Posts

KnowBe4 - From 1% to 26%: How AIDA Orchestration Fixes the Remedial Training Gap

Image
As we speak, bad actors are using AI agents to do their dirty work. Our own research tells us 85.8% of phishing attacks were AI-driven in the past 12 months . Agentic power is helping social engineering and malware get smarter, faster and harder to detect. from KnowBe4 Blog https://blog.knowbe4.com/how-aida-orchestration-fixes-remedial-training-gap
Post a Comment
Read more

The Hacker News - 144 Mastra npm Packages Compromised via Hijacked Contributor Account

As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from JFrog, SafeDep, Socket, and StepSecurity. "A single npm account (ehindero) mass-published more from The Hacker News https://thehackernews.com/2026/06/144-mastra-npm-packages-compromised-via.html
Post a Comment
Read more

The Hacker News - CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-48907 (CVSS score: 10.0), is a case of improper access control that could facilitate arbitrary from The Hacker News https://thehackernews.com/2026/06/cisa-warns-of-actively-exploited-joomla.html
Post a Comment
Read more

The Hacker News - Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving infrastructure. Palo Alto Networks Unit 42, which found and reported the bug through Google's bug bounty program, calls the technique "Pickle in the Middle" and said it saw no exploitation in the wild. from The Hacker News https://thehackernews.com/2026/06/google-vertex-ai-sdk-flaw-let-attackers.html
Post a Comment
Read more

The Hacker News - ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader, observed in April 2026, have targeted education and financial organizations. "Earlier BabaDeda activity was known for from The Hacker News https://thehackernews.com/2026/06/clickfix-campaigns-expand-malware.html
Post a Comment
Read more

KnowBe4 - 4 Hot Summer Travel Tips To Avoid Scams

Image
When the weather starts to get warmer, it is a sign that summer time is around the corner. But just as the weather heats up and travel plans get booked, scammers capitalize on the season by performing nefarious schemes to separate victims from their money and other valuables. from KnowBe4 Blog https://blog.knowbe4.com/4-hot-summer-travel-tips-to-avoid-scams
Post a Comment
Read more

The Hacker News - New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds

Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends SMS, rewrites the clipboard to redirect crypto payments, and switches off Google Play from The Hacker News https://thehackernews.com/2026/06/new-rokarolla-android-malware-steals.html
Post a Comment
Read more