Cryptika | كريبتيكا

Microsoft Investigates MFA Setup Failure and MySigns-In Portal Outage Microsoft is currently investigating a service disruption affecting users attempting to set up multi-factor authentication (MFA) or access the self-service sign-in portal at mysignins.microsoft.com....

Microsoft Tightens Entra ID Password Resets With New Authentication Change June 1, 2026 Microsoft has announced a significant security update to its Entra ID Self-Service Password Reset (SSPR) feature, introducing stricter authentication requirements designed to reduce identity-based attacks....

Famous Chollima Hackers Target PHP Developers Using Compromised Packagist Package June 1, 2026 A well-known North Korean threat actor has been caught hiding malware inside a legitimate PHP package available through Packagist, the main package repository for PHP projects. The attack takes direct aim at software developers, disguising a dangerous payload as a routine configuration file. This kind of campaign blends in easily with normal development workflows, making it especially hard to detect before any damage is done....

Hackers Attacking Signal Users to Steal Backups in New Wave of Attacks June 1, 2026 A new wave of phishing attacks is targeting users of Signal, the encrypted messaging app trusted by journalists, activists, and privacy-conscious individuals worldwide. Hackers are impersonating Signal’s support team and tricking users into handing over their backup recovery keys, which can unlock entire archives of private chat history. The campaign has raised serious concern among cybersecurity researchers and digital rights organizations....

Microsoft Clarifies It Won’t Sue Security Researchers Amid Nightmare-Eclipse Controversy Microsoft has clarified its stance, reducing perceived legal threats and reaffirming its commitment to coordinated vulnerability disclosure, following significant backlash from the security research community. In a carefully worded statement released in late May 2026, Microsoft’s Security Response Center (MSRC) moved to defuse a growing crisis over its handling of the security research community, clarifying that it has “no intention to pursue action against individuals conducting or publishing their security research.”...

Instagram Meta AI Vulnerability Allegedly Enables Password Reset for Accounts June 1, 2026 A critical flaw in Meta’s AI-powered account recovery tool on Instagram allowed attackers to hijack high-value accounts by tricking the chatbot into forwarding password reset codes with no verification required. Security researchers ZachXBT and Dark Web Informer were among the first to publicly expose the vulnerability, revealing that threat actors had found a way to manipulate Instagram’s Meta AI assistant a tool designed to help users recover access to their accounts....

Windows Netlogon 0-Click RCE Vulnerability Now Actively Exploited In The Wild June 1, 2026 The critical Windows Netlogon remote code execution (RCE) vulnerability tracked as CVE-2026-41089 is now under active exploitation in the wild, significantly raising the risk profile for unpatched Windows Server environments. The flaw affects Windows servers configured as domain controllers and allows unauthenticated remote attackers to execute arbitrary code with SYSTEM-level privileges by sending specially crafted Netlogon network requests....

Microsoft Releases KB5089573 for Windows 11 to Fix Patch Tuesday Install Issues May 31, 2026 Microsoft has rolled out a new cumulative update, KB5089573, for Windows 11 versions 25H2 and 24H2, targeting a critical installation failure that affected users following the May 2026 Patch Tuesday release. The update brings OS builds to 26200.8524 and 26100.8524, respectively, resolving a widely reported error that prevented many systems from completing the monthly security update. The May 2026 Patch Tuesday security update (KB5089549) triggered installation failures on a subset of Windows 11 devices, with error code 0x800f0922 halting the process....

GitLab Patches Multiple Duo AI, DoS, and Authorization Flaws in Community and Enterprise Edition May 30, 2026 GitLab has released emergency security updates for both Community Edition (CE) and Enterprise Edition (EE), addressing multiple Duo AI, denial‑of‑service, and authorization flaws in recent versions of the platform. On May 27, 2026, GitLab shipped versions 19.0.1, 18.11.4, and 18.10.7 as security patch releases for self‑managed instances. These builds fix several vulnerabilities across Duo AI workflow runners, the Wiki component, GraphQL WorkItem APIs, operations, pipelines, and authentication endpoints, and GitLab is urging all administrators to upgrade without delay....

Pentest Swarm AI Tool With Live Access to nmap, sqlmap, Burp, Metasploit, and Others May 30, 2026 Pentest Swarm AI is the first open-source autonomous penetration testing platform built on a swarm intelligence architecture, not just multiple agents firing in a fixed sequence. Developed by Armur AI, it gives security professionals live, coordinated access to the full offensive stack, including nmap, SQLMap, Burp Suite, ZAP, and Metasploit, all driven by an AI model of your choice....