Breaking News – Cyber Threats (last 6h)
Generated: 2026-06-03 08:00 PDT
- What 345 Days of Untested Exposure Looks Like at a Bank
BleepingComputer • 2026-06-03 07:02 • www.bleepingcomputer.com
A two-week penetration test can leave roughly 345 days of real-world exposure unvalidated. Sprocket Security explores why continuous testing is becoming critical as attack surfaces constantly change. […]
https://www.bleepingcomputer.com/news/security/what-345-days-of-untested-exposure-looks-like-at-a-bank/ - Continuing Scans for swagger.json, (Wed, Jun 3rd)
SANS ISC Diary (full) • 2026-06-03 06:40 • isc.sans.eduEnterprise applications often still use complex standards like SOAP for web services. The big advantage of SOAP is its tight and extensive standards, which enable interoperability across an enterprise governed by web services. The disadvantage of SOAP: First, while it is de facto usually used over HTTP, it does not leverage HTTP, leading to unnecessary complexity. Secondly, kids don't RTFM, and developers these days tend not to appreciate the art of careful system design; they rather throw code at an IDE to see what sticks, if they don&#&#x…
https://isc.sans.edu/diary/rss/33044 - One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
The Hacker News • 2026-06-03 05:58 • thehackernews.com
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user’s GitHub token.“Just by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones,” security researcher Ammar Askar said.
GitHub supports a feature called GitHub.dev that runs as
https://thehackernews.com/2026/06/one-click-github-dev-attack-lets.html - Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
The Hacker News • 2026-06-03 04:58 • thehackernews.com
The Fragmented State of Modern Enterprise IdentityEnterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems.
The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and beyond the reach of
https://thehackernews.com/2026/06/shrinking-iam-attack-surface-through.html - Acer working to patch max severity zero-days in Wave 7 routers
BleepingComputer • 2026-06-03 04:35 • www.bleepingcomputer.com
Acer is working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. […]
https://www.bleepingcomputer.com/news/security/acer-warns-of-max-severity-zero-days-affecting-wave-7-routers/ - Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore
The Hacker News • 2026-06-03 04:28 • thehackernews.com
Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and “patch everything in time” stopped working years ago. Stop betting the org on winning that race. You don’t control which bug lands. You control what it can reach once it does.That is a question about the shape of your network, and most teams have the shape wrong. HD Moore, creator of Metasploit
https://thehackernews.com/2026/06/beyond-zero-day-see-your-network-like.html - AI Used to Decrypt Medieval Ciphers
Schneier on Security • 2026-06-03 04:04 • www.schneier.comResearchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers.
https://www.schneier.com/blog/archives/2026/06/ai-used-to-decrypt-medieval-ciphers.html
- Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
The Hacker News • 2026-06-03 03:18 • thehackernews.com
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user’s NTLMv2 hash to the attacker.Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool’s ms-screensketch: URI handler, the newly flagged issue resides in the search: URI handler, per Huntress.
CVE-2026-33829 refers to a spoofing vulnerability that could expose
https://thehackernews.com/2026/06/unpatched-windows-search-uri.html - Police dismantles 9 crime groups in illegal streaming crackdown
BleepingComputer • 2026-06-03 03:12 • www.bleepingcomputer.com
European and international law enforcement agencies have dismantled nine organized crime groups and arrested 29 suspects in a major crackdown on illegal streaming operations. […]
https://www.bleepingcomputer.com/news/security/police-dismantles-9-crime-groups-in-illegal-streaming-crackdown/ - Google adds Android protection against AI deepfake scam calls
BleepingComputer • 2026-06-03 02:02 • www.bleepingcomputer.com
Google is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user’s personal contacts. […]
https://www.bleepingcomputer.com/news/security/google-adds-android-protection-against-ai-deepfake-scam-calls/ - Argamal: Malware hidden in hentai games
Securelist • 2026-06-03 02:00 • securelist.com
Kaspersky researchers analyze new Argamal RAT distributed via infected hentai games and allowing the attacker to control the target machine.
https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
