News

Cyber Security News
cybersecuritynews.com > multiple-splunk-enterprise-vulnerabilities-patched

Multiple Splunk Enterprise Vulnerabilities Enable Path Traversal and Information Disclosure Attacks

59+ min ago  (410+ words) Splunk has released security updates addressing multiple vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These flaws could lead to issues such as path traversal, disclosure of stored credential hashes, and arbitrary execution of SPL (Search Processing Language) searches. Three…...

Google News
cybersecuritynews.com > shared-claude-chats-macsync-stealer

Hackers Abuse Shared Claude Chats and Google Ads to Deploy MacSync Stealer on macOS

15+ hour, 41+ min ago  (358+ words) Threat actors are hijacking Anthropic’s Claude AI platform and Google Ads to trick Mac users into infecting themselves with a dangerous new information-stealing malware called MacSync Stealer, according to Zscaler Threat Hunting. The infection begins when a victim searches for…...

Cyber Security News
cybersecuritynews.com > critical-cursor-0-day-flaw

Critical Cursor 0-Day Flaw Allows Malicious Git Repos to Trigger Automatic Windows Code Execution

16+ hour, 38+ min ago  (336+ words) A critical unpatched vulnerability in Cursor, the popular AI-powered code editor used by over 7 million developers, allows attackers to achieve arbitrary code execution on Windows systems. Simply opening a malicious repository is sufficient to trigger this execution path, requiring no…...

Cyber Security News
cybersecuritynews.com > botnet-gemini-cli-in-six-miutes

Hacker Used Gemini CLI to Build a Live C&C Botnet in 6 Minutes

18+ hour, 37+ min ago  (880+ words) A Russian-speaking threat actor known as “bandcampro” has weaponized Google’s Gemini CLI AI agent to migrate, deploy, and operate a live command-and-control (C&C) botnet. Remarkably, the attacker completed the entire infrastructure migration in just six minutes, contributing only 11% of…...

Cyber Security News
cybersecuritynews.com > chinese-hackers-ai-attacks

Chinese Hackers Embed Claude Code and DeepSeek in AI-Powered Government Cyberattacks

1+ day, 1+ hour ago  (252+ words) Rather than acting as peripheral research tools, Claude Code and DeepSeek-v4-pro were embedded directly into the core execution flows of a China-linked cyber espionage campaign. The operation uncovered by Hunt researchers pivoted off known TencShell command-and-control (C2) infrastructure originally documented…...

Cyber Security News
cybersecuritynews.com > notepad-vulnerabilities-command-injection

Multiple Notepad++ Vulnerabilities Enable PowerShell Command Injection Attacks

1+ day, 4+ hour ago  (244+ words) The update resolves five distinct issues spanning path traversal, buffer overflow, and authentication bypass weaknesses, reinforcing the security posture of one of the most widely used Windows text editors. The most severe issue fixed in this release involves an install-time…...

Cyber Security News
cybersecuritynews.com > claude-for-chrome-vulnerability > amp

Claude for Chrome Vulnerability Lets Attackers Read Gmail, Docs, and Calendar Data

1+ day, 16+ hour ago  (558+ words) Anthropic’s Claude for Chrome browser extension has two unpatched flaws that allow attackers to read a victim’s Gmail, Google Docs, and Calendar data using just six lines of JavaScript, even after eight subsequent releases. Manifold researchers first reported the issues…...

Cyber Security News
cybersecuritynews.com > kittysploit-penetration-testing-tool

KittySploit – AI-Powered Next-Generation Penetration Testing Framework With 1150+ Modules

3+ day, 16+ hour ago  (356+ words) KittySploit is a new open-source penetration testing framework that combines a Python and Zig codebase with autonomous AI agents, ship­ping with over 1,150 modules for offensive security teams. KittySploit’s core difference is its integration of local large language models via…...

Cyber Security News
cybersecuritynews.com > ghostcommit-attack-hides-prompts

New Ghostcommit Attack Hides Malicious Prompts in Images to Exploit AI Agents

4+ day, 16+ hour ago  (534+ words) A novel supply chain attack called “Ghostcommit” that conceals prompt-injection instructions within PNG images to bypass AI code reviewers and trick coding agents into leaking secrets such as.env files. The ASSET Research Group demonstrated that a pull request containing…...

Cyber Security News
cybersecuritynews.com > whatsapp-message-openclaw-remote-access-tool

One WhatsApp Message Turns OpenClaw Into a Remote Access Tool for Hackers

5+ day, 15+ hour ago  (243+ words) Three high-severity vulnerabilities in OpenClaw, the open-source AI coding assistant with 381,000 GitHub stars, that allow attackers to achieve remote code execution through a single WhatsApp message. The flaws, confirmed exploitable on OpenClaw 2026.6.1, expose a structural weakness in how AI agents…...