Breaking News – Cyber Threats (last 6h)
Generated: 2026-06-16 08:00 PDT
- UK to require ID or face scan before you can make social media accounts
BleepingComputer • 2026-06-16 07:38 • www.bleepingcomputer.com
Opening a new social media account in the UK will soon mean proving you’re over 16 with an ID upload or a facial age scan, under a government ban on under-16s taking effect in spring 2027. Security experts warn the age checks are easy to circumvent and create new data-breach risks. […]
https://www.bleepingcomputer.com/news/security/uk-to-require-id-or-face-scan-before-you-can-make-social-media-accounts/ - GhostTree Attack Abused Recursive Windows Junctions to Hide Malware
BleepingComputer • 2026-06-16 07:17 • www.bleepingcomputer.com
GhostTree uses recursive NTFS junctions to generate vast numbers of valid Windows file paths. Varonis explains how the technique could cause Microsoft Defender folder scans to never complete, leaving malware undetected. […]
https://www.bleepingcomputer.com/news/security/ghosttree-attack-abused-recursive-windows-junctions-to-hide-malware/ - FTC warns of record $3.5 billion losses to imposter scams in 2025
BleepingComputer • 2026-06-16 06:42 • www.bleepingcomputer.com
The U.S. Federal Trade Commission (FTC) warned that Americans lost $3.5 billion to imposter scams in 2025, with reported losses nearly tripling since 2020. […]
https://www.bleepingcomputer.com/news/security/ftc-warns-of-record-35-billion-losses-to-imposter-scams-in-2025/ - New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
The Hacker News • 2026-06-16 06:10 • thehackernews.com
Security researchers at Zimperium’s zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands.Together, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends SMS, rewrites the clipboard to redirect crypto payments, and switches off Google Play
https://thehackernews.com/2026/06/new-rokarolla-android-malware-steals.html - Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive
The Hacker News • 2026-06-16 04:30 • thehackernews.com
Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and platforms.Yet despite this abundance of information, many organizations continue to face a fundamental challenge: sifting through the noise to understand who is behind an IP and
https://thehackernews.com/2026/06/survey-94-of-incidents-involve.html - Flock Cameras Are Being Used for Stalking
Schneier on Security • 2026-06-16 04:03 • www.schneier.comThere are over a dozen cases around the country where police officers are using the Flock surveillance camera system to obsessively and illegally stalk people.
https://www.schneier.com/blog/archives/2026/06/flock-cameras-are-being-used-for-stalking.html
- CISA warns of another cPanel plugin flaw exploited in attacks
BleepingComputer • 2026-06-16 03:47 • www.bleepingcomputer.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an actively exploited vulnerability (CVE-2026-54420) in the LiteSpeed cPanel user-end plugin. […]
https://www.bleepingcomputer.com/news/security/cisa-warns-of-another-actively-exploited-cpanel-plugin-flaw/ - Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
The Hacker News • 2026-06-16 03:30 • thehackernews.com
Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber.In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours.
CVE-2026-39813 (CVSS score: 9.1) refers to a path traversal vulnerability in FortiSandbox JRPC API that could
https://thehackernews.com/2026/06/attackers-exploit-three-fortinet.html - Ransomware gang abuses Microsoft Teams relays to hide malicious traffic
BleepingComputer • 2026-06-16 03:18 • www.bleepingcomputer.com
DragonForce ransomware used a custom malware named ‘Backdoor.Turn’ to hide command-and-control traffic inside Microsoft Teams relay infrastructure. […]
https://www.bleepingcomputer.com/news/security/ransomware-gang-abuses-microsoft-teams-relays-to-hide-malicious-traffic/ - China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth
The Hacker News • 2026-06-16 02:44 • thehackernews.com
Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS.“The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS,” ESET said in a report shared with The Hacker News. “Both come with a hard-coded C&C [command-and-control] configuration and support communication over TCP, UDP,
https://thehackernews.com/2026/06/china-linked-sprysocks-backdoor-expands.html - Critical Fortinet FortiSandbox flaws now exploited in attacks
BleepingComputer • 2026-06-16 02:19 • www.bleepingcomputer.com
Attackers are now exploiting several critical vulnerabilities in Fortinet’s FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. […]
https://www.bleepingcomputer.com/news/security/critical-fortinet-fortisandbox-flaws-now-exploited-in-attacks/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
