114Articles
9Categories
2026-06-29Date
🚨 CISA KEV 2[−]
29 Jun KEVModernizing Global Vulnerability Standards For The Age Of AIAs AI-driven vulnerability discovery accelerates, the cybersecurity ecosystem is being forced to examine whether the standards, disclosure processes, and prioritization frameworks defenders rely on can still keep pace. Many of those systems were built around human-speed discovery…RAPID7.COM
29 Jun KEVJSP webshells being dropped on unpatched PTC Windchill instancesThe US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle management software platforms developed by PTC, to its Known Exploited Vulnerabilities (KEV) catalog. Entries in the KEV catalog d…HELPNETSECURITY.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 12[−]
29 JunPublic PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH FlawA public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release u…THEHACKERNEWS.COM
29 JunCVE-2026-52910 bpf: Free reuseport cBPF prog after RCU grace period.Information published.MSRC.MICROSOFT.COM
29 JunCVE-2026-52909 ip6_vti: set netns_immutable on the fallback device.Information published.MSRC.MICROSOFT.COM
29 JunHackers now exploit critical Oracle E-Business flaw in attacksAttackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused. [...]BLEEPINGCOMPUTER.COM
29 JunCritical SimpleHelp flaw exploited to deploy new stealer malwareHackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting Windows, macOS, and Linux. [...]BLEEPINGCOMPUTER.COM
29 JunEnterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037)Welcome back to another watchTowr Labs blog post. This time, we're looking at Progress Kemp LoadMaster, a load balancer that sits at the edge of a lot of enterprise networks. Edge appliances have a habit of becoming the way in rather than the thing keeping people out, andLABS.WATCHTOWR.COM
29 Jun'Djinn' Stealer Targets Cloud, AI CredentialsThe infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems.DARKREADING.COM
⚠️ VULNERABILITY DISCLOSURE 28[−]
29 JunSponsored: Corelight’s blueprint for AI-era defenceIn this sponsored interview James Wilson chats with Corelight’s VP of Product Vijit Nair about defence strategies for the AI era. When agents can find and exploit vulnerabilities at machine speed, you need to balance between proactive and reactive measures. On the proactive side,…RISKY.BIZ
29 JunUS Restricts Frontier AI modelsUS Loosens Anthropic Claude Mythos Access, Unpatchable iPhone Exploit Emerges, and CISO Burnout Drives Fractional Shift Washington granted a partial reprieve allowing Anthropic's Claude Mythos to be released to more than 100 approved U.S. firms and institutions after export contr…CYBERSECURITYTODAY.LIBSYN.COM
29 JunDarkMoon: Open-source AI pentesting platformPenetration testing has long run on expert time, with specialists spending days probing a network or web application by hand. Manual engagements stretch across weeks, expert consultants run into thousands of dollars a day, and results vary with the tester. Automation promises to …HELPNETSECURITY.COM
29 JunFrom mythos to reality: Why the 2026 state of pentesting report proves the need for programmatic defensesAI can find zero-days in minutes. Your defense strategy must evolve now.CYBERSECURITYDIVE.COM
29 JunFixing pentesting, Meta is destroying its engineering org, the weekly news - ESW #465Interview with Adriel Desautels - the pentest is broken Adriel joins us for a discussion on the state of penetration testing, why it hasn't done much to help security teams over the last 20 years, and why AI won't save it. Segment Resources: - https://hbr.org/2026/04/boards-are-f…YOUTUBE.COM
29 JunUS Federal Insurance Regulator Confirms Data Breach Via Oracle FlawAn attacker has exploited a zero day in Oracle Peoplesoft to gain access to the IT systems of the NAIC, the standard-setting association for the US federal insurance systemINFOSECURITY-MAGAZINE.COM
29 JunRobot Police OfficersWe’ve taken one small step towards robot police officers: a drone capable of disarming a suspect: In a June 22 video posted on the Sacramento County Sheriff’s Office’s Instagram page, an officer wearing goggles can be seen operating a drone to retrieve a knife from an armed…SCHNEIER.COM
29 JunMozilla warns of indirect prompt injection risk in AI coding agentsA malicious GitHub repository can silently compromise a developer’s machine without containing a single line of malicious code, security researchers at Mozilla’s Zero Day Investigative Network (0DIN) warned. The attack The proof-of-concept attack targets AI-powered co…HELPNETSECURITY.COM
29 Jun‘DirtyClone’ Linux Kernel Vulnerability Leads to Root AccessA variant of DirtyFrag, the flaw allows unprivileged local users to manipulate the Linux page cache and gain root privileges. The post ‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access appeared first on SecurityWeek .SECURITYWEEK.COM
29 JunThe Red Agent POV: Exploiting Broken Object-Level Authorization in an Airline GraphQL APIPart 2: How the Red Agent bypassed backend resolvers to expose an entire airline booking database in fifteen minutesWIZ.IO
29 Jun236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet DrainersNew findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App. The templates power bogus cryptocurrency exchanges, mu…THEHACKERNEWS.COM
29 JunCharting your way in: Helm template injectionDuring the audit of a Kubernetes cluster, we encountered an injection in a Helm template applied through ArgoCD. To our surprise, very few resources exist regarding YAML injection in vulnerable Helm templates. In this blog post, we will explore this kind of vulnerability and how …SYNACKTIV.COM
29 JunUK businesses fear stigma of ransomwareAlex Scroxton reports: Fear of stigmatisation is likely leading businesses across the UK to drastically underreport data on ransomware attacks, especially when they have paid a ransom to a cyber criminal gang, as admission of such is often seen as supporting further criminal acti…DATABREACHES.NET
29 JunCentral Bank of Libya investigates alleged data leak after cyberattackSafaAlharathy reports: Libya’s central bank (CBL) says it is investigating data published on the dark web following a recent cyberattack. In a statement, the bank said its technical teams, working with international experts, were analysing the data to determine its nature and whe…DATABREACHES.NET
29 JunZA: Copying the wrong person on an email could be considered a data breach in South AfricaJan Vermeulen reports: Misdirected internal emails that expose personal information can trigger mandatory data breach reporting under South Africa’s data privacy law, POPIA, even when the disclosure was accidental. Armand Swart, Hlonelwa Lutuli, and Isabella Keeves from Werksmans…DATABREACHES.NET
29 JunOne Honeypot Ends the AttackMany attackers spend their first moments inside a compromised network performing discovery. According to this red team perspective, a properly deployed honeypot or canary token can immediately reveal that activity. That means organizations don't always have to catch every exploit…YOUTUBE.COM
29 JunFactoring RSA Keys with Many ZerosInteresting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massive …SCHNEIER.COM
29 JunInside the Advisory Database and what happens when vulnerability volume breaks recordsThe GitHub Advisory Database is processing more vulnerability reports than ever before. Here's what's driving the surge, how we're responding, and how the community can help. The post Inside the Advisory Database and what happens when vulnerability volume breaks records appeared …GITHUB.BLOG
29 JunUS racks up about 400 wins over illegal World Cup streaming sitesThe World Cup’s organizing body, FIFA, helped identify hundreds of domains taken down in an action organized by the U.S., along with the help of U.S. broadcaster NBC Universal and other entities.THERECORD.MEDIA
29 JunNissan hit by Oracle PeopleSoft cyberattack exposing internal dataNissan North America has informed employees that a cyberattack targeting Oracle PeopleSoft systems exposed sensitive personnel records, making the automaker one of the latest known victims linked to a broader campaign exploiting a critical vulnerability in the widely used HR plat…CYBERINSIDER.COM
29 JunNI: Updated warning to parents over schools cyber attackNiall Glynn and Auryn Cox report: The number of schools in Northern Ireland affected by a recent cyber-attack is larger than previously thought. In a letter issued by the Education Authority (EA) on Thursday, some parents were warned that their child’s personal data may hav…DATABREACHES.NET
29 JunMOVEit Breach Defendants Lose 2nd Bid to Toss Negligence ClaimsChristopher Brown reports: Bellwether defendants in multi-district litigation over a massive data breach of Progress Software’s MOVEit file-transfer application failed to convince a federal court to toss negligence claims against them under the laws of California, Indiana, Michig…DATABREACHES.NET
29 JunAI behind the velvet rope.The White House keeps frontier AI models on a short leash. Russian threat actors increasingly target secure messaging platforms. DirtyClone is a high-severity Linux kernel privilege escalation flaw. An investigation claims federal websites are violating privacy rules. Microsoft d…THECYBERWIRE.COM
29 JunNissan discloses employee data breach linked to Oracle zero-day attacksNissan is warning that it suffered a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability in data theft attacks previously linked to the ShinyHunters extortion group. [...]BLEEPINGCOMPUTER.COM
29 JunNAIC says public data stolen in ShinyHunters' PeopleSoft breachThe National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems by exploiting a zero-day vulnerability in an Oracle PeopleSoft server. [...]BLEEPINGCOMPUTER.COM
29 JunStop Building a 2003 SOC with AI: A Modern People & Process Framework (Part 1)One particular aspect of an agentic or AI-powered SOC (but NOT “humanless SOC ”) has bothered me over the last few months: specifically, the people and process side of such a SOC. If you recall my blog posts ( part 1 , part 2 and this video ) about AI SOC readiness, I hinted at c…MEDIUM.COM
29 JunVulnerabilities Expose Private Data in Indian Government SystemsOne critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.DARKREADING.COM
29 JunEXCLUSIVE: Top-100 Law Firm Fox Rothschild Suffers Data Breach and Leak by Silent Ransom GroupFox Rothschild is a top-100 law firm whose articles and resources have been cited on DataBreaches.net and PogoWasRight.org dozens of times over the years. This time, however, they are the subject of a post because they were victims of a data breach by a well-known group that targ…DATABREACHES.NET
📢 SECURITY ADVISORIES 10[−]
29 JunWhat the post-quantum executive order really demands of CISOsith federal PQC deadlines set for 2030 and 2031, CISOs face a multi-year transformation program that most organizations have not yet started. The window for orderly execution is narrowing fast. The post What the post-quantum executive order really demands of CISOs appeared first …CYBERSCOOP.COM
29 JunOpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurity ReviewChatGPT maker OpenAI said Friday it is restricting the release of its new artificial intelligence model at the request of President Donald Trump’s administration. The post OpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurity Review appeared fi…SECURITYWEEK.COM
29 JunMustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government AttacksThe China-aligned espionage group Mustang Panda is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel. Acronis Threat Research Unit found active compromis…THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 13[−]
29 JunSycophantic chatbots and the harms that build over many chatsPeople use AI chatbots for company, advice, and emotional support, and these systems answer in ways meant to hold their attention. Researchers describe the resulting risks as affective safety, a class of harm that exists because humans are emotional beings and because the systems…HELPNETSECURITY.COM
29 JunHijacked npm and Go Packages Use VS Code Tasks to Deploy Python InfostealerCybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle…THEHACKERNEWS.COM
29 JunThe Gentlemen are knocking: сustom backdoors and evolving tacticsKaspersky researchers analyze incidents related to The Gentlemen RaaS group, disclose their tools and TTPs, and find a new ransomware variant.SECURELIST.COM
29 JunTop Google Security Staff Warn Search Data Could Be Hacked if EU Rules ChangeEurope’s pro-competition proposals could see Google Search and Android systems opened up. The company claims there are serious privacy flaws.WIRED.COM
29 JunRussian Hackers Accused of Destructive Cyber-Attack on Jaguar Land RoverExperts warn the Jaguar Land Rover breach bears hallmarks of Kremlin-backed hackers, citing novel ransomware, strategic timing and efforts to obscure attributionINFOSECURITY-MAGAZINE.COM
29 JunPrivacyHawk Enterprise helps organizations find shadow IT and minimize third-party cyber riskPrivacyHawk has announced the general availability of PrivacyHawk Enterprise, a solution that identifies and eliminates the shadow IT accounts, abandoned SaaS subscriptions, and forgotten third-party services quietly exposing organizations to breach risk. Every organization has a…HELPNETSECURITY.COM
29 Jun29th June – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 29th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Polymarket, a large cryptocurrency-based prediction market, has confirmed a supply chain attack after a third-party frontend vendor b…RESEARCH.CHECKPOINT.COM
29 JunFrom Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver AkiraKey Takeaways This case was first reported to customers in a threat brief released in July 2025 and in a public flash alert in August 2025 in partnership with Swisscom B2B CSIRT, which observed another intrusion tied to the same campaign. This report contains data from both intru…THEDFIRREPORT.COM
29 JunWhite House eases restrictions on Mythos.FBI issues updated warning on Russian phishing attacks targeting messaging apps. Japanese telecommunications giant discloses breach.THECYBERWIRE.COM
29 JunInsurance body confirms hackers posted Oracle PeopleSoft breach dataNAIC warned that some ratings agencies have suspended data feeds as a precaution. CYBERSECURITYDIVE.COM
29 JunOne Hack, Fifty VictimsA single breach can trigger many others when attackers compromise widely used software, infrastructure, or suppliers. The speakers describe this as a cascading breach, while also comparing it to hack amplification. Rather than attacking companies one by one, attackers may focus o…YOUTUBE.COM
29 JunWhat the June 2026 Threat Technique Catalog update means for your AWS environmentThe AWS Customer Incident Response Team (AWS CIRT) encounters patterns that repeat across engagements when helping customers respond to security incidents. We’re passionate about making sure that information is accessible so that everyone can improve their security posture and th…AWS.AMAZON.COM
29 JunIran, Russia, China Target Water Systems for SabotageNation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.DARKREADING.COM
🕵️ THREAT INTELLIGENCE 24[−]
29 JunISC Stormcast For Monday, June 29th, 2026 https://isc.sans.edu/podcastdetail/9986, (Mon, Jun 29th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
29 JunRisky Bulletin: White House asks OpenAI to restrict GPT 5.6The White House asks OpenAI to keep a tight grip on ChatGPT 5.6, the US Secret Service made some appalling OpSec mistakes, AMD has reintroduced a CPU security feature after consumer backlash, and an Iranian APT operator has been arrested in Montenegro.RISKY.BIZ
29 JunMost teams accept higher risk for faster AI database workDatabase professionals are using AI for everyday work like writing queries, building schemas, and reviewing code, and a growing share rely on autonomous tools that act on the database itself. The use of AI in database management has almost tripled in a year, climbing from 15% to …HELPNETSECURITY.COM
29 JunCompanies keep bolting AI onto their products, and the security bill is coming dueCompanies keep bolting AI and LLM features onto their products, and the security results are starting to show a pattern. The vulnerabilities those features create get rated high risk far more often than anything else, and they get fixed slower than anything else. The figures come…HELPNETSECURITY.COM
29 JunOpenAI Unveils GPT-5.6 Sol as Its Most Advanced Cybersecurity AIThe company says Sol matches competing systems like Mythos Preview while using only a third of the output tokens. The post OpenAI Unveils GPT-5.6 Sol as Its Most Advanced Cybersecurity AI appeared first on SecurityWeek .SECURITYWEEK.COM
29 JunMicrosoft Removes 119 Edge Extensions That Hid Malware in Images and FontsMicrosoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud. The company calls it StegoAd, a mash-up of stegan…THEHACKERNEWS.COM
29 JunUS Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks EvolveUNC5792 and UNC4221 have been targeting US government officials, military leaders, and allied personnel. The post US Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve appeared first on SecurityWeek .SECURITYWEEK.COM
29 JunGPT-5.6 gets better at cybersecurityOpenAI has started rolling out the GPT-5.6 series models in limited preview to a small group of trusted partners through the API and Codex. The series includes Sol as the flagship model, Terra as a balanced option, and Luna as the fastest and most cost-efficient model. The rollou…HELPNETSECURITY.COM
29 JunSSU and FBI Uncover Russian Cyber Espionage Operation Against Officials and Military PersonnelUkraine’s SSU and the FBI Just Confirmed Russian Intelligence Has Been Systematically Hacking Messenger Accounts for Years. The Security Service of Ukraine (SSU), working jointly with the FBI, has formally exposed a sustained Russian intelligence campaign targeting the mess…SECURITYAFFAIRS.COM
29 JunWhy Post-Quantum Cryptography Starts With CredentialsToday’s encrypted data, such as credentials, may no longer remain confidential in the future because the public-key cryptography protecting it will soon be broken by quantum computers. Although no machine today can break elliptic curve cryptography or RSA, quantum hardware is adv…THEHACKERNEWS.COM
29 JunGamaredon Expands Ukraine Attacks with New Malware and Cloud Service AbuseA Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025. Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing campaigns mounted by Ga…THEHACKERNEWS.COM
29 JunInsurance Regulators Group NAIC Hit in Oracle PeopleSoft HackThe ShinyHunters extortion group claims to have stolen 3.1 TB of data from the organization. The post Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack appeared first on SecurityWeek .SECURITYWEEK.COM
29 JunOpenAI voluntarily limits new AI models at government’s requestThe company said it was working with the government on a more formal process for reviewing model releases.CYBERSECURITYDIVE.COM
29 JunResearchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer MachinesIndirect prompts hidden in a repository can lead to Claude Code spawning a reverse shell on the developer’s machine. The post Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines appeared first on SecurityWeek .SECURITYWEEK.COM
29 JunStraiker Raises $64 Million for AI Security PlatformThe startup’s platform can identify AI agents and provide visibility into their access, behavior, and risks. The post Straiker Raises $64 Million for AI Security Platform appeared first on SecurityWeek .SECURITYWEEK.COM
29 JunWhatsApp Rolling Out Username Feature to Bolster Phone Number PrivacyAn optional ‘username key’ adds another layer by requiring a secondary credential before someone can message users. The post WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy appeared first on SecurityWeek .SECURITYWEEK.COM
29 JunSupreme Court approves mail-in ballots that arrive after Election DayThe ruling is a victory for election advocates who say the evidence overwhelmingly shows that voter fraud is rare and not tied to mail voting in general. The post Supreme Court approves mail-in ballots that arrive after Election Day appeared first on CyberScoop .CYBERSCOOP.COM
29 JunSupreme Court delivers ‘major win’ for tech privacy in Chatrie rulingDissenting justices who criticized the ruling said it would have “seismic” implications for the Fourth Amendment. The post Supreme Court delivers ‘major win’ for tech privacy in Chatrie ruling appeared first on CyberScoop .CYBERSCOOP.COM
29 JunChrome extension Adblock for YouTube with 11 million users could be silently weaponizedThe operators of the popular “Adblock for YouTube” Chrome extension could remotely execute JavaScript on websites visited by users through a server-side configuration change. Island researchers who discovered this found no evidence that the architectural weakness has …CYBERINSIDER.COM
29 JunUS offers $10 million for info on Russian hackers targeting Signal accountsThe U.S. Department of State has announced a reward of up to $10 million for information leading to the identification or location of members of UNC5792. This is a Russian state-linked hacking group accused of targeting Signal and WhatsApp accounts belonging to U.S. government of…CYBERINSIDER.COM
29 JunChromium extension uses AI‑related branding to redirect browser searchA malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI redirects browser search traffic using MV3 APIs and intermediary infrastructure. The post Chromium extension uses AI‑related branding to redirect browser search appeared first on Microsoft…MICROSOFT.COM
29 JunWarner bill would create federally vetted list for secure, trustworthy AI agentsThe bill empowers the FTC to create a registry for sellers of AI agent software certifying their privacy and cybersecurity protections. The post Warner bill would create federally vetted list for secure, trustworthy AI agents appeared first on CyberScoop .CYBERSCOOP.COM
29 JunWhatsApp opens username reservations ahead of feature rolloutMeta has announced that WhatsApp users can now reserve usernames ahead of a broader launch planned for later this year, introducing a long-awaited privacy feature that allows people to connect without sharing their phone numbers. The company says the feature is designed to give u…CYBERINSIDER.COM
29 JunU.S. Targets Russian Cyber Spies With $10M Bounty Over Messaging App AttacksThe U.S. offers up to $10M for information on Russian hackers targeting Signal and WhatsApp accounts of officials and journalists. The U.S. government is offering rewards of up to $10 million for information leading to the identification of members of the Russian-linked groups UN…SECURITYAFFAIRS.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
29 JunA week in security (June 22 – June 28)A list of topics we covered in the week of June 22 to June 28 of 2026MALWAREBYTES.COM
29 JunWebinar: Why business email compromise attacks keep succeedingBusiness email compromise attacks increasingly rely on convincing impersonation rather than malware, making them harder for employees and traditional email defenses to detect. This webinar explores how behavioral AI can help identify sophisticated email threats and automate respo…BLEEPINGCOMPUTER.COM
29 Jun⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and MoreThis week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open. The noise is not all noise, either. Forums are talking, researchers are finding easy cracks, and defenders have more cle…THEHACKERNEWS.COM
29 Jun119 Edge extensions promised useful tools, instead downloaded malwareMicrosoft has removed over 100 Edge extensions that were delivering malware hidden in images.MALWAREBYTES.COM
🎙️ PODCASTS 1[−]
29 JunThis pay gap is programmed (Lock and Code S07E13)This week on the Lock and Code podcast, we speak with Veena Dubal about algorithmic wage discrimination and its appetite for all worker data.MALWAREBYTES.COM
📡 INFOSEC NEWS 20[−]
29 JunFBI Sounds Alarm Over Russian Intelligence Signal PhishingThe FBI claims Russian spies are targeting Signal backup keysINFOSECURITY-MAGAZINE.COM
29 JunUS seizes hundreds of FIFA World Cup illegal streaming domainsThe U.S. Justice Department's Criminal Division has seized nearly 400 web domains used for illegally streaming matches at the FIFA World Cup. [...]BLEEPINGCOMPUTER.COM
29 JunThe Borderless Attack Surface: Securing Public Sector Hybrid EnvironmentsAligning Modern CNAPP Telemetry with realistic risk assessments to drive agency efficiency through cross-team collaborationWIZ.IO
29 JunAdding some Automation to the favicon.ico method of Host Recon, (Mon, Jun 29th)I&#;x26;#;39;m in the throes of target host recon for another pentest, and thought I&#;x26;#;39;d share some workflow / automation stuff. In the past, I&#;x26;#;39;ve discussed using histori…ISC.SANS.EDU
29 JunStegoAd: How 119 Fake Browser Extensions Stole Credentials and Ran Ad Fraud for Two YearsMicrosoft shut down the StegoAd campaign, which used 119 malicious Edge extensions, hit 2.6M installs, and ran undetected for two years. Microsoft just shut down one of the more technically clever malicious extension campaigns it’s ever documented. The operation, named Steg…SECURITYAFFAIRS.COM
29 JunUkraine to use seized crypto from cybercrime group to buy war bondsUkraine's Asset Recovery and Management Agency (ARMA), which manages property seized in criminal proceedings, said more than $8.3 million in cryptocurrency had been transferred to its official digital wallet following a court order.THERECORD.MEDIA
29 JunOpenAI Reveals GPT-5.6 Sol Cybersecurity Model, Restricts Early AccessOpenAI is previewing its GPT-5.6 Sol model to a vetted few at the US government's requestINFOSECURITY-MAGAZINE.COM
29 JunTelegram-Based Millenium RAT Campaign Infects 60,000 DevicesGroup-IB says Millenium RAT, now rewritten in C++, has hit 62,289 devices in 160+ countriesINFOSECURITY-MAGAZINE.COM
29 JunAgentic AI Has an Identity Problem and Attackers Know ItAI agents can access data, trigger workflows, and take action across enterprise systems. Token Security explains why governing these privileged identities is becoming essential for enterprise security. [...]BLEEPINGCOMPUTER.COM
29 JunWhatsApp is Finally Getting Usernames to Help Keep Phone Numbers PrivateWhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional feature is designed to help users connect with someone on the service through username…THEHACKERNEWS.COM
29 JunIn major privacy win, Supreme Court rules geofence warrants are protected by privacy rightsThe Supreme Court's decision to limit geofence warrants is a win for privacy advocates, who called their use unconstitutional but sought an outright ban.TECHCRUNCH.COM
29 JunUS posts $10 million reward over Russian cyber campaign targeting Signal, WhatsAppRussia-linked hacking groups tracked as UNC5792 and UNC4221 have socially engineered their way into the messaging accounts of government officials.THERECORD.MEDIA
29 JunU.S. offers $10 million for hackers targeting WhatsApp, Signal usersThe U.S. Department of State is offering up to $10 million for information that helps identify or locate members of the UNC5792 and UNC4221 hacker groups, which are linked to Russia's intelligence and military services. [...]BLEEPINGCOMPUTER.COM
29 JunBridging the Visibility Gap: A Unified Security Operating Model for Hybrid Cloud TeamsMove beyond chasing vulnerabilities to a unified hybrid risk strategy. The Sensor Workload Scanner is now GA and extends our risk prioritization engine to on-premise environments to identify the critical attack paths across your hybrid cloud.WIZ.IO
29 JunWhatsApp rolls out usernames to help users hide their phone numberWhatsApp is finally allowing users to reserve usernames, a privacy feature that lets them hide their phone numbers from people not in their contact list. [...]BLEEPINGCOMPUTER.COM
29 JunMicrosoft extends Windows Server 2022 hotpatching until October 2027Microsoft has extended Windows Server 2022 hotpatching until October 2027, one year after the mainstream end date of October 2026. [...]BLEEPINGCOMPUTER.COM
29 JunJustices rule that cellphone location histories are protected by the Fourth AmendmentPolice must get a warrant to request geofence data involving individual cellphones, the U.S. Supreme Court ruled in what represents a victory for privacy advocates.THERECORD.MEDIA
29 JunCan Clothes Make You Invisible to Facial Recognition?Does life feel Orwellian sometimes? One researcher has a solution for you: graphic tees that confuse the neural networks in surveillance cameras.DARKREADING.COM
29 JunMeta Contractors Posed as Teens to Prompt Rival Chatbots About Suicide, Sex, and DrugsHundreds of contractors working on a project for Meta pretended to be kids—and then prompted rival chatbots like Gemini and ChatGPT to discuss high-risk subjects.WIRED.COM
29 JunWhatsApp Usernames Are Coming. You Can Reserve Yours Right NowWhatsApp will introduce usernames later this year, letting its 3 billion users connect without sharing phone numbers. WhatsApp has over three billion users, and it’s finally letting them talk to each other without exchanging phone numbers. The company announced this week th…SECURITYAFFAIRS.COM