šŸ” IT News Analyzer

// AI-powered news analysis

Latest Top 10 Articles

1
The Onboarding Password Mistake That Creates Unnecessary Risk

The Onboarding Password Mistake That Creates Unnecessary Risk

Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary "first-day" password so employees can access systems for the first time. The issue is that these passwords don't always stay temporary. They may be sent over email or SMS, reused across accounts, or never changed at all, creating unnecessary risk during the onboarding process. For attackers, weak or poorly managed onboarding credentials can provide an easy route into corporate systems. To make the onboarding process more secure without slowing new employees down, it's important to understand why typical password-sharing methods introduce risk. When convenience overrides security The most common approach to sharing initial credentials with new employees is to send them in plain text over email or SMS. It's quick and convenient, especially during busy onboardin...

ī ‚Jun 15, 2026
2
152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic

152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic

Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family. The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: tabplugins[.]com, yowgames[.]com, and chromewallpaper[.]com. They have been collectively installed 105,000 times. The names of some of the extensions are listed below - Neymar - Football Live Wallpaper (laafpeklcnlfmjaofbndehkjpnccbhek) Satoru Gojo Manga Live Wallpaper (mnpacdigbockiilmilhbedciadenfdnb) Porsche 911 - Sports Car Live Wallpaper (dead service worker) (iedplnnolciaofkakkjmcojnmklpfikg) Satoru Gojo Live Wallpaper (ipiabbhciknabpoihaakdahgghllelpj) Hello Kitty Wallpapers HD New Tab (hijpkhinofkdobfagfbobnnoihmopgkk) Pusheen Cat Wallpapers HD New Tab (famchdjojcnakamhkddkpaglnkonkfnl) Peach & Goma Wallpapers HD New Tab (nomekamioepglinefhenifnbegjhfiai) Spider-Man Miles ...

ī ‚Jun 15, 2026
3
Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage , OptinMonster , and TrustPulse , turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under the attacker's control and installed a hidden plugin that opened a way back in. Ordinary visitors did not trigger it. Any site that was hit should be treated as compromised. All three plugins are run by one company, Awesome Motive, which had not commented on the two larger plugins as of June 15. Security firm Sansec disclosed the wider campaign on June 13, finding the same malicious code in JavaScript served for all three plugins. PushEngage followed a day later with its own incident notice , confirming an attacker had served tampered copies of its script and that sites loading them could be taken over. PushEngage, acquired by Awesome Motive years ago, is so far the only one of the three to ...

ī ‚Jun 15, 2026
5
Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts

Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts

Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations. "These accounts promoted fake offers, including free mobile internet packages, financial compensation, and government subsidy programs," Group-IB analysts Anna Yurtaeva and Viacheslav Shevchenko said . "Victims were encouraged to click embedded links to claim the advertised benefits, but were instead redirected through a chain of intermediary websites that ultimately led to phishing and traffic monetization infrastructure." The Singapore-headquartered cybersecurity company has these campaigns to Sniper Dz , a turnkey phishing-as-a-service (PhaaS) platform that was taken down last month in an INTERPOL-led operation. The findings indicate that the platform goes beyond facilitating credential theft, generating illicit ...

ī ‚Jun 15, 2026
6
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication bypass flaw affecting the portal and gateway components of PAN-OS software that could be exploited by bad actors to set up VPN connections. According to the network security company, the security defect could be exploited by a bad actor to bypass security controls and initiate VPN connections. The vulnerability has been exploited in the wild in limited attacks, with initial activity observed on May 17, 2026. It's currently unknown who is behind the exploitation efforts. "No post-access behavior or lateral movement has been identified as of this time," Palo Alto Networks said . "Only a small portion of the probed devices actually established VPN sessions, resulting ...

ī ‚Jun 15, 2026
8
Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253 , is rated 9.8 on the CVSS scoring system. "In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint," Splunk said in an alert this week. "The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials." The issue has been addressed in the following versions - Splunk Enterprise 10.0.0 to 10.0.6 - Fixed in 10.0.7 Splunk Enterprise 10.2.0 to 10.2.3 - Fixed in 10.2.4 Splunk Enterprise 10.4 - Not affected Splunk, which is part of Cisco, said Splunk Cloud is not impacted by the vulnera...

ī ‚Jun 13, 2026
9
U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals

U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals

Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5 , for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether inside or outside the U.S., citing national security concerns. The AI company said it received an order at 5:21 p.m. ET, instructing it to suspend all access to the models by foreign nationals. It said that it believed there was a "misunderstanding" and that it is working to restore access to the models as soon as possible. Access to other models will not be affected by the export control directive. "Our understanding is that the government believes it has become aware of a method of bypassing, or 'jailbreaking' Fable 5," the company said. "We reviewed a demonstration of this specific technique being used to identify a small number of previously known, minor vulnerabilities. These vulner...

ī ‚Jun 13, 2026
10
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit

Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux's community package collection, and it is separate from the official Arch repositories, which were not affected. If you installed or updated an AUR package on or after June 11, check it against the current affected-package lists before trusting the host. The list of names is large, still growing, and not yet complete. This attack goes after the trust model, not a software flaw. The compromised packages kept their names, their histories, and the trust that came with them. Only the build instructions changed. The trap sat in the recipe, leaving the package itself looking exactly like the software users meant to install. No exploit, no ze...

ī ‚Jun 12, 2026