Blog

Researchers found a Wordle strategy that wins 99% of the time

Researchers developed a Wordle-solving strategy that succeeds 99% of the time by focusing on information gain rather than likely answers. The method uses Shannon entropy to identify guesses that reveal the most about the hidden word. Each guess is designed to slash uncertainty and narrow the possibilities faster. The result significantly outperformed more traditional Wordle tactics.
http://news.poseidon-us.com/TT6s7Y

Klue breach lead to Salesforce data theft, Huntress affected

Cybersecurity vendor Huntress was among multiple companies hit by a breach originating at Klue, a market intelligence platform used to integrate CRM and sales data across various business tools. Huntress published a detailed account of the incident on June 18, framing it as a “security domino effect” that began with one compromised integration credential and cascaded into theft of customer data across several connected platforms, including Salesforce. Attack timeline According to Huntress’s writeup, the attackers … More → The post Klue breach lead to Salesforce data theft, Huntress affected appeared first on Help Net Security.
http://news.poseidon-us.com/TT6pvK

Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware

A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malicious trading and gambling tools appear trustworthy, Check Point researchers found. According to the researchers, the attackers packaged the malware as tools designed to help users make money. The offerings included cryptocurrency sniper bots and gambling “predictors” that claimed to identify winning opportunities before other traders or forecast the outcome of online betting games. Instead of quick … More → The post Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware appeared first on Help Net Security.
http://news.poseidon-us.com/TT6ptP

Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)

CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal civilian agencies to apply mitigations by June 21, 2026. In-the-wild exploitation has also been confirmed by the vendor and Resecurity, who said that its potential for full system compromise should push organizations to prioritize patching and review systems for indicators of compromise such as: Requests containing path traversal sequences (../) PostgreSQL connection parameters … More → The post Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253) appeared first on Help Net Security.
http://news.poseidon-us.com/TT6lsW

Forget traffic lights, Google’s reCAPTCHA may ask for hand gestures

Google has introduced hand gesture verification for reCAPTCHA, a new method for verifying that a user is human. Google’s reCAPTCHA is part of Google Cloud Fraud Defense, a fraud and abuse prevention platform for bot, account, and transaction protection. It uses risk analysis and challenge-based verification to help organizations identify automated activity and suspicious behavior. The service is commonly deployed on login pages, registration forms, password reset pages, and checkout systems, where it can allow … More → The post Forget traffic lights, Google’s reCAPTCHA may ask for hand gestures appeared first on Help Net Security.
http://news.poseidon-us.com/TT6lrt

Mastodon 4.6 adds profile Collections and two-factor controls

People who run accounts on the open source social network Mastodon can now group profiles together and share those groups across the web. The 4.6 release centers on a feature called Collections, along with reworked profiles, email newsletters, server administration controls, and a set of accessibility changes. Server controls The release gives server administrators a control to require two-factor authentication on member accounts. Jerry, the administrator of infosec.exchange, plans to turn the requirement on and … More → The post Mastodon 4.6 adds profile Collections and two-factor controls appeared first on Help Net Security.
http://news.poseidon-us.com/TT6hzQ