Saturday 27 June 2026 00:18:14 GMT+02:00

Netcrook

HomeManifesto
News
Corporate Security IncidentsCloud, SaaS & Identity SecurityIndustrial Cybersecurity & Critical InfrastructureCyber Intelligence, TrendsAI Security & Agentic SystemsCyber Intelligence & Threat TrendsCyber WarfareCyber Warfare & Nation-State OperationsCyber CriminalityBreaches & Data LeaksCybercrimeMalware & BotnetsRansomware & ExtortionSecurity Awareness & Social EngineeringLegal PolicyLegal, Policy & Government CybersecurityPrivacy, Regulation & ComplianceTechnology, InnovationTechnology, Innovation & Digital InfrastructureVulnerabilities Patch ManagementResearch, Exploits & Offensive SecurityVulnerabilities & Patch Management
Techcrook
Tutte le tecnologieIdentita e accessoFirewall e reteBackup e archiviazioneEnergia e continuitaPrivacy e sicurezza fisicaLaboratorio e prototipazioneStampa e tracciabilitaTecnologia quotidiana
Geocrook
AfricaAsiaEuropeMiddle EastNorth AmericaOceaniaSouth America
WikicrookTeamAppContact
EnglishItalianoArabic

#script execution

Fake Updates, Real Risk: The macOS Lure That Turns Trust Into Execution

17 June 2026 12:49Security Awareness & Social EngineeringNorth America / USAPATCHKNIGHT

A macOS targeting campaign shows how a convincing prompt can matter more than a technical exploit when attackers are trying to make the victim run the payload themselves.

#Sapphire Sleet | #macOS | #fake update dialogs

npm 12 Tightens the Gates on Dependency Scripts

13 June 2026 18:02Technology, Innovation & Digital InfrastructureNorth America / USATRUSTBREAKER

A coming default change will stop dependency scripts from running during npm install unless they are explicitly allowed, shifting a long-standing trust decision from automatic to deliberate.

#npm 12 | #script execution | #supply chain

Exchange’s New OWA Flaw Shows How One Email Can Turn Into Browser Risk

11 June 2026 11:47Vulnerabilities & Patch ManagementNorth America / USASECURESPECTER

CVE-2026-42897 is a reminder that a mail server bug can become a web attack when Outlook Web Access is part of the path, and that patch timing matters as much as the vulnerability itself.

#Microsoft | #Exchange Server | #CVE-2026-42897

The Hosting Add-On That Turned cPanel Access Into a Root-Level Risk

23 May 2026 14:08Vulnerabilities & Patch ManagementNorth America / USASECURESPECTER

A zero-day in the LiteSpeed user-end cPanel plugin shows how one small control-panel extension can become a server-wide escalation path.

#CVE-2026-48172 | #cPanel plugin | #root access

When a Hosting Convenience Tool Crosses the Line Into Root Control

23 May 2026 12:14Vulnerabilities & Patch ManagementNorth America / USASECURESPECTER

CVE-2026-48172 turns a user-facing LiteSpeed cPanel feature into a privilege-boundary failure, showing how backend trust mistakes can collapse into server-level risk.

#CVE-2026-48172 | #LiteSpeed cPanel | #root privilege escalation

MSHTA Still Opens a Quiet Door for Windows Intruders

21 May 2026 17:58Malware & BotnetsNorth America / USAIRONQUERY

A legacy Microsoft utility can still be turned into a stealthy execution path, showing that retiring Internet Explorer does not retire every browser-era risk.

#MSHTA | #fileless malware | #Windows users