CyberSecurity News

CyberSecurity News

Aggregated hourly from BleepingComputer, Krebs on Security, The Hacker News, Dark Reading, The Record, SecurityWeek & more. Each story gets an original brief with cross-linked CVE, threat-group and country data.

100 stories · 90 with on-site briefs

• CISA warns of max severity Ubiquiti flaws exploited in attacksThe US Cybersecurity and Infrastructure Security Agency is warning about active exploitation of vulnerabilities in Ubiquiti UniFi OS and Lantronix serial-to-ethernet servers. These flaws are being exploited by hackers in ongoing attacks. The vulnerabilities in question have the highest severity rating.
  BleepingComputer
  · Jun 24, 2026·brief
• Amadey, StealC malware operations disrupted in Operation Endgame actionMicrosoft, Europol, and other international partners have taken action to disrupt the infrastructure supporting Amadey and StealC malware operations. This effort is part of a larger initiative known as Operation Endgame, which focuses on targeting cybercriminal services and ransomware groups.
  BleepingComputer
  · Jun 24, 2026·brief
• Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and RiskA new framework called AIVEX has been developed to help security teams assess software supply chain vulnerabilities. This triage model is designed to identify the vulnerabilities that pose the greatest risks to operational, safety, and business aspects in environments that rely on artificial intelligence. The goal of AIVEX is to reduce supply chain threats and risks. It aims to provide security teams with a way to prioritize vulnerabilities based on their potential impact. The framework is intended for use in AI-driven environments. AIVEX seeks to support security teams in making informed decisions about which vulnerabilities to address first.
  SecurityWeek
  · Jun 24, 2026·brief
• German rail services resume after wireless communications outageDeutsche Bahn experienced a nationwide disruption of railway services due to a malfunction in its wireless communications system. The issue was specifically related to the 2G-based GSM-R system used by the railway company. Rail services have since resumed.
  The Record
  · Jun 24, 2026·brief
• Securing the service desk: Why social engineering attacks keep succeedingService desks are being targeted by attackers who attempt to manipulate them into performing certain actions, such as password resets or MFA changes, to gain access to corporate accounts. Attackers use social engineering tactics to achieve this. A breakdown of how these attacks work and potential defense strategies is available from Specops Software. Organizations are vulnerable to these types of attacks through their service desks. The goal of these attacks is to obtain access to sensitive corporate accounts.
  BleepingComputer
  · Jun 24, 2026·brief
• Giskard: LLM esting platform for preventing hallucinations and security issuesGiskard is a platform designed to prevent hallucinations and security issues in large language models. It is intended for testing and red teaming purposes. The platform's features and functions are discussed in an article on the Giskard website, which also explores various AI agent red teaming tools available in 2026. A comments section for the article is hosted on Hacker News. The article has garnered some attention, with 2 points awarded to it.
  Hacker News
  · Jun 24, 2026·brief
• macOS Weaknesses Chained to Silently Disable Endpoint Security AgentsAn attack can be carried out using a standard non-admin account to exploit legitimate macOS behavior. This exploit does not rely on software vulnerabilities, but rather utilizes the operating system's existing behavior to achieve its goals. The attack allows for the silent disabling of endpoint security agents.
  SecurityWeek
  · Jun 24, 2026·brief
• How Bod 26-04 Is Coming for Your Vulnerability Management ProgramA federal agency guideline known as BOD 26-04 is expected to impact vulnerability management programs. The guideline's effects will be felt regardless of whether an organization is a federal agency or not. Details about the guideline and its implications can be found in a related article. The article discusses how BOD 26-04 will affect vulnerability management programs.
  Hacker News
  · Jun 24, 2026·brief
• Indian auto giant Bajaj Auto hit by ransomware incidentBajaj Auto, a major Indian automobile manufacturer, has been affected by a ransomware incident. The company discovered the incident on Tuesday morning and subsequently took measures to limit its impact.
  The Record
  · Jun 24, 2026·brief
• Third DraftKings Hacker Sentenced to 18 Months in PrisonA third individual involved in hacking DraftKings has been sentenced to 18 months in prison. The sentence also includes a financial penalty, with the individual ordered to pay approximately $1.8 million in forfeiture and restitution. Additionally, the individual will be subject to 3 years of supervised release after serving their prison term.
  SecurityWeek
  · Jun 24, 2026·brief
• Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain AttacksCybersecurity researchers have identified a new type of vulnerability in CI/CD workflows that can be exploited to compromise open-source supply chains. This weakness, referred to as Cordyceps, enables attackers to take control of workflows. The issue poses a significant risk, potentially allowing attackers to gain full control of repositories. Dozens of major organizations, including Microsoft, Google, and Apache, are affected, with over 300 GitHub repositories exposed to supply-chain attacks.
  The Hacker News
  · Jun 24, 2026·brief
• Critical Ubiquiti Vulnerabilities in Attackers’ CrosshairsVulnerabilities in Ubiquiti products are being targeted by attackers. These flaws enable remote and unauthenticated attackers to modify system settings, access underlying accounts, and inject commands, posing a significant threat.
  SecurityWeek
  · Jun 24, 2026·brief
• Agentic AI Security: Wrong Context, Wrong Decisions at Machine SpeedAgentic AI relies heavily on context to make decisions. If the context is incorrect, the AI system will also make incorrect decisions. This issue is particularly concerning because agentic AI operates at machine speed, potentially amplifying the consequences of wrong decisions. The importance of context is a fundamental aspect of AI in general, and agentic AI specifically. Incorrect context can lead to flawed decision-making by the AI system.
  SecurityWeek
  · Jun 24, 2026·brief
• Apple's MacOS Gap Lets Users Disable Security ToolsA vulnerability in Apple's MacOS allows attackers to disable security tools and integrated browser tools without requiring administrator privileges or kernel exploits. This issue can be exploited by attackers to gain an advantage.
  Dark Reading
  · Jun 24, 2026·brief
• New ‘Mistic’ RAT Opens Door to Several Ransomware FamiliesA newly identified remote access trojan called Mistic is being utilized by an initial access broker known as Woodgnat. Woodgnat collaborates with several ransomware groups, including Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta, potentially allowing Mistic to facilitate attacks from these various groups.
  SecurityWeek
  · Jun 24, 2026·brief
• Dawn of the Apex Agentic AdversaryThe cybersecurity landscape is transitioning from an era where threats moved at a pace that organizations could keep up with. This previous era allowed for a relatively slow and predictable rhythm, where vulnerabilities were discovered, cataloged, and patched over a period of weeks or months. As a result, the time it took for attackers to exploit vulnerabilities, known as dwell time, was typically measured in days or weeks. However, this era is now coming to an end, marking a significant shift in the cybersecurity landscape. The pace of threats is accelerating, and organizations will need to adapt to this new reality. A new era of faster and more complex threats is emerging.
  The Hacker News
  · Jun 24, 2026·brief
• Embedding Forbidden Text in Spyware to Discourage AI AnalysisA malware developer is incorporating text related to nuclear and biological weapons into their spyware in an attempt to prevent automated AI analysis. This text is embedded in a large JavaScript block comment at the beginning of the payload, which does not affect the execution of the JavaScript code. The comment contains fake system instructions and content intended to trigger policies, but is skipped by the runtime. The actual malware code follows the comment, wrapped in a try-eval block and utilizing a character-code array and substitution function. The inclusion of this text appears to be a tactic aimed at thwarting AI-mediated analysis rather than related to the Node or Bun runtime environments.
  Schneier on Security
  · Jun 24, 2026·brief
• Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to HijackingSecurity defects in CI/CD systems are exploitable, allowing unauthorized users to gain control. These vulnerabilities put millions of repositories at risk of being hijacked, potentially disrupting the open source software supply chain. Unauthenticated users can exploit these flaws to take control, posing a significant threat. The vulnerabilities expose a large number of repositories to potential hijacking. This could have serious implications for the security of the software supply chain. Millions of repositories are potentially vulnerable to exploitation.
  SecurityWeek
  · Jun 24, 2026·brief
• Stealthy Mistic backdoor linked to ransomware access broker KongTukeA newly identified backdoor called Mistic has been found in attacks on organizations, primarily targeting those in the insurance, education, IT, and professional services sectors, with a financial motivation behind these attacks. The Mistic backdoor is linked to a ransomware access broker known as KongTuke.
  BleepingComputer
  · Jun 24, 2026·brief
• LastPass confirms data breach after hacker compromises supply chainLastPass has confirmed a data breach resulting from a hacker compromising its supply chain. The breach was reported, with details available in an article and discussion on the incident.
  Hacker News
  · Jun 24, 2026·brief
• Purism announces Librem 16 laptop designed to respect privacy, security, freedomPurism has introduced the Librem 16 laptop, which is designed with a focus on privacy, security, and freedom. The company has announced the product launch on their website, with additional discussion taking place on a comments thread. The Librem 16 is intended to provide a laptop option that prioritizes user privacy and security. Further details about the laptop can be found on Purism's website.
  Hacker News
  · Jun 24, 2026·brief
• Show HN: Flounder – an autonomous white-hat security auditorA project called Flounder has been introduced as an autonomous white-hat security auditor. It is available on GitHub, where the code can be accessed. A discussion about Flounder has been started on Hacker News, with a comments page available for feedback. The project has garnered some initial interest, with a point assigned to it.
  Hacker News
  · Jun 24, 2026·brief
• BeyondTrust, LastPass Impacted by Klue-Salesforce IncidentA security incident involving Klue and Salesforce has resulted in data theft from over a dozen Salesforce instances belonging to Klue customers. BeyondTrust and LastPass are among the companies affected by this incident.
  SecurityWeek
  · Jun 24, 2026·brief
• Dedicated Server Security Checklist: Complete Linux Server Hardening GuideA dedicated server security checklist has been published, providing a comprehensive guide to hardening Linux servers. The guide is available on the Servers99 blog. The article has been shared on Hacker News, where it has received 3 points. There are currently no comments on the post. The discussion can be found on the Hacker News comments page.
  Hacker News
  · Jun 24, 2026·brief
• DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money LaunderingThe US Department of Justice has seized a cloud computing account linked to subsidiaries of HuiOne Group, a Cambodia-based conglomerate. This action is related to allegations that these subsidiaries helped transfer proceeds of cyber scams. The Treasury has also imposed sanctions on nine individuals and 26 entities connected to Prince Group. The seized cloud account was allegedly used for money laundering activities tied to cyber scams. The move is part of a broader effort to disrupt and dismantle organizations involved in illicit financial activities. The sanctions and seizure aim to curb the flow of illicit funds.
  The Hacker News
  · Jun 24, 2026·brief
• Webinar Today: Modern Exposure Validation in the AI EraA webinar is being held to discuss modern exposure validation in the context of artificial intelligence. The event is scheduled for today, and its topic is relevant due to changes in the exploit timeline.
  SecurityWeek
  · Jun 24, 2026·brief
• Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to RootA critical security flaw in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition is being exploited by threat actors. The vulnerability is due to improper input validation for specific HTTP requests, allowing an unauthenticated remote attack. It has a CVSS score of 8.6 and is tracked as CVE-2026-20230. Exploitation of this flaw could potentially lead to file-write access to the root directory. The exploitation began after a proof-of-concept revealed the file-write path to root. This vulnerability can be exploited remotely without authentication.
  The Hacker News
  · Jun 24, 2026·brief
• Hackers Exploiting Cisco Unified CM VulnerabilityHackers are taking advantage of a vulnerability in Cisco Unified CM. A proof-of-concept for the vulnerability, identified as CVE-2026-20230, was already available when Cisco released patches in early June.
  SecurityWeek
  · Jun 24, 2026·brief
• US presses Meta to agree to AI reviews as security fears riseThe US is pushing Meta to agree to reviews of its artificial intelligence systems due to growing security concerns. Meta's AI systems are the focus of these proposed reviews, which are intended to address rising fears about security. The US government is seeking to ensure that Meta's AI development prioritizes security. Details of the proposed reviews and Meta's response are not specified. The initiative is part of broader efforts to address security risks associated with AI.
  Hacker News
  · Jun 24, 2026·brief
• Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official SaysA US government official stated that Anthropic's Mythos Model discovered vulnerabilities in classified US government systems. Some of these vulnerabilities were found within hours, although the official clarified that this does not necessarily mean the model was able to exploit them within that timeframe.
  SecurityWeek
  · Jun 24, 2026·brief
• Vulnerability reports are not special anymoreA recent article discusses the concept of vulnerability reports, with a corresponding discussion thread on a news website. The article has garnered significant attention, with nearly 300 points and over 150 comments. The topic appears to be generating substantial interest and debate within the community. The article's author explores the idea that vulnerability reports may not hold the same level of significance as they once did. The discussion thread provides a platform for individuals to share their thoughts and opinions on the matter. The article and discussion thread can be accessed through provided URLs.
  Hacker News
  · Jun 23, 2026·brief
• Cisco Unified CM flaw CVE-2026-20230 now exploited in attacksA high-severity vulnerability in Cisco Unified Communications Manager Server is being exploited by attackers. The vulnerability is a server-side request forgery issue. It has been assigned the identifier CVE-2026-20230.
  BleepingComputer
  · Jun 23, 2026·brief
• Tata Electronics confirms cyberattack as hackers leak dataTata Electronics has confirmed that it was targeted in a cyberattack that affected portions of its IT infrastructure. The attack resulted in hackers leaking data.
  BleepingComputer
  · Jun 23, 2026·brief
• When is an AI agent's approval prompt a security boundary?A recent article explores the concept of an AI agent's approval prompt as a potential security boundary. The article is available on GitHub and has been discussed on Hacker News, where it received 2 points but no comments. The discussion on Hacker News provides a platform for users to share their thoughts on the topic. The article's author examines the role of approval prompts in AI agents and their implications for security. The article is intended to spark conversation and explore the intersection of AI and security.
  Hacker News
  · Jun 23, 2026·brief
• Scope of Salesforce Attacks Expands as Icarus Leaks DataThe scope of recent Salesforce attacks has grown, with additional victims coming to light. Attackers initially breached application vendor Klue, then utilized stolen OAuth tokens to access and steal customer data from Salesforce.
  Dark Reading
  · Jun 23, 2026·brief
• Windows 11 KB5095093 update rolls out new Point-in-Time restore featureMicrosoft has released a preview cumulative update for Windows 11, which includes fixes for various bugs and introduces new features. The update, KB5095093, is available for Windows 11 versions 24H2 and 25H2. One of the new features being rolled out is the Point-in-Time restore feature. This update is part of the ongoing development and refinement of Windows 11. The Point-in-Time restore feature is among the new functionalities being introduced in this update. The update aims to improve the overall stability and functionality of Windows 11.
  BleepingComputer
  · Jun 23, 2026·brief
• Healthtech firm Xolis suffers data breach impacting 1.4 million peopleA healthcare technology company called Xsolis has experienced a data breach due to a phishing attack. The breach resulted in the compromise of sensitive data belonging to approximately 1.4 million individuals, after the attackers gained access to the company's network.
  BleepingComputer
  · Jun 23, 2026·brief
• 'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer WorkflowsA vulnerability in CI/CD workflows is being exploited through malicious pull requests, dubbed Cordyceps. This issue affects several prominent projects, including Microsoft's Azure Sentinel and Google's AI Agent Development Kit. Other impacted projects include Apache's Doris analytics database, Cloudflare's Workers SDK, and Python Software Foundation's Black. These malicious pull requests pose a threat to developer workflows. The affected projects are notable for their widespread use and importance in the development community.
  Dark Reading
  · Jun 23, 2026·brief
• Five Eyes agencies sound alarm about AI’s threat to cybersecurityThe Five Eyes intelligence alliance has issued a joint alert regarding the cybersecurity concerns posed by artificial intelligence. The alliance emphasizes that the timeline for addressing these concerns is relatively short, measured in months rather than years.
  The Record
  · Jun 23, 2026·brief
• New macOS ClickFix attack silently mounts DMGs to push infostealerA new campaign targeting macOS devices, known as ClickFix, has been discovered, which uses Terminal commands to secretly download and launch malware. The malware is distributed through malicious disk image files, allowing it to steal information from infected devices.
  BleepingComputer
  · Jun 23, 2026·brief
• FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting OperationA large-scale credential harvesting operation, known as FortiBleed, has targeted FortiGate firewalls worldwide, with over 430,000 devices affected. The operation is believed to be the work of a Russian-speaking initial access broker motivated by financial gain. The campaign has been active since February 2026 and involves several tactics, including collecting credential lists and brute-forcing accessible systems. The operation has resulted in the harvesting of over 110 million credentials. The attackers also search for exposed services and deploy custom tools to achieve their goals. The scope of the operation is global, affecting a significant number of FortiGate firewalls.
  The Hacker News
  · Jun 23, 2026·brief
• Semgrep Guardian: Security for AI-Generated CodeSemgrep has introduced a security tool called Semgrep Guardian, which provides real-time security for code generated by artificial intelligence. The tool is designed to address security concerns related to AI-written code. Further information about Semgrep Guardian can be found in a blog post on the Semgrep website. A discussion about the tool is also taking place on Hacker News. The announcement has garnered some attention, with a few comments and points on the platform.
  Hacker News
  · Jun 23, 2026·brief
• Feds seize alleged cyber-scam infrastructure connected to Southeast Asian companyThe US Department of Justice has seized a cloud computing account allegedly used by subsidiaries of the Huione Group, a Southeast Asian conglomerate. The Huione Group was previously cut off from the US financial system.
  The Record
  · Jun 23, 2026·brief
• Dragos Unveils AI for OT SecurityDragos has introduced a new artificial intelligence capability called EmberAI, which is designed to enhance operational technology security. EmberAI is built on Dragos' extensive dataset of operational technology cybersecurity information. This new capability is intended to improve security in operational technology environments.
  SecurityWeek
  · Jun 23, 2026·brief
• Shipping an OAuth-protected remote MCP server: the spec and 3 security bugsA blog post discusses the specification for an OAuth-protected remote MCP server and identifies three security bugs related to it. The post is available on the skilldb.dev blog. A comments section for the post is also available on Hacker News. The post has garnered some attention, with one point and no comments so far. The blog post aims to inform about the specification and security issues of the OAuth-protected remote MCP server.
  Hacker News
  · Jun 23, 2026·brief
• Trump directs federal agencies to protect US data from quantum threatsThe US government has taken a step to safeguard its data against potential quantum threats. An executive order has been issued to speed up the transition to post-quantum cryptography, a newer form of encryption. This move is in anticipation of the emergence of powerful quantum computers in the future. The goal is to protect US data with this new generation of encryption.
  The Record
  · Jun 23, 2026·brief
• AI agent security needs a composition graph, not just an SBOMA recent article suggests that securing AI agents requires more than just a software bill of materials, proposing the use of a composition graph instead. The article is available on the OpenACA blog and has been shared on Hacker News, where it has garnered some attention. The post has received a limited number of comments so far. The idea put forth in the article emphasizes the need for a more comprehensive approach to AI agent security. The composition graph is presented as a potential solution to address the risks associated with AI agents.
  Hacker News
  · Jun 23, 2026·brief
• Scattered Spider Hackers Plead Guilty on Day 1 of TrialTwo individuals pleaded guilty to criminal charges in the UK related to a cyberattack that affected Transport for London's public transport network. The attack occurred in August 2024 and the guilty pleas were entered on the first day of a trial that was expected to last six weeks. The men were key members of the cybercrime group Scattered Spider. Their guilty pleas brought a swift end to the trial proceedings. The cyberattack had significant impact, crippling the transport network in the Greater London area. The guilty pleas mark a notable development in the case against Scattered Spider.
  Krebs on Security
  · Jun 23, 2026·brief
• Private Orchards – Practical iPhone Privacy and Security GuidesA website called Private Orchards offers practical guides for enhancing iPhone privacy and security. The site's content is being discussed on Hacker News, where it has received 2 points but no comments so far. The discussion can be found on the Hacker News item page. The guides are available on the Private Orchards website.
  Hacker News
  · Jun 23, 2026·brief
• Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million AppsSecurity flaws in the Dify AI platform's multi-tenant cloud service pose a threat to data exposure. Attackers could exploit these vulnerabilities to access private chats and documents belonging to other tenants, as well as gain access to internal APIs. The Dify AI platform is used by a significant number of applications, approximately 1 million. This could have serious implications for the security of sensitive information handled by these apps. The vulnerabilities could be abused to read private data and preview documents not intended for the attacker.
  SecurityWeek
  · Jun 23, 2026·brief
• Scattered Spider members plead guilty to hacking Transport for LondonMembers of the Scattered Spider cybercrime group have admitted to hacking into Transport for London's systems. The guilty pleas were entered by two individuals involved in the hacking incident that occurred in 2024.
  BleepingComputer
  · Jun 23, 2026·brief
• Compromise kids online safety bill unveiled by House leaders, with key omissionHouse leaders have introduced a bill aimed at protecting children's online safety, but it lacks a key provision. This omitted provision, known as the duty of care, would have required online platforms to take steps to prevent harms like suicidal ideation, eating disorders, and cyberbullying. It would have done so by compelling platforms to modify their algorithms and design features. The exclusion of this provision is notable, as it was intended to address specific online risks. The bill's introduction marks a significant development in efforts to regulate online platforms and protect children. The omitted duty of care provision was a crucial component of the proposed legislation.
  The Record
  · Jun 23, 2026·brief
• Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 AgentsA security firm created a fake AI agent skill and successfully uploaded it to a popular marketplace, where it was reportedly accessed by around 26,000 agents, including some linked to corporate accounts. The skill was promoted through an Instagram ad and passed security scans, with every scanner tested marking it as safe. The fake skill was designed to be harmless, collecting only the user's email address and performing no other actions. This experiment was intended to demonstrate a vulnerability, although the full implications are not specified. The firm's test highlights a potential security issue in the skill marketplace. The fact that the skill passed security scans despite being fake raises concerns.
  The Hacker News
  · Jun 23, 2026·brief
• Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto MigrationPresident Trump has signed an executive order setting deadlines for federal agencies to migrate to post-quantum cryptography. Federal agencies must transition key establishment to post-quantum cryptography by December 31, 2030, and digital signatures by December 31, 2031. The order establishes separate guidelines for national security systems. The deadlines are intended to address a specific threat. The migration is required for high-value assets and high-impact systems. The order aims to ensure the security of federal agencies' systems in the face of emerging threats.
  The Hacker News
  · Jun 23, 2026·brief
• Systems Security Hall of FameA Systems Security Hall of Fame has been created. The hall of fame is discussed in an article and comments are being collected on a separate webpage. The article is available for viewing and the comments section is open for discussion, although no comments have been made yet. The topic has garnered some interest, with a few points accumulated.
  Hacker News
  · Jun 23, 2026·brief
• GitHub Updates actions/checkout to Block Common Pwn Request Attack PatternsGitHub is enhancing software supply chain security by updating its actions/checkout feature to prevent pwn request attacks. The update targets the misuse of the pull_request_target workflow trigger, which can be exploited to run malicious code with elevated privileges. The change is intended to block such attacks. The updated version of actions/checkout is set to take effect on June 18, 2026. This update aims to mitigate the risks associated with the workflow trigger. The actions/checkout feature is used for checking out a repository into the workflow environment.
  The Hacker News
  · Jun 23, 2026·brief
• The Exploit Doesn't Exist. You Can Still Prove It Works Against YouA security exploit may not be publicly known or documented, but it is still possible to determine its effectiveness against a target. This concept highlights that the existence of an exploit is not a prerequisite for understanding its potential impact. The idea challenges traditional notions of exploit discovery and mitigation. It suggests that proof of an exploit's functionality can be demonstrated even if the exploit itself is not publicly available. This approach can be useful in certain security testing and evaluation scenarios. The concept has been discussed in a recent article on BleepingComputer.
  BleepingComputer
  · Jun 23, 2026·brief
• LastPass confirms data breach in Klue supply chain attackLastPass has confirmed a data breach resulting from a supply chain attack on Klue. The breach occurred through Klue, a third-party vendor used by LastPass. LastPass acknowledged the incident, which led to unauthorized access to their systems. The attack on Klue allowed threat actors to gain access to LastPass' environment. Details of the breach are available in an article on BleepingComputer.
  BleepingComputer
  · Jun 23, 2026·brief
• SocGholish Takedown Highlights Malicious TDS ThreatsSocGholish is a malicious entity that utilizes traffic distribution systems to gain initial access to victims' networks. This access is then provided to cybercrime groups, including the well-known Evil Corp, allowing them to carry out their operations.
  Dark Reading
  · Jun 23, 2026·brief
• PixelSmash – Critical FFmpeg Vulnerability Turns Media Files into WeaponsA critical vulnerability has been discovered in FFmpeg, a tool for processing media files. This vulnerability, known as PixelSmash, allows media files to be used as weapons. The issue is discussed in an article available on the JFrog website. The article about PixelSmash has been shared on Hacker News, where it has garnered some attention.
  Hacker News
  · Jun 23, 2026·brief
• Two Scattered Spider members plead guilty over cyberattack that crippled London transitTwo members of the Scattered Spider group have pleaded guilty to their involvement in a cyberattack that targeted Transport for London's network. The attack, which occurred in 2024, caused disruptions to public transportation services for several months. The individuals who pleaded guilty are 20 and 18 years old. They admitted to infiltrating the network, leading to the prolonged disruption of services. The cyberattack had a significant impact on London's transit system, affecting commuters for an extended period. The guilty pleas mark a development in the case against the Scattered Spider group.
  The Record
  · Jun 23, 2026·brief
• Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel AttacksA high-severity vulnerability was found in Samsung's KNOX security framework, which is used in Android-powered Galaxy devices. The flaw, a use-after-free vulnerability, affected devices from the S9 through S25 models. This vulnerability made millions of Galaxy devices susceptible to kernel attacks. The issue is notable for being eight years old, indicating a long-standing security risk. The vulnerability's presence in numerous device models highlights the potential scope of its impact.
  SecurityWeek
  · Jun 23, 2026·brief
• CISO Conversations: Carl Froggett – Combining CISO and CIO at Deep InstinctCarl Froggett holds the dual role of CISO and CIO at Deep Instinct. Prior to this, he served as CISO at Citi for nearly 17 years. Froggett's unique position combines the responsibilities of both chief information security officer and chief information officer. He brings extensive experience to his current role, having spent a significant amount of time in a CISO position at a major financial institution. Froggett's background and current dual role make him a notable figure in the cybersecurity industry. His experience and insights are being shared in a conversation series.
  SecurityWeek
  · Jun 23, 2026·brief
• FortiBleed Attackers Turn Firewalls Into Credential Stealers as Heists PersistThreat actors have developed a Golang-based sniffer to target FortiGate firewalls, with the goal of stealing credentials. The campaign has identified 110 million credentials and is targeting approximately 430,000 firewalls. This attack is part of an ongoing global campaign. The attackers are using compromised firewalls to steal sensitive information. The scope of the campaign is substantial, affecting a large number of firewalls worldwide. The threat actors' ability to engineer such a tool highlights their sophistication and capabilities.
  Dark Reading
  · Jun 23, 2026·brief
• Webinar: Why email security teams are drowning in alertsSecurity teams responsible for email security are being overwhelmed by a high volume of alerts and investigations due to phishing, BEC, and account takeover attacks. A webinar is being held to discuss how behavioral AI can be used to automate detection and response workflows. This automation is expected to reduce alert fatigue and improve operational efficiency for these teams.
  BleepingComputer
  · Jun 23, 2026·brief
• Algerian Man Extradited to US for Running Cybercrime MarketplacesAn Algerian man, Abdellah Belmili, has been extradited to the US for allegedly running cybercrime marketplaces. Belmili, who is 26 years old, is accused of operating Market0Day and Spoxy. He faces a potential prison sentence of up to 30 years. The extradition is part of a US effort to prosecute individuals involved in cybercrime. Belmili's case is currently pending in the US.
  SecurityWeek
  · Jun 23, 2026·brief
• FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS AppliancesA vulnerability in FFmpeg's libavcodec library, known as PixelSmash, can be exploited by attackers to execute code. This can be achieved by sending specially crafted media files to applications that utilize the library. The flaw potentially affects various devices and software, including video players, media servers, and NAS appliances. Attackers can leverage this vulnerability to gain remote code execution capabilities. The issue is related to the PixelSmash codec in the libavcodec library.
  SecurityWeek
  · Jun 23, 2026·brief
• Agentic AI: The Weapon That No Longer Needs a WarriorThe development of weapons has historically involved increasing the distance between the warrior and the target. Initially, weapons like spears and bows extended the reach of the human arm, while rifles further increased the distance to a quarter mile. Later, aircraft enabled attacks to be carried out across oceans, continually widening the gap between the warrior and the wound. Throughout these advancements, one constant remained: a human was responsible for selecting the target. This dynamic is now changing with the emergence of Agentic AI. The role of the human warrior in choosing targets is being reevaluated.
  The Hacker News
  · Jun 23, 2026·brief
• OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery
  SecurityWeek
  · Jun 23, 2026
• Anthropic’s Fable 5 Model Jailbroken Within DaysAnthropic's Fable 5 model, designed to be a safer version of the Mythos Preview with built-in safeguards, was compromised shortly after its release. The model's restrictions, intended to prevent its use in creating cyberattacks, were bypassed within days.
  Schneier on Security
  · Jun 23, 2026·brief
• Russian Initial Access Broker Behind FortiBleed Campaign
  SecurityWeek
  · Jun 23, 2026
• Canadian Electricity Provider London Hydro Discloses Data Breach
  SecurityWeek
  · Jun 23, 2026
• Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RATCybersecurity researchers have found malicious npm packages that deliver a Windows-based remote access trojan. These packages disguise themselves as PostCSS tools and were published by a single npm user over the past month. The identified packages include aes-decode-runner-pro, postcss-minify-selector, and postcss-minify-selector-parser, which have accumulated a total of over 1000 downloads. The packages were downloaded 145, 256, and 615 times respectively. They were designed to install a remote access trojan on Windows systems. The packages were published under the guise of legitimate PostCSS tools.
  The Hacker News
  · Jun 23, 2026·brief
• Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration
  SecurityWeek
  · Jun 23, 2026
• Invite to beta tester and investors for depgaze. SW supply chain security tool
  Hacker News
  · Jun 23, 2026
• America's largest companies have no simple way to report security flaws
  Hacker News
  · Jun 23, 2026
• WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM ToolA campaign is using WhatsApp to spread malicious Visual Basic Script files, which install legitimate Remote Monitoring and Management software. The files are being distributed through direct messages on WhatsApp Desktop and WhatsApp Web. The campaign is targeting users in several countries, including Malaysia, Brazil, India, Mexico, Singapore, the U.K., Spain, Taiwan, and Australia. Kaspersky has identified this active campaign, which uses fake documents to install the ManageEngine RMM tool. The use of legitimate software in this campaign is a notable aspect of the attack. The campaign's scope is international, affecting users across multiple regions.
  The Hacker News
  · Jun 23, 2026·brief
• Stripe pre-launch security checklist for indie SaaS
  Hacker News
  · Jun 23, 2026
• OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security FlawsOpenAI is releasing an enhanced version of its GPT-5.5-Cyber model to select defenders as part of the Daybreak initiative. This model is considered the company's most capable yet for identifying and assisting in the patching of software vulnerabilities. The GPT-5.5-Cyber model can perform more in-depth analysis across extensive codebases. OpenAI announced the Daybreak initiative last month, and this release is an expansion of that effort. The model is intended to aid defenders in addressing security flaws. OpenAI describes GPT-5.5-Cyber as its strongest model for this purpose.
  The Hacker News
  · Jun 23, 2026·brief
• Open-source security auditors for Supabase, Strapi, Hasura and Ollama
  Hacker News
  · Jun 23, 2026
• WhatsApp phishing attack uses fake business docs to hack PCsA malware campaign is currently targeting WhatsApp users across several countries. The attack involves sending deceptive messages that contain VBScript files, which can provide hackers with remote access to the targeted system if opened.
  BleepingComputer
  · Jun 22, 2026·brief
• JaredFromSubway MEV bot hacked in $15 million crypto theftA hacker stole $15 million in cryptocurrency from the JaredFromSubway Ethereum MEV bot by creating fake trading opportunities that manipulated the bot's logic for detecting profitable trades. The attack exploited the bot's opportunity-detection mechanism, resulting in significant financial loss.
  BleepingComputer
  · Jun 22, 2026·brief
• DifyTap Bugs Let Attackers 'Wiretap' AI Chat HistoriesVulnerabilities in the Dify platform can be exploited by attackers to access sensitive data without detection. The flaws allow for the silent exfiltration of data, including AI chat histories. This enables attackers to essentially wiretap conversations. The vulnerabilities are found in Dify, a platform used for building and managing AI applications. Attackers can leverage these flaws to gain unauthorized access to sensitive information.
  Dark Reading
  · Jun 22, 2026·brief
• FFmpeg fixes PixelSmash flaw in widely used video decoderA vulnerability known as PixelSmash has been found in FFmpeg, a widely used video decoder. This flaw can be exploited for remote code execution on Jellyfin servers under specific conditions. It can also cause a denial-of-service condition in various applications, including Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio. FFmpeg has released a fix for the PixelSmash flaw. The vulnerability poses a risk to several media applications.
  BleepingComputer
  · Jun 22, 2026·brief
• FortiBleed campaign used custom FortiGate sniffer to steal credentialsThe FortiBleed campaign targeted Fortinet FortiGate devices on a large scale. A custom sniffer was used to harvest authentication secrets from compromised firewalls, allowing the attackers to steal credentials. This campaign was identified by security firm SOCRadar.
  BleepingComputer
  · Jun 22, 2026·brief
• ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain AttackA supply chain attack has compromised multiple WordPress plugins from ShapedPlugin, allowing unknown threat actors to inject backdoor code into official releases. The attackers were able to tamper with the vendor's build and distribution pipeline, enabling them to push the backdoored code through licensed update channels. This means that the compromised plugins were distributed through official channels, potentially affecting users who updated their plugins through legitimate means. Wordfence has conducted an analysis of the incident, detailing the extent of the compromise. The attack highlights a vulnerability in the plugin development and distribution process. Users of the affected ShapedPlugin plugins may be at risk due to the backdoor code.
  The Hacker News
  · Jun 22, 2026·brief
• Microsoft says Windows 11 26H2 is coming soon, details upgrade processMicrosoft has announced that Windows 11 version 26H2 is upcoming and will be available as a feature update. Devices currently running Windows 11 versions 24H2 and 25H2 can upgrade to 26H2 using a small enablement package.
  BleepingComputer
  · Jun 22, 2026·brief
• Microsoft fixes AutoGen Studio flaw that enabled code executionA vulnerability in Microsoft's AutoGen Studio interface could allow attackers to execute arbitrary commands on a host system. This can be achieved by manipulating an AI agent into executing commands when a user visits a malicious webpage. The vulnerability is part of a chain dubbed AutoJack.
  BleepingComputer
  · Jun 22, 2026·brief
• 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP RequestsA vulnerability in the Squid web proxy can cause it to leak cleartext HTTP requests from one user to another. This leak can expose sensitive information such as credentials or session tokens to anyone who is allowed to send traffic through the same proxy. The issue is due to a heap over-read in the Squid web proxy. The bug originated from a change made in 1997 related to FTP parsing and remains present in Squid's default configuration. Researchers at Calif.io discovered the vulnerability and disclosed it in June, referring to it as Squidbleed. The vulnerability can be exploited by anyone with access to the proxy.
  The Hacker News
  · Jun 22, 2026·brief
• Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across TenantsCybersecurity researchers have identified four vulnerabilities in the Dify platform, which could be exploited to access AI conversations from other customers' applications without needing authentication. These vulnerabilities, referred to as DifyTap, affect Dify, an open-source workflow platform with a significant presence on GitHub. The flaws could allow attackers to secretly read AI conversations from other tenants. Dify has garnered over 146,000 stars on GitHub, indicating its popularity. The discovery was made by Zafran Security researchers. The vulnerabilities pose a risk to the confidentiality of AI conversations across different tenant applications.
  The Hacker News
  · Jun 22, 2026·brief
• Crypto Heist Fueled by Elaborate Fake Reputation-Boosting CampaignAttackers are utilizing various online platforms to create a false sense of trust. They are spreading a cross-platform clipboard hijacker through these channels, which include code repository sites, video sharing platforms, and virus scanning websites. This campaign is aimed at deceiving potential victims into trusting the malicious software. The use of multiple online channels helps to build credibility and legitimacy for the attackers' malicious activities. The clipboard hijacker is being distributed across different platforms, increasing its potential reach and impact.
  Dark Reading
  · Jun 22, 2026·brief
• He Thought He Was Secure; His Phone Number Got Stolen AnywayThreat actors can steal one-time passwords sent via text message by conducting a SIM swap attack. This type of attack can result in account takeovers. To protect against this, users should implement multiple layers of security.
  Dark Reading
  · Jun 22, 2026·brief
• New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealerResearchers have identified a new campaign that uses a previously unknown malware loader called OXLOADER to deliver CastleStealer. The campaign starts with malicious Google Ads, which are used to distribute the malware. The threat actor behind the campaign is believed to be Russian-speaking and motivated by financial gain. Elastic Security Labs has disclosed details of the campaign, shedding light on this new distribution method. The use of malicious ads as a starting point allows the attacker to reach potential victims. The campaign's tactics suggest a focus on generating revenue.
  The Hacker News
  · Jun 22, 2026·brief
• Google Sets Sept. 30 Deadline for Android Developer Verification in Four CountriesGoogle is enforcing Android developer verification in four countries starting September 30, 2026. The countries affected are Brazil, Indonesia, Singapore, and Thailand. On this date, certified Android phones in these countries will block installations of apps from unverified developers. Major device-maker app stores are included in this enforcement. The verification process requires developers to register their identity with Google. This change aims to enhance security by restricting installs of apps from unregistered developers.
  The Hacker News
  · Jun 22, 2026·brief
• Stop Your Legacy Infrastructure from Hijacking Your AI Agents
  The Hacker News
  · Jun 22, 2026
• Professional Athletes and WearablesProfessional athletes who use wearables face significant privacy concerns. Their biometric data, if compromised, could impact their livelihood. A coach may use a player's wearable data to assess their performance or behavior, such as checking if a poor game was due to a late night. This raises concerns about the potential misuse of sensitive information. The stakes are high for athletes, as a single biometric data point could have serious consequences. Wearable data could be used to make inferences about an athlete's personal life and habits.
  Schneier on Security
  · Jun 22, 2026·brief
• ⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
  The Hacker News
  · Jun 22, 2026
• Friday Squid Blogging: Victims of Unregulated Squid FishingUnregulated squid fishing fleets are harming various species, including dolphins, sharks, and turtles, as well as human workers. This issue is being highlighted in a recent news article. The topic of security stories in the news is also open for discussion.
  Schneier on Security
  · Jun 19, 2026·brief
• Stressors, AI Forcing Changes to Cybersecurity TeamsCybersecurity teams are undergoing changes due to increasing threats and the impact of artificial intelligence on the field. The role of cybersecurity professionals is becoming more challenging, according to CISOs. Despite the difficulties, there is still a strong demand for cybersecurity expertise, with many companies seeking it even on a part-time basis.
  Dark Reading
  · Jun 19, 2026·brief
• Anthropic’s Fable and the State of AIAnthropic released its Fable generative AI model on June 9th. Shortly after, the US government classified it as a dangerous munition and prohibited foreign nationals from accessing it, prompting the company to shut off access for all users due to its inability to distinguish between Americans and foreigners. The government's actions are not expected to be effective in addressing the issue. The concern is not with a specific AI model, but rather the broader trend of advancing AI capabilities. A comprehensive solution would require collective action, which is currently not feasible.
  Schneier on Security
  · Jun 19, 2026·brief