Breaking News – Cyber Threats (last 6h)
Generated: 2026-06-16 13:00 PDT
- Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
The Hacker News • 2026-06-16 12:05 • thehackernews.com
A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim’s project hijack the victim’s machine learning model upload and run code inside Google’s serving infrastructure.Palo Alto Networks Unit 42, which found and reported the bug through Google’s bug bounty program, calls the technique “Pickle in the Middle” and said it saw no exploitation in the wild.
https://thehackernews.com/2026/06/google-vertex-ai-sdk-flaw-let-attackers.html - Steam Workshop abused to spread malware via Wallpaper Engine app
BleepingComputer • 2026-06-16 11:27 • www.bleepingcomputer.com
Threat actors are abusing Steam Workshop, Valve’s community hub for downloading game-related content, to push various malware hidden in wallpaper packages. […]
https://www.bleepingcomputer.com/news/security/steam-workshop-abused-to-spread-malware-via-wallpaper-engine-app/ - ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
The Hacker News • 2026-06-16 10:41 • thehackernews.com
Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, BlueVoyant, and Huntress, respectively.Attacks involving BabaDeda Loader, observed in April 2026, have targeted education and financial organizations.
“Earlier BabaDeda activity was known for
https://thehackernews.com/2026/06/clickfix-campaigns-expand-malware.html - UK to require ID or face scan before you can make social media accounts
BleepingComputer • 2026-06-16 07:38 • www.bleepingcomputer.com
Opening a new social media account in the UK will soon mean proving you’re over 16 with an ID upload or a facial age scan, under a government ban on under-16s taking effect in spring 2027. Security experts warn the age checks are easy to circumvent and create new data-breach risks. […]
https://www.bleepingcomputer.com/news/security/uk-to-require-id-or-face-scan-before-you-can-make-social-media-accounts/ - GhostTree Attack Abused Recursive Windows Junctions to Hide Malware
BleepingComputer • 2026-06-16 07:17 • www.bleepingcomputer.com
GhostTree uses recursive NTFS junctions to generate vast numbers of valid Windows file paths. Varonis explains how the technique could cause Microsoft Defender folder scans to never complete, leaving malware undetected. […]
https://www.bleepingcomputer.com/news/security/ghosttree-attack-abused-recursive-windows-junctions-to-hide-malware/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
