A French-speaking hacker targeted a small automotive company in France, where he successfully installed a keylogger to steal sensitive banking and email credentials. The attack took an interesting turn when the hacker installed OpenSSH and Tailscale on the compromised machine, creating a backdoor to maintain access even after his primary command-and-control server went offline. This method allowed him to bypass traditional C2 channels, making it harder for defenders to cut off his access. The incident serves as a reminder of the evolving tactics used by cybercriminals and the importance for businesses to secure their networks against such persistent threats. Companies should be vigilant about monitoring for unauthorized software installations and maintaining robust security measures.
Latest Cybersecurity Threats
Real-time threat intelligence from trusted sources
Infosecurity Magazine
Nisos, a cybersecurity firm, has exposed a North Korean fraud operation that employs artificial intelligence for conducting fake job interviews. This operation was found to be using a network of laptops based in the United States to facilitate its activities. The fraud cell aimed to recruit IT workers under false pretenses, potentially to gather sensitive information or fund illicit activities. This situation raises concerns about the growing sophistication of cybercriminals, as they now use advanced technologies like AI to enhance their deception. The infiltration of US-based resources by foreign actors highlights vulnerabilities in cybersecurity defenses and the need for vigilance against such schemes.
Infosecurity Magazine
A new phishing kit called GitBait has been discovered that specifically targets users of Mexican banks. This kit takes advantage of GitHub Pages and the SheetBest API to create fake login pages designed to capture sensitive banking credentials. Researchers have noted that this attack is particularly concerning because it leverages trusted platforms to appear legitimate, potentially tricking victims into providing their information. Users of Mexican banking services should be especially vigilant and ensure they are accessing official websites before entering any personal details. This incident serves as a reminder of the evolving tactics employed by cybercriminals to exploit unsuspecting individuals.
India has imposed a ban on the messaging app Telegram until June 22 due to its use in leaking exam papers. This decision has not only affected users in India but also disrupted services in the UAE, where users reported issues connecting to the app. Telegram's CEO, Pavel Durov, claims that the telecom company Reliance engaged in BGP hijacking, which exacerbated the connectivity problems. Users seeking to bypass the ban can utilize MTProto proxies as a workaround. This incident raises concerns about the impact of government restrictions on digital communication and the broader implications for users in regions far removed from the original decision.
Infosecurity Magazine
A recent survey conducted by Filigran at Infosecurity Europe 2026 indicates that AI-driven attacks are now the primary concern for cybersecurity teams. The report highlights that the rise of these sophisticated attacks is compounded by issues like false positives and alert fatigue, which are overwhelming security staff. As a result, many teams find themselves bogged down by manual processes that drain their resources and effectiveness. This situation poses significant risks, as it could lead to slower responses to actual threats, ultimately compromising the security of organizations. With AI technology becoming more accessible, the need for improved detection and response strategies is more urgent than ever to protect against these evolving threats.
Rockwell Automation has addressed several security vulnerabilities in its products, specifically affecting the Logix, CompactLogix, Flex controllers, RSLinx, and FactoryTalk software. These vulnerabilities could potentially allow unauthorized access or manipulation of industrial control systems, which could have serious implications for manufacturing and automation processes. Users of these products are urged to apply the patches provided by Rockwell to secure their systems. The timely response from Rockwell is crucial in preventing potential exploitation of these weaknesses, especially given the critical role these systems play in various industries. Companies using these affected products should prioritize updating their systems to ensure safety and integrity.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated that federal agencies address a serious vulnerability in the Widget Factory Joomla Content Editor (JCE) plugin. This flaw, classified as maximum severity, is currently being exploited by attackers, which raises significant concerns about potential data breaches or unauthorized access. Federal agencies must implement patches by the end of the week to safeguard their systems. This situation underscores the importance of timely updates and vigilance in maintaining cybersecurity, especially for widely used plugins like JCE. Agencies that fail to patch this vulnerability could face serious repercussions, including compromised data integrity and system security.
Infosecurity Magazine
Aikido Security has found that at least 15 plugins available on the JetBrains Marketplace are stealing API keys from users. These malicious plugins disguise themselves as legitimate tools for integrated development environments (IDEs) but are designed to extract sensitive information. This situation affects developers who rely on these plugins for their work, potentially exposing their projects and personal data. The discovery raises concerns about the security of third-party plugins and the need for vigilance among users when downloading software. Developers should review their installed plugins and consider removing any that might be suspicious.
Oracle has rolled out its June 2026 Critical Security Patch Update, addressing a total of 245 vulnerabilities across various products, including Communications, E-Business Suite (EBS), and Enterprise Manager. This update is crucial as it aims to protect users from potential exploitation of these vulnerabilities, which could lead to unauthorized access or data breaches. The large number of patches indicates a significant risk across multiple platforms, making it essential for organizations using these products to apply the updates promptly. By doing so, they can safeguard their systems against possible attacks that may target these weaknesses. Users are encouraged to review the specific patches applicable to their environments and implement them as soon as possible to enhance their security posture.
Arch Linux users are facing a serious issue as malicious applications have been discovered in the Arch User Repository (AUR) for the second time in just one week. This repository is a popular resource for users looking to install software not found in the official Arch repositories, making it a prime target for attackers. The presence of these harmful applications poses a risk to users who may inadvertently install them, potentially leading to data breaches or system compromise. It’s essential for users to be cautious and verify applications before installation. The Arch community is urged to report any suspicious packages and follow best practices for software installation to avoid falling victim to these threats.
Researchers have uncovered a software supply chain attack affecting 144 npm packages linked to the Mastra namespace, which is used for building AI applications. The attack, identified by JFrog, SafeDep, Socket, and StepSecurity, involved the hijacking of a single npm account belonging to a user named 'ehindero', who then published malicious versions of these packages. This incident raises significant concerns for developers who rely on the Mastra framework, as it could lead to the introduction of vulnerabilities in their applications. Users of these compromised packages are urged to check their dependencies and update to secure versions to avoid potential risks. This event serves as a reminder of the importance of securing contributor accounts in open-source ecosystems.
Recent vulnerabilities found in Joomla and LiteSpeed have been exploited by attackers to execute arbitrary PHP code on shared hosting servers. This means that intruders can potentially gain root access, which allows them to take complete control of affected systems. Websites running Joomla or using LiteSpeed as their web server are particularly at risk. This situation highlights the pressing need for website administrators to ensure their systems are up-to-date and to implement necessary security measures. Failure to address these vulnerabilities could lead to significant data breaches and service disruptions for users.
A group of security experts has expressed strong opposition to the U.S. government's recent ban on exporting Anthropic's AI models, specifically Claude Fable 5 and Mythos 5. In an open letter, the experts argue that these export restrictions hinder progress in the field of artificial intelligence and could have negative implications for research and development. They believe that limiting access to these advanced models could stifle innovation and collaboration among researchers. This situation raises concerns about the balance between national security and the advancement of technology, as the ban could impact various sectors that rely on AI advancements. The experts are urging the government to reconsider these restrictions to foster a more open and collaborative environment in AI research.
Researchers have identified at least 15 malicious plugins on the JetBrains Marketplace that are specifically designed to steal AI API keys from developers. These plugins masquerade as legitimate tools, but once installed, they can access sensitive information, putting developers' projects and data at risk. This incident affects anyone using the JetBrains development environment who may unknowingly install these harmful plugins. The theft of API keys can lead to unauthorized access to AI services, potentially resulting in financial losses and compromised projects. Developers are urged to review their installed plugins and ensure they are from trusted sources to protect their work.
BleepingComputer
A new Android banking trojan named Rokarolla has emerged, targeting 217 banking and cryptocurrency applications. This malware operates with a sophisticated toolkit, utilizing 137 different commands to carry out its operations. Users of affected apps may be at risk of having their sensitive financial information compromised. As cybercriminals continue to develop more advanced tactics, it's crucial for users to stay vigilant and ensure they have proper security measures in place. The rise of such malware highlights the ongoing threat to mobile banking and cryptocurrency platforms, making it essential for both users and developers to prioritize security.