FISA

The modern cybercriminal isn't just writing malware anymore. They're building brands. In a campaign recently highlighted by cybersecurity researchers, scammers have been caught creating an entire ecosystem of fake credibility around malicious software. By abusing platforms such as GitHub, manipulating reputation signals on VirusTotal, and flooding the internet with AI-generated promotional content, attackers are convincing users to willingly install malware designed to steal cryptocurrency. It's a shift that reflects a broader trend in cybercrime: instead of breaking through security barriers, criminals are increasingly focused on persuading victims to open the door themselves. Building a Reputation That Doesn't Exist The operation begins where many developers and technology enthusiasts search for software: GitHub. Researchers found that threat actors were creating repositories that appeared legitimate at first glance. Some projects were presented as useful develop...

  ServiceNow Patches Unauthorized Access Issue Enterprise cloud software provider ServiceNow has disclosed a security incident involving an API configuration flaw that may have allowed unauthorized access to customer data stored within certain hosted environments. The company confirmed that it deployed a security update on June 5, 2026, after detecting unusual activity affecting a subset of customer instances. According to ServiceNow, the issue could enable an unauthenticated user, under specific circumstances, to gain broader access to platform resources than intended. Following its investigation, the company identified evidence that some instance tables had been queried successfully and began notifying affected customers through direct support channels. Suspected API Misconfiguration While ServiceNow has not released detailed technical information about the vulnerability, discussions among administrators and security researchers point to a potentially exposed API endpoint associa...

An anonymous security researcher known as Chaotic Eclipse (also tracked as Nightmare-Eclipse and MSNightmare) has publicly released a proof-of-concept exploit for yet another unpatched Microsoft Defender zero-day, this one dubbed RoguePlanet. The exploit works on fully updated Windows 10 and Windows 11 systems with the June 2026 Patch Tuesday updates installed, and when successful, delivers a shell with SYSTEM-level privileges the highest level of access on a Windows machine. How the Exploit Works RoguePlanet is a race condition vulnerability, meaning it exploits a timing gap between two operations in Microsoft Defender's code. The researcher acknowledged the exploit is not perfectly consistent across all machines success rates varied significantly depending on the target system, but noted that independent security researcher Will Dormann confirmed it worked on the first attempt on his machine. The exploit does not currently function against Windows Server installations in its p...

Security researchers disclosed a new software supply chain campaign attributed to the North Korean threat actor Lazarus Group. The operation targets software developers through malicious packages uploaded to the npm registry, one of the world's largest repositories for JavaScript software components. Unlike traditional typosquatting attacks that rely on simple spelling mistakes, this campaign uses a more sophisticated technique known as brandjacking, where malicious packages are intentionally designed to appear related to legitimate and widely trusted open-source projects. According to research conducted by Sonatype, dozens of malicious packages were identified as part of the campaign, with some accumulating hundreds of downloads before detection and removal. The attackers created package names that appeared to be extensions, companion tools, utilities, or ecosystem components associated with popular projects such as React, Express, Webpack, Chai, JWT libraries, and Buffer. By usi...

Threat actors are actively exploiting a critical remote code execution vulnerability in Everest Forms Pro , a WordPress plugin used by approximately 4,000 websites. The flaw, tracked as CVE-2026-3300 with a near-maximum CVSS score of 9.8, allows completely unauthenticated attackers to execute arbitrary PHP code on affected servers and take full control of vulnerable sites. What the Vulnerability Does The root cause of the flaw lies in the Calculation Addon's process_filter() function, which takes user-submitted form field values and concatenates them directly into a PHP code string before passing it to PHP's eval() function without proper escaping. The sanitization function applied to user input does not strip single quotes or other PHP-specific characters, meaning an attacker can simply submit a crafted value through any standard string-type form field including text, email, URL, select, or radio fields on any form that uses the "Complex Calculation" feature. T...