cyber·news

HIGH

CVE-2026-49187 (CVSS 7.5) — The hard-coded APK resource files never expire, and the shared scepter leads to information leaks an...

NVD CVE-2026-49187 1d ago

INFO

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

The Hacker News supply-chainbreachesmalware 1d ago

CRITICAL

CVE-2026-49186 (CVSS 9.8) — The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any clie...

NVD CVE-2026-49186 1d ago

CRITICAL

CVE-2026-49185 (CVSS 9.8) — The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing...

NVD CVE-2026-49185 1d ago

MEDIUM

CVE-2026-48681 (CVSS 5.9) — OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployme...

NVD CVE-2026-48681 1d ago

INFO

Pakistan Spies on Afghan Finance Ministry With Xeno RAT

rss:darkreading breachesmalwarethreat-actors 1d ago

HIGH

CVE-2026-10737 (CVSS 7.5) — The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a...

NVD CVE-2026-10737 1d ago

HIGH

CVE-2026-10777 (CVSS 7.3) — A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b8...

NVD CVE-2026-10777 2d ago

MEDIUM

CVE-2026-46447 (CVSS 5.8) — OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can se...

NVD CVE-2026-46447 2d ago

HIGH

CVE-2026-10771 (CVSS 7.3) — A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate.getForEntit...

NVD CVE-2026-10771 2d ago

INFO

Chinese hackers use new Atlas RAT malware in European cyberattacks

BleepingComputer breachesransomwaresupply-chain 2d ago

INFO

Attackers Use AI to Automate EDR Evasion Testing

rss:darkreading breachesmalwarethreat-actors 2d ago

INFO

The U.S. sanctions Nobitex crypto exchange used by ransomware

BleepingComputer breachesransomwaresupply-chain 2d ago

INFO

CISA warns of cyberattacks targeting fuel tank monitoring systems

BleepingComputer breachesransomwaresupply-chain 2d ago

INFO

Tropical Blend: Cyber & Politics Ramp Up Across Latin America

rss:darkreading breachesmalwarethreat-actors 2d ago

HIGH

CVE-2026-8889 (CVSS 7.5) — Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matchin...

NVD CVE-2026-8889 2d ago

HIGH

CVE-2026-8888 (CVSS 7.5) — Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-pr...

NVD CVE-2026-8888 2d ago

INFO

Gemini Voice Assistant Hijacked via Messaging Notifications

SecurityWeek breachesransomwaresupply-chain +18 1d ago

INFO

VoidStealer Malware Darts Past Google Chrome's Encryption

rss:darkreading 30d ago

INFO

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

The Hacker News 23d ago

INFO

A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens

rss:googleprojectzero 23d ago

INFO

Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI

SecurityWeek 15d ago

INFO

Google accidentally exposed details of unfixed Chromium flaw

BleepingComputer 15d ago

INFO

Google API Keys Remain Active After Deletion

rss:darkreading 15d ago

INFO

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

The Hacker News 9d ago

INFO

Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks

SecurityWeek 8d ago

INFO

US charges Google security engineer with Polymarket insider trading

BleepingComputer 7d ago

INFO

Google Chrome adds session cookie theft protection for all users

BleepingComputer 7d ago

INFO

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

The Hacker News 4d ago

INFO

Google fixes one actively exploited Android zero-day, 124 flaws

BleepingComputer 3d ago

INFO

Google adds Android protection against AI deepfake scam calls

BleepingComputer 2d ago

INFO

Malicious Notifications Could Trick Google Gemini Users

rss:darkreading 2d ago

INFO

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

The Hacker News 2d ago

INFO

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

The Hacker News 2d ago

INFO

Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

The Hacker News 1d ago

INFO

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

The Hacker News 1d ago

INFO

Cyber Insurance Rates Are Dropping, but Exclusions Widen

rss:darkreading breachesmalwarethreat-actors 2d ago

INFO

New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute

BleepingComputer breachesransomwaresupply-chain 2d ago

INFO

DHS chief signals efforts to reshape CISA

The Record breachesransomwarenation-state 2d ago

HIGH

Microsoft shares mitigation for YellowKey Windows zero-day

BleepingComputer breachesransomwaresupply-chain +47 16d ago

INFO

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

The Hacker News 23d ago

INFO

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

The Hacker News 23d ago

HIGH

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

The Hacker News 22d ago

INFO

Zero-Day Exploit Against Windows BitLocker

rss:schneier 18d ago

INFO

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

The Hacker News 17d ago

INFO

The New Phishing Click: How OAuth Consent Bypasses MFA

The Hacker News 17d ago

INFO

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

SecurityWeek 17d ago

HIGH

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’

SecurityWeek 17d ago

INFO

Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS

rss:darkreading 17d ago

HIGH

Cybercrime service disrupted for abusing Microsoft platform to sign malware

BleepingComputer 17d ago

INFO

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

The Hacker News 16d ago

INFO

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

The Hacker News 16d ago

INFO

Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass

SecurityWeek 16d ago

INFO

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

The Hacker News 16d ago

INFO

Microsoft warns of new Defender zero-days exploited in attacks

BleepingComputer 15d ago

INFO

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

SecurityWeek 15d ago

INFO

China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.

rss:darkreading 14d ago

INFO

FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks

The Record 14d ago

INFO

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

BleepingComputer 11d ago

INFO

Microsoft: Domain Controller lookup may fail on Windows Server 2016

BleepingComputer 10d ago

INFO

Anthropic Expands Claude’s Enterprise Security Governance With 28 New Integrations

SecurityWeek 10d ago

INFO

Microsoft Defender can now automatically isolate hacked endpoints

BleepingComputer 10d ago

INFO

Microsoft Issues Out-of-Band SharePoint Patch

rss:darkreading 10d ago

INFO

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

The Hacker News 9d ago

INFO

Windows 11 KB5089573 update released with performance improvements

BleepingComputer 9d ago

INFO

Microsoft fixes KB5089549 Windows security update install issues

BleepingComputer 4d ago

INFO

Microsoft confirms outage affecting MFA, My Sign-Ins platform

BleepingComputer 4d ago

INFO

Microsoft fixes outage affecting MFA setup, MySignIn service

BleepingComputer 4d ago

INFO

Microsoft says it will not pursue security researchers after zero-day backlash

The Record 4d ago

INFO

Microsoft investigates Office Apps, Teams file access issues

BleepingComputer 4d ago

INFO

Microsoft's Zero-Day Legal Threats Spark Backlash

rss:darkreading 4d ago

INFO

Microsoft Threatening Security Researcher

rss:schneier 3d ago

INFO

Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk

SecurityWeek 3d ago

INFO

Microsoft Exchange Online outage causes email delays, failures

BleepingComputer 3d ago

INFO

FBI-Flagged Phishing Kit Kali365 Expands Its Reach

rss:darkreading 3d ago

INFO

Microsoft's Coreutils project brings Linux commands to Windows

BleepingComputer 3d ago

INFO

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

The Hacker News 2d ago

INFO

Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash

SecurityWeek 2d ago

INFO

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

The Hacker News 2d ago

INFO

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

The Hacker News 2d ago

INFO

Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover

rss:darkreading 2d ago

INFO

VS Code Vulnerability Allows One-Click GitHub Token Theft

SecurityWeek 1d ago

INFO

Researcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process

The Record 1d ago

INFO

Microsoft blames unexpected Windows driver updates on caching issue

BleepingComputer 1d ago

INFO

PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network

The Hacker News 19h ago

INFO

New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework

The Hacker News 12h ago

INFO

Chinese APT deploys new malware to keep access to hacked networks

BleepingComputer 6h ago

HIGH

CVE-2026-20230 (CVSS 8.6) — A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communication...

NVD CVE-2026-20230 +1 2d ago

INFO

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

The Hacker News 1d ago

INFO

Coralogix Raises $200M at $1.6B Valuation to Scale AI Observability Platform

SecurityWeek breachesransomwaresupply-chain 2d ago

INFO

CISA warns of active attacks exploiting Android, Linux bugs

BleepingComputer breachesransomwaresupply-chain 2d ago

CRITICAL

CVE-2026-5241 (CVSS 9.6) — A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows...

NVD CVE-2026-5241 2d ago

HIGH

CVE-2022-49042 (CVSS 7.8) — An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in ...

NVD CVE-2022-49042 2d ago

HIGH

CVE-2022-49036 (CVSS 7.8) — An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration i...

NVD CVE-2022-49036 2d ago

INFO

China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa

The Hacker News supply-chainbreachesmalware +10 1d ago

INFO

Middle East Cyber Battle Field Broadens — Especially in UAE

rss:darkreading 30d ago

INFO

Cyber Resilience is the New Business Continuity Plan

SecurityWeek 17d ago

INFO

Windows Zero-Day Barrage Continues After Patch Tuesday

rss:darkreading 17d ago

INFO

Identity Alone Isn't Enough: Why Device Security Has to Share the Load

BleepingComputer 16d ago

INFO

Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects

SecurityWeek 11d ago

INFO

Iranian APT Targets Aviation, Software Companies With Updated Tools

SecurityWeek 10d ago

INFO

MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries

The Hacker News 10d ago

INFO

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

The Hacker News 8d ago

INFO

Global Stock Exchange Hit by Monthslong Email Campaign

rss:darkreading 2d ago

INFO

What 345 Days of Untested Exposure Looks Like at a Bank

BleepingComputer 2d ago

INFO

Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)

The Hacker News CVE-2026-23479supply-chainbreaches 2d ago

HIGH

CVE-2026-35085 (CVSS 8.8) — A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to ga...

NVD CVE-2026-35085 2d ago

HIGH

CVE-2026-35084 (CVSS 8.8) — A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain...

NVD CVE-2026-35084 2d ago

HIGH

CVE-2026-35083 (CVSS 8.8) — A remote attacker with user privileges can exploit a stack buffer overflow to gain full system acces...

NVD CVE-2026-35083 2d ago

HIGH

CVE-2026-35082 (CVSS 8.8) — The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files...

NVD CVE-2026-35082 2d ago

HIGH

CVE-2026-35081 (CVSS 8.1) — The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processe...

NVD CVE-2026-35081 2d ago

HIGH

CVE-2026-35080 (CVSS 8.1) — The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local f...

NVD CVE-2026-35080 2d ago

HIGH

CVE-2026-35079 (CVSS 8.1) — The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files...

NVD CVE-2026-35079 2d ago

HIGH

CVE-2026-35078 (CVSS 8.1) — The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local file...

NVD CVE-2026-35078 2d ago

HIGH

CVE-2026-35077 (CVSS 8.1) — The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local ...

NVD CVE-2026-35077 2d ago

HIGH

CVE-2026-35076 (CVSS 8.1) — The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local fi...

NVD CVE-2026-35076 2d ago

CRITICAL

CVE-2026-35075 (CVSS 9.8) — An unauthenticated remote attacker can recover a default, hard coded password from a firmware image ...

NVD CVE-2026-35075 2d ago

HIGH

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

The Hacker News supply-chainbreachesmalware +19 18d ago

INFO

'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros

rss:darkreading 25d ago

INFO

It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight

rss:darkreading 24d ago

INFO

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

The Hacker News 23d ago

INFO

[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud

The Hacker News 23d ago

INFO

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

The Hacker News 21d ago

INFO

Can Laws Stop Deepfakes? South Korea Aims to Find Out

rss:darkreading 18d ago

INFO

Processes and Culture Top Reasons Behind Data Breaches

rss:darkreading 16d ago

INFO

When Identity is the Attack Path

The Hacker News 15d ago

INFO

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The Hacker News 14d ago

INFO

Meta settles school district lawsuit claiming addictive design harmed students' mental health

The Record 14d ago

INFO

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

The Hacker News 13d ago

INFO

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

The Hacker News 11d ago

INFO

CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Hacker News 10d ago

INFO

RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries

SecurityWeek 9d ago

INFO

California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach

SecurityWeek 7d ago

INFO

California AG sues 23andMe over 2023 breach exposing health data

BleepingComputer 7d ago

INFO

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs

SecurityWeek 2d ago

INFO

Chrome 149 Patches 429 Vulnerabilities

SecurityWeek 13h ago

INFO

EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers

The Record 11h ago

INFO

Security of 100 AI Agents Tested and Ranked – What You Need to Know

SecurityWeek breachesransomwaresupply-chain 2d ago

INFO

Hackers Target Global Stock Exchange in Espionage Operation

SecurityWeek breachesransomwaresupply-chain 2d ago

INFO

IMA Diligence Services Data Breach Impacts 525,000 People

SecurityWeek breachesransomwaresupply-chain 2d ago

INFO

CISA Adds One Known Exploited Vulnerability to Catalog

rss:cisa-advisories actively-exploitedadvisories +3 12h ago

INFO

CISA Adds One Known Exploited Vulnerability to Catalog

rss:cisa-advisories 4d ago

INFO

CISA Adds Two Known Exploited Vulnerabilities to Catalog

rss:cisa-advisories 3d ago

INFO

CISA Adds One Known Exploited Vulnerability to Catalog

rss:cisa-advisories 2d ago

Prev Page 4 / 43 Next

INFO SecurityWeek Thu, 04 Jun 2026 12:57:37 UTC

Gemini Voice Assistant Hijacked via Messaging Notifications

https://www.securityweek.com/gemini-voice-assistant-hijacked-via-messaging-notifications/

TL;DR

Attackers could have triggered dangerous actions, including controlling smart home devices via Google Home and starting Zoom video calls. The post Gemini Voice Assistant Hijacked via Messaging Notifications appeared first on SecurityWeek .

breachesransomwaresupply-chain

Read full story ↗