-
US Gov asks Anthropic to ban 'foreign national' access to Fable, Mythos
The US government has ordered Anthropic to block all foreign nationals from accessing Fable 5 and Mythos 5, forcing the company to suspend both models worldwide. Anthropic is co...
-
U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals
Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government o...
-
Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules
New Tracing OptionsAs hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on an op or writing a new one, what we can...
-
Tracing Digital Intent: New MacOS Tahoe 26 Artifact Discovered
Unit 42 has discovered a new macOS Tahoe 26 forensic artifact that tracks user menu selections across the operating system. Learn more here. The post Tracing Digital Intent: New...
-
Maine disables data breach notification portal after fake disclosures
Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to pr...
-
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built ...
-
400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built ...
-
Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing
Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text m...
-
phpBB forum fixes auth bypass bug lurking for a decade
A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. [...]
-
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which...
-
Ukrainian national pleads guilty to role in Conti ransomware operation
A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. [...]
-
Over 400 Arch Linux packages compromised to push rootkit, infostealer
More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. [...]
-
‘You Will Not Speak on Flock Tonight’: County Commissioner Refuses to Let Residents Opposing Flock Speak at Meeting
"I’ve spoken. I’m not debating this."
-
Your Next Insider Threat May Be an AI Coworker
Heimdal sysadmin Alex Panait spent weeks testing Claude Cowork inside the company. His verdict was blunt. It felt like onboarding a junior employee with no manager, no scoped ac...
-
Behind the Blog: World Cup Madness and Film Reviews
This week, we discuss Trump fucking up the World Cup, some thoughts on ICE coverage, and movies.
-
Stolen iPhones could soon be worth a lot less to thieves
Apple and the Met Police are working together to make stolen iPhones harder to reset, resell, and profit from.
-
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to so...
-
Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)
OverviewOn June 10, 2026, Oracle published a security alert for CVE-2026-35273, a critical vulnerability in the Updates Environment Management component of PeopleSoft Enterprise...
-
The OSI Model and Its Two Missing Layers
Cybersecurity failures now happen beyond the OSI stack. Faulty governance, the human factor, and AI tools create new attack surfaces. After seven years working across cybersecur...
-
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on develope...
-
Microsoft fixes Windows update failures linked to WUSA installer
Microsoft has fixed a known issue that caused Windows updates released since May 2025 to fail when installed via the Windows Update Standalone Installer (WUSA) from a network sh...
-
Rethinking MDR as Attackers and Defenders Embrace AI
For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and ...
-
Pharma giant Novo Nordisk discloses breach of clinical trials data
Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials. [...]
-
LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution
Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote co...
-
Fake verification pages are stealing Steam accounts from players
A convincing fake FACEIT verification page is stealing Steam accounts by using a fake login window that looks completely legitimate.
-
INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator
An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday. The effort, codenamed...
-
CISA orders feds to patch actively exploited Ivanti flaw by Sunday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by ...
-
Over 73,000 French govt employees affected in Tchap messenger breach
The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. [...]
-
Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs
Authorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, sa...
-
Japanese energy firm loses drive with data of 10.9 million clients
Kyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. [...]
-
Maine breach portal abused to publish fake data breach disclosures
In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine's official breach portal and publicly posted before their legitimacy could be v...
-
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaig...
-
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks
Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively ex...
-
Software Update Automatically Turns off Amazon Delivery Drivers’ AC During Dangerous Summer Heat
A new software update is turning off the AC in Amazon delivery vans after 10 minutes or 30 seconds under certain conditions.
-
A tale of two eras
In this week’s newsletter, Amy reminisces on the tech toys of their childhood, inspired by a hilarious lesson about why your digital privacy shouldn't be left on an open channel.
-
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand o...
-
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit fo...
-
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion...
-
Google can be liable for false AI Overviews, court rules
"AI can make mistakes" isn't a good enough legal defense for defamatory or incorrect AI Overviews, a German court has ruled.
-
Authorities dismantle 'AudiA6' ransomware crypto-laundering service
Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. [...]
-
Amazon Data Centers In Mississippi Have Already Raised Electricity Rates for Local Customers, Report Suggests
Three Amazon data centers aren't even open yet, but local residents are already paying at least $10.60 extra per month for them, according to a new study.
-
Flock Leaked Cops’ License Plate Searches via DuckDuckGo, Bing
Flock, the automatic license plate reader (ALPR) company, exposed some of the license plate cops were looking for and the reason for doing so.
-
Why AI-driven threats are exposing the limits of MSP security stacks
AI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automation, and recovery are...
-
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award cate...
-
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories
It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a publ...
-
Chatbots Keep Telling Stories About Lighthouse Keeper 'Elias Thorne'. We Might Know Why
LLMs including ChatGPT, Gemini and Claude are obsessed with telling stories about lighthouse keepers and clockmakers, and one character named 'Elias Thorne' has made his way fro...
-
Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime
IntroductionThe underground market for criminally oriented generative AI has moved beyond the early hype surrounding 'malicious chatbots.' The gradual integration of AI as a pro...
-
Black Box Versus Glass Box DDoS Protection
Distributed denial-of-service (DDoS) attacks continue to grow in scale, frequency, and sophistication, forcing organizations to rethink not just how they defend against attacks,...
-
Coupang hit with record $409 million data breach fine in Korea
The Personal Information Protection Commission (PIPC), South Korea's data protection regulator, has fined e-commerce giant Coupang a record 624.6 billion won (roughly $409 mil...
-
CISA tells govt agencies to patch critical exploited flaws in 3 days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Exe...
-
VRChat says reported data breach never happened
We explain what data was exposed, the potential risks, and the steps you should take now.
-
AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.
For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution...
-
Children’s phones must block nude images by September, UK says
Apple and Google have three months to block nude images on children's phones. They're not allowed to collect any data while they do it.
-
Trust No Skill: Integrity Verification for AI Agent Supply Chains
Protect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage attack chains. The post Trust No Skill: Integrity ...
-
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as S...
-
Microsoft fixes BitLocker recovery bug on Windows Server 2025
Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. [...]
-
From Infosecurity Europe to CONFidence and C1b3rWall: What Security Teams Are Prioritizing in 2026
Three cities, three cybersecurity conferences, and plenty of conversations with security professionals across Europe. Over the past few weeks, the ANY.RUN team joined Infosecur...
-
Nottingham University data breach affects over 450,000 students
The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. [...]
-
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The...
-
Max severity Ivanti Sentry vulnerability now exploited in attacks
Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gatew...
-
University of Nottingham - 454,635 breached accounts
In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subs...
-
Path traversal flaw in AI dev platform Langflow exploited in attacks
Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. [...]
-
The ‘Miasma’ worm source code briefly leaked on GitHub
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]
-
GitHub announces npm security changes to tackle supply-chain attacks
GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the...
-
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks
Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. [...]
-
Free Spotify Premium hacks on social media are spreading infostealers
Cybercriminals are turning TikTok and Instagram Reels into malware delivery platforms, using free software tutorials to spread infostealers.
-
Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans
Blake McDermott is Senior Threat Hunter at Rapid7.Every week, threat hunt teams are faced with a steady flow of blogs, advisories, and DFIR reports containing valuable intellige...
-
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet compris...
-
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disc...
-
Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE
A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, a...
-
China-linked JDY botnet expands targeting of U.S. military networks
The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reconnaissance efforts. [...]
-
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following repor...
-
The 5 Best Practices for Secure Identity Verification
Attackers are increasingly bypassing weak authentication through phishing, MFA fatigue, and service desk social engineering. Specops Software breaks down five best practices for...
-
Deceptive Installers: How Fake Apps Target macOS
Deceptive installers disguised as legit macOS software deliver infostealers that grab passwords, cookies, and crypto wallets. Learn how to detect them.
-
Microsoft patches Exchange Server zero-day exploited in attacks
Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks ta...
-
Scientists Just Accidentally Discovered a Strange, Hidden Rule of Human Nature
Researchers report a "serendipitous" discovery while watching videos of crowds: an inexplicable bias toward counterclockwise turning that may be rooted in biology.
-
Podcast: Google Employees Meme About How Bad Their AI Is
Memes at Google; Microsoft wants to make its new AI assistant addictive; and manipulating Reddit.
-
Cops Keep Getting Arrested for Using Flock to Stalk People
There have been more than a dozen cases around the country where police use Flock to obsessively and illegally stalk people.
-
Intelligence-Driven Threat Hunting: How SOCs Find What Alerts Miss
Talk to any threat hunter long enough, and beneath the polished case studies and conference talks, the same frustrations surface. Hunting is supposed to be proactive. In practic...
-
Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days
June 2026 is the largest Patch Tuesday in history, fixing 206 vulnerabilities and three publicly disclosed zero-days.
-
88% of people struggle to tell what’s real online
As AI-generated scams, deepfakes, and impersonation spread, a new Malwarebytes report finds people increasingly unsure what to trust online.
-
Microsoft: Some Windows PCs fail to install latest monthly updates
Microsoft warned customers on Tuesday that they may have issues installing the latest monthly updates on some Windows devices that were upgraded to Windows 11 24H2 or 25H2. [...]
-
Behind Khmer Shadow: Targeted espionage against Cambodian government entities
Acronis Threat Research Unit (TRU) has identified two espionage-focused campaigns targeting Cambodian government entities in the defense and public works sectors. TRU has assess...
-
Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar
Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues ...
-
CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry
OverviewOn June 9, 2026, Ivanti published a security advisory for two critical vulnerabilities affecting Ivanti Sentry (formerly known as MobileIron Sentry), which per the vendo...
-
Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitL...
-
Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs
Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the ti...
-
Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards
On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, ...
-
ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. "On June 5, 2026, ...
-
Ivanti: Max severity Sentry flaw allows code execution as root
Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code wit...
-
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero...
-
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfu...
-
Anthropic rolls out Claude Fable 5, but it's available for a limited time
Anthropic has begun rolling out a new model called "Fable," which is based on the same underlying model as Mythos, its most powerful AI model class. [...]
-
GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026
This year’s Pwn2Own competition in Berlin revealed just how much of the AI stack remains exposed -- and the gap between what these tools promise and what they can withstand poin...
-
Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges
A security researcher has released a new Microsoft Defender zero-day exploit named "RoguePlanet" just hours after Microsoft fixed two previously disclosed flaws during June 2026...
-
Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility
Unit 42 research examines attack scenarios targeting cloud logging services. Learn how to defend against log manipulation and defense evasion. The post Blinding the Watchmen: Ab...
-
ServiceNow discloses security incident exposing customer data
ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from cust...
-
Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities
Microsoft Patch Tuesday details for June 2026.
-
OpenClaw AI agent found falling for phishing attacks, spills user data
Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. [...]
-
Patch Tuesday - June 2026
Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of publ...
