The network it targeted had no
https://thehackernews.com/2026/06/china-linked-hackers-backdoored-linux.html - Ukrainian national pleads guilty to role in Conti ransomware operation
BleepingComputer • 2026-06-12 10:54 • www.bleepingcomputer.com
A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. […]
https://www.bleepingcomputer.com/news/security/ukrainian-national-pleads-guilty-to-role-in-conti-ransomware-operation/ - Over 400 Arch Linux packages compromised to push rootkit, infostealer
BleepingComputer • 2026-06-12 10:03 • www.bleepingcomputer.com
More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. […]
https://www.bleepingcomputer.com/news/security/over-400-arch-linux-packages-compromised-to-push-rootkit-infostealer/ - Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
BleepingComputer • 2026-06-12 07:01 • www.bleepingcomputer.com
GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. […]
https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
