Cyber Security – Page 5 – Simply Secure Group

1-Click GitHub Token Vulnerability Lets Attackers Steal Users OAuth Tokens

A critical security vulnerability in Visual Studio Code’s webview implementation allows attackers to steal GitHub OAuth tokens, including read/write access to private repositories, simply by tricking a victim into clicking a single malicious link. The bug was publicly disclosed on June 2, 2026, by security researcher Ammar Askar, who opted for full disclosure after prior […]

WordPress Malware Abuses Steam Community Profiles for C2 Operations

A newly discovered malware campaign targeting WordPress websites has raised serious concerns across the web security community. Attackers behind this campaign are using an unexpected method to communicate with infected sites, hiding command instructions inside Steam Community profile comments and turning a popular gaming platform into a covert control channel. The malware works in two […]

TP-Link Router Vulnerability Allows Attackers to Execute Arbitrary System Commands

A newly disclosed high-severity vulnerability in TP-Link routers could allow attackers to execute arbitrary system commands and fully compromise affected devices. Tracked as CVE-2026-5509, the flaw affects Archer BE450 v1 and Archer BE7200 v1 models. It has been assigned a CVSS v4.0 score of 8.5, indicating a high risk to users and enterprise environments that […]

Hackers Use Metas AI Bot to Reset Passwords and Hijack Instagram Accounts

A critical logic flaw in Meta’s AI-powered Instagram support chatbot allowed attackers to bypass two-factor authentication entirely, not by cracking codes, but by simply asking the bot to hand over access. Over the weekend, high-value “OG” Instagram handles, dormant institutional accounts, and verified profiles were stolen in minutes, with stolen usernames listed for resale on […]

IBM WebSphere Server Vulnerable to Remote Code Execution Attack Via Crafted Request

IBM has disclosed a critical security vulnerability in its WebSphere Application Server ecosystem that could allow attackers to execute arbitrary code through specially crafted HTTP requests. The flaw, tracked as CVE-2026-8633, affects environments that use the optional Web Server Plug-ins component, significantly elevating the risk for enterprise deployments that rely on WebSphere infrastructure. The vulnerability […]

Critical Plesk Vulnerability Let Users Execute Arbitrary Commands on the Server

A newly disclosed critical vulnerability in Plesk, tracked as CVE-2026-44962, is raising serious security concerns after researchers confirmed it can allow authenticated users to execute arbitrary operating system commands on affected servers. The issue, published in the National Vulnerability Database and GitHub Advisory Database, affects the APS Application Catalog component and has been assigned a […]

Instagram Meta AI Vulnerability Allegedly Enables Password Reset for Accounts

A critical flaw in Meta’s AI-powered account recovery tool on Instagram allowed attackers to hijack high-value accounts by tricking the chatbot into forwarding password reset codes with no verification required. Security researchers ZachXBT and Dark Web Informer were among the first to publicly expose the vulnerability, revealing that threat actors had found a way to […]

Microsoft Releases KB5089573 for Windows 11 to Fix Patch Tuesday Install Issues

Microsoft has rolled out a new cumulative update, KB5089573, for Windows 11 versions 25H2 and 24H2, targeting a critical installation failure that affected users following the May 2026 Patch Tuesday release. The update brings OS builds to 26200.8524 and 26100.8524, respectively, resolving a widely reported error that prevented many systems from completing the monthly security […]

GitLab Patches Multiple Duo AI, DoS, and Authorization Flaws in Community and Enterprise Edition

GitLab has released emergency security updates for both Community Edition (CE) and Enterprise Edition (EE), addressing multiple Duo AI, denial‑of‑service, and authorization flaws in recent versions of the platform. On May 27, 2026, GitLab shipped versions 19.0.1, 18.11.4, and 18.10.7 as security patch releases for self‑managed instances. These builds fix several vulnerabilities across Duo AI […]

Pentest Swarm AI Tool With Live Access to nmap, sqlmap, Burp, Metasploit, and Others

Pentest Swarm AI is the first open-source autonomous penetration testing platform built on a swarm intelligence architecture, not just multiple agents firing in a fixed sequence. Developed by Armur AI, it gives security professionals live, coordinated access to the full offensive stack, including nmap, SQLMap, Burp Suite, ZAP, and Metasploit, all driven by an AI […]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.