The Miasma Worm’s Path of Destruction

, , , ,

The Miasma worm is a new, aggressive variant of the Mini Shai-Hulud malware that has recently compromised Red Hat’s npm packages and spread to 73 Microsoft GitHub repositories, including critical Azure and Durable Task projects. It exploits legitimate GitHub OIDC tokens and valid SLSA provenance attestations to bypass traditional security defenses, weaponizes AI coding tools to propagate when infected repos are cloned, and targets cloud identities in GCP and Azure. Security teams are advised to assume credential compromise, rotate all secrets, audit environments for unauthorized activity, and implement strict dependency allowlisting and SBOMs to defend against such sophisticated supply chain attacks.

https://cloudsmith.com/blog/miasma-worms-path-of-destruction

One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public

,

A critical one-character use-after-free vulnerability (CVE-2026-23111) in the Linux kernel's nf_tables packet-filtering code enables local privilege escalation from an unprivileged user to root, including container breakout. The flaw, patched since February 2026, has publicly available exploits and affects distributions with nf_tables and unprivileged user namespaces enabled, requiring urgent kernel updates and reboots to mitigate risk. This issue is part of a recent surge in Linux local-root exploits, emphasizing the need to restrict unprivileged user namespaces until patches are deployed.

https://thehackernews.com/2026/06/one-character-linux-kernel-flaw-enables.html

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

, ,

An autonomous AI agent from security startup depthfirst discovered 21 zero-day vulnerabilities in FFmpeg, some latent for over two decades, highlighting AI's growing role in vulnerability detection. Meanwhile, Google released Chrome 149, patching a record 429 security bugs—including critical use-after-free flaws—with much of the increased workload attributed to managing a surge in AI-generated bug reports. These developments underscore the accelerating pace and volume of vulnerability discovery driven by AI, emphasizing the need for faster patch cycles and robust update mechanisms.

https://thehackernews.com/2026/06/ai-agent-uncovers-21-zero-days-in.html

Critical Hugging Face Transformers Vulnerability Enables Remote Code Execution Attacks

,

A critical vulnerability (CVE-2026-4372) in the HuggingFace Transformers library allows remote code execution via malicious model configuration files, bypassing existing security controls. This flaw affects versions 4.56.0 through 5.2.x when used with the kernels package, enabling attackers to execute arbitrary Python code during model loading from HuggingFace Hub without user consent. HuggingFace fixed the issue in version 5.3.0 and advises users to upgrade immediately and audit their environments to mitigate supply chain risks in AI workflows.

https://cybersecuritynews.com/hugging-face-rce-vulnerability/

New Gafgyt Variant Targets Multiple Linux Architectures With Modular Propagation

, ,

A new variant of the Gafgyt botnet malware, called C0XMO, has been identified targeting multiple Linux architectures by exploiting a stack buffer overflow vulnerability (CVE-2021-27137) in the UPnP service of DD-WRT router firmware. This modular malware uses architecture-specific payloads and Python-based scripts for lateral movement, allowing it to compromise a wide range of IoT and embedded devices, launch DDoS attacks, and exploit various other known vulnerabilities in devices from D-Link, GLPI project software, and Avtech DVR cameras. Users are advised to apply firmware updates, disable UPnP where unnecessary, and monitor network traffic to mitigate this ongoing threat.

https://cybersecuritynews.com/new-gafgyt-variant-targets-multiple-linux-architectures/

These Convincing Copyright Notices Are Designed to Steal Google Logins

, , , ,

A new phishing scam targets Chrome extension developers with fake copyright removal notices designed to steal Google login credentials. The scam uses publicly available extension information to create convincing personalized warnings and a fake Google sign-in window, pressuring victims to enter their credentials before a fabricated deadline. Developers are advised to verify warnings only through their Chrome Web Store dashboard and to safeguard accounts with strong authentication and security software.

https://www.malwarebytes.com/blog/threat-intel/2026/06/these-convincing-copyright-notices-are-designed-to-steal-google-logins

Attackers Use AI to Automate EDR Evasion Testing

,

Sophos X-Ops analysts discovered that an unidentified threat actor used AI-driven Python scripts to automate the testing and evasion of endpoint detection and response (EDR) tools from Sophos, CrowdStrike, and Windows Defender. This attacker created a sophisticated lab environment with multiple virtual machines to iteratively develop and refine malware capable of bypassing EDR defenses, highlighting the increasing use of AI in advanced cyberattack methods.

https://www.darkreading.com/endpoint-security/attackers-automate-edr-evasion-testing

Agentic AI Red Teaming Reveals Zero-Click Human-in-the-Loop Bypass Attack Chains

, , ,

Security researchers have discovered that agentic AI systems—AI capable of planning and executing multi-step tasks autonomously—exhibit exploitable vulnerabilities that allow attackers to bypass human-in-the-loop controls entirely, executing zero-click attack chains without user interaction. Microsoft’s year-long red teaming efforts led to an updated taxonomy identifying seven new failure modes in agentic AI, highlighting risks such as supply chain compromise, goal hijacking, and session context contamination, and recommending robust architectural mitigations including cryptographic agent verification and hardened approval processes.

https://cybersecuritynews.com/agentic-ai-red-teaming-reveals-zero-click/

Microsoft Edge Vulnerability Allows Remote Attackers to Execute Arbitrary Code

, ,

Microsoft has released a critical security update for Microsoft Edge addressing a vulnerability (CVE-2026-45495) that allows remote attackers to execute arbitrary code by exploiting improper validation of user-supplied file paths in feedback log processing. The flaw, requiring user interaction such as visiting a malicious webpage or opening a crafted file, could enable attackers to run code with the current user's privileges, leading to risks like data theft and local persistence; users and administrators are urged to apply the patch immediately.

https://cybersecuritynews.com/microsoft-edge-vulnerability-code-execution/

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

, ,

A newly disclosed, unpatched vulnerability in the Windows Search URI handler allows attackers to steal users' NTLMv2 hashes by inducing them to click specially crafted links that connect to malicious SMB servers. This issue, similar to a previously patched flaw in the Windows Snipping Tool, poses risks of relay attacks and deeper network access, but Microsoft has declined to issue a fix, recommending mitigations like blocking outbound SMB traffic and disabling NTLM where possible.

https://thehackernews.com/2026/06/unpatched-windows-search-uri.html

HTTP/2 Bomb — Remote DoS Exploit Hits Nginx, Apache, IIS, Envoy, and Cloudflare Pingora

, ,

A newly disclosed remote denial-of-service (DoS) exploit called “HTTP/2 Bomb” targets default HTTP/2 configurations in widely used web servers including nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora, allowing an attacker to exhaust tens of gigabytes of server memory within seconds. The exploit combines an HPACK compression bomb with a Slowloris-style connection hold to amplify memory usage, leading to significant server resource exhaustion; patches and mitigations have been released for some servers, while others require disabling HTTP/2 or proxying to mitigate risk.

https://cybersecuritynews.com/http-2-bomb-remote-dos-exploit/

Microsoft 365 Android Apps Account Takeover Vulnerability Impacted Billions of Android Users

, , ,

A critical vulnerability called FlagLeft was discovered in six major Microsoft 365 Android apps, where a debug flag left enabled in production allowed any app on the device to silently obtain valid Microsoft account tokens without user consent. This flaw exposed billions of users to account takeover risks, enabling attackers to access emails, files, and calendar data under the victim's identity; Microsoft has since patched the issue and urged users to update affected apps immediately.

https://cybersecuritynews.com/microsoft-365-android-apps-account-takeover-vulnerability/

Ahegazy0/linux-Basics-For-Hackers-Notes: a Structured Course Built From Personal Study Notes of the Book Linux Basics for Hackers by OccupyTheWeb.

,

This GitHub repository hosts a structured course based on personal study notes from the book Linux Basics for Hackers by OccupyTheWeb. It includes detailed modules covering core Linux concepts, commands, practical examples, and exercises designed for beginners and those seeking deeper understanding, requiring tools like VirtualBox and Kali Linux to practice.

https://github.com/ahegazy0/linux-basics-for-hackers-notes

The Newest Instagram “Exploit” Is the Goofiest I’ve Seen

, , ,

A recent Instagram exploit allowed attackers to hijack accounts by simply faking the victim's location and tricking Instagram's AI support into sending verification codes to the attacker's email, bypassing two-factor authentication entirely. This vulnerability led to high-profile account takeovers, was exploited on black market services, and has since been patched by Meta, though it reportedly remained active for weeks or months.

https://www.0xsid.com/blog/meta-account-takeover-fiasco

Meta AI Support Bot Helped Hackers Hijack Instagram Accounts

, , , ,

Meta's AI support assistant for Instagram was exploited by hackers to hijack high-profile accounts by changing the email address linked to those accounts without proper identity verification, sometimes bypassing two-factor authentication. The vulnerability, which was publicly accessible for a short time, allowed attackers to take over accounts easily, prompting Meta to patch the issue and secure impacted accounts.

https://www.macrumors.com/2026/06/01/meta-ai-instagram-attack/

Scroll to Top