Right on schedule! 🔥 Excited to test out the new helper scripts and VM boot tweaking in Kali 2026.2. In recovery and threat hunting, a seamless environment is everything. Time to update the home lab.
Kali Linux 2026.2 Release (GNOME 50, KDE 6.6, Helper Scripts, APT Formats & VM Boot Tweaking): It’s the final week of Q2, and Kali Linux 2026.2 is here - right on schedule ;) We have been heads down since our last release, and we are ready to share what… https://t.co/kv4knEBCQs
🚨 Oracle E-Business Suite has a new active exploitation problem.
CVE-2026-46817 is a CVSS 9.8 flaw in Oracle Payments that can allow unauthenticated HTTP takeover.
No public PoC. Attribution unknown.
Read the full report: https://t.co/H0c1euDjSR
🛑 A leaked AI key is not just a secret anymore.
It is a running bill.
Researchers tested 444 iOS AI chatbot apps. Over 250 exposed paid LLM access through network traffic.
> Plaintext keys
> Replayable tokens
> Open backend proxies with no auth
Read the THN report: https://t.co/yDPmqod6Mi
🛡️ We added SimpleHelp authentication bypass vulnerability CVE-2026-48558 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity#InfoSec
Due to scheduled protests in SA, we are prioritising our team's safety.
There will be no LIVE drives or member streams on Tue, June 30th. Catch repeats on our channel; we'll be back on Wed, July 1st.
To our SA viewers, please stay safe. Thank you for understanding.
#wildearth
🇬🇧 LATEST: The UK's FCA has published its final crypto framework, with mandatory licensing and simplified capital requirements for stablecoin issuers.
Firms face a February 2027 authorization deadline.
📢 Stay informed on the latest vulnerabilities with @CISAgov's Vulnerability Bulletin & gain valuable insights into emerging threats. 💡 Check out the latest updates: https://t.co/YbPQFqMQPx #Cybersecurity#InfoSec#VulnerabilityManagement
🚨 Hotel phishing is getting harder to spot.
Microsoft says attackers used Calendly and Google URL redirects to push photo ZIPs at hotels in Europe and Asia.
Inside? a fake image shortcut that drops the TonRAT Node.js implant.
See how it works 🠖 https://t.co/3LD2Ww089S
THIS IS ABSOLUTELY CRAZY.
Last year, Bybit suffered a $1.5 billion hack carried out by North Korea's Lazarus group.
Investigators traced those funds, and they ended up at wallet addresses linked to Iran's central bank.
But that's not all.
Since 2019, Iran-linked wallets have moved over $3.84 BILLION, much of it tied directly to the IRGC.
This is why the US sanctioned Iran's crypto exchange Nobitex, which was laundering more than half of Iran's crypto income.
Russian Intelligence Services cyber threat actors are conducting phishing campaigns on commercial messaging apps. Read our updated PSA with @FBICyberDiv for recent tactics & samples of phishing messages. 🔗 https://t.co/zXFqFrxC7j
🚨 Russian intelligence-linked phishers have a new Signal trick.
FBI and CISA say they are asking targets to share their Signal Backup Recovery Key.
If they get it, they can restore old backups, read message history, and take over the account.
Here’s how the phishing works: https://t.co/hMWO1yKvgf
🚨 CYBER INTELLIGENCE ALERT: MASSIVE SALE OF PERIMETER ACCESS (FORTIGATE) — UNITED STATES 🇺🇸
[STATUS: EXPOSED INFRASTRUCTURE / UNCONFIRMED / SALE OF INITIAL ACCESS (IAB) / SOURCE: UNDERGROUND FORUM]
THREATENING ACTOR OFFERS MORE THAN 6,300 ACCESS CREDENTIALS TO NETWORK SECURITY DEVICES
The threat actor identified under the alias Dark_Alpha, operating on behalf of the criminal cell ALPHA-GROUP, has put up for sale a massive batch allegedly containing 6,355 valid and verified access credentials to Fortinet FortiGate corporate security devices in the United States.
🏢 Allegedly Affected Entities: Multiple public and private sector organizations in the United States that operate firewalls or VPN gateways based on FortiGate technology.
👤 Threat Actor / Access Broker: Dark_Alpha / ALPHA-GROUP.
⚔️ Primary Attack Vector / Origin: Operation declared as "FortiBleed OP." This suggests the massive and automated exploitation of known remote code execution (RCE) vulnerabilities or authentication bypass in the logical management interfaces (such as the SSL-VPN or HTTPS portal) of unpatched FortiOS devices, or the mass harvesting of credentials through information-stealing Trojans (Infostealers).
🔍 Verification Status: UNCONFIRMED. A readable list of subdomains or IP addresses of the affected companies has not been published. The alert is being processed as a strictly preventative measure due to the high potential for destructive impact associated with the hijacking of VPN gateways and large-scale corporate network perimeters.
🛡️ GENERAL RECOMMENDATIONS AND SECURITY BEST PRACTICES
🛑 Immediate Firmware and Patch Updates (Mandatory Action): Infrastructure administrators using FortiGate firewalls are strongly urged to verify that their devices are running the latest, stable versions of FortiOS. Ensure the mitigation of both historical and recent critical vulnerabilities reported by the manufacturer regarding SSL-VPN services and web management portals.
🔑 Authentication Policy Hardening (MFA): Strictly prohibit any corporate VPN access that relies solely on static passwords. Implement mandatory Multi-Factor Authentication (MFA/2FA) policies based on dynamic tokens for all user profiles.
📊 MONITORING AND ASSESSMENT
Intelligence System: https://t.co/wk9bZJ2Nli
Quickly assess your website's security at: https://t.co/QZhWp0kFrO
#CyberSecurity #USA #FortiGate #InitialAccess #DarkAlpha #AlphaGroup #VPNCompromise #FortiBleed #FirewallBreach #ThreatIntelligence #CyberAlert #VECERT #Infosec #UnverifiedIncident
ALERT: @Microsoft identifies USB-spreading malware that hijacks crypto transfers by silently swapping copied wallet addresses with attacker-controlled ones before you paste.
Disable AutoRun for USBs, block .lnk file execution, and always verify wallet addresses after pasting.
🛑 FortiGate credentials are now the attack path.
CISA is urging Fortinet customers to secure internet-facing FortiGate appliances after FortiBleed activity tied to credential attacks.
The number of compromised devices stands at 86,644 as of June 19, 2026.
Reset passwords. Kill active sessions. Enable MFA.
Read - https://t.co/GFlhSAcR0f
⚠️ We issued 8 🆕 public #ICS Advisories. These advisories provide info about current security issues, vulnerabilities, & exploits surrounding ICS. More at https://t.co/GMcAV2NOBx
CISA Urges Hardening Fortinet Devices Following FortiBleed Attack
Source: https://t.co/uOEyQEPYTL
CISA has issued an urgent advisory warning organizations to secure their Fortinet devices following reports of a large-scale credential exposure campaign known as “FortiBleed.”
The alert comes after threat actors were found exploiting compromised credentials linked to tens of thousands of internet-facing Fortinet systems worldwide. The FortiBleed activity involves leaked credentials associated with approximately 74,000 Fortinet devices, including FortiGate firewalls and SSL VPN gateways.
#cybersecuritynews
🚨 Operation Endgame disrupted SocGholish infrastructure, a long-running malware delivery network active since 2017.
🖥️ 106 servers taken down
🌐 14,971 WordPress sites cleaned
SocGholish (FakeUpdates) has been used to deliver follow-on malware linked to groups including LockBit, Evil Corp, RansomHub, and Dridex.
Read → https://t.co/ICBEB1GWdo
🚨 ALERT - A critical Splunk Enterprise flaw can go from “no login required” to remote code execution.
Tracked as CVE-2026-20253, the bug carries a 9.8 CVSS score and affects vulnerable Splunk Enterprise servers through exposed PostgreSQL sidecar endpoints.
The exploit chain is now public.
Read the full story: https://t.co/arMFjVVt10