Breaking News – Cyber Threats (last 6h)
Generated: 2026-06-22 08:00 PDT
- 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests
The Hacker News • 2026-06-22 07:29 • thehackernews.com
A heap over-read in the Squid web proxy can leak another user’s cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy.The bug traces to a 1997 FTP-parsing change and is still live in Squid’s default configuration. Researchers at Calif.io disclosed it in June and named it Squidbleed (
https://thehackernews.com/2026/06/29-year-old-squid-proxy-bug-squidbleed.html - Webshells Remain Popular, (Mon, Jun 22nd)
SANS ISC Diary (full) • 2026-06-22 07:10 • isc.sans.eduWebshells have been popular for a long time. We already covered this topic across multiple diaries[1][2]. I spent some time to track them[3] and slighly paid less attention to them but today I found another one. It seems to be a new playe…
https://isc.sans.edu/diary/rss/33096 - A Glimpse into the “Search Your Target” Market for Stolen Credentials
BleepingComputer • 2026-06-22 07:05 • www.bleepingcomputer.com
Attackers no longer need to sift through massive credential dumps. They can pay others to do it for them. Flare explores how an emerging underground market searches stolen credential databases for specific companies, domains, and accounts. […]
https://www.bleepingcomputer.com/news/security/a-glimpse-into-the-search-your-target-market-for-stolen-credentials/ - New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer
The Hacker News • 2026-06-22 06:20 • thehackernews.com
Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER.According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute the malware. Evidence indicates that the threat actor is likely Russian-speaking and financially motivated, owing to the
https://thehackernews.com/2026/06/new-oxloader-loader-uses-malicious.html - Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries
The Hacker News • 2026-06-22 05:45 • thehackernews.com
Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start.On that date, certified Android phones in Brazil, Indonesia, Singapore, and Thailand will block normal installs of apps whose developers have not registered an identity with Google, whether the app
https://thehackernews.com/2026/06/google-sets-sept-30-deadline-for.html - Stop Your Legacy Infrastructure from Hijacking Your AI Agents
The Hacker News • 2026-06-22 04:58 • thehackernews.com
Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for – how attackers are circumventing AI security programs by using legacy infrastructure to hijack AI agents.AI adoption is moving faster than security programs can account for. Roughly 71% of organizations are piloting AI agents across their
https://thehackernews.com/2026/06/stop-your-legacy-infrastructure-from.html - Professional Athletes and Wearables
Schneier on Security • 2026-06-22 04:02 • www.schneier.comI haven’t thought about the privacy issues surrounding professional athletes and wearables.
Wearables present serious privacy issues for “Average Joe” consumers, who are entrusting tech companies to safely store and protect their biometric data. Imagine the stakes for a professional athlete, whose entire livelihood could be affected by a single biometric …
https://www.schneier.com/blog/archives/2026/06/professional-athletes-and-wearables.html - ⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
The Hacker News • 2026-06-22 03:55 • thehackernews.com
It’s Monday again.This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much control.
The annoying part is how little of this feels new. Weak credentials, sketchy downloads, browser extensions with too much access, and WordPress sites are used to push more
https://thehackernews.com/2026/06/weekly-recap-browser-bugs-edr-killers.html - A VBScript campaign distributed through WhatsApp deploying RMM software
Securelist • 2026-06-22 03:00 • securelist.com
A Kaspersky researcher analyzes a global malicious campaign that distributes VBS scripts via WhatsApp delivering a UEMS RMM agent through a multi-stage infection chain.
https://securelist.com/whatsapp-vbs-rmm-campaign/120290/ - Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices
The Hacker News • 2026-06-22 02:11 • thehackernews.com
Canada’s spy service got a judge’s permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets.The Federal Court released a public version of the ruling on June 15. It is the first time the Canadian Security Intelligence Service has used its threat reduction warrant powers this way.
The warrant let CSIS alter,
https://thehackernews.com/2026/06/canadas-spy-agency-used-first-of-its.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
