šŸ” IT News Analyzer

// AI-powered news analysis

Latest Top 10 Articles

1
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below - CVE-2026-42530 (CVSS v4 score: 9.2) - A use-after-free vulnerability in the ngx_http_v3_module that could be triggered by a remote unauthenticated attacker when NGINX Open Source is configured to use the HTTP/3 QUIC module to reopen a QPACK encoder stream by means of a specially crafted HTTP/3 session, and execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. CVE-2026-42055 (CVSS v4 score: 9.2) - A heap-based buffer overflow vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules that could be triggered by a remote unauthenticated attacker when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers directive is set to off, and the ...

ī ‚Jun 18, 2026
2
Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network

Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network

If an autonomous AI agent interacts with your company's core intellectual property today, can your security team instantly name the person who authorized it? For most enterprises, the answer is a simple no . The rush to adopt internal AI tools has left a massive trail of administrative debt: orphaned agents (AI tools left running after their creator leaves the company) and standing privileges (AI that retains permanent, unrestricted access it no longer needs). When an employee moves on, the automated tools they built stay activeā€”often keeping unmonitored access to sensitive databases and source code long after the humanā€™s credentials are revoked. To help security teams bridge this line of accountability, The Hacker News is hosting a technical briefing. Secure your spot today for the live webinar: Orphaned Agents & Standing Privileges: The Hidden Access Risks of Internal AI . Why Existing Security Tools Miss the Signal Traditional access tools treat AI like stand...

ī ‚Jun 18, 2026
4
ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories

The internet did not break this week. It got used exactly as designed, which is worse. Searches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks ran in memory and left almost nothing behind. Cloud agents looked like helpers until attackers treated them like open shells. Add exposed edge gear, poisoned packages, cash courier scams, stealers, loaders, and phishing that barely bothers pretending anymore. Hereā€™s the full mess.

ī ‚Jun 18, 2026
5
Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2

Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2

Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026. "The clipper in this campaign relies on Windows Script Host and ActiveX-driven logic to launch a bundled Tor proxy and poll a hidden-service C2 [command-and-control] server," the Microsoft Defender Security Research Team said in an analysis published Tuesday. "It carries out high-frequency clipboard theft, screenshot exfiltration, and wallet-address substitution." "The execution of this clipper is notable because it does not depend on a traditional installer or exposed IP-based C2 infrastructure. Instead, it deploys a portable Tor client, routes traffic through a local SOCKS5 proxy, and blends data theft with remote code execution, turning a financially motivated stealer into a lightweight backdoor." Clipper malware refers to a type of malicious software that silently monitors a user's clipboard and intercepts sensiti...

ī ‚Jun 18, 2026
6
INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023

INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023

Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims since August 2023. "The disruption of LockBit and the shutdown of BlackCat created opportunities for INC to expand as affiliates migrated to alternative ransomware operations," Acronis researcher Darrel Virtusio said . "United States organizations account for more than 65% of listed victims, with legal services, manufacturing, construction, technology and health care among the most targeted sectors." INC's Windows and Linux/ESXi encryptors have also been rewritten in Rust to facilitate easier cross-platform development and better resist reverse engineering efforts. Attacks deploying the ransomware are characterized by the use of an updated credential dumper capable of targeting newer Veeam backup deployments that use the salted DPAPI credential encryp...

ī ‚Jun 18, 2026
8
The Scripts on Your Checkout Page Are Now a PCI DSS Problem

The Scripts on Your Checkout Page Are Now a PCI DSS Problem

An independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the full QSA assessment here ā†’ When a customer types their card number into your checkout, their browser is running far more than your code. Analytics tags, a tag manager, a support widget, a payment iframe: a modern checkout loads dozens of third-party scripts, and any one of them can be turned into a skimmer. This is how Magecart works. Sansec has counted more than 100,000 sites hit by web skimming and supply-chain attacks. The 2018 British Airways breach alone exposed 380,000 transactions and a fine that started at Ā£183 million. The dangerous part: the malicious code usually arrives through a script you already approved. Attackers compromise a third-party vendor, and the payload rides in on a script you have run for months. Nothing looks new. What changed is the script's behavior, not its presence on the page. PCI DSS v4.0.1 closes that gap with two requirements, now...

ī ‚Jun 18, 2026
9
DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic

DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic

Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure. According to findings from Broadcom-owned Symantec and Carbon Black, the backdoor was deployed against a major U.S. services firm. The name of the company was not disclosed. "Backdoor.Turn obtains an anonymous Teams visitor token from Microsoftā€™s Skype-backed identity services, uses a legitimate Microsoft TURN relay to set up the connection, and then runs a QUIC session to the attackerā€™s real command-and-control (C2) server," the Threat Hunter Team said in a report shared with The Hacker News. "To network defenders, the only traffic they could see was outbound connections to legitimate Microsoft Teams servers. The attackers were on the victim network for between one and two months."

ī ‚Jun 18, 2026
10
Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments

An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phishing page that acts as the central hub, alongside GitHub and SourceForge projects promoted by fake accounts, a YouTube channel, and a cluster of accounts that engage in coordinated activity on VirusTotal with the intent to misclassify malicious files as safe. "To push a malicious 'tool,' a single threat actor borrowed the same playbook legitimate brands use to build buzz: inflated download counts, coordinated five-star reviews, influencer-style tutorial videos, and promotion on platforms people instinctively trust," Check Point said in a report shared with The Hacker News. "The result is a fake reputation economy spanning every platform a curious victim might check before they click 'download.'...

ī ‚Jun 17, 2026