Faeem

Overview Acer has confirmed it is actively developing fixes for two maximum‑severity zero‑day vulnerabilities affecting its Wave 7 mesh routers. Reported by security researcher Gergo Pap, these flaws impact devices running firmware version T7c_GBL_1.01.000055 or earlier, exposing users to remote credential theft and persistent backdoor injection. Vulnerability Details The two vulnerabilities —…

Overview Cybersecurity researchers at Huntress have uncovered an unpatched Windows vulnerability that exposes users’ NTLMv2 hashes through the search: URI handler, echoing the same flaw previously seen in CVE‑2026‑33829 affecting the Windows Snipping Tool. This newly discovered issue allows attackers to steal authentication hashes simply by tricking victims into clicking a malicious link,…

Overview A critical flaw dubbed FlagLeft exposed billions of Android users to silent Microsoft account token theft across six major Microsoft 365 apps — Word, PowerPoint, Excel, Copilot, Loop, and OneNote. Researchers at Enclave and Ofek Levin discovered that a single forgotten debug flag left active in production (setIsDebugMode(true)) disabled the authorization gate that normally restricts…

Overview A newly disclosed zero‑day vulnerability in Visual Studio Code (VS Code) has exposed developers to a serious GitHub token theft risk. Security researcher Ammar Askar released exploit code demonstrating how attackers can steal GitHub OAuth tokens by tricking users into clicking a malicious link — a flaw that remains unpatched and without a CVE ID. Microsoft defines a zero‑day as a flaw…

Overview A new cyber‑espionage campaign, codenamed Operation XENOFISCAL, has been uncovered targeting Afghanistan’s Ministry of Finance and provincial revenue directorates. The campaign is attributed to the Pakistan‑aligned SideCopy group, a sub‑cluster of Transparent Tribe (APT36), known for its persistent targeting of South Asian government and defense entities. Researchers at Seqrite Labs…

Overview A large‑scale malware distribution campaign led by a threat actor known as DriveSurge has compromised thousands of websites, redirecting unsuspecting visitors to malware‑delivery infrastructure. According to SilentPush Labs, the campaign leverages two social‑engineering techniques — ClickFix and FakeUpdates — to infect systems and harvest credentials. DriveSurge operates as an…

Overview A major supply‑chain compromise has struck Red Hat’s @redhat‑cloud‑services namespace on npm, with over 30 packages backdoored to distribute a new variant of the Shai‑Hulud credential‑stealing malware, now dubbed Miasma. Security firms Aikido and OX Security discovered the breach, identifying 32 packages and 96 versions infected with malicious code designed to harvest developer…

Overview A newly uncovered cyber‑espionage campaign, Operation Dragon Weave, has been observed targeting government, research, academic, technology, and financial sectors in the Czech Republic and Taiwan. According to Seqrite Labs, the operation delivers a Rust‑based AdaptixC2 agent through sophisticated spear‑phishing attacks, marking a significant escalation in China‑aligned threat activity…

Overview Microsoft is investigating a service disruption affecting users attempting to set up multi‑factor authentication (MFA) or access the My Sign‑Ins portal at mysignins.microsoft.com. The issue was officially acknowledged by the Microsoft 365 Status account on X (formerly Twitter) on June 1, 2026, under incident tracking code MO1329260. The company stated: “We’re investigating an issue…

Overview A critical vulnerability, CVE‑2026‑8732, has been discovered in the WP Maps Pro plugin — a premium WordPress tool used for building interactive maps and store locators. The flaw allows unauthenticated attackers to create rogue administrator accounts, giving them full control over affected websites. Security researcher David Brown identified the issue, which impacts…

Overview Researchers at Push Security have uncovered a new campaign dubbed LLMShare, where threat actors exploit ChatGPT’s content‑sharing feature to host fake outage pages that trick users into downloading malware disguised as the ChatGPT desktop application. By abusing legitimate chatgpt.com/s/ shared links, attackers deliver phishing payloads directly through OpenAI’s trusted domain —…

Overview A newly identified threat actor known as GREYVIBE has been linked to ongoing AI‑powered cyber‑espionage campaigns targeting Ukraine and Ukraine‑related entities since August 2025. According to WithSecure, the group operates within the Russian time zone, aligning its activities with Kremlin‑backed intelligence objectives amid the ongoing Russo‑Ukrainian conflict. GREYVIBE’s operations…

Overview Researchers at Permiso have uncovered a critical browser‑based vulnerability in ChatGPT that allows attackers to transform any web page into a phishing delivery surface. Dubbed ChatGPhish, the exploit abuses ChatGPT’s page summarization feature to render malicious links, fake security alerts, QR codes, and tracking beacons directly inside the trusted ChatGPT interface — effectively…

Overview On May 27, 2026, cybersecurity firm CrowdStrike, in collaboration with Google and the Shadowserver Foundation, announced the simultaneous disruption of all command‑and‑control (C2) channels linked to GlassWorm — a persistent malware campaign that has been targeting software developers through malicious packages and extensions. This coordinated takedown marks a major victory against one…

Overview Apple is developing a groundbreaking anti‑snatching feature for iPhones that automatically locks the device the moment it detects a theft‑in‑progress. This enhancement builds on Apple’s existing Stolen Device Protection and Find My ecosystem, closing one of the most dangerous gaps in mobile security — the few seconds between a phone being snatched and the thief exploiting an unlocked…

Overview On May 26, 2026, researchers disclosed a critical zero‑day vulnerability in the KnowledgeDeliver learning management system (LMS). Tracked as CVE‑2026‑5426, the flaw is a ViewState deserialization issue that can be exploited without authentication. Attackers leveraged this weakness to deploy the Godzilla (BlueBeam) web shell, enabling remote code execution and persistent control over…

Overview Multi‑factor authentication (MFA) was designed to be the ultimate safeguard against credential theft — a second lock on the door. But attackers have learned that they don’t need to break that lock; they just need you to open it for them. If your organization relies on push‑based MFA, this threat is already active in your environment. Known as MFA prompt bombing, it’s a…