05 Jul, 2026

Microsoft fixes bug that removed Copilot buttons in Outlook

Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic) license. As the company explains in a recent support document, affected users may no longer see Copilot buttons on the side navigation and above the ribbon. Those affected may also […]

2 mins read

Cisco finally confirms attackers exploiting Unified CM flaw

Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. Unified CM (formerly known as Cisco CallManager) is the central control system for Cisco IP telephony systems, handling call routing, device management, and telephony features. Threat actors without privileges can exploit the vulnerability (CVE-2026-20230) remotely in low-complexity […]

2 mins read

CISA: Microsoft SharePoint RCE flaw now actively exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability. Tracked as CVE-2026-45659, this security flaw stems from a deserialization of untrusted data weakness, and it allows attackers with low privileges to execute arbitrary code on unpatched SharePoint servers in low-complexity attacks […]

2 mins read

Opera rolls out Paste Protect feature to fight ClickFix attacks

Opera has introduced Paste Protect, a security feature designed to block ClickFix-style attacks that trick users into executing malicious commands through social engineering. ClickFix is a widely used technique where victims are deceived into copying dangerous code or commands to the clipboard and then executing them in the command-line interface. Typically, the ruse is a verification process or some […]

3 mins read

Alleged Scattered Spider hacker extradited to the United States

A dual United States and Estonian citizen has been extradited to the U.S. to face charges alleging he was a member of the Scattered Spider hacking collective. 19-year-old Peter Stokes (who used the online handles “Bouquet,” “Spencer,” and “Jordan”) was arrested in Finland on April 10 while attempting to board a flight to Japan at Helsinki’s […]

2 mins read

Medtronic notifies customers impacted by ShinyHunters data breach

Healthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. The company previously confirmed that its IT systems were compromised by hackers, and the infamous data extortion group ‘ShinyHunters’ claimed the attack. The threat actor said that they were holding 9 million Medtronic records with […]

2 mins read

FortiBleed credential-theft campaign linked to Lynx ransomware

The massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions. Earlier this month, a server containing credentials stolen from more than 73,000 Fortinet devices was discovered exposed on the internet. Researchers found the server contained downloaded FortiGate […]

3 mins read

Kubota says hackers had month-long access to network systems

Kubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year. Following an investigation into the incident, the company determined that between March 16 and April 20 the threat actor accessed files with personal information for employees and their dependents. Kubota is a […]

2 mins read

New ChocoPoC malware targets researchers via trojanized PoC exploits

Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a campaign believed to target cybersecurity researchers. Hiding malware in PoC exploits for various vulnerabilities is not new, as there are examples of threat actors posing as real security researchers and taking […]

3 mins read

DHS confirms hackers breached HSIN info-sharing platform

The Department of Homeland Security is investigating a cyberattack that compromised the Homeland Security Information Network (HSIN), a sensitive information-sharing platform used by federal, state, local, and private-sector partners. The intrusion, first reported by Nextgov, was carried out by an unknown threat actor in recent weeks and is believed to have occurred sometime between late May […]

2 mins read