-
SAP fixes critical flaws in NetWeaver and Commerce Cloud
SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cl...
-
Microsoft releases Windows 10 KB5094127 extended security update
Microsoft has released the Windows 10 KB5094127 extended security update, which fixes the June 2026 Patch Tuesday vulnerabilities and adds new functionality to monitor the rollo...
-
Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flaws
Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including five publicly disclosed zero-day vulnerabilities and one actively exploited in attac...
-
Microsoft June 2026 Patch Tuesday fixes 5 zero-days, 200 flaws
Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including four publicly disclosed zero-day vulnerabilities and one actively exploited in attac...
-
Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws
Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws and five publicly disclosed zero-day vulnerabilities. [...]
-
Windows 11 KB5094126 & KB5093998 cumulative updates released
Microsoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]
-
Meta to Use Off-Site Business Data for Feed and AI Personalization
Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence (AI) chatbot, expandi...
-
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vu...
-
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being com...
-
XBOW tests Anthropic's Mythos Preview for offensive security
Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit ...
-
GitHub disables Microsoft repos pushing password-stealing malware
Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. [...]
-
FCC Wants to Kill Burner Phones By Forcing Telecoms to Get All Customers’ IDs
The FCC wants to legally force telecoms to collect new and renewing customers’ government issued identity number and physical address, impacting everyone from the privacy-consci...
-
Judge Learns Lawyers on Both Sides of Case Used AI, Cancels Trial, Kicks Everyone Off the Case
When two AIs argue against each other, the legal system loses.
-
New Veeam vulnerability exposes backup servers to RCE attacks
Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup serv...
-
Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257. The post Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 appeared first on Unit 42.
-
Meta’s face-recognition code raises new concerns about smart glasses
As smart glasses become more capable, concerns about face recognition, covert recording, and biometric surveillance are growing.
-
'Sloppenheimer:' Amazon Employees Mock the Company’s AI on Slack
Amazon employees have a Slack channel for memes where the mock and commiserate about the company’s faulty AI coding product.
-
Rapid7 Gains Access To Anthropic’s Project Glasswing To Explore Frontier AI For Cybersecurity
Wade Woolwine is Senior Director, Product Security at Rapid7.Rapid7 is excited to join Anthropic’s Project Glasswing, which includes access to Claude Mythos Preview, giving our ...
-
Scammers love Meta, according to Lloyds Bank
Facebook, Instagram, and WhatsApp account for more than two thirds of fraud reports made by Lloyds customers.
-
Intellyx Names NETSCOUT to Prestigious 2026 Digital Innovator Award List
Earning industrywide recognition two years in a row is very rewarding. Achieving that same honor six consecutive times makes a statement. Being selected by Intellyx for its 2026...
-
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerabilit...
-
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way ...
-
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked a...
-
The Hidden Security Risk in Modern Networks: The Work Between Tools
Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with r...
-
Update Chrome: Google patches actively exploited vulnerability and 73 others
Google's latest Chrome update fixes 74 security vulnerabilities, including one under active attack.
-
Protecting 50,000 Users: How ANY.RUN Drives Incident Prevention at UMass Boston
Securing a university means defending a highly open environment, where thousands of users, devices, and external connections create constant exposure to risk. We had a unique op...
-
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no nativ...
-
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (P...
-
Gartner Security Summit 2026: Huntress 5 Key Takeaways
Resilience, identity, and practical AI led the conversation at Gartner Security & Risk Management Summit 2026. Here are five key takeaways security leaders should act on.
-
When “Hi, This Is IT” Comes Through Microsoft Teams
Attackers are increasingly targeting collaboration platforms like Microsoft Teams. Learn the risks and key steps to strengthen your organization's security. The post When “Hi, T...
-
This Company Will Add Phone, AirPod, and Smartwatch Trackers to License Plate Readers
SignalTrace “links devices that regularly travel together, correlating them to license plate.” It is a surveillance product that will sweep up and add all sorts of Bluetooth and...
-
Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)
OverviewOn June 8, 2026, Check Point published a security advisory for CVE-2026-50751, a critical authentication bypass vulnerability affecting Check Point Remote Access VPN, Mo...
-
Microsoft Hacked to Deliver Malware to Claude and Gemini Users
Microsoft took the highly unusual step of shutting down more than 70 of its own GitHub repositories after hackers pushed malware that would steal credentials from AI coding agent users.
-
Americans lost nearly $900 million to AI-powered scams, FBI says
Deepfakes, voice cloning, and other AI-powered scams cost Americans nearly $900 million in 2025, says the 2025 FBI Internet Crime Report.
-
It’s So Not Over for Hollywood (with Devindra Hardawar)
Emanuel talks to Devindra Hardawar about AI in Hollywood and the state of the movie industry.
-
A Farmer Donated Land to Turn into a Park. The City Is Building a Massive Data Center Instead
In 1999, a farmer gave away 87 acres of land to a small Texas city to use as a park. The city sold to a data center developer for $10 million.
-
Heimdal® Marks Six Years of Consecutive ISAE 3000 SOC 2 Type II Certification
COPENHAGEN, Denmark, June 8, 2026 – Heimdal has achieved ISAE 3000 SOC 2 Type II certification for the sixth consecutive year, reflecting the company’s continued focus on operat...
-
Pirated PC games are delivering password-stealing malware
Cybercriminals are hiding malware in cracked and repacked games, infecting more than 400,000 devices worldwide.
-
A week in security (June 1 – June 7)
A list of topics we covered in the week of June 1 to June 7 of 2026
-
Governing Claude Enterprise in Environments Where Inline Controls Can't Go
TrendAI™ integrates Anthropic's Claude Compliance API into TrendAI Vision One™ through two collectors that bring AI-aware visibility and detection to Claude Enterprise usage: on...
-
Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open
Two separate Russia-aligned campaigns are still exploiting the WinRAR flaw CVE-2025-8088 against Ukrainian organizations nearly a year after it was patched, showing how unmanage...
-
Baker Distributing - 102,935 breached accounts
In May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site. In early June, the group public...
-
Scientists Discover Hidden Symmetry on Earth That Nobody Can Explain
The north-south albedo symmetry may be fading as both hemispheres get darker.
-
Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum
When Open Source is a bit too OpenSeveral fun modules landed this week, including an Apache RCE, Windows Kernel pointer collection, and Gogs RCE via naming. Leading off is Gogs'...
-
ICE’s Plan to Let Cops Around the Country Scan Faces to Verify Immigration Status
ICE plans to give potentially more than a thousand agencies access to a facial recognition app that verifies a person's immigration status.
-
Behind the Blog: Dangerous Memes
This week, we discuss controversial memes, good times at Meta, and more.
-
The U.S. Military Quietly Turned GPS Into a Global ‘Numbers Station,’ Evidence Suggests
A random sequence in an innocuous GPS message field is likely encrypted traffic from the U.S. military's system for remotely updating cryptographic keys around the world.
-
K-pop Fans Are Calling Out Creepy Deepfakes of Idols
With some fans making sexualized AI-generated images and videos of idols, the rest of the fandom is standing up against the behavior.
-
Why Huntress Doesn’t Need FedRAMP
Defense contractors can achieve CMMC compliance without the expense or delays of FedRAMP-authorized cloud services. Discover how Huntress uses Sensitive Data Mode for logical se...
-
Leader in Malware Analysis: ANY.RUN Named Top Vendor in G2 Summer 2026 Awards
We are proud to announce that ANY.RUN has earned the title of Momentum Leader and ranked #1 in the Relationship Index in the latest G2 Summer Reports. Reflecting real security t...
-
AI: Threat, tool, or both?
Public concern about AI is rising. We look at what's driving it, and why cybersecurity occupies a unique place in this debate.
-
BCD Travel - 396,313 breached accounts
In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD wa...
-
Reporting from Vegas: Networking, AI, and good boys
Joe’s on-the-ground report from Cisco Live U.S. is here, complete with therapy dog pictures and tips on handling conference overstimulation.
-
Cyber Strategy at the AI Frontier: President Trump Releases Executive Order to Promote Advanced Artificial Intelligence Innovation and Security
On June 2, 2026, President Trump issued the Executive Order, Promoting Advanced Artificial Intelligence Innovation and Security. The Executive Order carries forward several prio...
-
How the “Swiss Cheese” model can help you choose the right MDR provider
Not all managed detection and response (MDR) solutions are equal. Finding the differences between vendors can be quite hard, and then understanding how those differences impact ...
-
Winning the cyber marathon with Tony Giandomenico
Tony Giandomenico, Senior Director of Product Management, joins Amy to discuss the Talos Threat Hunting launch what he's excited about for the future of cybersecurity, and, of c...
-
How to Operationalize Threat Hunting with NETSCOUT, SIEM, XDR, EDR, and SOAR
Threat hunting does not fail because security teams lack tools. It fails because the tools are often used as separate workspaces instead of connected parts of the same investiga...
-
Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting
Learn how Cisco Talos Threat Hunting uses hypothesis-driven methods and multi-domain telemetry correlation to find stealthy threats operating below automated detection thresholds.
-
Travel scams are everywhere. Here’s how to avoid them
Learn how to spot travel scams, avoid risky bookings, and keep your personal information out of the wrong hands.
-
Q1 2026 Cyber Risk Report: Insights from 2.1 Million Malware and Phishing Investigations
Based on 2,101,483 malware and phishing investigations from Q1 2026, ANY.RUN‘s Cyber Risk report provides a real-world view of modern attack trends. It covers trending malware f...
-
Meta’s AI support bot happily handed Instagram accounts to hackers
Hackers convinced an AI support bot to hand over Instagram accounts by changing recovery email addresses.
-
DentaQuest - 2,553,599 breached accounts
In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundre...
-
We found this fake-invoice campaign while scammers were still building it
Invoices pretending to be from Amazon, PayPal, and others reveal how criminals use fear and phone calls to steal money and devices.
-
A Day in the Life of an MDR Analyst: Inside the Modern SOC
What actually happens inside a SOC when an incident unfolds? Most teams see the alerts and the outcomes, but the decision-making in between is often less visible.At the Rapid7 2...
-
Backup operations at scale: Turning "green" indicators into recovery readiness
During disruptions — ransomware, outages or accidental deletions — what matters is whether recoverable points exist, how recent they are, and whether restores can be performed q...
-
Inside .NET Loader Analysis: From Malspam to In-Memory Loader
A malspam campaign abusing Google's DoubleClick delivers the loader through a five-stage chain that evades detection and blinds Windows telemetry before persisting
-
Solving Network Blind Spots Created by Massive Data Silos
“Dump everything first, structure it later” is a risky data migration strategy. In a large enterprise, moving petabytes across a network is nerve-racking and expensive, so many ...
-
Keep getting calls from questionable numbers? Meet Scam Number Check
Scam Number Check lets you quickly check whether a number has been linked to scams before you call back, share information, or send money.
-
Release Notes: Decision-Ready SOC Reporting, Elastic Security Integration, and 1400+ Threat Coverage Updates
Security leaders are under growing pressure to reduce the time between threat detection and response without adding more complexity to already overloaded SOC workflows. ANY.RUN’...
-
Infostealers are becoming the go-to phishing payload
Cybercriminals prefer infostealers to traditional phishing techniques because they reduce friction, scale well, and are widely available.
-
These convincing copyright notices are designed to steal Google logins
Scammers use fake takedown requests, countdown timers, and spoofed sign-in screens to steal Google logins from Chrome developers.
-
The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)
Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attac...
-
Unpatched NTLM Leakage in Windows search: URI Handler, Same Bug, No CVE, No Fix
The same NTLM leakage primitive that got patched in the Snipping Tool exists in Windows Explorer's search: handler. No CVE. No fix. If your patching relies on CVE coverage, you ...
-
Unpatched NTLM Coercion in Windows search: URI Handler, Same Bug, No CVE, No Fix
The same NTLM coercion primitive that got patched in the Snipping Tool exists in Windows Explorer's search: handler. No CVE. No fix. If your patching relies on CVE coverage, you...
-
The Self-Healing Network: Why Your AI Strategy Needs a Neutral Lens
In the race to 5G-Advanced and 6G, the “self-healing network” has moved from a whiteboard concept to a boardroom mandate. For next-generation networks, the promise is clear: an ...
-
From Fake Purchase Orders to Remote Access: Analyzing the JS.MonoGlyphRAT Threat to US Enterprises
A previously unidentified cyberattack is quietly spreading through US businesses — and most security tools are not catching it. Researchers at ANY.RUN have identified a new back...
-
Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor
Operation FlutterBridge is a malvertising campaign targeting macOS users. It distributed the new backdoor FlutterShell, built using the Flutter framework. The post Operation Flu...
-
Risk Analysis in the Crosshairs: Four Recent Ransomware Resolutions Preview the HIPAA Security Rule Amendments
On April 23, 2026, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced resolution agreements and corrective action plans with four re...
-
Why most DR deployments may not survive a real disaster
This report examines the disaster recovery (DR) readiness across the Acronis Cyber Protect Cloud platform, managing thousands of DR deployments across dozens of data centers wor...
-
CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation
One of the more persistent myths in security is that old bug classes become old problems. They don’t. They just show up in different places, under different conditions, and usua...
-
CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)
OverviewRapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol (VoIP) phone. This research resulted in the discovery of a crit...
-
Rapid7 and Exclusive Networks Expand Partnership Across the Nordics
Building stronger cybersecurity outcomes togetherThe cybersecurity landscape across the Nordics is evolving rapidly. Organizations are facing increasing pressure to modernize se...
-
Edmunds - 177,860 breached accounts
In January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached. Data purportedly obtained in the...
-
Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI's Biggest AI Showdown Yet
47 zero-days fell at Pwn2Own Berlin 2026 for US$1,298,250 in payouts. TrendAI™ was on the ground all three days — here's what we saw.
-
Atlas Menu - 63,926 breached accounts
In May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's databa...
-
Metasploit Wrap Up 05/29/2026
More Linux LPEsHark the age of the Linux LPE has arrived. This week’s release follows up on recent work bringing new Linux LPEs to Metasploit users. Copy Fail seemed to have kic...
-
Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)
OverviewOn May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0257, a medium severity authentication bypass affecting PAN-OS and Prisma Access when a sp...
-
Does It Feel Like a Stormy Season in Your Cloud?
How successful do IT teams feel they are at managing networking and security in the public cloud? Just over a third (36 percent) of IT professionals surveyed think their organiz...
-
Charter - 4,851,517 breached accounts
In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters grou...
-
Less panic patching, more precision
In this newsletter, Thor breaks down why you should stop relying solely on CVSS and start using EPSS and GCVE to focus your patching efforts on the threats that actually matter.
-
New York Department of Financial Services Issues Coordinated Guidance on Frontier AI Cybersecurity Risks
On May 21, 2026, the New York State Department of Financial Services (“DFS”) issued two coordinated Industry Letters: a letter on Heightened Cybersecurity Risks Associated with ...
-
Experts on Experts: Why Compliance is becoming Continuous
This week on Experts on Experts, I’m joined by Sergio Alonso – Rapid7’s Director of Trust, Risk, and Compliance – to talk about how compliance is changing and why many security ...
-
CVE-2026-52806: Authenticated RCE via Argument Injection in Gogs (FIXED as of June 7, 2026)
OverviewRapid7 Labs discovered a critical argument injection (CWE-88) vulnerability in Gogs, a popular open-source self-hosted Git service, tracked as CVE-2026-52806. Rapid7 Lab...
-
2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface
The 2026 World Cup presents major cyber risks from ransomware groups, state-aligned actors, and other groups targeting critical infrastructure. Learn more here. The post 2026 Wo...
-
DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap
This white paper presents a concrete case study demonstrating the creation of a heap overflow vulnerability through the exploitation of the DICOM file format.
-
Kemper - 269,299 breached accounts
In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers alle...
-
Your Profile Is a Dossier. Here's Who's Reading It.
Your social media profiles are an attacker's dossier. Learn how attackers use public data to build attack playbooks and what you can do to give them less to work with.
-
Out of the Crypt: The Evolving Cyber Extortion Economy
Unit 42 explores trends in data theft and extortion, outlining key strategies for organizations as frontier AI models advance. The post Out of the Crypt: The Evolving Cyber Exto...
-
Chambers 2026 Global Practice Guide for Artificial Intelligence
The Chambers 2026 Global Practice Guide for Artificial Intelligence provides the latest legal information on the rapidly evolving AI landscape, covering the commercial use of AI...
-
MediaArea heap-based buffer overflow vulnerabilities
Talos researchers find 4 heap-based buffer overflow vulnerabilities in MediaArea's MediaInfoLib.
