🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
18 JunCVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpcInformation published.MSRC.MICROSOFT.COM
18 Jun KEVOracle June 2026 Critical Security Patch Update Addresses 243 CVEs (CVE-2026-35273)Oracle addresses 243 CVEs in its June 2026 Critical Security Patch Update with 245 patches, including 122 critical updates. Key Takeaways The June 2026 Critical Security Patch Update (CSPU) contains fixes for 243 unique CVEs in 245 security updates 122 issues (49.8% of all patche…TENABLE.COM
18 JunF5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code ExecutionF5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below - CVE-2026-42530 (CVSS v4 score: 9.2) - A use-after-free vulnerability in the n…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 36[−]
18 JunThe Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th)[This is a Guest Diary by Adam Nason, an ISC intern as part of the SANS.edu BACS program]
ISC.SANS.EDU
18 JunMost agentic AI projects in production have stalled over data problemsEnterprises are connecting AI agents to live data feeds and putting them to work on tasks that once required human review, from IT operations to software development. The number doing this in production reached 32 percent in 2026, up from 29 percent the year before, according to …HELPNETSECURITY.COM
18 JunCan Agentic AI Really Find Zero-Days? Ask the Hacker Who Won Pwn2Own Berlin 2026At Pwn2Own Berlin 2026, a security researcher used agentic AI to help her win. The AI surfaced real, verified bugs, then wrongly called her winning bug “not unexploitable in practice.” Spoiler - it was.That uneven record is exactly what security leaders need to understand about t…THECYBERWIRE.COM
18 JunNever gonna give you up, never gonna take this call.This week, hosts of N2K CyberWire Maria Varmazis and Dave Bittner …THECYBERWIRE.COM
18 JunAWS Continuum brings AI models to code vulnerability managementAWS Continuum for code vulnerabilities, a system built to handle a vulnerability across its lifecycle, from discovery through to a fix, is now available in gated preview. It reasons over a customer’s environment, confirms which findings are real, and works toward resolution…HELPNETSECURITY.COM
18 JunGoogle’s open standard for AI agents to discover and verify toolsAI agents depend on tools, skills, and other agents spread across many teams, organizations, and platforms. These capabilities live in separate systems with their own registries, and an agent working in one environment has limited means to locate and connect to a resource hosted …HELPNETSECURITY.COM
18 JunCybersecurity was built for predictable systems. AI changes the rulesEvery major technology shift changes cybersecurity. I’ve spent much of my career working through major technology transitions, from the rise of the commercial internet to mobile and cloud computing. Each shift created new opportunities for innovation, but it also created new secu…CSOONLINE.COM
18 JunNew CISO appointments 2026The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitme…CSOONLINE.COM
18 JunMicrosoft warns of USB worm-like malware using Tor for stealthMicrosoft has identified a cryptocurrency clipper malware campaign, active since February 2026, that combines USB-based propagation, a Tor-hidden command-and-control infrastructure, and remote code execution capabilities. The malware steals cryptocurrency seed phrases and private…CYBERINSIDER.COM
18 JunCritical Command Execution Vulnerability Patched in Cisco ISEInsufficient validation of user input allows an attacker to gain access to the underlying OS and elevate their privileges to root. The post Critical Command Execution Vulnerability Patched in Cisco ISE appeared first on SecurityWeek .SECURITYWEEK.COM
18 Jun KEVFortiBleed campaign exposes 75,000 Fortinet firewalls worldwideA massive credential-compromise campaign dubbed “Fortibleed” has been found to expose tens of thousands of Fortinet devices worldwide, with researchers warning of persistent attacker access to affected enterprise environments. The campaign was first flagged by security researcher…CSOONLINE.COM
18 JunLATAM Infrastructure Hit by Fortinet and Ivanti ExploitsCloudSEK maps Operation Escaneo, a campaign hitting Latin American infrastructure via perimeter bugsINFOSECURITY-MAGAZINE.COM
18 JunAttackers abuse Google Ads, GitLab, and Claude to deliver malwareThreat actors are abusing trusted platforms, including Google Ads, GitLab pages, and Claude’s shared chat feature, to trick users into executing malicious commands on their systems. Disguised as popular AI developer tools, the threat actors used ClickFix social engineering attack…CSOONLINE.COM
18 JunNo Exploits RequiredFour decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. The post No Exploits Required appeared first on SecurityWeek .SECURITYWEEK.COM
18 JuneSentire links AI-led penetration testing with MDR through Atlas PreempteSentire has announced the launch of Atlas Preempt, a component of the company’s Atlas Platform. Atlas Preempt performs continuous, AI-driven offensive testing against customer environments to identify which exposures attackers can reach and feeds that data into eSentire’s 24/7 M…HELPNETSECURITY.COM
18 JunDragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 TrafficThreat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure. According to findings from Broadcom-owned S…THEHACKERNEWS.COM
18 JunMicrosoft working on a fix for RoguePlanet, a flaw that grants full PC controlMicrosoft says it's working on a fix for an unpatched Defender vulnerability that can give attackers the highest level of access on Windows.MALWAREBYTES.COM
18 JunPolice cleans nearly 15,000 SocGholish-infected sites tied to Evil CorpInternational law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish botnet and the Evil Corp Russian cybercrime group. [...]BLEEPINGCOMPUTER.COM
18 JunMicrosoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026. "The clipper in this campaign relies on Windows Script Host and ActiveX-driven logic to launch a bundled Tor proxy and poll a hidden-service C2 [command…THEHACKERNEWS.COM
18 JunAssume You’ve Already Been HackedThe idea that an organization will “never be hacked” is becoming increasingly unrealistic. Many security teams now operate with an “assumed breach” mindset, planning around the expectation that compromise will eventually happen. That changes the entire defensive strategy. Instead…YOUTUBE.COM
18 JunKlue OAuth breach linked to 'Icarus' Salesforce data theft attacksMarket intelligence platform Klue suffered a OAuth breach that enabled the "Icarus" threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign. [...]BLEEPINGCOMPUTER.COM
18 JunLaw enforcement hits SocGholish: 106 servers down, 15,000 sites cleanedSocGholish, an operation that’s been delivering malware to users via fake software updates, has suffered a major blow: the international law enforcement coalition behind Operation Endgame has taken down 106 of its servers and domains, and cleaned up nearly 15,000 websites c…HELPNETSECURITY.COM
18 JunHow software development’s speed obsession enabled TeamPCP’s chaos crusadeThe threat group’s remarkable success targeting open-source software was inevitable and fueled by the industry’s decision to prioritize code shipping over security. The post How software development’s speed obsession enabled TeamPCP’s chaos crusade appeared first on CyberSc…CYBERSCOOP.COM
18 JunApple fixes Beats Studio Buds flaw that allowed nearby attackers to eavesdropApple has released Beats Firmware Update 1B211 to address a Bluetooth vulnerability affecting Beats Studio Buds that could allow a nearby attacker to listen through a device's microphone before it has been paired. The flaw is part of a broader set of vulnerabilities disclosed las…CYBERINSIDER.COM
18 JunWhy Security Teams Need To Start EarlierSecurity leaders are facing an unusual set of circumstances. The drumbeat for better security prioritization has been rising for years in boardrooms around the world. The desire is there, but the processes of the past aren’t meeting the needs of the new moment we find ourselves i…RAPID7.COM
18 JunThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More StoriesThe internet did not break this week. It got used exactly as designed, which is worse. Searches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks ran in memory and left almost nothing behind. Cloud agents looked like help…THEHACKERNEWS.COM
18 JunLaw enforcement cleans up 15,000 malware-infected websites.Dutch police arrest alleged helpdesk scammers. The Gentlemen ransomware-as-a-service group maintains a mature suite of EDR killers.THECYBERWIRE.COM
18 Jun‘Popa’ Botnet Linked to Publicly-Traded Israeli FirmFor the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded t…KREBSONSECURITY.COM
18 JunSalesforce Data Thefts Continue via Klue App CompromiseKlue's Battlecards is now the third integrated application that has been compromised to steal customers' Salesforce data, and victims include Huntress, the cybersecurity vendor.DARKREADING.COM
18 JunClose Encounters of the Human KindIn the latest Threat Source, Hazel channels her inner Spielberg to explore why humans are delightfully irrational, reminding us that while security best practices are simple in theory, they’re a lot harder to pull off when you’re busy dealing with real life.TALOSINTELLIGENCE.COM
18 JunBuild your own vulnerability harnessWe break down the technical architecture behind our multi-stage vulnerability discovery harness and automated triage loop. Learn how we manage state controls, squash false positives through adversarial review, and route around LLM context limits.CLOUDFLARE.COM
18 JunFIFA Bug Exposed World Cup Streams to Remote TakeoverA hacker could have "Rickrolled" the World Cup — or worse — thanks to FIFA's unenforced Entra access controls.DARKREADING.COM
18 JunVU#457458: Vendor-signed UEFI applications found vulnerable to Secure Boot bypassOverview Multiple vendor-signed UEFI applications are vulnerable to Secure Boot bypass via a "Bring Your Own Vulnerable Driver" (BYOVD)-style attack. If a target system trusts the affected vendor’s certificate, an attacker can exploit these applications to execute arbitrary code …KB.CERT.ORG
18 JunBulgaria allowed surveillance tech firm to sell products to repressive regimes, report saysThe nonprofit Human Rights Watch obtained export licensing records covering 2018 through 2023, which show the Bulgarian government allowed the surveillance firm Circles to peddle the tech to law enforcement and intelligence agencies in several countries known for human rights abu…THERECORD.MEDIA
18 JunThe botnet browser blues.International law enforcement disrupts the SocGholish botnet. The UK’s cyber chief says cybersecurity is a contest, not a risk register. Ukraine joins the EU’s cyber reserve. The Gentlemen gang sharpens its ransomware toolkit. A WordPress supply chain attack spreads malware. Crit…THECYBERWIRE.COM
18 JunOperation Endgame 4.0 - 153,527 breached accountsOn 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation , a prolific malware distribution network used to compromise systems and facilitate further cybercrime. Coordinated by international law enforcement agencies with support from Europol…HAVEIBEENPWNED.COM
📋 SECURITY BULLETINS 3[−]
18 JunMicrosoft fixes Windows Server 2016 security update failuresMicrosoft has fixed a known issue causing the June 2026 security updates to fail on Windows Server 2016 systems that weren't up to date. [...]BLEEPINGCOMPUTER.COM
18 JunF5 issues out-of-band patches for critical NGINX vulnerabilitiesCybersecurity company F5 has released out-of-band security updates to address multiple NGINX web server vulnerabilities, including two critical-severity flaws that could allow attackers to execute code on vulnerable systems. [...]BLEEPINGCOMPUTER.COM
18 JunApple fixes Beats Studio Buds flaw that let hackers spy on conversationsApple has released security updates to patch a high-severity flaw affecting the Beats Studio Buds wireless earbuds that could allow attackers in Bluetooth range to spy on users' conversations. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 5[−]
18 JunCFGI - 248,235 breached accountsIn March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign . The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k unique email addresses, …HAVEIBEENPWNED.COM
18 JunHostile States Behind 75% of Cyber-Attacks on UK Critical Infrastructure, NCSC WarnsRichard Horne, the NCSC CEO, said three-quarters of cyber-attacks targeting UK critical infrastructure came from nation-state actorsINFOSECURITY-MAGAZINE.COM
18 JunOrphaned AI Agents: How to Find Hidden Access Risks Inside Your NetworkIf an autonomous AI agent interacts with your company's core intellectual property today, can your security team instantly name the person who authorized it? For most enterprises, the answer is a simple no. The rush to adopt internal AI tools has left a massive trail of administr…THEHACKERNEWS.COM
18 JunFortiBleed exposed admin credentials for 75,000 Fortinet firewalls worldwideA newly uncovered cybercrime operation dubbed FortiBleed has exposed administrative credentials for approximately 75,000 Fortinet FortiGate firewalls, potentially giving attackers direct access to corporate networks around the world. The data appears to be recent, affecting organ…CYBERINSIDER.COM
18 JunOperation Escaneo Signals Shift in LatAm Threat LandscapeThe threat group's curious business model may combine opportunistic monetization alongside intel collection, without much coordination between the two.DARKREADING.COM
🔥 INCIDENT REPORTING 13[−]
18 JunHow security teams are getting credential visibility into developer endpointsAs we noted in our earlier analysis, attackers already know secrets are on your developers’ machines, the only question is whether security teams do. The supply chain attack calendar of 2026 has been relentless. Megalodon backdoored 5,500 GitHub repositories in six hours. T…HELPNETSECURITY.COM
18 JunKodak Admits Data Breach After ShinyHunters Hack ClaimsKodak told SecurityWeek it believes there is no threat to its systems or operations as a result of the cybersecurity incident. The post Kodak Admits Data Breach After ShinyHunters Hack Claims appeared first on SecurityWeek .SECURITYWEEK.COM
18 Jun5 new security operations roles the AI-SOC will createFor years we’ve heard the frightening prediction that AI will take jobs away from people. It will and it already is , but that doesn’t mean it won’t also create new jobs and skills demands — like every other labor trend driven by technology advances. Take security operations for …CSOONLINE.COM
18 JunGentleKiller targets more than 400 security processes across 48 productsMost ransomware operations leave the work of disabling endpoint security software to their affiliates. The ransomware-as-a-service gang Gentlemen runs a different model. Its operators develop and maintain a set of tools for shutting down endpoint detection and response (EDR) prod…HELPNETSECURITY.COM
18 JunKodak confirms breach as ShinyHunters’ leak threat reaches deadlineThe photography giant confirmed a data breach after ShinyHunters claimed it stole 2.2 million records and threatened to leak them.MALWAREBYTES.COM
18 JunMoody Bible Institute investigates potential data breach incidentMoody Bible Institute (MBI) says it is investigating claims that its systems were breached after the institution appeared on the dark web extortion site operated by the ShinyHunters threat group, which alleges it stole more than 23 GB of sensitive data from the Chicago-based Chri…CYBERINSIDER.COM
18 JunShapedPlugin update flow hacked to infect WordPress sitesMultiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the vendor's official update system. [...]BLEEPINGCOMPUTER.COM
18 JunINC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims since August 2023. "The disruption of LockBit and the shutdown of BlackCat…THEHACKERNEWS.COM
18 JunAustralian sugar producer works to restore operations as ransomware group claims attackMackay Sugar said it was "working urgently" to verify claims that a highly active ransomware group was behind a cyberattack that shut down harvesting and milling operations.THERECORD.MEDIA
18 JunICO Cautions Healthcare Worker After Princess of Wales IncidentHospital insider escapes criminal prosecution after attempting to sell royal’s medical recordsINFOSECURITY-MAGAZINE.COM
18 JunTexas government data breach allowed hackers to steal 3 million driver’s licenses and passportsA data breach involving government-issued ID documents affects over three million people in Texas.TECHCRUNCH.COM
18 JunNintendo confirms data stolen in WebMD subsidiary cyberattackNintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used internally, but its systems were not compromised. [...]BLEEPINGCOMPUTER.COM
18 JunNovo Nordisk Breach Exposes Software Development Pipeline RiskA leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem.DARKREADING.COM
🕵️ THREAT INTELLIGENCE 25[−]
18 JunISC Stormcast For Thursday, June 18th, 2026 https://isc.sans.edu/podcastdetail/9978, (Thu, Jun 18th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
18 JunWhat happens to oversight when AI agents write a lab’s own codeInside the labs building frontier AI, a growing share of the coding gets done by the AI itself. These agents write, edit, and run software with light human oversight between steps, and they reach into production infrastructure, research pipelines, and potentially the systems that…HELPNETSECURITY.COM
18 JunHomebrew tightens tap security, begins work on its interfaceAnyone who installs software through a third-party Homebrew tap runs Ruby code written by people outside the project, and that code runs without a sandbox. That risk sits at the center of Homebrew 6.0.0. Tap trust Homebrew now requires a tap, along with any tap-qualified formula …HELPNETSECURITY.COM
18 JunFrom package to postinstall payload: Inside the Mastra npm supply chain compromiseA poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend against supply chain attacks using Microsoft Defender and actionable threat intelligence. The post From package to postinstall payload: Inside the Mastra np…MICROSOFT.COM
18 JunSecuring digital keys when your phone unlocks the carIn this interview with Help Net Security, Alysia Johnson, President of the Car Connectivity Consortium (CCC), explains how the CCC Digital Key has grown from a single-brand feature into a standard meant to work across phones, automakers, and suppliers. She talks through what chan…HELPNETSECURITY.COM
18 JunBarracuda introduces AI-powered email security with automated threat responseBarracuda Networks has unveiled Barracuda Integrated Email Protection, an Integrated Cloud Email Security (ICES) solution delivering protection against evolving AI-driven threats. Powered by AI, the solution continuously and autonomously detects and remediates threats across the …HELPNETSECURITY.COM
18 JunNew 42Crunch plugin helps developers find and fix API vulnerabilities in GitHub Copilot42Crunch has announced the availability of the 42Crunch API Security Testing Plugin for GitHub Copilot. This latest advance enables developers to continuously audit, test, remediate and validate API security vulnerabilities directly within AI-assisted development workflows. Organ…HELPNETSECURITY.COM
18 JunBlue Planet helps service providers reduce risk with unified network change governanceBlue Planet is closing the governance gap in network operations by unveiling Blue Planet Configuration and Change Management (CCM), unifying device configuration, change, and lifecycle management across multi-vendor networks. Backed by Blue Planet’s deep Operations Support System…HELPNETSECURITY.COM
18 JunSailPoint to Acquire Entro in Reported $200 Million DealIsrael-based Entro specializes in non-human identity and credential security solutions, and it will enable SailPoint to enhance its products. The post SailPoint to Acquire Entro in Reported $200 Million Deal appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunThe other half of the AI SOC: Intezer, now inside your AI workspaceYour team already lives in, Claude, Codex, Cursor, etc. Discover how to transform them into true security workspaces. The post The other half of the AI SOC: Intezer, now inside your AI workspace appeared first on Intezer .INTEZER.COM
18 JunF5 Patches Critical, High-Severity NGINX VulnerabilitiesCritical flaws in NGINX could allow remote, unauthenticated attackers to cause a restart and potentially execute arbitrary code. The post F5 Patches Critical, High-Severity NGINX Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunAtlassian, Splunk Patch Critical VulnerabilitiesSplunk patched an OS command injection in AI Toolkit, while Atlassian fixed dozens of flaws in third-party dependencies. The post Atlassian, Splunk Patch Critical Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunRokarolla Banking Trojan Targets 200 ApplicationsThe Android malware allows its operators to take control of infected devices and harvest sensitive information. The post Rokarolla Banking Trojan Targets 200 Applications appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunEmbedding Forbidden Text in Spyware to Discourage AI AnalysisAt least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details : The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering …SCHNEIER.COM
18 JunDream Raises $260 Million at $3 Billion ValuationThe Israeli startup provides sovereign AI and cyber defenses for governments and critical infrastructure. The post Dream Raises $260 Million at $3 Billion Valuation appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunMalware attacks strip Roblox developers of entire gamesHackers who once focused on stealing valuable Roblox items are now taking over entire games. Although Roblox operates the service, users can create and publish their own games on it. Successful games can generate substantial revenue through in-game purchases. Some developers have…HELPNETSECURITY.COM
18 Jun74,000 Fortinet firewall credentials exposed in FortiBleed data leakA Russian-speaking cybercriminal group has stolen credentials contained in the configuration files of nearly 74,000 Fortinet firewalls and VPN gateways around the world. The data was accidentally exposed by the group on a server, along with other artifacts and tools, and the expo…HELPNETSECURITY.COM
18 JunAccenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity PushThe deal values industrial cybersecurity giant Dragos at $3.25 billion, and runZero and NetRise will operate under Dragos. The post Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunNation-state rivals linked to majority of consequential attacks targeting critical UK sitesThe nation’s top cybersecurity official warned that business leaders, authorities need to rethink how they protect critical infrastructure from state-sponsored adversaries.CYBERSECURITYDIVE.COM
18 JunAccenture shells out $4.18B on three companies in big industrial cybersecurity pushThe consulting giant’s majority stake in Dragos, along with the purchase runZero and NetRise, marks its first major push into operational technology software as AI-driven threats to critical infrastructure intensify. The post Accenture shells out $4.18B on three companies in big …CYBERSCOOP.COM
18 JunUSB worm spreads crypto-stealing malware via Windows shortcut filesThreat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication. [...]BLEEPINGCOMPUTER.COM
18 JunMajority of Internet-Accessible REDCap Servers OutdatedThese servers are regularly targeted by China-linked UNC6508 for initial access and backdoor deployment. The post Majority of Internet-Accessible REDCap Servers Outdated appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunNew Forrester study shows customers who unified with Microsoft Security benefited from 124% ROINew Forrester Total Economic Impact™ study shows Microsoft Security consolidation delivers ROI, lowers risk, and prepares organizations to secure AI. The post New Forrester study shows customers who unified with Microsoft Security benefited from 124% ROI appeared first on Microso…MICROSOFT.COM
18 JunCongress tees up No FAKES Act, aiming at AI-generated deepfakesWhile preventing third parties from profiting off unauthorized deepfakes of artists and performers is a bipartisan concern, some business and digital rights groups are opposed. The post Congress tees up No FAKES Act, aiming at AI-generated deepfakes appeared first on CyberScoop .CYBERSCOOP.COM
18 JunGPS, PCI, ARCH, OH MY! - PSW #931In the security news this week: - GPS spoofing and satellite jamming are getting way too accessible - Rekeying satellites in orbit sounds terrifying - Cyber extortion and whether criminals still have ethics - AI helping cybersecurity research... and drug discovery - Data centers …YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
18 JunThe Scripts on Your Checkout Page Are Now a PCI DSS ProblemAn independent PCI assessor tested Reflectiz against the new PCI DSS rules. Here is the verdict: See the full QSA assessment here → When a customer types their card number into your checkout, their browser is running far more than your code. Analytics tags, a tag manager, a suppo…THEHACKERNEWS.COM
18 JunRetro gaming fans are the new target for fake GitHub malwareRetro gaming fans should be careful with GitHub projects that claim to be tools or plugins for their consoles. We looked at one example aimed at PlayStation Vita owners.MALWAREBYTES.COM
📡 INFOSEC NEWS 17[−]
18 JunA world without Section 702.This week, Dave and Ben take a look at a recent ruling against Google by a German court holding them liable for any false statements generated by its AI Overviews. Additionally, the two examine how Congress failed to extend Section 702.THECYBERWIRE.COM
18 JunThe UK Will Scan Asylum-Seekers’ Faces for Age Checks—Despite Knowing the Tech Is FlawedInternal Home Office tests of age-verification technology show the risks of life-altering errors. It’s moving forward anyway.WIRED.COM
18 JunEU Gets a Head Start in Developing 6G Network Security"Shield-6G" will combine AI threat detection, digital twins, honeypots, and more, to help carriers protect 6G networks against the threats of tomorrow.DARKREADING.COM
18 JunCybercrime Surges in APAC as Digitalization Takes HoldInterpol claims cybercrime accounts for third of crime in over half of Asia and South Pacific countriesINFOSECURITY-MAGAZINE.COM
18 JunHow to Watch the Knicks Parade on NYC Traffic Surveillance CamerasArtist Morry Kolman will be livestreaming feeds of the NBA champions’ ticker-tape parade from NYC’s traffic cameras—and this time, the city’s Department of Transportation isn’t demanding he stop.WIRED.COM
18 JunScripting the disassembler: Local agentic reverse engineering through vbdec’s live COM object modelCisco Talos detailed a new approach to reverse engineering that pairs local AI agents with traditional analysis tools like the VB6 disassembler vbdec. Instead of awkwardly bolting AI onto the software, vbdec exposes its parsed data through a live COM interface.TALOSINTELLIGENCE.COM
18 JunCybercriminals Are Worried About AI Taking Their Jobs TooAnalysis of chatter on underground forums by Sophos finds that hackers fear AI could take work away from themINFOSECURITY-MAGAZINE.COM
18 JunTelegram admits it couldn't police exam-leak channels, India tells courtIndia's government has told the Delhi High Court that Telegram was warned about two weeks before it was blocked, and that the platform admitted it could not proactively detect the channels selling leaked exam papers. Telegram says it cooperated and the ban is unlawful. [...]BLEEPINGCOMPUTER.COM
18 JunGet Out of Security Debt by Tackling the Exposure ProblemTeams digging out of security debt need to answer only two simple questions: Which vulnerabilities in our systems are exposed, and how long should they stay that way?DARKREADING.COM
18 JunThe President’s Executive Actions on AI Have a Lot to Say on CybersecurityThe spotlight has been on frontier models, but the goals are more far reaching -- including supercharging cyber defense and remediating risk at machine speedWIZ.IO
18 Jun5 reasons Microsoft 365 backup isn’t enough for business data protectionMicrosoft 365 helps keep services running, but protecting and recovering business data remains your responsibility. Acronis breaks down five gaps organizations should consider when evaluating Microsoft 365 data protection. [...]BLEEPINGCOMPUTER.COM
18 JunFake GitHub Stars and AI Videos Mask a Crypto ClipperA Rust crypto clipper hides behind fake GitHub stars and AI-narrated YouTube videosINFOSECURITY-MAGAZINE.COM
18 JunSpring 2026 SOC 1 and 2 reports are now available in OSCAL formatAmazon Web Services (AWS) is excited to release the Spring 2026 System and Organization Controls (SOC) 1 and 2 reports in machine-readable OSCAL format alongside the PDF version of the reports. The reports cover 188 services over the 12-month period from April 1, 2025 to March 31…AWS.AMAZON.COM
18 JunCIS Benchmarks June 2026 UpdateThe following CIS Benchmarks and CIS Build Kits have been updated or recently released. We've highlighted the major updates below.CISECURITY.ORG
18 JunIntelligence Insights: June 2026ClearFake is the clear-cut number one again and Kali365 debuts in this month’s edition of Intelligence InsightsREDCANARY.COM
18 JunAccelerate security investigations with Kiro CLIWhen a security event occurs in your Amazon Web Services (AWS) environment, rapid response is critical. However security teams often struggle with time-consuming, manual processes that slow down investigations. Analysts must recall complex AWS Command Line Interface (AWS CLI) syn…AWS.AMAZON.COM
18 JunUS regulators are increasing scrutiny over financial AI use.Britain bans social media for kids.THECYBERWIRE.COM