🚨 CISA KEV 1[−]
8 Jun KEVCritical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)Overview On June 8, 2026, Check Point published a security advisory for CVE-2026-50751 , a critical authentication bypass vulnerability affecting Check Point Remote Access VPN, Mobile Access, and Spark Firewall products. The vulnerability affects deployments configured to use the…RAPID7.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
8 Jun KEVCISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)A vulnerability (CVE-2026-28318) that can be exploited to crash SolarWinds Serv-U file transfer servers is being leveraged by attackers in the wild, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Friday. The agency has ordered US federal civilian agen…HELPNETSECURITY.COM
8 JunGoogle Protocol Buffers flaw turns schemas into shellsA widely used JavaScript implementation of Google’s Protocol Buffers format is placing too much trust in untrusted data, exposing affected applications to remote code execution and other attacks. Researchers at Cyera have disclosed six vulnerabilities affecting “ protobuf.js ,” a…CSOONLINE.COM
8 JunQilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)A Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the company announced on Monday. About CVE-2026-50751 Check Point Remote Access VPN enables and secures connections…HELPNETSECURITY.COM
8 Jun KEVCritical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 SetupsCheck Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of …THEHACKERNEWS.COM
8 Jun KEVAttackers exploiting unpatched Cisco SD-WAN flawCisco warns customers of an actively exploited high-severity vulnerability in Catalyst SD-WAN Manager, an enterprise network management system that has been targeted by hackers multiple times in the past. Located in the command-line interface, the flaw allows authenticated attack…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 29[−]
8 JunGoogle Colab CLI opens runtimes to Claude Code and CodexGoogle released the Google Colab Command-Line Interface, a tool that connects local terminals to remote Colab runtimes. The CLI provides an execution platform for developers and AI agents, letting users provision compute, run local Python scripts on remote runtimes, and retrieve …HELPNETSECURITY.COM
8 JunDockSec: Open-source AI-powered Docker security scannerDockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanation and remediation. Created by Advait Patel, the Python tool runs Trivy, Hadolint, and Docker Scout against a developer’s Dockerfile and image, cor…HELPNETSECURITY.COM
8 JunMeta AI Bug Exposes Over 20,000 Instagram AccountsMeta confirms an AI tool vulnerability led to unauthorized access to Instagram accounts after a failure in email verification during password resetINFOSECURITY-MAGAZINE.COM
8 Jun KEVSolarWinds Serv-U Vulnerability Exploited in the WildUnauthenticated attackers can exploit the flaw via specially crafted POST requests that crash the Serv-U service. The post SolarWinds Serv-U Vulnerability Exploited in the Wild appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunOpenAI is locking down parts of ChatGPT to reduce data theft risksOpenAI has started rolling out Lockdown Mode for ChatGPT, an optional security setting that restricts access to external resources and several product capabilities. It is available for personal accounts, including Free, Go, Plus, and Pro plans, as well as self-serve ChatGPT Busin…HELPNETSECURITY.COM
8 JunUNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion CampaignCybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026. The activity has been attributed by Goo…THEHACKERNEWS.COM
8 JunWhy most enterprise security teams would fail a military readiness testHave you ever watched a military cyber ops team go to work responding to a cyberattack simulation? It’s like that scene from Die Hard 4.0 when all the screens start flashing red and systems start shutting down; however, unlike the movies, where bumbling government IT workers are …CSOONLINE.COM
8 Jun15 tough cybersecurity questions every CISO must answerAs CISOs know, an effective security program cannot be static. Rather, it must adapt to the evolving threat landscape and an ever-changing business environment. To adapt and improve, CISOs must continuously evaluate their existing program. That starts with asking tough questions …CSOONLINE.COM
8 JunThe State of AI in SecOps, the Unintended Consequences of Vulnmaxxing, and the News - ESW #462Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked pr…YOUTUBE.COM
8 JunMeta notifies 20,000 Instagram users whose accounts were hijacked via AI support botMeta has begun notifying approximately 20,000 Instagram users that their accounts may have been compromised after attackers exploited a flaw in an AI-assisted account recovery tool. The company says the vulnerability allowed unauthorized parties to obtain password reset links for…CYBERINSIDER.COM
8 JunOxford University discloses data breach after careers platform hackThe University of Oxford disclosed a new data breach last week after being informed by its third-party provider, Group GTI, that its CareerConnect career services platform had been compromised. [...]BLEEPINGCOMPUTER.COM
8 JunRidgeBot 7.0 automates Active Directory attack simulations for security validationRidge Security has announced the release of RidgeBot 7.0, an update to its automated security validation platform that introduces automated Windows Active Directory penetration testing capabilities. The new version enables organizations to conduct end-to-end domain compromise sim…HELPNETSECURITY.COM
8 JunConnectSecure’s Patch 360 gives MSPs control over patch testing and deploymentConnectSecure has announced the launch of Patch 360, a patch management solution built for managed service providers (MSPs) to reduce deployment risk while accelerating vulnerability remediation. Patch management has long followed a “deploy-and-hope” model, with teams addressing …HELPNETSECURITY.COM
8 JunThe Hardest ForkMythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why. I get it. But I've seen the findings, and they're bad. These aren't "whoops, this line right here is wrong, and that's RCE." They're novel combinations of a few dozen issues out of th…THEHACKERNEWS.COM
8 Jun KEVEverest Forms Vulnerability Exploited to Hack WordPress SitesThe flaw allows attackers to execute arbitrary code remotely and has been exploited in the wild for two months. The post Everest Forms Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunCheck Point links VPN zero-day attacks to Qilin ransomware gangIsraeli cybersecurity company Check Point has released security updates to patch a critical flaw affecting Remote Access VPN and Mobile Access deployments, which was exploited in zero-day attacks. [...]BLEEPINGCOMPUTER.COM
8 JunHackers used Meta’s AI support system to hijack over 20,000 Instagram accountsMeta has revealed that attackers hijacked 20,225 Instagram accounts by exploiting a flaw in the company’s AI-assisted account recovery system. According to the company, a vulnerability in High Touch Support (HTS) allowed unauthorized parties to perform password resets on In…HELPNETSECURITY.COM
8 JunNew Relic expands observability into AI-assisted software developmentNew Relic has announced AI Coding Observability, an open-source tool for monitoring AI-assisted software development workflows. As organizations adopt AI coding assistants, these tools often operate outside existing observability systems, limiting visibility into their use. AI Co…HELPNETSECURITY.COM
8 Jun⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and MoreMonday again. The weekend was meant to be quiet. It wasn't. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked. A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes show…THEHACKERNEWS.COM
8 JunTurning Cloudflare’s threat indicators into real-time WAF rulesCloudflare customers can now use Cloudforce One threat intelligence directly within the WAF to block high-risk traffic. By using new cf.intel fields, security teams can automate protection against specific threat actors and targeted industries in real time.CLOUDFLARE.COM
8 JunNew open-source app Loupe reveals how iPhones are fingerprintedPrivacy researchers Mysk have released Loupe, a free and open-source iOS app that shows users what information apps can learn about their devices through publicly available iOS APIs. The tool highlights how data such as language settings, device characteristics, installed apps, a…CYBERINSIDER.COM
8 JunGogs patches critical zero-day enabling remote code executionGogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). [...]BLEEPINGCOMPUTER.COM
8 JunCritical Zcash Vulnerability Found and FixedIf you’re a user—owner?—of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind…SCHNEIER.COM
8 JunTeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)This diary continues the Internet Storm Center&#;x26;#;39;s tracking of the TeamPCP supply chain campaign, first documented in the SANS white paper When the Security Scanner Became the Weapon and most recently in the handler diary Activity Through 2026…ISC.SANS.EDU
8 JunWhen Executives Force AI AdoptionThe clip contrasts traditional security operations — where tooling and processes evolve from practitioner feedback — with modern AI adoption, which is often driven by executive-level spending decisions. When large AI purchases happen before teams define real operational needs, or…YOUTUBE.COM
8 JunMicrosoft’s open source tools were hacked to steal passwords of AI developersMicrosoft shut down dozens of GitHub code repositories for Azure and AI coding tools after a reported hack.TECHCRUNCH.COM
8 JunICYMI: May 2026 @AWS SecurityRead all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Security Blog posts This month’s AWS Security Blog posts covered…AWS.AMAZON.COM
8 JunCheck Point VPN Flaw Exploited Since Early MayA newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident.DARKREADING.COM
📋 SECURITY BULLETINS 1[−]
8 JunMicrosoft changes how Defender for Endpoint EDR updates are delivered on WindowsMicrosoft will distribute Defender for Endpoint EDR updates through Microsoft Update, enabling EDR security improvements to be released independently of monthly Windows operating system updates. The rollout started for Windows 10 devices in late May 2026 and will expand to Window…HELPNETSECURITY.COM
📢 SECURITY ADVISORIES 6[−]
8 JunUkraine’s foreign minister offer recipe for improved resilienceCybersecurity professionals were offered lessons of resilience in the most extreme circumstances from Ukraine’s former minister of foreign affairs. Dmytro Kuleba, who served as Ukraine’s Minister of Foreign Affairs between 2020 and 2024, told Infosecurity Europe delegates that th…CSOONLINE.COM
8 JunThe AI security race needs accountability, not overregulationPartnership between policymakers and tech companies, not government oversight, offers the best path forward for responsible AI innovation. The post The AI security race needs accountability, not overregulation appeared first on CyberScoop .CYBERSCOOP.COM
8 JunRussia upgrades rules for its digital spy system to better track citizens onlineNew regulations published by Russia's Ministry of Digital Development at the end of May updated the technical standards governing SORM, formally known as the System for Operative Investigative Activities.THERECORD.MEDIA
8 Jun8th June – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 1st June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES DentaQuest, a U.S. dental benefits administrator owned by Sun Life, has suffered a data breach after threat group ShinyHunters leaked …RESEARCH.CHECKPOINT.COM
8 JunMeta’s recovery plan needed recovery.Meta exposes 20,000 Instagram accounts through a support tool bug. CISA warns of active attacks on SolarWinds Serv-U. WordPress sites face takeover through a widely used plugin. A new Gafgyt variant broadens its reach. Pink extortionists steal cloud data with vishing and legitima…THECYBERWIRE.COM
8 JunUK gives big tech 3 months to create device controls to block nude images of kidsThe companies “must activate built-in features or implement technical solutions on smartphones and tablets to detect and block nude images for children,” according to a press release from the Home Office. Prime Minister Keir Starmer announced the measure in a speech at London Tec…THERECORD.MEDIA
🔥 INCIDENT REPORTING 10[−]
8 JunClaude Outage Data Leak, Microsoft GitHub Worm, IBM Hack, M Instagram Takeovers, Canada's Bill C-8TClaude Outage Data Leak Fears, Microsoft GitHub Worm, IBM Hack Allegations, Meta AI Instagram Takeovers, and Canada's Bill C-8 David Shipley reports that Anthropic's Claude suffered a roughly two-hour outage affecting models including Opus, during which a user alleged receiving …CYBERSECURITYTODAY.LIBSYN.COM
8 JunCybercriminals create 19,000 FIFA-themed domains ahead of 2026 World CupFans looking for tickets, accommodation and match broadcasts are already encountering scams tied to the 2026 FIFA World Cup. The 2026 FIFA World Cup will bring millions of visitors and an estimated 6 billion spectators to a tournament spread across 16 host cities in the United St…HELPNETSECURITY.COM
8 JunOver 20,000 Instagram accounts stolen in Meta AI support hackMeta has revealed that over 20,000 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords. [...]BLEEPINGCOMPUTER.COM
8 JunWhen attacks spread too far: Lessons from real cyber attack case studiesIn this Help Net Security video, Michael Adjei, Director, Systems Engineering at Illumio, explains three real world cyber attacks and what went wrong during detection. Adjei walks through a collaboration tool scam that copied Microsoft Teams, an identity phishing case used for pa…HELPNETSECURITY.COM
8 JunMeta Says 20,000 Instagram Accounts Hacked via AI Tool AbuseThe social media giant has informed authorities about the impact of the recent attack involving an account recovery support tool. The post Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunSilent Ransom Group Uses DNS Fast Flux in AttacksFocusing on hacking law firms in the US, the ransomware group relies on fast flux to hide its C&C infrastructure. The post Silent Ransom Group Uses DNS Fast Flux in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
8 Jun174,000 Impacted by Lansing Community College Data BreachHackers accessed personal information stored on certain Lansing Community College systems in February 2025. The post 174,000 Impacted by Lansing Community College Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunNew Shai-Hulud attack trojanizes 19 science-focused PyPI packagesHackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets. [...]BLEEPINGCOMPUTER.COM
8 JunSoFi confirms third-party data breach at Hong Kong subsidiarySoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information. [...]BLEEPINGCOMPUTER.COM
8 JunNew Apple feature automatically changes your compromised passwordsAt WWDC 26, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. This works in Safari, and it's rolling out with iOS 27. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 23[−]
8 JunISC Stormcast For Monday, June 8th, 2026 https://isc.sans.edu/podcastdetail/9962, (Mon, Jun 8th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
8 JunGitHub Copilot app launches as desktop home for AI coding agentsGitHub introduced the Copilot app, a desktop application built for working with AI coding agents, at Microsoft Build 2026. The release expands GitHub’s Copilot product line beyond editor integrations and command-line tools into a dedicated workspace for directing several ag…HELPNETSECURITY.COM
8 Jun52% of direct-to-IP threats are missing from intelligence feedsSecurity tools are good at inspecting websites, domains, URLs, and files, so attackers are moving lower in the stack and communicating directly with IP addresses, where visibility is limited. According to Palo Alto Networks’ report, this creates a visibility gap that allows…HELPNETSECURITY.COM
8 JunOpenAI Rolling Out ChatGPT Account Security ControlsThe Active Sessions and Lockdown Mode features are being made more broadly available by the AI giant. The post OpenAI Rolling Out ChatGPT Account Security Controls appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunSamsung just made Galaxy phones more secure in One UI 9 betaSamsung’s One UI 9 beta integrates Lockdown mode into the power menu. This is the screen that contains Power off, Restart, and emergency options. Opening it initiates Lockdown mode, disabling biometric authentication. “We tried it out on the Galaxy S26 Ultra running on One …HELPNETSECURITY.COM
8 JunVerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux AppliancesA China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems. The activity has been attributed by Volexity to a threa…THEHACKERNEWS.COM
8 JunAnthropic’s Project Glasswing UpdateIn April, Anthropic initated Project Glasswing . The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritically parroted Anthropic’s claims that it’s now …SCHNEIER.COM
8 Jun1Password to add YubiKey PIN support to address reported security gap1Password has announced plans to add support for PIN-protected YubiKeys in its desktop applications after a customer identified a limitation that prevented certain hardware security key configurations from working. The company says the feature will arrive in an upcoming beta rele…CYBERINSIDER.COM
8 JunWhatsApp says it caught NSO attempting to spy on users againWhatsApp says it has disrupted new social engineering campaigns linked to Israeli spyware maker NSO Group and is now asking a US federal court to hold the company in contempt for violating a permanent injunction that barred it from targeting its users. The company also published …CYBERINSIDER.COM
8 JunCybersecurity M&A Roundup: 26 Deals Announced in May 2026Significant cybersecurity M&A deals announced by Akamai, Check Point, Cisco, Cyera, Dragos, WatchGuard and Zscaler. The post Cybersecurity M&A Roundup: 26 Deals Announced in May 2026 appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunWhatsApp Catches Spyware Firm NSO Defying No-Hacking Court OrderThe Meta-owned communications app is filing a federal court contempt order against NSO. The post WhatsApp Catches Spyware Firm NSO Defying No-Hacking Court Order appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunThe SIEM Problem Nobody SolvedSIEM correlation has been a core promise in cybersecurity for years, but building reliable correlations across multiple detections is still extremely difficult. Different organizations use different security stacks, which means correlation rules rarely translate cleanly between e…YOUTUBE.COM
8 JunNorth Korean Hackers Use Fake Coding Tasks to Steal CryptoNorth Korean actor UNK_DeadDrop targeted developers with fake coding tasks to steal cryptoINFOSECURITY-MAGAZINE.COM
8 JunCyber insurance policyholders facing heavier scrutiny in underwriting, claimsA multiyear lull in insurance rates and insurers’ over-dependence on large U.S. policyholders have led to more restrictions and exclusions in coverage.CYBERSECURITYDIVE.COM
8 JunCompanies aren’t prepared for how AI is accelerating impersonation attacksBusinesses generally aren’t taking a proactive enough approach to blocking schemes that spoof their leaders’ identities, according to a new report.CYBERSECURITYDIVE.COM
8 JunEverybody Is Vibe Coding But Nobody Told the Security TeamAI-driven development is not something organizations can or should block. But it must be governed. The post Everybody Is Vibe Coding But Nobody Told the Security Team appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunCritical Infrastructure: The Risk Hiding in Plain Sight - Jason Manar - CSP #225In this episode, former FBI cyber leader Jason Manar joins us to unpack the state of critical infrastructure security and why small and medium-sized businesses are more connected to it than they realize. From power, telecom, healthcare, finance, and supply chains, Jason explains …YOUTUBE.COM
8 JunFake X-VPN installer deploys STX RAT malware on unsuspecting usersAn active malware distribution campaign employs a fake X-VPN installer to deploy the STX RAT in memory and steal credentials from victims. The campaign was documented by Cyderes threat researchers, who say the operation remained active after earlier disclosures, with the perpetra…CYBERINSIDER.COM
8 JunMeta accuses NSO Group of defying spyware injunction, files contempt of court complaintThe company said it spotted a spearphishing campaign linked to the Israeli spyware maker targeting WhatsApp users, despite a court order prohibiting it. The post Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint appeared first on CyberScoop .CYBERSCOOP.COM
8 JunA Security Raises $37 Million for Autonomous Offensive Security PlatformThe company founded by Yossi Torati, Omer Gull, and Yuval Itzchakov has emerged from stealth mode. The post A Security Raises $37 Million for Autonomous Offensive Security Platform appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunMeta claims NSO Group still targets WhatsApp users despite court orderMeta claims it disrupted spear-phishing attempts linked to NSO Group and is asking a US federal court to hold the spyware vendor in contempt for allegedly violating an injunction that bars it from targeting WhatsApp and its users. “We successfully disrupted NSO-linked social engi…HELPNETSECURITY.COM
8 JunAI brands as bait: How threat actors are using the AI hype in social engineeringAs threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. The post AI brands as bait: How threat actors are using the AI hype in social engineering appeared first on Microsoft Securi…MICROSOFT.COM
8 JunWhen “Hi, This Is IT” Comes Through Microsoft TeamsAttackers are increasingly targeting collaboration platforms like Microsoft Teams. Learn the risks and key steps to strengthen your organization's security. The post When “Hi, This Is IT” Comes Through Microsoft Teams appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
🌐 CYBER THREAT LANDSCAPE 9[−]
8 JunVS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain AttacksMicrosoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in an attempt to tackle software supply chain threats. "When automatic updates are…THEHACKERNEWS.COM
8 JunA week in security (June 1 – June 7)A list of topics we covered in the week of June 1 to June 7 of 2026MALWAREBYTES.COM
8 JunPirated PC games are delivering password-stealing malwareCybercriminals are hiding malware in cracked and repacked games, infecting more than 400,000 devices worldwide.MALWAREBYTES.COM
8 JunAI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 OverloadPhishing has always been a numbers game. AI has turned it into a volume machine. Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert …THEHACKERNEWS.COM
8 JunWhatsApp says it caught new spyware attacks linked to NSO Group in violation of court orderThe messaging giant announced that it disrupted a phishing campaign targeting its users with NSO’s spyware.TECHCRUNCH.COM
8 JunMeta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt OrderMeta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group. In addition, the tech giant said it's filing a federal court contempt order against the company for violating a permanent injunction that barred it from targeting Whats…THEHACKERNEWS.COM
8 Jun'Hades' Campaign Against PyPI Puts New Spin on Shai-HuludThe latest attacks, which hit 37 PyPI wheels and 19 code packages, show a continued evolution of the persistent software supply chain threat.DARKREADING.COM
8 JunWhatsApp says it disrupted new NSO spyware phishing attacksWhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attacks. [...]BLEEPINGCOMPUTER.COM
8 JunNFCShare Android malware spreads via fake banking app updates on GitHubNew variants of the NFCShare Android malware are being distributed as fake updates for legitimate banking apps hosted on GitHub. [...]BLEEPINGCOMPUTER.COM
📰 CYBERSECURITY BRIEFINGS 1[−]
📡 INFOSEC NEWS 17[−]
8 JunAll the Ways Europe Is Ditching American TechnologyA WIRED timeline shows how dozens of governments, companies, and other organizations across Europe are moving, or planning to shift, away from US Big Tech.WIRED.COM
8 JunThe new risk equation: Why endpoint security is a financial imperativeCyber risk is financial risk; endpoint security in financial services is a business imperative.CYBERSECURITYDIVE.COM
8 JunInfosecurity Europe: How DSIT Protects Thousands of UK Orgs from Cyber VulnerabilitiesThe Department of Science, Innovation and Technology details how a combination of hands-on human advice and technology systems keeps government agencies safeINFOSECURITY-MAGAZINE.COM
8 JunInfosecurity Europe: Prompt Injection Remains Unsolved, OWASP Researcher WarnsAt Infosecurity Europe 2026, OWASP’s Ariel Fogel warned that prompt injection remains an “unresolved problem” within generative AI architectureINFOSECURITY-MAGAZINE.COM
8 JunIntroducing Wiz Cloud Cost: Powering Cost Management and Optimization with ContextWiz unifies cloud and AI cost visibility to help teams eliminate waste and improve spend efficiency across their AWS, Azure, and GCP environments.WIZ.IO
8 JunMassachusetts votes to pass new privacy rights bill that bans sale of precise location dataThe bill is expected to blanket ban companies and startups from selling people's precise location data across the state.TECHCRUNCH.COM
8 JunOpenAI Unveils ChatGPT Account Security ControlsOpenAI brings Lockdown Mode and Active Sessions to ChatGPT to curb prompt injection data theftINFOSECURITY-MAGAZINE.COM
8 JunReducing security operations complexity with Wazuh CloudSecurity teams are increasingly overwhelmed by alert fatigue, infrastructure maintenance, and complex hybrid environments. This article explores how Wazuh Cloud helps simplify SIEM/XDR operations through managed infrastructure, automated scaling, and AI-driven security analysis. …BLEEPINGCOMPUTER.COM
8 JunAmericans lost nearly $900 million to AI-powered scams, FBI saysDeepfakes, voice cloning, and other AI-powered scams cost Americans nearly $900 million in 2025, says the 2025 FBI Internet Crime Report.MALWAREBYTES.COM
8 JunCritical UniFi OS bug lets hackers gain root without authenticationAttackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication. [...]BLEEPINGCOMPUTER.COM
8 JunInvestigating suspicious AI workflows in Microsoft Entra Agent ID: Assistive agentsEntra ID agent users can send malicious content to human users via Microsoft Teams. Here’s what to look out for.REDCANARY.COM
8 JunOperationalizing AWS security: A maturity roadmapEnabling security tooling is the starting point. Making it operational—where findings drive decisions, response times are measurable, and your security posture improves week over week—is where most organizations struggle. This blog post provides a phased maturity roadmap for orga…AWS.AMAZON.COM
8 JunWhatsApp says NSO targeted users with spearfishing attacks in violation of court orderWhatsApp said it is filing a federal court contempt order against NSO for violating a permanent injunction that bars it from mounting attacks against its users.THERECORD.MEDIA
8 JunArmenia’s pro-Europe party wins election despite Russia-linked disinformationPashinyan's Civil Contract party won nearly 50% of Sunday's vote, defeating the pro-Russian Strong Armenia party led by Russian-Armenian billionaire Samvel Karapetyan, which received around 23% of the vote.THERECORD.MEDIA
8 JunMeta Deletes Face-Recognition System From Its Smart Glasses App After WIRED ReportThe code WIRED identified is gone from the latest version of Meta AI, the companion app for the company’s smart glasses. Meta won’t say why or whether it’s coming back.WIRED.COM
8 JunIran Signed a Ceasefire — Its Hackers Didn'tAn extension of the Geneva Conventions could impose restrictions on cyberwarfare under ceasefire conditions and close a major loophole in international conflict.DARKREADING.COM
8 JunSilent Ransom Group Hits US Law Firms in Escalating Extortion AttacksThe financially motivated group is combining vishing, IT impersonation, and in-person office intrusions to steal data and extort victims.DARKREADING.COM