Cyber Security – Simply Secure Group

Ubiquiti Patches Critical UniFi OS Vulnerabilities Allowing Remote Privilege Escalation

Ubiquiti Networks has released urgent security updates to address a series of highly critical vulnerabilities affecting its UniFi OS platform. These severe flaws could allow unauthenticated, remote attackers to execute arbitrary code, escalate privileges, and severely compromise enterprise network infrastructure. In total, the hardware vendor patched five distinct security issues, three of which carry a […]

Splunk Patches Multiple Vulnerabilities that Enable DOS Attack and Exposes Sensitive Data

Splunk has released security updates addressing multiple vulnerabilities across Splunk Enterprise, Splunk Cloud Platform, and the Splunk AI Toolkit that could lead to denial-of-service (DoS) conditions and exposure of sensitive data. The issues, disclosed on May 20, 2026, include three tracked vulnerabilities: CVE-2026-20238, CVE-2026-20239, and CVE-2026-20240. Splunk AI Toolkit Access Flaw (CVE-2026-20238) A medium-severity flaw […]

Discord Announces End-to-End Encryption by Default for Video and Voice Messages

Discord has officially rolled out end-to-end encryption (E2EE) for all voice and video communications across its platform, marking a major milestone in secure real-time communication. The feature, now enabled by default as of March 2026, applies to direct messages, group calls, voice channels, and Go Live streams without requiring any user opt-in. At the core […]

Hackers Use Fake Microsoft Teams Downloads to Deploy ValleyRAT Malware

Hackers have been caught running a deceptive campaign that uses fake Microsoft Teams download websites to trick users into installing ValleyRAT, a remote access trojan capable of stealing data, logging keystrokes, and taking remote control of infected machines. The campaign, which first surfaced in mid-April 2026, targets unsuspecting users who believe they are downloading the […]

GitHub Internal Repositories Breached Via Weaponized VS Code Extension

GitHub confirmed a significant security breach on May 18, 2026, after attackers leveraged a weaponized Visual Studio Code extension to compromise an employee’s device and exfiltrate data from the company’s internal source code repositories. The attack was detected and contained on Monday, May 18, when GitHub’s security team identified suspicious activity on an employee endpoint. […]

Claude Codes Network Sandbox Vulnerability Exposes User Credentials and Source Code

Anthropic’s Claude Code AI coding assistant harbored a critical network sandbox bypass for over five months, allowing attackers to exfiltrate credentials, source code, and environment variables from developer systems, and the company issued no public advisory for either incident. Security researcher Aonan Guan has publicly disclosed a second complete bypass of Claude Code’s network sandbox, […]

DevilNFC Android Malware Uses Kiosk Mode to Trap Victims During NFC Relay Attacks

A dangerous new Android malware called DevilNFC has emerged, combining NFC relay attacks with a Kiosk Mode trap that locks victims inside a fake banking screen until their card data is stolen. The malware targets customers across Europe and LATAM with technical precision rarely seen in independently built tools. Unlike previous threats, DevilNFC does not […]

Microsoft Python Client DurableTask Compromised by TeamPCP Hackers

Three consecutive releases of Microsoft’s official Python workflow SDK were poisoned with a multi-cloud credential-stealing worm, continuing the group’s relentless 2026 supply chain campaign. The TeamPCP threat group has struck again this time targeting durabletask, the official Microsoft Python client for the Durable Task workflow execution framework. Security researchers at Wiz disclosed that versions v1.4.1, v1.4.2, and […]

ShinyHunters Claims Credit for Cyber-Attack on Online Learning Management System

A recent cyberattack targeting an online Learning Management System (LMS) has been attributed to the notorious cybercriminal group ShinyHunters. The incident caused widespread service disruptions affecting educational institutions and students across the United States, although the platform has since been restored. The attack temporarily disrupted access to critical academic resources hosted on the LMS platform, […]

Kimsuky Hackers Use LNK and JSE Lures to Target Recruiters, Crypto Users, and Defense Officials

North Korea-linked hackers are at it again, and this time they are casting a wide net. The Kimsuky threat group, a well-known cyber espionage unit with ties to the DPRK, ran four separate spear-phishing campaigns in the first half of 2025 targeting corporate recruiters, cryptocurrency investors and developers, defense sector officials, and graduate school administrators. […]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.