11+ hour, 40+ min ago  (640+ words) A critical security flaws in widely used Chrome extensions, exposing millions of users to the risk of full browser compromise. The vulnerabilities, named "Ma XSS" and "Spyder," affect popular AI-powered extensions Sider AI and Max AI, which together have more…...

11+ hour, 11+ min ago  (517+ words) New York, USA, June 19th, 2026, Cyber Newswire e FAQ has published a documented investigation into a coordinated reputation attack campaign aimed at influencing brand perception in search results and how AI assistants surface and summarize information." The campaign followed a recognizable…...

18+ hour, 15+ min ago  (587+ words) A previously undocumented, modular Linux post'exploitation framework that demonstrates sophisticated stealth techniques most notably fetching and compiling C code hosted on Pastebin to hide processes at runtime. Active since mid'2022 and aimed at AMD x86'64 Linux hosts, Showboat remained undetected by…...

16+ hour, 44+ min ago  (309+ words) CISA has issued an urgent alert regarding a critical vulnerability in Splunk Enterprise, tracked as CVE-2026-20253, which is now listed in the Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation. According to the advisory, the vulnerability allows unauthenticated…...

14+ hour, 36+ min ago  (409+ words) A recently disclosed vulnerability inc, which affects UEFI applications signed by multiple vendors, has prompted urgent recommendations to update the UEFI Forbidden Signature Database (DBX). This issue, tracked as VU#457458 and published by CERT/CC on June 18, 2026, reveals a significant…...

11+ hour, 55+ min ago  (280+ words) A serious security vulnerability has been uncovered in the widely used Avada (Fusion) Builder Word Press plugin. This flaw could enable unauthenticated attackers to delete arbitrary files and potentially compromise entire websites across more than one million installations. Identified as…...

16+ hour, 3+ min ago  (488+ words) A supply-chain style compromise in the Okendo Reviews widget that enabled the Smart Ape SG threat actor to deliver staged Java Script loaders across a wide e-commerce surface. Okendo's client-facing review widget is deployed by more than 18, 000 brands and commonly…...

16+ hour, 52+ min ago  (324+ words) Node. js has announced critical security updates that address 12 vulnerabilities across its supported release lines. Among these, two high-severity flaws could lead to denial-of-service (Do S) conditions and authentication bypass. These updates, released on June 18, 2026, affect Node. js versions 22. x, 24. x,…...

17+ hour, 39+ min ago  (538+ words) INC has matured from an emerging Raa S operation into one of 2026s most active ransomware families, claiming more than 800 victims since 2023 and capitalizing on disruption among competitors to expand its affiliate base. The groups recent campaigns demonstrate both incremental tooling…...

19+ hour, 16+ min ago  (425+ words) A novel Windows-based cryptocurrency clipper that has been active since February 2026 and leverages Windows Script Host (WScript) and Active XObject calls to achieve remote code execution and persistent, high-frequency data theft. The campaign stands out because it avoids traditional installers…...