Breaking News – Cyber Threats (last 6h)
Generated: 2026-06-18 08:00 PDT
- Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
The Hacker News • 2026-06-18 07:30 • thehackernews.com
Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026.“The clipper in this campaign relies on Windows Script Host and ActiveX-driven logic to launch a bundled Tor proxy and poll a hidden-service C2 [command-and-control] server,” the Microsoft Defender Security Research Team said in an analysis published Tuesday. “It
https://thehackernews.com/2026/06/microsoft-details-windows-clipper.html - Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks
BleepingComputer • 2026-06-18 07:19 • www.bleepingcomputer.com
Market intelligence platform Klue suffered a OAuth breach that enabled the “Icarus” threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign. […]
https://www.bleepingcomputer.com/news/security/klue-oauth-breach-linked-to-icarus-salesforce-data-theft-attacks/ - INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
The Hacker News • 2026-06-18 07:12 • thehackernews.com
Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims since August 2023.“The disruption of LockBit and the shutdown of BlackCat created opportunities for INC to expand as affiliates migrated to alternative ransomware operations,” Acronis
https://thehackernews.com/2026/06/inc-ransomware-claims-830-victims-since.html - The Scripts on Your Checkout Page Are Now a PCI DSS Problem
The Hacker News • 2026-06-18 06:58 • thehackernews.com
An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the full QSA assessment here →When a customer types their card number into your checkout, their browser is running far more than your code. Analytics tags, a tag manager, a support widget, a payment iframe: a modern checkout loads dozens of third-party scripts, and any one of them can be turned
https://thehackernews.com/2026/06/the-scripts-on-your-checkout-page-are.html - 5 reasons Microsoft 365 backup isn’t enough for business data protection
BleepingComputer • 2026-06-18 06:48 • www.bleepingcomputer.com
Microsoft 365 helps keep services running, but protecting and recovering business data remains your responsibility. Acronis breaks down five gaps organizations should consider when evaluating Microsoft 365 data protection. […]
https://www.bleepingcomputer.com/news/security/5-reasons-microsoft-365-backup-isnt-enough-for-business-data-protection/ - DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic
The Hacker News • 2026-06-18 06:30 • thehackernews.com
Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure.According to findings from Broadcom-owned Symantec and Carbon Black, the backdoor was deployed against a major U.S. services firm. The name of the company was
https://thehackernews.com/2026/06/dragonforce-hackers-abuse-microsoft.html - Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp
BleepingComputer • 2026-06-18 06:25 • www.bleepingcomputer.com
International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish botnet and the Evil Corp Russian cybercrime group. […]
https://www.bleepingcomputer.com/news/security/law-enforcement-nukes-socgholish-malware-from-nearly-15-000-sites/ - ShapedPlugin update flow hacked to infect WordPress sites
BleepingComputer • 2026-06-18 05:55 • www.bleepingcomputer.com
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the vendor’s official update system. […]
https://www.bleepingcomputer.com/news/security/shapedplugin-update-flow-hacked-to-infect-wordpress-sites/ - FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
BleepingComputer • 2026-06-18 05:54 • www.bleepingcomputer.com
A newly discovered data leak dubbed “FortiBleed” has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. […]
https://www.bleepingcomputer.com/news/security/fortibleed-leak-exposes-fortinet-vpn-credentials-for-73-000-devices/ - Apple fixes Beats Studio Buds flaw that let hackers spy on conversations
BleepingComputer • 2026-06-18 05:23 • www.bleepingcomputer.com
Apple has released security updates to patch a high-severity flaw affecting the Beats Studio Buds wireless earbuds that could allow attackers in Bluetooth range to spy on users’ conversations. […]
https://www.bleepingcomputer.com/news/security/apple-fixes-beats-studio-buds-flaw-that-let-hackers-spy-on-conversations/ - Telegram admits it couldn't police exam-leak channels, India tells court
BleepingComputer • 2026-06-18 05:18 • www.bleepingcomputer.com
India’s government has told the Delhi High Court that Telegram was warned about two weeks before it was blocked, and that the platform admitted it could not proactively detect the channels selling leaked exam papers. Telegram says it cooperated and the ban is unlawful. […]
https://www.bleepingcomputer.com/news/security/telegram-admits-it-couldnt-police-exam-leak-channels-india-tells-court/ - Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network
The Hacker News • 2026-06-18 04:58 • thehackernews.com
If an autonomous AI agent interacts with your company’s core intellectual property today, can your security team instantly name the person who authorized it?For most enterprises, the answer is a simple no.
The rush to adopt internal AI tools has left a massive trail of administrative debt: orphaned agents (AI tools left running after their creator leaves the company) and standing privileges (
https://thehackernews.com/2026/06/orphaned-ai-agents-how-to-find-hidden.html - F5 issues out-of-band patches for critical NGINX vulnerabilities
BleepingComputer • 2026-06-18 04:33 • www.bleepingcomputer.com
Cybersecurity company F5 has released out-of-band security updates to address multiple NGINX web server vulnerabilities, including two critical-severity flaws that could allow attackers to execute code on vulnerable systems. […]
https://www.bleepingcomputer.com/news/security/f5-issues-out-of-band-patches-for-critical-nginx-vulnerabilities/ - Embedding Forbidden Text in Spyware to Discourage AI Analysis
Schneier on Security • 2026-06-18 04:04 • www.schneier.comAt least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis.
The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it is inside a comment, it does not affect JavaScript execution. The runtim…
https://www.schneier.com/blog/archives/2026/06/embedding-forbidden-text-in-spyware-to-discourage-ai-analysis.html - Microsoft fixes Windows Server 2016 security update failures
BleepingComputer • 2026-06-18 03:14 • www.bleepingcomputer.com
Microsoft has fixed a known issue causing the June 2026 security updates to fail on Windows Server 2016 systems that weren’t up to date. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-2016-security-update-failures/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
