🚨 CISA KEV 1[−]
24 Jun KEVAttackers exploit Cisco Unified CM flaw weeks after patch releaseA critical Cisco Unified CM vulnerability is now under active exploitation, weeks after the company issued patches warning it could allow attackers to gain root access. Threat intelligence firm Defused reported the exploitation on June 23. The company said it observed the activit…CSOONLINE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
24 JunHole in widely-used FFmpeg codec could crash media servers or enable RCEA newly discovered critical vulnerability in the FFmpeg media processing framework bundled in a huge number of open source and commercial applications points, again, to the need for CSOs to have strategies to deal with software supply chain vulnerabilities, which should include d…CSOONLINE.COM
24 JunHackers Exploiting Cisco Unified CM VulnerabilityCisco noted that a PoC had been available for CVE-2026-20230 when it announced patches in early June. The post Hackers Exploiting Cisco Unified CM Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunCisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to RootThreat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability, tracked as CVE-2026-20230 (CVSS score: 8.…THEHACKERNEWS.COM
24 Jun KEVCisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)CVE-2026-20230, a server-side request forgery (SSRF) vulnerability affecting Cisco’s Unified Communications Manager (Unified CM), is being exploited to drop webshells and achieve remote code execution capability on the underlying server. “Our honeypots are seeing auto…HELPNETSECURITY.COM
24 Jun KEVHow much cyber risk does AI create for organizations? 457 million security issues. Here’s what you can do about it.Over a 30 day period, Tenable detected 457 million AI-related security issues among 7,000-plus organizations, an average of 62,000 exposures per organization. If we didn’t already know that shadow AI was a problem, data like this makes it clear every organization needs to visuali…TENABLE.COM
24 Jun KEVCISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively ExploitedThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026. The vuln…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 29[−]
24 JunMeta pauses employee monitoring program after data protections failAn extensive program at Meta to gather a wide range of data from employees to train its AI model has been frozen after employees reportedly broke through its guardrails and accessed restricted data, and then did so again after Meta claimed to have fixed the vulnerability. Whether…CSOONLINE.COM
24 JunAnthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official SaysCome vulnerabilities were found within hours, but that does not mean the model was able to exploit them within that time, the official said. The post Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official Says appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunCybersecurity jobs available right now: June 24, 2026Application Security Leader DriveNets | Israel | Hybrid – View job details As an Application Security Leader, you will define security requirements, drive secure coding practices, oversee vulnerability management, and integrate security testing and automation into…HELPNETSECURITY.COM
24 JunRisky Business #843 -- Fortibleed is kinda awesome, actuallyOn this week’s show special guest co-host Rob Joyce joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Rob served as an advisor to Donald Trump during his first term as president and also served at NSA for 34 years. While at the agency, Joyce led Tailor…RISKY.BIZ
24 JunPraxen: Open-source AI agent behavior verificationPraxen is an open-source tool with a simple job: it checks whether an AI agent does what it claims to do. The tool takes an agent’s declared policy, looks at how the agent operates, and points out every spot where the two drift apart. It is the reference implementation of A…HELPNETSECURITY.COM
24 JunBrinqa BYOAI lets organizations use any AI platform with trusted risk dataBrinqa BYOAI (Bring Your Own AI), a capability that enables organizations to connect any AI agent, large language model (LLM), or automation platform to Brinqa’s exposure intelligence layer. As enterprises adopt AI, they need to ensure that AI systems use accurate, up-to-date ris…HELPNETSECURITY.COM
24 JunWebinar Today: Modern Exposure Validation in the AI EraThe exploit timeline collapsed. Make sure your validation didn't. The post Webinar Today: Modern Exposure Validation in the AI Era appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunKahneman, ‘Where’s Waldo’ and the Nexus pass: A CISO’s mental model for the AI eraSecurity awareness training as a defense against phishing is dead. It has been dead for a while. The industry never held a funeral because the training budget is comfortable, the compliance box gets checked and no CISO wants to tell the board that the program everyone funds does …CSOONLINE.COM
24 JunThe Strategic Human Firewall as AI Impacts Regulations, Cyber Pros, and Employees - BSW #453The 2026 Verizon DBIR has arrived and the results are in... Even with a substantial increase in Exploitation of Vulnerabilities, All Credential Abuse is still the top initial access vector for breaches, which means the human is still the weakest link. Why haven't security awarene…YOUTUBE.COM
24 JunOpen-source security is posing challenges governments can’t easily solveA diffuse landscape, fruitful targets, companies not stepping up, AI’s influence and flagging U.S. government efforts all figure into a shifting threat. The post Open-source security is posing challenges governments can’t easily solve appeared first on CyberScoop .CYBERSCOOP.COM
24 JunLastPass customer data exposed through Klue supply chain attackLastPass disclosed that attackers used OAuth tokens compromised in a supply chain attack on Klue, a market intelligence platform that integrates with CRM and sales tools across organizations, to access customer data stored in its Salesforce environment. “On June 12th LastPass was…HELPNETSECURITY.COM
24 JunHow a malicious AI agent skill passed security checks and reached 26,000 usersA fake AI agent skill that passed security checks reached over 26,000 users through Instagram, highlighting new risks as enterprises rely on AI-driven tools. Some of the agents involved were tied to corporate accounts, AIR said . The company said a similar attack could have expos…CSOONLINE.COM
24 JunExploitable CI/CD Vulnerabilities Expose Millions of Repositories to HijackingThe security defects allow unauthenticated users to take control of the open source software supply chain. The post Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunBeyondTrust, LastPass Impacted by Klue-Salesforce IncidentOver a dozen Klue customers have confirmed that hackers stole data from their Salesforce instances. The post BeyondTrust, LastPass Impacted by Klue-Salesforce Incident appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunApple's MacOS Gap Lets Users Disable Security ToolsAttackers can exploit the issue to disable security and integrated browser tools without needing administrator privileges or kernel exploits.DARKREADING.COM
24 JunIn a first, a court takedown goes after two cybercrime tools at onceMicrosoft, with law enforcement and industry partners, disrupted more than 200 command and control servers for Amadey and StealC, often used in conjunction. The post In a first, a court takedown goes after two cybercrime tools at once appeared first on CyberScoop .CYBERSCOOP.COM
24 JunCordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain AttacksCybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The "critical exploitable pattern" has been codenamed Cordyceps by Novee Security. The issue can allow full attacker c…THEHACKERNEWS.COM
24 JunmacOS Weaknesses Chained to Silently Disable Endpoint Security AgentsA standard non-admin account is sufficient to conduct an attack that exploits legitimate OS behavior rather than software vulnerabilities. The post macOS Weaknesses Chained to Silently Disable Endpoint Security Agents appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunCISA warns of max severity Ubiquiti flaws exploited in attacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers. [...]BLEEPINGCOMPUTER.COM
24 JunMicrosoft and Allies Smash Shared Infrastructure of Amadey and StealC MalwareHundreds of C&C servers were disrupted in an operation involving law enforcement and several cybersecurity companies. The post Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunAmadey, StealC, and SocGholist malware disrupted by ‘Operation Endgame’A coordinated international law enforcement and private-sector operation has dismantled major parts of the infrastructure behind the SocGholish, Amadey, and StealC malware families, seizing more than €41 million ($47 million) in cryptocurrency and disrupting hundreds of servers t…CYBERINSIDER.COM
24 JunLaw enforcement hits StealC and Amadey malware networksOperation Endgame, the largest international law enforcement operation aimed at disrupting ransomware and cybercrime infrastructure across the world, has claimed its latest targets: StealC and Amadey. The notice on disrupted websites (Source: Microsoft) While developed by separat…HELPNETSECURITY.COM
24 JunLastPass says Klue breach affected customer information, but passwords remain secure.Attackers begin exploiting Cisco Unified CM vulnerability. Alleged criminal marketplace administrator extradited to the US. Business news: Accenture acquires Dragos, runZero, and NetRise for more than $4 billion.THECYBERWIRE.COM
24 JunAmadey and StealC Malware Network Disrupted, 27M Stolen Credentials RecoveredA coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. "The main common goal was to disrupt the 'assembly line…THEHACKERNEWS.COM
24 JunScattered Spider duo convicted over $38M Transport for London attackTwo members of the Scattered Spide r cybercrime collective have admitted launching a cyberattack against Transport for London (TfL) that caused millions in damages. Thalha Jubair, 20, from East London, and Owen Flowers, 18, from Walsall, West Midlands, were due to stand trial for…CSOONLINE.COM
24 JunRansomware Will Hit You TwiceRansomware incidents are often treated as one-time events: pay, decrypt, recover, move on. But this conversation challenges that assumption. If the underlying vulnerability or access path isn’t fixed, attackers can return quickly and repeat the attack. In some scenarios, paying a…YOUTUBE.COM
24 JunWhen Information Becomes the Attack Surface – Understanding AI Agent TrapsFrom hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. The post When Information Becomes the Attack Surface – Understanding AI Agent Traps appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunMalicious hackers exploit Cisco zero-day for highest access level at communications service providerMandiant detailed the incident in a blog post Wednesday, but it’s unclear who was behind it or if they managed to get broad visibility into the victim’s internal traffic. The post Malicious hackers exploit Cisco zero-day for highest access level at communications service provider…CYBERSCOOP.COM
24 JunRestrict AWS Management Console access to expected networks with sign-in resource-based policies and RCPsAmazon Web Services (AWS) recently announced support for resource-based policies and resource control policies (RCPs) for AWS Sign-In. By using resource-based policies and RCPs, you can restrict access to the AWS Management Console sign-in and aws login CLI sessions to requests f…AWS.AMAZON.COM
📢 SECURITY ADVISORIES 6[−]
24 JunWhere IT meets OT and railway cybersecurity gets harderIn this interview with Help Net Security, Jorge Aldegunde, Global Head of Railway Services at DNV, talks through what happens when old operational technology meets newer IT in monorail systems. He explains why open networks widened the attack surface, how teams decide whether to …HELPNETSECURITY.COM
24 JunGoogle Workspace expands password reset alerts to all adminsGoogle’s Alert Center, a dashboard in the Google Admin console that displays security and administrative alerts and helps administrators identify, investigate, and respond to issues affecting their organization, is expanding the “Super Admin password reset” alert into…HELPNETSECURITY.COM
24 JunWhite House’s state infrastructure cybersecurity initiative stalledThe Trump administration says it wants to help states implement innovative defenses. Most states are still waiting for the call to participate.CYBERSECURITYDIVE.COM
24 JunAnthropic’s Claude Tag gives AI agents independent identitiesAnthropic introduced an agent identity model for Claude Tag, its AI assistant designed for team collaboration in shared workspaces. The model gives Claude its own identity, permissions, and tool access, configured by administrators and tied to a workspace or channel. Because Clau…HELPNETSECURITY.COM
24 JunAdvancing Product Security: New IoT Guidance and New EngagementIt may be summertime, but the NIST Cybersecurity for the Internet of Things (IoT) Program isn’t hitting the hammock! Organizations are managing growing device complexity, evolving threats, and pressure to turn guidance into operational decisions…so we remain focused on helping st…NIST.GOV
24 JunSecurity Awareness Training FailedSecurity awareness training has existed for decades, yet credential theft and phishing attacks still dominate breach reports. In this episode of Business Security Weekly, Robert Siciliano explains why many awareness programs fail to create lasting behavioral change. Instead of he…YOUTUBE.COM
🔥 INCIDENT REPORTING 12[−]
24 JunFortiBleed: Fortinet Says It's Not a BugFortinet finally weighs in on FortiBleed - it's not a bug. Plus a healthcare AI firm loses 1.4 million people's data to a single phishing email, a trading bot built to prey on others gets played for $15 million, and LastPass lands back on a breach list it didn't cause. 00:00 Head…CYBERSECURITYTODAY.LIBSYN.COM
24 JunWeekly Update 509Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I know enough about home cinema audiovisual to know there's a lot I don't know. It's conscious incompetence, if you like…TROYHUNT.COM
24 JunStealthy Mistic backdoor linked to ransomware access broker KongTukeA new backdoor dubbed Mistic has been observed in financially motivated attacks targeting organizations in the insurance, education, IT, and professional services sectors. [...]BLEEPINGCOMPUTER.COM
24 JunIran-Linked MuddyWater Poses as Ransomware Gang to Mask Cyber EspionageAn NCC Group report warns state-backed hackers are attempting to hide activity by posing as ransomware groups and deploying commercially available malwareINFOSECURITY-MAGAZINE.COM
24 JunNew ‘Mistic’ RAT Opens Door to Several Ransomware FamiliesMistic is used by Woodgnat, an initial access broker working with Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. The post New ‘Mistic’ RAT Opens Door to Several Ransomware Families appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunKDDI Breach Affects Six Japanese ISPs, Exposes 14.2 Email CredentialsCustomers of the affected Japanese email services are “strongly advised” to change their email passwordsINFOSECURITY-MAGAZINE.COM
24 JunPhishing attack on healthcare firm Xsolis impacts 1.4 million peopleHealthcare technology company Xsolis confirmed that a phishing attack resulted in unauthorized access to its network. The company develops AI-powered software for hospitals, health systems, and health plans and serves more than 600 hospitals and health insurers. “On January…HELPNETSECURITY.COM
24 JunIndian auto giant Bajaj Auto hit by ransomware incidentThe company said in a regulatory filing that it became aware of the incident on Tuesday morning and had taken precautionary measures to contain its impact.THERECORD.MEDIA
24 JunMadison Square Garden Sports - 9,796,738 breached accountsIn June 2026, the sports and entertainment company Madison Square Garden Sports was the target of a ShinyHunters "pay or leak" extortion campaign . The group later published the alleged data, which included almost 10M unique email addresses spanning staff and customers, along wit…HAVEIBEENPWNED.COM
24 JunAmadey, StealC malware operations disrupted in Operation Endgame actionMicrosoft, Europol, and international partners have disrupted infrastructure used by the Amadey and StealC malware operations as part of Operation Endgame, which targets cybercriminal services and ransomware gangs. [...]BLEEPINGCOMPUTER.COM
24 JunRansomware attacks grew in 2025 as traditional data breaches fell, Bitsight saysIn a new report, the company also charted a massive surge in internet-exposed AI services.CYBERSECURITYDIVE.COM
24 JunMicrosoft, Europol lead global takedown of infostealer malwareCybercriminals used Amadey and StealC to infect thousands of computers worldwide, leading to ransomware and other digital crimes.CYBERSECURITYDIVE.COM
🕵️ THREAT INTELLIGENCE 19[−]
24 JunISC Stormcast For Wednesday, June 24th, 2026 https://isc.sans.edu/podcastdetail/9984, (Wed, Jun 24th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
24 JunProduct showcase: How to evaluate AI SOC platforms and where Prophet AI leadsThe Agentic SOC market is loud. Dozens of vendors promise to take alert triage, investigation, and response off your analysts’ plates, but most claims have never been tested in production. The hard part is separating operational improvement from this marketing noise. Gartne…HELPNETSECURITY.COM
24 JunSecurity testing was built for a slower worldSoftware teams are pushing code into production faster than security testing can keep up. AI is accelerating development cycles and adding pressure to security programs that rely on periodic validation and manual penetration testing. The 2026 State of AI Security Testing report f…HELPNETSECURITY.COM
24 JunLinux Process Name Masquerading, (Wed, Jun 24th)In a previous diary, I talked about stack strings&#;x26;#;x5b; 1 &#;x26;#;x5d; with a practical example of them. Since my SEC670 class, I&#;x26;#;xe2;&#;x26;#;x80;&…ISC.SANS.EDU
24 JunQodo expands platform to help teams govern AI-generated code and engineering standardsQodo has announced three new platform capabilities: Cross-Repo Code Review, Custom Rules Miner, and Skill Review Standards. These new capabilities address a set of governance gaps that have emerged as AI-generated code reaches enterprise scale. AI agents have fundamentally change…HELPNETSECURITY.COM
24 JunCequence introduces behavioral bot detection and biometric verification without CAPTCHAsCequence Security has announced the launch of Intent Graph and Biometric Check, two new capabilities that extend the behavioral architecture Cequence has built since its inception. They provide enterprises with bot defense that works across web, mobile, API, and agentic AI traffi…HELPNETSECURITY.COM
24 JunNew Secure Code Warrior framework helps CISOs govern AI-driven software developmentSecure Code Warrior has introduced its new SCW AI Adoption Model, a practical framework that maps the progression of AI use in software development, from minimal AI assistance to fully autonomous agentic orchestration. The framework helps CISOs assess their organization’s l…HELPNETSECURITY.COM
24 JunDigiCert brings independent trust validation to confidential computing environmentsDigiCert has announced it is bringing independent trust validation to confidential computing environments, in collaboration with Google Cloud. By applying the proven principles of Public Key Infrastructure (PKI) to cloud infrastructure, DigiCert will provide cryptographic verific…HELPNETSECURITY.COM
24 JunEmbedding Forbidden Text in Spyware to Discourage AI AnalysisAt least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details : The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering …SCHNEIER.COM
24 JunAgentic AI Security: Wrong Context, Wrong Decisions at Machine SpeedContext is the central plank of AI in general, and agentic AI in particular. If an AI system doesn’t have the correct context, it cannot make the correct decisions. The post Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunThird DraftKings Hacker Sentenced to 18 Months in PrisonNathan Austad has been ordered to pay roughly $1.8 million in forfeiture and restitution, and the sentence also includes 3 years of supervised release. The post Third DraftKings Hacker Sentenced to 18 Months in Prison appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunCritical Ubiquiti Vulnerabilities in Attackers’ CrosshairsThe flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands. The post Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunSuperOps and Guardz bundle IT operations and security into one product for MSPsSuperOps and Guardz announced a strategic partnership, combining their platforms into a single bundled offering for managed service providers (MSPs). The package brings professional services automation (PSA), remote monitoring and management (RMM), mobile device management (MDM),…HELPNETSECURITY.COM
24 JunmacOS Backdoor Uses Prompt Injection to Evade AI TriageSentinelLabs found a North Korea-linked macOS backdoor using prompt injection on AI triage toolsINFOSECURITY-MAGAZINE.COM
24 JunExclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and RiskThe new framework seeks to help security teams identify which software supply chain vulnerabilities pose the greatest operational, safety, and business risks in AI-driven environments. The post Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk…SECURITYWEEK.COM
24 JunAlgerian national accused of running cybercrime marketplaces extradited to USAn Algerian national accused of running online marketplaces that sold phishing kits and fraud tools has been extradited from Spain to the United States to face bank fraud conspiracy charges. The post Algerian national accused of running cybercrime marketplaces extradited to US ap…HELPNETSECURITY.COM
24 JunStealC and Amadey: Breaking down infostealers and the cybercrime services that deliver themOn June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that formed the backbone of the StealC and Amadey infrastructure. This blog is a technical breakdown of StealC and Amadey. The post StealC and Amadey: Breaking do…MICROSOFT.COM
24 JunMozilla proposes privacy-preserving alternative to CAPTCHAsMozilla has unveiled a new proposal called PACT (Private Access Control Tokens), a framework designed to help websites distinguish legitimate users from abusive bots without relying on invasive tracking, hardware attestation, or repeated CAPTCHA challenges. According to Mozilla, …CYBERINSIDER.COM
24 JunTor Project to disable support for Tor 0.4.8 on September 1The Tor Project has announced plans to stop supporting Tor 0.4.8 and earlier releases on September 1, 2026, as it prepares the network for the deployment of Arti, its Rust-based implementation of Tor. The announcement concerns the underlying Tor software used by relays, onion ser…CYBERINSIDER.COM
🌐 CYBER THREAT LANDSCAPE 6[−]
24 JunStrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoaderKaspersky researchers analyze a new global campaign dubbed StrikeShark that delivers Cobalt Strike Beacon via custom SharkLoader malware.SECURELIST.COM
24 Jun“Total access to all your devices.” Sextortion scammers strike againThey say they have videos, malware, and total control of your devices. Here's how to read a sextortion email like a security researcher instead of a victim.MALWAREBYTES.COM
24 JunWatch out for renewal scams pretending to be MalwarebytesScammers are sending fake software renewal notices that claim you've been charged for a subscription. Some even impersonate Malwarebytes.MALWAREBYTES.COM
24 JunHow AI Is Rewriting the SecOps PlaybookThe threat landscape has changed. Adversaries operate at machine speed, shrinking attacks from days to minutes. Defenders can no longer investigate and respond before damage occurs. In this new era, Security Operations must prioritize speed, automation, and continuous decision-ma…WIZ.IO
24 JunEuropol-Led Operation Endgame Takes Down StealC and Amadey InfostealersOperation Endgame seized around 50 domains and nearly 200 active IP-based servers associated with the infostealersINFOSECURITY-MAGAZINE.COM
24 JunMore Malicious OpenClaw Skills Threaten AI Supply ChainOpenClaw removed five packages from ClawHub, its skills marketplace, that bypassed security checks even though they included infostealers and other threats.DARKREADING.COM
🎙️ PODCASTS 1[−]
24 JunHow to Run a Content Syndication Program That Works with Steve Piper of CyberEdge GroupContent syndication has earned a mixed reputation among cybersecurity marketers. Too often, programs generate large volumes of leads but little measurable pipeline. Sales teams question lead quality, marketing teams question whether the right buyers are being reached, and both si…THECYBERWIRE.COM
📡 INFOSEC NEWS 10[−]
24 JunWeekly Threat Bulletin – June 24th, 2026These are the top threats you should know about this week.F5.COM
24 JunUK Museums Face Cybersecurity Risks, MPs WarnPublic Accounts Committee (PAC) warns that museums and galleries aren’t getting enough government support on cyberINFOSECURITY-MAGAZINE.COM
24 JunDoJ Seizes Huione Cloud Account Tied to Cyber Scam Money LaunderingThe U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked to Prince …THEHACKERNEWS.COM
24 JunAI Is Making Attacks Cheaper, Faster and More Covert, Says ReliaQuestNew ReliaQuest study reveals the six ways AI is practically being used in attacks todayINFOSECURITY-MAGAZINE.COM
24 JunDawn of the Apex Agentic AdversaryWe are standing at the end of an era we never thought to mourn: the era of human-speed threats. For years, cybersecurity moved to a rhythm organizations could follow. A researcher found a bug, a CVE was cataloged, a vendor navigated a patch cycle, and weeks or even months later, …THEHACKERNEWS.COM
24 JunGerman rail services resume after wireless communications outageDeutsche Bahn said a nationwide disruption of railway services was tied to a malfunction in its 2G-based GSM-R communications system.THERECORD.MEDIA
24 JunSecuring the service desk: Why social engineering attacks keep succeedingService desks have become a favored target for attackers seeking password resets, MFA changes, and access to corporate accounts. Specops Software breaks down how service desk social engineering attacks work and how organizations can defend against them. [...]BLEEPINGCOMPUTER.COM
24 JunResearchers Trick AI Browsers Into Leaking CredentialsLayerX tricked AI browsers including ChatGPT Atlas and Comet into bypassing their guardrailsINFOSECURITY-MAGAZINE.COM
24 JunPixelSmash flaw turns video files into attack toolsResearchers have found a critical FFmpeg flaw that could let attackers use a malicious video file to compromise vulnerable systems.MALWAREBYTES.COM
24 JunAccenture acquires Dragos, runZero, and NetRise for more than $4 billion.Dream has raised $260 million in funding led by Bicycle Capital and Group 11.THECYBERWIRE.COM