120Articles
10Categories
2026-06-09Date
🚨 CISA KEV 4[−]
9 Jun KEVAI worm prototype shows attackers don’t need Mythos to take over your networkResearchers from the University of Toronto developed a computer worm prototype powered by an AI agent that successfully self-replicated to different systems within a simulated computer network. The worm used a free large language model (LLM) running on local hardware and exploite…CSOONLINE.COM
9 Jun KEVLiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog on Mond…HELPNETSECURITY.COM
9 Jun KEVMicrosoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507)32 Critical 166 Important 0 Moderate 0 Low Microsoft addresses 198 CVEs in the largest Patch Tuesday release, including three zero-days. Microsoft patched 198 CVEs in its June 2026 Patch Tuesday release, with 32 rated critical and 166 rated as important. Our counts omitted 6 CVEs…TENABLE.COM
9 Jun KEVPatch Tuesday - June 2026Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’…RAPID7.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 28[−]
9 JunOne-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now PublicSecurity researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel's nf_tables packet-filtering code and was patched ups…THEHACKERNEWS.COM
9 JunGoogle Patches 5th Chrome Zero-Day Exploited in 2026The vulnerability is tracked as CVE-2026-11645 and it was reported in late April by an anonymous researcher. The post Google Patches 5th Chrome Zero-Day Exploited in 2026 appeared first on SecurityWeek .SECURITYWEEK.COM
9 Jun KEVLiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCEThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS score: …THEHACKERNEWS.COM
9 JunCVE-2026-11463 USCiLab Cereal Shared Pointer type confusionInformation published.MSRC.MICROSOFT.COM
9 JunCVE-2026-49975 Apache HTTP Server: mod_http2 denial of serviceInformation published.MSRC.MICROSOFT.COM
9 Jun KEVGoogle Releases Patch for Chrome Vulnerability Exploited in the WildThe flaw, CVE-2026-11645, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML pageINFOSECURITY-MAGAZINE.COM
9 Jun KEVCheck Point warns of ransomware-linked attacks exploiting outdated VPN protocolCheck Point has issued emergency hotfixes for a pair of vulnerabilities affecting VPN deployments that still use the deprecated Internet Key Exchange version 1 (IKEv1) protocol, warning that one of the flaws is already being exploited in the wild. The more serious issue allows at…CSOONLINE.COM
9 Jun KEVGoogle patches Chrome zero-day exploited in the wild (CVE-2026-11645)Google has fixed 74 vulnerabilities in Chrome, including a high-severity zero-day (CVE-2026-11645) that has been exploited in the wild. “Google is aware that an exploit for CVE-2026-11645 exists in the wild,” the company said in a Monday security advisory. The fix has…HELPNETSECURITY.COM
9 JunWinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in UkraineTwo Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and SHAD…THEHACKERNEWS.COM
9 Jun KEVChrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch NowGoogle has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome'…THEHACKERNEWS.COM
9 JunRussian Attackers Weaponize WinRAR Flaw Against Ukrainian OrgsTwo separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.DARKREADING.COM
9 JunVeeam Backup & Replication RCE Flaw Lets Domain Users Run Remote CodeVeeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote …THEHACKERNEWS.COM
9 JunVU#616257: Microsoft-signed UEFI shim bootloaders vulnerable to Secure Boot bypassOverview Microsoft-signed UEFI bootloaders of the open-source shim project, primarily from version 0.9 and earlier, were identified as vulnerable to Secure Boot bypass. To mitigate this risk, the affected bootloaders will be added to the Microsoft UEFI Forbidden Signature Databas…KB.CERT.ORG
⚠️ VULNERABILITY DISCLOSURE 44[−]
9 JunMeet Hades: The malware that lies to AI security agentsThreat actors are continuing their onslaught against software supply chains, now with malware named after death itself. The newly-discovered Hades Campaign is a “highly sophisticated” supply chain compromise that targets Python developer environments and runs as soon as infected …CSOONLINE.COM
9 JunThe architecture of subtraction: Why it’s time to erase the roads, not just map the trafficThe advent of AI-assisted vulnerability discovery and autonomous exploit development has brought about a new age in cybersecurity—one in which we can no longer rely on patching as a primary defense mechanism. Patching is, by definition, a reactive approach to security. It cannot …HELPNETSECURITY.COM
9 JunTreating AI agents like service accounts for federated query securityIn this interview with Help Net Security, Paras Malhotra, CISO at Starburst, explains how the company handles data governance across federated query environments. Topics include layering Starburst’s access controls above native source permissions, tiering vendor risk across…HELPNETSECURITY.COM
9 JunMalware ships with bugs that defenders could use against itStatic analysis tools have spent years scanning legitimate software for security bugs before it goes out the door. The same scanners work on malware, and malware carries a steady supply of its own bugs. Researchers ran four of these tools across 658 leaked malware projects and fo…HELPNETSECURITY.COM
9 JunThe Anatomy of Cloud Ransomware with Matt CastriottaAre your cloud security controls actually protecting your infrastructure, or are they just keeping the lights on? With host ⁠Caleb Tolin⁠, ⁠Matt Castriotta⁠, Field CTO for Cloud at ⁠Rubrik⁠, breaks down the tactical gaps exposed when organizations blindly replicate data center mi…THECYBERWIRE.COM
9 Jun KEVGoogle patches new Chrome zero-day flaw exploited in the wildGoogle has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. [...]BLEEPINGCOMPUTER.COM
9 JunScanner Results Are a Starting Point. Here's What Comes Next. - Federico Kirschbaum - ASW #386Most AppSec teams are working through more findings than their teams can validate. SAST surfaces thousands of potential issues. DAST generates alert volume that outpaces triage capacity. Somewhere in that output are the vulnerabilities that matter, the ones that are actually expl…YOUTUBE.COM
9 JunInfosecurity Europe: Why JLR’s CISO Enforced In-Person Password Resets Following Cyber-AttackSpeaking at Infosecurity Europe, Ashish Shrestha, former CISO at Jaguar Land Rover revealed why he wanted over 30,000 employees to change their passwords in the immediate aftermath of the incidentINFOSECURITY-MAGAZINE.COM
9 Jun KEVGoogle Chrome emergency update fixes actively exploited flaw in V8Google has released Chrome 149.0.7827.102/.103 for Windows and macOS, as well as Chrome 149.0.7827.102 for Linux, addressing 74 security vulnerabilities, including a high-severity zero-day flaw in the V8 JavaScript engine that the company says has been exploited in the wild. The …CYBERINSIDER.COM
9 JunCISA gives feds 3 days to patch Check Point VPN bug exploited as zero-dayCISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. [...]BLEEPINGCOMPUTER.COM
9 Jun KEVCheck Point Warns Critical Auth Bypass Bug Exploited in the WildCheck Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by QilinINFOSECURITY-MAGAZINE.COM
9 JunCheck Point VPN Zero-Day Exploited in Qilin Ransomware AttacksThe authentication bypass vulnerability allows attackers to establish VPN connections without a valid password. The post Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunMythos Preview can weaponize N-day vulnerabilities in hoursMythos Preview can develop working exploits from newly disclosed software vulnerabilities in hours, cutting down a process that has historically taken days or weeks, according to Anthropic. Anthropic’s recent cybersecurity research has largely focused on zero-days, vulnerab…HELPNETSECURITY.COM
9 JunThe Flip That Broke the Cali CartelNow that drug cartels can be labeled foreign terrorist organizations, how do you dismantle one? As part of his 26 years at the Drug Enforcement Administration, retired Special Agent Chris Feistl was on a team that brought the demise of the Cali Cartel in Colombia. One of the worl…THECYBERWIRE.COM
9 JunWill AI Kill the Bug Bounty Industry?Anthropic's Mythos is accelerating vulnerability discovery to machine speed, forcing the bug bounty industry and offensive security teams to adapt to a future where finding flaws is no longer the hard part. The post Will AI Kill the Bug Bounty Industry? appeared first on Security…SECURITYWEEK.COM
9 JunSecurity shifts to the human layer as AI scams surgeCybercriminals are increasingly reshaping familiar social-engineering campaigns around the way employees use AI, with separate advisories from Microsoft and Google documenting how attackers are adapting scams to AI-powered tools, trusted digital services, and changing workplace b…CSOONLINE.COM
9 Jun KEVUpdate Chrome: Google patches actively exploited vulnerability and 73 othersGoogle's latest Chrome update fixes 74 security vulnerabilities, including one under active attack.MALWAREBYTES.COM
9 JunApple Intelligence can now replace weak passwords without user interventionApple’s next generation of Apple Intelligence, the company’s personal intelligence system, expands its capabilities and introduces new security features in Passwords. Automatically Fix Passwords (Source: Apple) Introduced as a standalone app in 2024, Passwords gives users a centr…HELPNETSECURITY.COM
9 JunResearchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight ModelsUniversity of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate its…THEHACKERNEWS.COM
9 JunNew Platform Uses Cryptographic Invisibility to Protect AI-Built ApplicationsAtsign’s AI Architect applies cryptographic protections to agentic software development, aiming to prevent attackers from exploiting vulnerabilities by making application identities effectively invisible. The post New Platform Uses Cryptographic Invisibility to Protect AI-Built A…SECURITYWEEK.COM
9 JunSAP Patches Critical NetWeaver, Commerce VulnerabilitiesThe flaws could lead to the disclosure of sensitive information, memory corruption, and disruption of normal system usage. The post SAP Patches Critical NetWeaver, Commerce Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunHackers pose as women seeking romance to spy on Russian soldiersThe group, dubbed SiribClone by Russian cybersecurity firm F6, has been active since at least the summer of 2025 and has primarily targeted members of the Russian armed forces stationed in border regions and combat zones.THERECORD.MEDIA
9 JunWhy AI Can’t Replace PentestersA “clean” pentest report is not always enough. The real value often comes from explaining what attacks were attempted, what defenses held up, and why exploitation failed. That missing context is part of why AI alone struggles to replace experienced pentesters. Automated tools can…YOUTUBE.COM
9 Jun KEVCisco customers encounter another SD-WAN zero-day under attackThe defect marks the seventh actively exploited zero-day in Cisco SD-WANs this year, and the vendor has yet to release a patch. The post Cisco customers encounter another SD-WAN zero-day under attack appeared first on CyberScoop .CYBERSCOOP.COM
9 JunNew Veeam vulnerability exposes backup servers to RCE attacksVeeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. [...]BLEEPINGCOMPUTER.COM
9 Jun KEVShai-Hulud variant compromises dozens of open-source Microsoft packages.Check Point patches actively exploited VPN zero-day. Hacker breaches the French government's encrypted messaging app.THECYBERWIRE.COM
9 JunClaude Mythos Turns N-Days Into N-Hours With Rapid Exploit CreationPublic LLM models with safeguards turned off can also build working exploits, increasing patch gap risks. The post Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunFrench government messaging platform breached through account hijackingFrench authorities are investigating a compromise of Tchap, the government’s secure messaging platform, after hackers hijacked a user account and gained access to public chat rooms. Tchap is the French government’s messaging platform for civil servants, ministries, an…HELPNETSECURITY.COM
9 JunMicrosoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe ContinuesMicrosoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the …THEHACKERNEWS.COM
9 JunCISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sectorActing director Nick Andersen said a binding operational directive is en route for agencies, and that more specific discussions need to happen with critical infrastructure owners. The post CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector ap…CYBERSCOOP.COM
9 JunCheck Point warns of zero-day flaw targeted by ransomware affiliateA vulnerability in the company’s VPN deployments has faced exploitation since early May.CYBERSECURITYDIVE.COM
9 JunXBOW tests Anthropic's Mythos Preview for offensive securityAnthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit discovery, reverse engineering, and live-site validation. [...]BLEEPINGCOMPUTER.COM
9 JunOpenSSL Patches High-Severity Vulnerability Found With AIA total of 18 vulnerabilities have been patched in the latest OpenSSL releases, including many that were potentially discovered by AI. The post OpenSSL Patches High-Severity Vulnerability Found With AI appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunMicrosoft June 2026 Patch Tuesday, (Tue, Jun 9th)Microsoft today released patches for 204 vulnerabilities. 38 of these vulnerabilities are considered critical, and three have been disclosed before today. Six of the vulnerabilities affect Microsoft cloud solutions and do not require any user action. In addition, Microsoft incorp…ISC.SANS.EDU
9 JunCISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gangCheck Point said hackers broke into dozens of organizations by exploiting a VPN bug in several of its products used across the government.TECHCRUNCH.COM
9 JunMicrosoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flawsToday is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws and three publicly disclosed zero-day vulnerabilities. [...]BLEEPINGCOMPUTER.COM
9 JunAnthropic releases Mythos-class Fable 5 model with safeguards for cyber risksAnthropic unveiled two new powerful AI models built on its previously restricted Mythos architecture: Claude Fable 5, which is being made broadly available, and Claude Mythos 5, which remains limited to a small group of cybersecurity and infrastructure partners. Anthropic describ…CSOONLINE.COM
9 JunSAP fixes critical flaws in NetWeaver and Commerce CloudSAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. [...]BLEEPINGCOMPUTER.COM
9 JunMicrosoft Patches 200 VulnerabilitiesThree of the vulnerabilities fixed with the latest Patch Tuesday updates were publicly disclosed before Microsoft addressed them. The post Microsoft Patches 200 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunA checkmark for trust, a payload for theft.Miasma malware meddles with Microsoft. SAP fixes critical flaws, Google patches an exploited Chrome zero-day, CanisterWorm spreads through npm, Mac users face a new malvertising threat, France investigates a breach of its secure messaging platform, insurers rethink AI risk, the F…THECYBERWIRE.COM
9 JunServiceNow discloses security incident exposing customer dataServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances. [...]BLEEPINGCOMPUTER.COM
9 JunBlame AI: Patch Tuesday Hits Record 206 CVEsVoluminous patch updates could soon be the norm, as artificial intelligence accelerates the speed and scale of vulnerability discovery.DARKREADING.COM
9 JunA Record-Breaking Patch Tuesday for June 2026Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical…KREBSONSECURITY.COM
📋 SECURITY BULLETINS 3[−]
9 JunMicrosoft releases Windows 10 KB5094127 extended security updateMicrosoft has released the Windows 10 KB5094127 extended security update, which fixes the June 2026 Patch Tuesday vulnerabilities and adds new functionality to monitor the rollout of updated Secure Boot certificates that replace those expiring this month. [...]BLEEPINGCOMPUTER.COM
9 JunMicrosoft breaks Patch Tuesday record with 206 vulnerabilitiesFears and warnings about a roaring flood of error-riddled software have materialized. And the disease is spreading. The post Microsoft breaks Patch Tuesday record with 206 vulnerabilities appeared first on CyberScoop .CYBERSCOOP.COM
9 JunMicrosoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilitiesMicrosoft Patch Tuesday details for June 2026.TALOSINTELLIGENCE.COM
📢 SECURITY ADVISORIES 3[−]
9 JunFrench government confirms breach at secure messaging platform TchapFrance's Interministerial Directorate for Digital Affairs (DINUM) has confirmed a security incident affecting Tchap, the encrypted messaging platform used across French government agencies. The disclosure comes after a threat actor attempted to sell or leak data allegedly stolen …CYBERINSIDER.COM
9 Jun75% of Firms Deploy Vulnerable Code Amid Pressure on CISOs, Report FindsCheckmarx report warns that business pressure is among the reason security leaders let security compliance slipINFOSECURITY-MAGAZINE.COM
9 JunCISA to transform how it assesses cyber vulnerabilities and risks, Andersen saysA binding operational directive being released Wednesday will direct federal agencies to change the way they address vulnerabilities by elevating some while putting others to the side.THERECORD.MEDIA
🔥 INCIDENT REPORTING 7[−]
9 JunOpenAI’s Lockdown Mode is trying to solve the problem that it createdOpenAI’s move to implement a Lockdown Mode that tries to limit data exfiltration by shutting down external capabilities is being seen as making the best out of a bad situation. But Lockdown Mode doesn’t block exfiltration as much as it slightly reduces it, and the reality of ente…CSOONLINE.COM
9 JunCybersecurity jobs available right now: June 9, 2026Application Security Architect INTENSITY Global Group | Israel | Hybrid – View job details As an Application Security Architect, you will design secure application architectures, perform threat modeling and security assessments, define security standards and contr…HELPNETSECURITY.COM
9 JunHades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential StealerThe Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target spe…THEHACKERNEWS.COM
9 JunFrench govt messaging service breached in account hijacking attackDINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government's encrypted messaging platform. [...]BLEEPINGCOMPUTER.COM
9 JunElastic brings AI-driven incident investigation to Kubernetes and observability toolsElastic has introduced an agentic Kubernetes investigation workflow and MCP-based observability skills that diagnose incidents the moment an alert fires. By the time an SRE opens the alert, the root cause has already been identified, evidence has been assembled, and recommended n…HELPNETSECURITY.COM
9 JunAnthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of YouAnthropic is releasing Claude Mythos 5 to trusted organizations and Claude Fable 5 to the public, a version it says can’t be used for cyberattacks.WIRED.COM
9 JunMiasma Supply Chain Worm Burrows Into 73 Microsoft RepositoriesThe attacks stemmed from a GitHub account that was also compromised in a previous Miasmi attack on Microsoft last month.DARKREADING.COM
🕵️ THREAT INTELLIGENCE 17[−]
9 JunISC Stormcast For Tuesday, June 9th, 2026 https://isc.sans.edu/podcastdetail/9964, (Tue, Jun 9th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
9 JunThe security questions around Chinese AI coding models in U.S. softwareSoftware developers across the United States are using AI models built in China to write, debug, and review code, drawn by prices below those of American alternatives. These models carry risks for the security of American software, according to a report from Booz Allen Hamilton, …HELPNETSECURITY.COM
9 JunApple expands what parents can block, approve, and limitApple has previewed a set of new child safety features coming to iPhone, iPad, and the Mac later this year, expanding parental controls with tools that help families manage app access, web browsing, communication, and screen time. The features will arrive with updates to iOS 27, …HELPNETSECURITY.COM
9 JunApple Intelligence expands to Google infrastructure with privacy safeguardsApple has announced an expansion of its Private Cloud Compute (PCC) platform, extending the privacy-focused infrastructure behind Apple Intelligence beyond the company's own data centers for the first time. The move will allow certain AI workloads to run on Google Cloud systems p…CYBERINSIDER.COM
9 JunOver 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain AttacksThe most recent variants of the self-propagating attacks are named Miasma and Hades. The post Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunFiligran launches XTM One to automate CTEM with AI agentsFiligran has announced XTM One, an AI-native agentic layer that automates Continuous Threat Exposure Management (CTEM) workflows across the Filigran XTM Platform. XTM One introduces a dedicated AI orchestration layer that connects OpenCTI and OpenAEV into a single, continuous wor…HELPNETSECURITY.COM
9 JunRockwell Automation adds AI-powered security tools to SecureOT SuiteRockwell Automation has announced the launch of three enhanced offerings within the SecureOT solution suite: OT Cybersecurity Assessment Suite, SecureOT Platform Managed Services and Managed Secure Remote Access (MSRA). Facing an increasing volume of alerts and limited visibility…HELPNETSECURITY.COM
9 JunGPS As a Key Distribution PlatformThis is interesting: The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, turning each satellite into a hidden “numbers station,” according to Steven Murdoch… That means every device…SCHNEIER.COM
9 JunIT sector faces growing threats from IP-hungry China, AI-enabled cybercriminalsBusinesses also need to watch out for North Korean remote IT worker schemes, according to a new CrowdStrike report.CYBERSECURITYDIVE.COM
9 JunAnthropic’s new model is Mythos on a leashClaude Fable 5 offers Mythos-level performance for most tasks with safeguards on sensitive topics. Anthropic claims testing found no universal jailbreaks. Whether that actually holds up in practice is harder to predict. The post Anthropic’s new model is Mythos on a leash ap…CYBERSCOOP.COM
9 JunAnthropic Launches Claude Fable 5: Mythos-Class AI With Cybersecurity GuardrailsThe AI giant also announced that Project Glasswing partners are being given access to the upgraded Mythos 5. The post Anthropic Launches Claude Fable 5: Mythos-Class AI With Cybersecurity Guardrails appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunAdobe Patches 123 VulnerabilitiesNearly half of the security holes, most allowing arbitrary code execution, have been fixed in Adobe’s Experience Manager product. The post Adobe Patches 123 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunWhy Teams Disable MFAHigh-profile social media accounts reportedly lacked MFA protection despite being obvious targets. The speakers argue that shared team access may be one reason why. Many authentication systems are designed around a single user, but modern organizations often have marketing teams,…YOUTUBE.COM
9 JunReconstructing AI activity in investigationsLearn how to investigate AI activity in Microsoft 365 Copilot and Azure AI services using a structured, telemetry-driven approach. This playbook helps security teams reconstruct events, assess data exposure, and detect potential threats faster. The post Reconstructing AI activity…MICROSOFT.COM
9 JunGeinbot, SolarWinds, Brave, UNK_Deaddrop, durabletask, Insta, Aaran Leyland - SWN #588Geinbot, SolarWinds, Brave, UNK_Deaddrop, durabletask, Insta, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-588YOUTUBE.COM
9 JunThe Free AI Era EndsMore than a billion people are using AI platforms, and most aren’t paying for them. The original business model assumed free users would eventually convert into paid subscribers, but adoption hasn’t fully translated into revenue. Large AI systems consume enormous amounts of compu…YOUTUBE.COM
9 JunBlinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and VisibilityUnit 42 research examines attack scenarios targeting cloud logging services. Learn how to defend against log manipulation and defense evasion. The post Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
9 JunGitHub disables Microsoft repos pushing password-stealing malwareMicrosoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. [...]BLEEPINGCOMPUTER.COM
9 JunAI Threat Readiness Pillar 2: Accelerate Patching and ResponseYour guide to operationalizing ownership, remediation, and response with Wiz to keep pace with the AI threat landscape.WIZ.IO
9 JunOpenClaw AI agent found falling for phishing attacks, spills user dataPhishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. [...]BLEEPINGCOMPUTER.COM
🎙️ PODCASTS 1[−]
9 JunInside the Media Mind of Joel Witts: Expert InsightsIn this episode of #IMM, Christine and Madison sit down with Joel Witts, Director of Content and Co-Founder at Expert Insights.THECYBERWIRE.COM
📡 INFOSEC NEWS 10[−]
9 JunWhatsApp Discovers NSO Group-Linked Spearphishing AttemptsMeta’s WhatsApp demands contempt ruling after users report NSO Group-linked phishingINFOSECURITY-MAGAZINE.COM
9 JunNew FROST Attack Lets Websites Track What Sites and Apps You Open via SSD TimingA malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it …THEHACKERNEWS.COM
9 JunThe Hidden Security Risk in Modern Networks: The Work Between ToolsOrganizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort. But the same challenges persist. Outages still last hours, causi…THEHACKERNEWS.COM
9 JunScammers love Meta, according to Lloyds BankFacebook, Instagram, and WhatsApp account for more than two thirds of fraud reports made by Lloyds customers.MALWAREBYTES.COM
9 JunCritical phpBB Flaw Lets Attackers Hijack Any Account with One RequestCritical phpBB authentication bypass lets attackers hijack any account with one requestINFOSECURITY-MAGAZINE.COM
9 JunMeta’s face-recognition code raises new concerns about smart glassesAs smart glasses become more capable, concerns about face recognition, covert recording, and biometric surveillance are growing.MALWAREBYTES.COM
9 JunAI Coding Adoption Hits 97% but Governance Lags BehindMost dev teams use AI coding assistants but only 30% have full governance in placeINFOSECURITY-MAGAZINE.COM
9 JunWindows 11 KB5094126 & KB5093998 cumulative updates releasedMicrosoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]BLEEPINGCOMPUTER.COM
9 JunMeta to Use Off-Site Business Data for Feed and AI PersonalizationMeta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads. "Businesses often share information about people's activity on their …THEHACKERNEWS.COM
9 JunMicrosoft Exchange Flaw Lets Attackers Spoof Any Email Address"Ghost-Sender" uses Exchange Online or on-premises in hybrid mode with a third-party mail server or spam filter to achieve this level of spoofing.DARKREADING.COM