Home

CYBER SECURITY NEWS

• Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
  June 17, 2026
  A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving infrastructure. Palo Alto Networks Unit 42, which found and reported the bug through Google's bug bounty program, calls the technique "Pickle […]
• ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
  June 17, 2026
  Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader, observed in April 2026, have targeted education and financial organizations. "Earlier BabaDeda activity was known for
• New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
  June 16, 2026
  Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends SMS, rewrites the clipboard to redirect crypto payments, and switches off Google Play
• Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive
  June 16, 2026
  Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and platforms. Yet despite this abundance of information, many organizations continue to face a fundamental challenge: sifting through the noise to understand who is […]
• Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
  June 16, 2026
  Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours. CVE-2026-39813 (CVSS score: 9.1) refers to a path traversal vulnerability in FortiSandbox JRPC API that […]
• China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth
  June 16, 2026
  Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. "The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS," ESET said in a report shared with The Hacker News. "Both come with a hard-coded C&C [command-and-control] configuration and support communication over TCP, UDP,
• Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
  June 16, 2026
  The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT. "The attack email contained a message impersonating an MS account security alert," the Genians Security Center (GSC) said. "It was designed to create concern over possible

LATEST POSTS

• Data Protection and Backup
• Awakening Conference Byron Bay (19th – 21st September) 2025
• Online Conference 14th September (Sydney A.E.S.T)
• WebRoot Zero Day Malware Protection
• Cyber Security (MailGuard)