Join the Webinar: Leveraging CTI and Dark Web Monitoring in Geopolitical Chaos to enhance your ImmuniWeb® AI Platform skills, earn CPE credits, and qualify to become ImmuniWeb® Certified Professional.
✔️ Key Insights:
• New risks & cyber threats
• AI in cybercrime: myths, reality
• Dark Web Monitoring best practices to maximize ROI
• Best practices of Cyber Threat Intelligence
• Data sovereignty, supply chain and third-party risk management (TRPM)
• Legal response to phishing and malware
• Dealing with ransomware attacks & cyber insurance
• Cybersecurity insurance and its pitfalls
• Regulatory landscape in 2026
• Live demo of ImmuniWeb
Date & Time: June 11 at 10am and 5pm CEST
Host: Dr. Ilia Kolochenko, CEO & Chief Architect at ImmuniWeb, Attorney-at-Law.
✅ Register:
Session 1 – June 11 , 2026 – Geneva 10am | Dubai 1pm | Singapore 5pm
👉 Click here.
Session 2 – June 11 2026 – Geneva 5pm | New York 11am | California 8am
👉 Click here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
✔️ Key Insights:
• New risks & cyber threats
• AI in cybercrime: myths, reality
• Dark Web Monitoring best practices to maximize ROI
• Best practices of Cyber Threat Intelligence
• Data sovereignty, supply chain and third-party risk management (TRPM)
• Legal response to phishing and malware
• Dealing with ransomware attacks & cyber insurance
• Cybersecurity insurance and its pitfalls
• Regulatory landscape in 2026
• Live demo of ImmuniWeb
Date & Time: June 11 at 10am and 5pm CEST
Host: Dr. Ilia Kolochenko, CEO & Chief Architect at ImmuniWeb, Attorney-at-Law.
✅ Register:
Session 1 – June 11 , 2026 – Geneva 10am | Dubai 1pm | Singapore 5pm
👉 Click here.
Session 2 – June 11 2026 – Geneva 5pm | New York 11am | California 8am
👉 Click here.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
❤5👍5
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 — No Patch Yet
Cisco disclosed CVE-2026-20245, a flaw in Catalyst SD-WAN Manager letting a netadmin-level attacker upload a crafted file and run arbitrary commands as root.
Mandiant has observed limited in-the-wild exploitation, in some cases pushing rogue configurations down to edge devices.
No patch and no workaround are available; attackers can chain it with earlier SD-WAN bugs (CVE-2026-20182, CVE-2026-20127) to obtain the required privileges.
@Cyber_Security_Channel
Cisco disclosed CVE-2026-20245, a flaw in Catalyst SD-WAN Manager letting a netadmin-level attacker upload a crafted file and run arbitrary commands as root.
Mandiant has observed limited in-the-wild exploitation, in some cases pushing rogue configurations down to edge devices.
No patch and no workaround are available; attackers can chain it with earlier SD-WAN bugs (CVE-2026-20182, CVE-2026-20127) to obtain the required privileges.
@Cyber_Security_Channel
SecurityWeek
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026
The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet.
❤3👍3👏1
VaultJacking Hands Over an Entire Google Password Manager Vault for One Phished 6-Digit PIN
Phishu researchers disclosed VaultJacking, which abuses Google Password Manager's cross-device sync so a single phished 6-digit GPM PIN unlocks the Security Level Secret protecting the vault.
The attacker registers a fresh device in the victim's security domain and pulls every synced password and passkey — even hardware-backed ones — with no malware or device foothold required.
Google is treating this as an accepted design trade-off rather than a bug, so no patch is on the way for Chrome 359 and later.
Defenders are urged to split work and personal Chrome profiles, prefer on-prem password managers, train users on auth prompts, and tighten sync-layer security tiering.
@Cyber_Security_Channel
Phishu researchers disclosed VaultJacking, which abuses Google Password Manager's cross-device sync so a single phished 6-digit GPM PIN unlocks the Security Level Secret protecting the vault.
The attacker registers a fresh device in the victim's security domain and pulls every synced password and passkey — even hardware-backed ones — with no malware or device foothold required.
Google is treating this as an accepted design trade-off rather than a bug, so no patch is on the way for Chrome 359 and later.
Defenders are urged to split work and personal Chrome profiles, prefer on-prem password managers, train users on auth prompts, and tighten sync-layer security tiering.
@Cyber_Security_Channel
Cyber Security News
VaultJacking Attack Steals Entire Google Password Manager Vault With One Captured PIN
The VaultJacking phishing steals entire Google Password Manager vaults using just one captured 6-digit PIN.
❤3
Cisco: Leading AI Models Crack at 88% Under Multi-Turn Prompt Attacks Vendors Don't Test
Cisco researchers tested 15 leading models from OpenAI, Anthropic, Google, Amazon and xAI and found multi-turn attack success rates of 8–88% versus 2–65% for single-turn — every model proved vulnerable when an attacker could adapt across turns.
Grok 4.1 Fast Non-Reasoning was the worst at 88% multi-turn ASR; Amazon Nova 2 Lite the best at 8%, still flagged as meaningful residual risk.
Successful tactics included role-play, misdirection, information decomposition, refusal reframing and incremental escalation.
Vendor safety reports lean on single-turn benchmarks, so published claims understate real-world risk for enterprises deploying these models.
@Cyber_Security_Channel
Cisco researchers tested 15 leading models from OpenAI, Anthropic, Google, Amazon and xAI and found multi-turn attack success rates of 8–88% versus 2–65% for single-turn — every model proved vulnerable when an attacker could adapt across turns.
Grok 4.1 Fast Non-Reasoning was the worst at 88% multi-turn ASR; Amazon Nova 2 Lite the best at 8%, still flagged as meaningful residual risk.
Successful tactics included role-play, misdirection, information decomposition, refusal reframing and incremental escalation.
Vendor safety reports lean on single-turn benchmarks, so published claims understate real-world risk for enterprises deploying these models.
@Cyber_Security_Channel
Cybersecurity Dive
Leading AI models are more vulnerable to malicious prompts than vendors claim
Hackers could subvert frontier models with attacks that their developers overlook, Cisco said.
👍2❤1
Residential AI Data Centers: Security, Privacy, and Governance Concerns
Another major concern is the blurring of ownership, accountability, and liability.
Many of these emerging models fail to clearly define who owns processed data, who controls logs and telemetry, and who assumes responsibility following a breach or criminal misuse.
Cyber_Security_Channel
Another major concern is the blurring of ownership, accountability, and liability.
Many of these emerging models fail to clearly define who owns processed data, who controls logs and telemetry, and who assumes responsibility following a breach or criminal misuse.
Cyber_Security_Channel
Securitymagazine
Residential AI Data Centers: Security, Privacy, and Governance Concerns
The concept of placing mini data centers and distributed AI computer nodes inside residential homes may appear innovative from an energy efficiency perspective, but it introduces significant security concerns.
👍3
🤝 Cyber Security News is looking for ADVERTISERS
Our community is continuously growing and we are searching for exciting companies & products to share with our audience.
Requirements to Qualify
• Relevant to channels niche / industry
• Long-term approach and collaboration mindset
• $2,000+ monthly ad spend budget to invest in campaigns
What We Offer
• Exposure to 60,000+ community members
• Personal success manager to scale your campaigns
• Brand awareness, leads, sign-ups, customers, followers, etc.
📩 Contact for Partnership
If you are serious about promoting your business, send us an introduction Email → cybersecnewsinfo@gmail.com
Important Note
Spots to become a sponsor are limited.
Reach out before they fill up.
(we only have 7 left)
- - - - -
@Cyber_Security_Channel
Our community is continuously growing and we are searching for exciting companies & products to share with our audience.
Requirements to Qualify
• Relevant to channels niche / industry
• Long-term approach and collaboration mindset
• $2,000+ monthly ad spend budget to invest in campaigns
What We Offer
• Exposure to 60,000+ community members
• Personal success manager to scale your campaigns
• Brand awareness, leads, sign-ups, customers, followers, etc.
📩 Contact for Partnership
If you are serious about promoting your business, send us an introduction Email → cybersecnewsinfo@gmail.com
Important Note
Spots to become a sponsor are limited.
Reach out before they fill up.
(we only have 7 left)
- - - - -
@Cyber_Security_Channel
❤8
Microsoft: Attackers Impersonate ChatGPT, Claude, Copilot, and DeepSeek in New Phishing Wave
Microsoft Threat Intelligence documented credential-harvesting emails, AI-themed malvertising, and SEO poisoning that lean on the trust users place in big AI brands.
One ChatGPT-themed wave hit 100,000 inboxes a day across Switzerland, Austria, and South Africa, while a Claude lure framed as a policy violation reached 2,000+ orgs in the US, UK, and India.
A fake DeepSeek V4 repo on GitHub also dropped Vidar Stealer; defenders should turn on phishing-resistant MFA, Safe Links, and train staff on AI-pretexted lures.
@Cyber_Security_Channel
Microsoft Threat Intelligence documented credential-harvesting emails, AI-themed malvertising, and SEO poisoning that lean on the trust users place in big AI brands.
One ChatGPT-themed wave hit 100,000 inboxes a day across Switzerland, Austria, and South Africa, while a Claude lure framed as a policy violation reached 2,000+ orgs in the US, UK, and India.
A fake DeepSeek V4 repo on GitHub also dropped Vidar Stealer; defenders should turn on phishing-resistant MFA, Safe Links, and train staff on AI-pretexted lures.
@Cyber_Security_Channel
IT Pro
Hackers are capitalizing on AI hype to ramp up social engineering attacks – and they're using big brands like Anthropic, OpenAI…
Microsoft says cyber criminals are impersonating popular AI platforms to deliver malware
👍7❤2
Meta AI Support Bug Let Attackers Hijack 20,225 Instagram Accounts
Meta disclosed that its AI-powered High Touch Support tool failed to verify whether the email submitted for a password reset actually matched the target account, letting anyone request a reset link for accounts without 2FA.
The abuse started on April 17 and ran undetected until May 31, when Meta yanked the tool and invalidated all generated links.
Exposed data may include DMs, posts, contact info, birthdays, and linked services; affected users have been force-reset and pushed through security checkpoints.
@Cyber_Security_Channel
Meta disclosed that its AI-powered High Touch Support tool failed to verify whether the email submitted for a password reset actually matched the target account, letting anyone request a reset link for accounts without 2FA.
The abuse started on April 17 and ran undetected until May 31, when Meta yanked the tool and invalidated all generated links.
Exposed data may include DMs, posts, contact info, birthdays, and linked services; affected users have been force-reset and pushed through security checkpoints.
@Cyber_Security_Channel
BleepingComputer
Over 20,000 Instagram accounts stolen in Meta AI support hack
Meta has revealed that 20,225 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords.
👍5❤2
North Korea’s BlueNoroff Uses AI-Generated Zoom Meetings to Rob Web3 Execs
Arctic Wolf detailed a Lazarus subgroup campaign that hit 100+ crypto and Web3 leaders across 20 countries via typo-squatted links and ClickFix-style lures.
Victims joined deepfaked Zoom calls where AI-generated participants kept them talking while fileless PowerShell stole credentials, webcam footage, and Telegram sessions.
The stolen webcam and chat material is then recycled to build even more convincing fake meetings for the next round of targets.
@Cyber_Security_Channel
Arctic Wolf detailed a Lazarus subgroup campaign that hit 100+ crypto and Web3 leaders across 20 countries via typo-squatted links and ClickFix-style lures.
Victims joined deepfaked Zoom calls where AI-generated participants kept them talking while fileless PowerShell stole credentials, webcam footage, and Telegram sessions.
The stolen webcam and chat material is then recycled to build even more convincing fake meetings for the next round of targets.
@Cyber_Security_Channel
N2K CyberWire
You've been muted...permanently.
Ismael Valenzuela, Arctic Wolf’s VP of Labs, Threat Research and Intelligence, discusses their work on "BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector." Arctic Wolf researchers uncovered a sophisticated…
❤2🔥1
Researcher Earns $500K From Google in 90 Days Using Claude as an Automated Pentester
A hunter known as “brutecat” collected half a million dollars in Google bug bounties by wiring Claude into a custom fuzzer that hit roughly 1,500 internal APIs — Google Voice/Fiber, YouTube TV, Widevine, Cloud Console GraphQL, Vertex AI Search, Maps, Nest, and Translation Hub.
A month of iterative prompt engineering pushed reporting accuracy past 50%, with IDORs and broken access controls dominating the findings.
The top bug — an unauthenticated gfibervoice API that exposed PII and let attackers assign phone numbers to victims — rated P0/S0 and paid $20,000 on its own.
@Cyber_Security_Channel
A hunter known as “brutecat” collected half a million dollars in Google bug bounties by wiring Claude into a custom fuzzer that hit roughly 1,500 internal APIs — Google Voice/Fiber, YouTube TV, Widevine, Cloud Console GraphQL, Vertex AI Search, Maps, Nest, and Translation Hub.
A month of iterative prompt engineering pushed reporting accuracy past 50%, with IDORs and broken access controls dominating the findings.
The top bug — an unauthenticated gfibervoice API that exposed PII and let attackers assign phone numbers to victims — rated P0/S0 and paid $20,000 on its own.
@Cyber_Security_Channel
Cyber Security News
Researcher Hacked Google Using AI and Earned $500,000 Bug Bounty
A security researcher known as brutecat has disclosed how an AI-driven fuzzing pipeline uncovered more than $500,000 in vulnerabilities across Google's infrastructure in under three months, exposing systemic access-control failures hidden inside roughly 1…
👍11❤2
Join the Webinar: ImmuniWeb AI Platform, new products and features to discover the latest innovations of the award-winning ImmuniWeb® AI Platform, earn CPE credits, and learn how to strengthen your cybersecurity program while reducing operational costs.
⚡ Key Insights:
✔ Live demo of ImmuniWeb AI Platform
✔ AI governance & compliance
✔ Cybersecurity cost optimization strategies
✔ Application Security in the era of agentic AI
✔ Product roadmap & innovations
✔ Third-Party Risk Management (TPRM) automation
✔ New features & functionalities of ImmuniWeb AI Platform
✔ Takedown of malicious web content & phishing resources
✔ Continuous Threat Exposure Management (CTEM) best practices
📅 Date & Time: June 25, 2026
• Session 1 – Geneva 10am | Dubai 12pm | Singapore 4pm
• Session 2 – Geneva 5pm | New York 11am | California 8am`
🎤 Host: Dr. Ilia Kolochenko, Founder, Chief Architect & CEO at ImmuniWeb.`
✅ Register: click here to proceed.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
⚡ Key Insights:
✔ Live demo of ImmuniWeb AI Platform
✔ AI governance & compliance
✔ Cybersecurity cost optimization strategies
✔ Application Security in the era of agentic AI
✔ Product roadmap & innovations
✔ Third-Party Risk Management (TPRM) automation
✔ New features & functionalities of ImmuniWeb AI Platform
✔ Takedown of malicious web content & phishing resources
✔ Continuous Threat Exposure Management (CTEM) best practices
📅 Date & Time: June 25, 2026
• Session 1 – Geneva 10am | Dubai 12pm | Singapore 4pm
• Session 2 – Geneva 5pm | New York 11am | California 8am`
🎤 Host: Dr. Ilia Kolochenko, Founder, Chief Architect & CEO at ImmuniWeb.`
✅ Register: click here to proceed.
-----
#ad #paidpromotion #sponsored
@Cyber_Security_Channel
❤2