Breaking News – Cyber Threats (last 6h)
Generated: 2026-07-01 03:00 PDT
- Amazon fined $2.25M for withholding evidence from fraud victims
BleepingComputer • 2026-07-01 02:43 • www.bleepingcomputer.com
The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims’ access to transaction records. […]
https://www.bleepingcomputer.com/news/security/amazon-fined-225m-for-withholding-evidence-from-fraud-victims/ - Adobe patches seven max severity ColdFusion, Campaign flaws
BleepingComputer • 2026-07-01 00:34 • www.bleepingcomputer.com
Adobe has released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic marketing automation platform. […]
https://www.bleepingcomputer.com/news/security/adobe-patches-seven-max-severity-coldfusion-campaign-flaws/ - Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware
The Hacker News • 2026-07-01 00:20 • thehackernews.com
Large language models keep inventing web addresses that do not exist. Attackers have started buying those made-up domains before anyone else can, then hosting phishing pages on them to catch traffic that AI tools point their way.Palo Alto Networks’ Unit 42 calls the trick phantom squatting, and its new research shows it is already happening in the wild.
The reason it matters is
https://thehackernews.com/2026/07/phantom-squatting-uses-ai-hallucinated.html - Anthropic Restores Claude Fable 5 After U.S. Lifts Jailbreak-Linked Export Controls
The Hacker News • 2026-06-30 23:46 • thehackernews.com
Anthropic is putting Claude Fable 5 back online worldwide. On June 30, the U.S. Commerce Department lifted the export controls it had imposed on Fable and its more tightly controlled sibling Mythos 5 about two and a half weeks earlier.Fable 5 returns to users on Wednesday, July 1, across Claude.ai, the Claude Platform, Claude Code, and Claude Cowork.
Export controls restrict who can
https://thehackernews.com/2026/07/anthropic-restores-claude-fable-5-after.html - Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts
The Hacker News • 2026-06-30 22:46 • thehackernews.com
Cybersecurity researchers have warned of a “massive, ongoing, automated password spray attack” aimed at Microsoft’s Azure command-line interface (CLI), compromising dozens of accounts in the process.The activity, per Huntress, originates from an IPv6 address range (2a0a:d683::/32) controlled by internet infrastructure provider LSHIY LLC (AS32167).
“Between June 12 and June 26, the threat
https://thehackernews.com/2026/07/azure-cli-password-spray-hits-at-least.html - Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery
The Hacker News • 2026-06-30 22:32 • thehackernews.com
ClickFix, the trick that fools people into running malware by hand, has quietly grown a back office.New research shows the malicious commands behind its fake “prove you’re human” pages are now handed out by API-driven servers that give each visitor the same malware in a different disguise. The same research also turned up a new delivery method built to slip past Windows’ script scanning.
https://thehackernews.com/2026/07/researcher-analyzes-3000-live-clickfix.html - Why Ask Credentials If There Are Secret Codes?, (Wed, Jul 1st)
SANS ISC Diary (full) • 2026-06-30 22:10 • isc.sans.eduThis morning, an interesting phishing email hit my mailbox. It targets Metamask[1], a cryptocurrency wallet, available as a browser extension and a mobile app, that lets users store, send, and receive crypto money. It's pretty popular, so a juicy target for criminals. In February, I already mentioned a campaign against them[2].
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
