102Articles
9Categories
2026-06-04Date
🚨 CISA KEV 1[−]
4 Jun KEVCISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV CatalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the …THEHACKERNEWS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
4 JunHugging Face Transformers RCE flaw enables stealthy compromise via AI model configsA high severity vulnerability in Hugging Face Transformers enables attackers to compromise systems that use the popular Python library to test and run AI models. The flaw impacts library versions that continue to be actively downloaded and comes at a time when attackers are incre…CSOONLINE.COM
4 JunHTTP/2’s speed abused to slow webserver performance in DoS attackSecurity researchers are warning of an issue with the default HTTP/2 configuration used by major web servers which reportedly survived more than a decade of human review before showing up in Codex-assisted analysis. A flaw in the handling of the HTTP/2 protocol made a denial-of-s…CSOONLINE.COM
4 JunCisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes PublicCisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has no…THEHACKERNEWS.COM
4 JunSecurity Researchers Are Threat Actors - PSW #929This week in the security news: - Security Researchers Are Threat Actors according to Microsoft - Hands-free malicious firmware - If you've ever typed "ls" in Windows, this is for you - Cisco makes more patches, wants you to pay - Ambiguous Secure Boot bypass - Threat actors love…YOUTUBE.COM
⚠️ VULNERABILITY DISCLOSURE 24[−]
4 JunBeware the ‘son of Mythos,’ security experts warnLONDON — Enterprise security teams were urged by security experts at Infosecurity Europe to brace for impact as both Anthrophic and OpenAI expand access to their frontier AI models for vulnerability discovery. Anthropic, in particular, is significantly expanding Project Glasswing…CSOONLINE.COM
4 JunHole in GitHub’s browser-based VSCode editor could lead to stolen tokenA vulnerability in GitHub’s browser-based VSCode editor could lead to the theft of a developer’s token under certain circumstances, says a researcher. The issue, revealed this week in a blog by Ammar Askar , has apparently been already addressed by GitHub owner Microsoft. But it …CSOONLINE.COM
4 JunHearing Is no longer believing.This week, hosts of N2K CyberWire ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ alongside ⁠⁠…THECYBERWIRE.COM
4 JunCISA directive for AI executive order to be released this week, Andersen saysThe binding operational directive will focus in part on “vulnerability alleviation and vulnerability management,” Andersen said in remarks delivered at the TechNet Cyber conference in Baltimore.THERECORD.MEDIA
4 JunCisco Warns of Available PoC for Critical Unified CM VulnerabilityThe high-severity flaw can be exploited remotely, without authentication, in server-side request forgery (SSRF) attacks. The post Cisco Warns of Available PoC for Critical Unified CM Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunVS Code Vulnerability Allows One-Click GitHub Token TheftA researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance. The post VS Code Vulnerability Allows One-Click GitHub Token Theft appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunFrom critical to controlled: Cutting vulnerabilities in a live manufacturing environmentA vulnerability scanner flags a critical CVSS 10 vulnerability on an industrial asset. The report lands in the boss’ inbox and now he wants to know why we’re sitting on a critical vulnerability. In a normal IT environment, you patch it then close the ticket and call it a day. If,…HELPNETSECURITY.COM
4 JunFake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDSCybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framewo…THEHACKERNEWS.COM
4 JunOver 1.4 Million Accounts Disrupted in Cybercrime CrackdownLaw enforcement and tech companies disrupted infrastructure linked to scammers operating across Southeast Asia. The post Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunCisco warns of critical Unified CM flaw with PoC exploit codeCisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. [...]BLEEPINGCOMPUTER.COM
4 JunInfosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New BenchmarkA Bugcrowd researcher has unveiled ExploitBench, an independent benchmark of AI models for vulnerability exploitationINFOSECURITY-MAGAZINE.COM
4 JunResearchers built AI worm that can adapt to infect diverse devicesResearchers at the University of Toronto have unveiled an AI-powered computer worm capable of autonomously adapting its attack methods as it moves through a network. The proof-of-concept malware was built using publicly available open-weight AI models, showing that advanced offen…CYBERINSIDER.COM
4 JunMirasvit Vulnerability Exploited to Execute Code on Magento ServersA flaw in the Full Page Cache Warmer extension can be exploited without authentication via serialized PHP object payloads. The post Mirasvit Vulnerability Exploited to Execute Code on Magento Servers appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunResearcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure processThe security researcher, Ammar Askar, released the new proof-of-concept exploit on his personal blog — alongside the public tracker for issues in VS Code — giving a GitHub security contact roughly one hour's notice beforehand.THERECORD.MEDIA
4 JunHackers Are After the Gaps in Your Vulnerability Program: Here's Their PlaybookThreat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tutorial reveals about modern attacker workflows. [...]BLEEPINGCOMPUTER.COM
4 JunHow the “Swiss Cheese” model can help you choose the right MDR providerNot all managed detection and response (MDR) solutions are equal. Finding the differences between vendors can be quite hard, and then understanding how those differences impact your business can be even harder. For instance, you may come across an MDR provider whose pricing is ba…RAPID7.COM
4 JunCrowdStrike, Palo Alto Networks defy estimates as AI fuels cyber demandThe cybersecurity sector has been under perceived pressure due to accelerating deployment of AI tools.CYBERSECURITYDIVE.COM
4 JunOpenAI responds to White House executive order on AI governanceOpenAI has proposed mandatory federal evaluations of the most capable AI models before public release while arguing that regulators should stop short of deciding whether those systems can be deployed, staking out a middle ground in the debate over how frontier AI should be govern…CSOONLINE.COM
4 JunEverest Forms Pro Vulnerability Allows Remote Code Execution on WordPress SitesCritical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accountsINFOSECURITY-MAGAZINE.COM
4 JunMeta’s own AI chatbot to blame for Instagram accounts being stolen in secondsHackers have been hijacking Instagram accounts at scale by exploiting Meta's AI support chatbot. And, as if that weren't bad enough, the technique required no technical skill whatsoever. Read more in my article on the Fortra blog.FORTRA.COM
4 JunGain visibility into DDoS attacks with flow logs in AWS Shield AdvancedReconstructing distributed denial of service (DDoS) attack traffic used to mean combining data from multiple sources after the fact. AWS Shield Advanced attack flow logs change that—they capture traffic metadata during attacks so you can pinpoint sources, verify mitigations, and …AWS.AMAZON.COM
4 JunTenable joins Anthropic’s Project Glasswing to advance AI-era cyber defenseBy participating in Project Glasswing and working with Claude Mythos Preview, Tenable can help customers better understand how emerging frontier AI models behave, their evolving risks and benefits for cybersecurity, and the kinds of controls organizations will need as AI adoption…TENABLE.COM
4 JunNot every headhunter is hiring.The Five Eyes issue a rare joint warning on China. Jen Easterly weighs in on Trump’s AI EO. Researchers warn everyday notifications can become AI attack vectors. IronWorm is a sophisticated Rust-based infostealer targeting software developers. Cisco patches a critical vulnerabili…THECYBERWIRE.COM
4 JunTrump considers Palantir exec to lead CISAShyam Sankar, the chief technology officer at Palantir Technologies, has emerged as a lead contender for the long vacant Cybersecurity and Infrastructure Security Agency (CISA) director role, according to the sources, who requested anonymity to discuss the administration’s search…THERECORD.MEDIA
📢 SECURITY ADVISORIES 10[−]
4 JunInfosecurity Europe: Ukraine’s Experience Highlights the Need for Preparation and Resilience in CybersecurityFormer Ukrainian foreign minister, Dmytro Kuleba, urges Infosecurity Europe attendees to fight the good fightINFOSECURITY-MAGAZINE.COM
4 JunPakistan Spies on Afghan Finance Ministry With Xeno RATDespite broadly connected digital infrastructure, standard fare TTPs are enough to cause trouble for Afghanistan's porous cybersecurity.DARKREADING.COM
4 JunSpotless compliance evidence can still hide a broken controlIn this interview with Help Net Security, Marc Rubbinaccio, Head of Cybersecurity and Compliance at Secureframe, explains where security teams go wrong when preparing for CMMC and FedRAMP 20x. The conversation covers how organizations check the 110 requirements but miss the 320 a…HELPNETSECURITY.COM
4 JunInfosecurity Europe: How Businesses Can Prepare for a Cybersecurity Crisis with Effective PlansCybersecurity and business leaders with experience of dealing with major incidents from within the NCSC and at JLR detail what you need to prioritize if your organization is hit by a cyber-attackINFOSECURITY-MAGAZINE.COM
4 JunChinese spies are using LinkedIn to lure Westerners into sharing sensitive informationThe advisory warns that Chinese spies are using public job search platforms to recruit people with access to non-public information.TECHCRUNCH.COM
4 JunFive Eyes allies issue advisory on Chinese intelligence operations.Researchers track versatile China-based cybercrime group. Cisco fixes critical flaw affecting Unified CM.THECYBERWIRE.COM
4 JunCISA chief says Trump AI EO implementation will start soonThe agency, depleted after several rounds of cuts imposed by the White House, insists it can handle its new AI security responsibilities.CYBERSECURITYDIVE.COM
4 JunSupreme Court rules FCC fines punishing telecom giants for sharing location data were legalThe Trump administration had backed the FCC’s position and, apart from Justice Clarence Thomas, the high court agreed.THERECORD.MEDIA
4 JunDentaQuest data breach exposed info of 2.6 million accountsA data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts. [...]BLEEPINGCOMPUTER.COM
4 JunHill Dems hammer GOP for $250M CISA budget cutA House Appropriations subcommittee is set to mark up fiscal 2027 DHS funding legislation Friday. The post Hill Dems hammer GOP for $250M CISA budget cut appeared first on CyberScoop .CYBERSCOOP.COM
🔥 INCIDENT REPORTING 11[−]
4 JunDentaQuest data breach exposed sensitive info of 2.6 million peopleDentaQuest says it is investigating a cybersecurity incident involving unauthorized access to part of its network, following the ShinyHunters extortion group's public leak of data allegedly stolen from the company. The breach has since been added to Have I Been Pwned (HIBP), whic…CYBERINSIDER.COM
4 JunUN food agency investigates breach exposing data of Gaza aid recipientsIn a message sent to aid recipients via Telegram over the weekend, the World Food Programme (WFP) said that "unauthorized parties" had accessed data stored in its self-registration application in Gaza.THERECORD.MEDIA
4 JunSecurity Tools Don’t Reduce RiskThe Peltzman effect describes how people often feel safer once protections are in place, even when the underlying risk has not meaningfully changed. In cybersecurity, organizations may assume firewalls, MSSPs, or security tools automatically make incidents less likely. That assum…YOUTUBE.COM
4 JunHola Browser supply chain breach delivered crypto-miner to usersA supply chain compromise resulted in a crypto-mining executable being distributed alongside certain installations of Hola Browser for Windows. The unexpected component, named me.exe, was discovered by Sophos X-Ops during a software certification test and was not part of the brow…CYBERINSIDER.COM
4 JunUN food agency discloses breach affecting 600,000 Gaza householdsThe United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine was breached. [...]BLEEPINGCOMPUTER.COM
4 JunAgentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize ItOver the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's Claude Mythos model was made available to a limited set of organizations as a technical preview, it w…THEHACKERNEWS.COM
4 JunRussia seeks to label two anti-Kremlin hacker groups as ‘extremist’The groups have previously claimed responsibility for cyberattacks targeting critical infrastructure and government institutions in Russia and Belarus.THERECORD.MEDIA
4 JunEU fines Temu 200 million Euros for breaching the DSA.Trump signs new EO focused on AI.THECYBERWIRE.COM
4 JunCredit card theft campaign abuses Stripe to host stolen payment infoA new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. [...]BLEEPINGCOMPUTER.COM
4 JunVerdantBamboo: Just Another BRICKSTORM in the FirewallIn September 2025, Volexity conducted an incident response engagement that began after suspicious network traffic was observed from a Linux-based virtual machine appliance on a customer’s network. The virtual machine […] The post VerdantBamboo: Just Another BRICKSTORM in th…VOLEXITY.COM
4 JunHola Browser for Windows compromised to deliver cryptominerThe Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 18[−]
4 JunISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958, (Thu, Jun 4th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
4 JunThe modern-day business can learn a lot about risk from this year’s mega eventsEvery year brings its share of global events, but 2026 is proving to be a banner year for mega-scale entertainment. The year got off to a roaring start with the Winter Olympics, and now anticipation is building for the fast-approaching FIFA World Cup. But amid the buzz, have you …HELPNETSECURITY.COM
4 JunAttackers already know the secrets are on your developers’ machines. Do you?In a recent GitGuardian analysis, an average of 150 secrets were found on a sample of developer endpoints. Private keys accounted for 38% of unique secrets, while cloud, identity provider, and secret management credentials (AWS IAM, Hashicorp vault) added another 22%. Those figur…HELPNETSECURITY.COM
4 JunProduct showcase: Trend Micro Mobile Security detects scams in messages, QR codes, and websitesTrend Micro Mobile Security for iOS protects devices from potentially harmful websites while browsing, blocks ads and personal information trackers, helps users avoid unsafe Wi-Fi networks, and monitors data usage. The app is available for both iOS and Android devices. Getting St…HELPNETSECURITY.COM
4 JunETSI sets security requirements for AI data centers and cloud platformsETSI has published TS 104 033, a technical specification that defines security requirements for AI computing platforms. The specification establishes a security framework for platforms used to host AI applications in data center and edge computing environments, covering security …HELPNETSECURITY.COM
4 JunHackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five MonthsUnknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec…THEHACKERNEWS.COM
4 JunHacking Meta’s AI ChatbotHackers are convincing Meta’s AI support chatbot to let them take over other peoples’ accounts: A video posted on X showed the step-by-step process to hack someone’s Instagram account. The hacker allegedly used a VPN to spoof the targets’ presumed location…SCHNEIER.COM
4 JunChinese Cybercrime Group in Spotlight for Record Campaign PaceRelying on social engineering, the hacking group engages in credential phishing, malware distribution, and fraud activities. The post Chinese Cybercrime Group in Spotlight for Record Campaign Pace appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunOAuth marketplace apps keep access after publishers vanishInstalling an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI workflows, organization settings, and secrets. Marketplace presence gives these apps the appearance of approval. …HELPNETSECURITY.COM
4 JunGemini Voice Assistant Hijacked via Messaging NotificationsAttackers could have triggered dangerous actions, including controlling smart home devices via Google Home and starting Zoom video calls. The post Gemini Voice Assistant Hijacked via Messaging Notifications appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunInside the race to adapt to an AI-powered security worldAI is breaking things faster than anyone can fix them. Security leaders across the industry are racing to figure out what comes next. The post Inside the race to adapt to an AI-powered security world appeared first on CyberScoop .CYBERSCOOP.COM
4 JunWebinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to RespondJoin this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. The post Webinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to Respond appeare…SECURITYWEEK.COM
4 JunWillow Raises $7 Million for Securing Autonomous AI AgentsWillow (formerly Webrix) emerged from stealth mode with an access platform designed to secure enterprise AI agents. The post Willow Raises $7 Million for Securing Autonomous AI Agents appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunOffroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity RiskAs AI agents, machine identities, and third-party applications multiply across enterprises, Offroad is betting autonomous security agents can restore control over an increasingly unmanageable identity landscape. The post Offroad Emerges From Stealth With $7 Million to Tackle Ente…SECURITYWEEK.COM
4 JunProton Drive adopts OpenPGP encryption, delivers 300% faster uploadsProton has announced a major cryptographic upgrade for Proton Drive that significantly improves the performance of its end-to-end encrypted cloud storage platform. The update makes encrypted file uploads up to 4x faster, while a broader overhaul of Drive's underlying architecture…CYBERINSIDER.COM
4 JunYour AI agent could become your biggest insider threatNew research details how the increasing integration of AI agents into businesses is making it easier than ever for insiders - malicious or otherwise - to put sensitive data at risk. The post Your AI agent could become your biggest insider threat appeared first on CyberScoop .CYBERSCOOP.COM
4 JunBrave launches minimalist Origin browser with only core privacy featuresBrave has officially launched Brave Origin, a new premium version of its browser designed for users who want Brave's privacy protections without the company's growing collection of integrated features. The release follows several months of testing in Nightly builds and arrives as…CYBERINSIDER.COM
4 JunUpdating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught usA surge in real-world attacks against agentic AI systems is reshaping how we think about risk. Based on 12 months of red teaming, this update introduces seven new failure modes, from supply chain compromise to goal hijacking, and the practical mitigations teams need now. The post…MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 5[−]
4 JunChina-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South AfricaA new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid operational tempo" and a continually evolving malware arsenal comp…THEHACKERNEWS.COM
4 JunFlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube AdsCybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity clust…THEHACKERNEWS.COM
4 JunInfosecurity Europe: AI Adoption Creates New Opportunities for Attackers to Distribute Malware, Microsoft WarnsMicrosoft Detection and Response Team (DART) details how it has uncovered malicious AI applications as cyber criminals manipulate organizations adopting AI toolsINFOSECURITY-MAGAZINE.COM
4 JunThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New StoriesIt got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts break…THEHACKERNEWS.COM
4 JunNew IronWorm malware hits 36 packages in npm supply-chain attackA new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...]BLEEPINGCOMPUTER.COM
🎙️ PODCASTS 2[−]
4 JunIs Your Enterprise AI Strategy Delivering ROI Yet?Your enterprise AI strategy isn’t as far along as you think. The reality for most organizations today is that AI is disrupting existing processes more than it’s delivering outcomes… so far. And according to Dr. Grace Trinidad, Research Director at IDC, that’s how it should be. In…THECYBERWIRE.COM
4 JunNavigating AI Vulnerabilities and Machine-Speed Threats with Jason Kikta from AutomoxJason Kikta, CTO at Automox, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices to discuss why speed has become the defining challenge in modern cybersecurity. Jason explores how organizations can balance AI-driven innovation with practical risk man…THECYBERWIRE.COMHTTPS:
📡 INFOSEC NEWS 27[−]
4 JunDoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in AssetsThe U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026,…THEHACKERNEWS.COM
4 JunWhatsApp, Slack Notifications Could Hijack Google Gemini on AndroidA single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly pois…THEHACKERNEWS.COM
4 JunMicrosoft's Coreutils for Windows, (Thu, Jun 4th)I&#;x26;#;39;ve been using the GnuWin32 CoreUtils for Windows for many years now (it gives you many *nix core commands on Windows). ISC.SANS.EDU
4 JunEnterprise Spotlight: Rethinking cloud strategy in the age of AICloud computing has reached a crossroads. The high cost and data sensitivity of AI workloads are raising the appeal of private clouds, even as neoclouds and sovereign clouds shake up the cloud provider landscape. New cyberthreats, shifting compute requirements, and management com…US.RESOURCES.CSOONLINE.COM
4 JunFlorida vs OpenAI.This week, Dave and Ben sit down to Florida's recent lawsuit against OpenAI and Sam Altman. In the suit, Florida alleges that the company placed profits over safety needs. Additionally, the two cover a story on an ad-based surveillance network.THECYBERWIRE.COM
4 JunInfosecurity Europe: Raise Security Concerns with Procurement Now, Because Quantum Can’t WaitForescout VP of security intelligence, Rik Ferguson, warns that Q-day is fast approachingINFOSECURITY-MAGAZINE.COM
4 JunMeta’s AI support bot happily handed Instagram accounts to hackersHackers convinced an AI support bot to hand over Instagram accounts by changing recovery email addresses.MALWAREBYTES.COM
4 JunTravel scams are everywhere. Here’s how to avoid themLearn how to spot travel scams, avoid risky bookings, and keep your personal information out of the wrong hands.MALWAREBYTES.COM
4 JunWinning the cyber marathon with Tony GiandomenicoTony Giandomenico, Senior Director of Product Management, joins Amy to discuss the Talos Threat Hunting launch what he's excited about for the future of cybersecurity, and, of course, his Ironman triathlons.TALOSINTELLIGENCE.COM
4 JunHypotheses, telemetry, and human judgment: Inside Cisco Talos Threat HuntingLearn how Cisco Talos Threat Hunting uses hypothesis-driven methods and multi-domain telemetry correlation to find stealthy threats operating below automated detection thresholds.TALOSINTELLIGENCE.COM
4 JunInfosecurity Europe: How Proton Fights Against Cybercriminals Using Its ServicesProton uses machine learning models to detect abuse of its services – especially email addresses used by cybercriminalsINFOSECURITY-MAGAZINE.COM
4 JunPolice dismantles fake ID marketplace used by migrant smugglersFrench and Spanish authorities took down an online marketplace selling fake identity documents to migrant smuggling rings operating within the European Union. [...]BLEEPINGCOMPUTER.COM
4 JunFive Eyes warn Chinese spies are using job sites to recruit insidersThe alert warned that Chinese intelligence officers are posing as recruiters and consultants for front companies based outside China in order to target Five Eyes government and military personnel “and anyone with access to classified or privileged information.”THERECORD.MEDIA
4 JunChinese-Speaking Actor TA4922 Widens Its Global ReachNewly named Chinese-speaking actor TA4922 expands from East Asia into Europe and AfricaINFOSECURITY-MAGAZINE.COM
4 JunMicrosoft blames unexpected Windows driver updates on caching issueOn Wednesday, Microsoft fixed an issue that caused some Windows devices to install driver updates without notice despite policies configured to prevent auto-updates. [...]BLEEPINGCOMPUTER.COM
4 JunAI Threat Readiness Pillar 1: Reduce Critical Exposures & Scan with AIDiving into the first pillar of the AI Threat Readiness Framework and how Wiz helpsWIZ.IO
4 JunClaude Code GitHub Action Flaw Let One Malicious Issue Hijack RepositoriesA security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack …THEHACKERNEWS.COM
4 JunCustomize federated sign-in with new Amazon Cognito Lambda triggerYou can use Amazon Cognito user pools to add sign-up and sign-in functionality to your web and mobile applications. You can authenticate users directly with Amazon Cognito managed accounts using passwords, passwordless flows, or custom authentication flows, or let users federate …AWS.AMAZON.COM
4 JunMeta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of PhonesCode reviewed by WIRED uncovered an unreleased face-recognition system embedded in Meta’s smart glasses platform. It’s designed to identify people via biometric data stored on users’ phones.WIRED.COM
4 JunReporting from Vegas: Networking, AI, and good boysJoe’s on-the-ground report from Cisco Live U.S. is here, complete with therapy dog pictures and tips on handling conference overstimulation.TALOSINTELLIGENCE.COM
4 JunFTC considers setting aside or modifying $150 million privacy penalty against XTwitter, renamed X in 2023, filed a petition saying that the settlement terms are unfair because the order was issued against a company that “no longer exists,” the workers responsible for the scheme no longer work for X and the firm has since established a “world class” privacy …THERECORD.MEDIA
4 JunFiltr is a new privacy tool that blocks ads in almost every iPhone and Mac appThis popular ad blocker app for iPhones, iPads, and Macs can now block ads from loading inside apps, including web browsers, thanks to a new feature in the latest Apple software.TECHCRUNCH.COM
4 JunDefense tech, AI, and fundraising take center stage at StrictlyVC Los Angeles on June 18With just two weeks to go, StrictlyVC Los Angeles is quickly approaching. On Thursday, June 18, at The Aerospace Corporation Campus in El Segundo, investors, founders, and tech leaders will gather for an evening of conversation exploring some of the most consequential shifts taki…TECHCRUNCH.COM
4 JunAmazon Cognito unlocks advanced capabilities with next-generation infrastructureAmazon Cognito recently introduced high-throughput performance for demanding workloads, customer-managed keys for full control over data encryption at rest, and multi- Region replication for business continuity improvement. These capabilities were made possible through a next-gen…AWS.AMAZON.COM
4 JunBrave Software releases Origin for a paid, bloat-free browsing experienceBrave has announced the public release of Brave Origin, a paid minimalist version of its browser that strips out cryptocurrency, AI, rewards, and other monetization-focused features. [...]BLEEPINGCOMPUTER.COM
4 JunChina's TA4922 Expands Cybercrime Attacks GloballyOne of the world's most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia.DARKREADING.COM
4 Jun4 Critical Threats Where Attackers Have the AdvantageGartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections.DARKREADING.COM