AI coding agents are making it easier than ever to produce software. Ensuring that software is secure before deployment is another matter — one that AWS thinks AI should help with too. As enterprises adopt agentic development workflows, the volume of first-party code being created and modified is rising rapidly. Yet the process of validating…

Read more →

An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce and other platforms, and accessed data across multiple customer environments prompting the company to revoke customer OAuth tokens and disabled affected integrations. “An attacker gained access through a compromised legacy credential associated with an integration service,” Klue CEO…

Read more →

Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence (AI) conversions from other customers’ applications without requiring authentication. The vulnerabilities have been collectively codenamed DifyTap by Zafran Security.

Read more →

Attackers are using multiple online channels — including GitHub, YouTube, and VirusTotal — to build an illusion of trust to spread a cross-platform clipboard hijacker.

Read more →

For the latest discoveries in cyber research for the week of 22nd June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Texas Parks and Wildlife Department has been affected by a third-party data breach involving its license system vendor. The incident exposed driver’s license information, passport numbers, emails, phone numbers, and residential addresses for…

Read more →

Not-yet-profitable AI companies are constructing a vast and expensive global network of server farms to support cloud-based generative AI (genAI) services. Deeply financed by venture capitalists who will one day want to see return on their investments, these centers are consuming enough memory to drive consumer technology prices higher and higher. Yet, for all the investment…

Read more →

ESET details GentleKiller, the EDR-killer framework the Gentlemen ransomware gang gives affiliates

Read more →

A heap over-read in the Squid web proxy can leak another user’s cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squid’s default configuration. Researchers at Calif.io disclosed it in…

Read more →

Per TechCrunch, Signal President Meredith Whittaker has voiced significant concerns regarding the privacy implications of widely used AI chatbots, emphasizing that these tools should not be perceived as sentient or trustworthy entities.

Read more →

Attackers no longer need to sift through massive credential dumps. They can pay others to do it for them. Flare explores how an emerging underground market searches stolen credential databases for specific companies, domains, and accounts. […]

Read more →

Apple BootROM exploit exposes unpatchable USB flaw on A12 and A13 devices

Read more →

This video is sponsored content. Linsey Miller, President, Global Distributed IT, Global Data Center Segment at Eaton, discusses how IT resellers and channel partners can tap into growing demand for power and other AI-related technologies to expand their offerings in 2026. The post Eaton’s Linsey Miller Shares How Partners Can Grow with Power appeared first…

Read more →

The vulnerability resides in an exposed REST API endpoint within the Gravity SMTP plugin.

Read more →

Senate testimony claims Anthropic’s Mythos AI breached NSA and Cyber Command systems in hours, prompting a U.S.-ordered shutdown. On June 12, the Trump administration directed Anthropic to restrict access to Fable 5 and Mythos 5, its two most capable models, exclusively to US citizens. Because verifying every user’s nationality in real time isn’t practically possible,…

Read more →

The Federal Data Center Enhancement Act of 2023, which currently governs federal facilities nationwide, mandates protections for uptime, power reliability, physical security, cybersecurity, and resilience against natural disasters.

Read more →

Public Wi-Fi is easy to trust because it feels so ordinary. You walk into a café, open your laptop, choose a network, and get online within seconds. At a hotel, the password is printed on a card at the front desk. At an airport, the login page appears automatically. Nothing about the process feels unusual.…

Read more →

Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute the malware. Evidence indicates that the threat actor is likely Russian-speaking and financially motivated, owing to…

Read more →

A multi-platform malware campaign abuses fake trust signals to infect Windows and Mac users with a crypto clipper packed with 15,500 attacker wallets.

Read more →

Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start. On that date, certified Android phones in Brazil, Indonesia, Singapore, and Thailand will block normal installs of apps whose developers have not registered an identity with…

Read more →

The Meta Quest 3S is the brand’s mid-range VR headset, and the one I’d recommend to most people. Right now it’s on sale for Prime Day.

Read more →

A breach involving competitive intelligence platform Klue is shaping up to be another reminder that sometimes the easiest way into an organization is through a trusted third party. Huntress and others confirm CRM data exposure This week, cybersecurity vendor Huntress confirmed it was among several companies affected after attackers compromised Klue and used stolen OAuth…

Read more →

Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for – how attackers are circumventing AI security programs by using legacy infrastructure to hijack AI agents. AI adoption is moving faster than security programs can account for. Roughly 71% of…

Read more →

Jenne, Inc., a U.S.-based value-added technology solutions distributor and cloud master agent, has announced a partnership with Vida Global Inc., an AI agent operating system that enables businesses to build, deploy, and sell AI agents at scale.  Through the partnership, Jenne’s network of resellers, integrators, and service providers gains access to the Vida platform, enabling…

Read more →

North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers

Read more →

Icarus extortion group used a legacy Klue Battlecards credential to bypass security and steal bulk Salesforce records from affected companies.

Read more →

The company plans to refile its application for its gene therapy for a fatal brain disease after the FDA dropped demands to give a placebo to some study subjects.

Read more →

It was the best of trends, it was the worst of trends. It was the epoch of artificial intelligence,  it was the epoch of artificial inflation.  I’m truly excited to be alive at a time when AI, formerly the stuff of science fiction, is now an everyday reality and promising so many benefits to humankind. …

Read more →

The NCSC has released guidance for Fortinet customers impacted by the FortiBleed threat campaign

Read more →

AryStinger hijacks outdated routers via old flaws, turning 4,300+ devices into a stealth network for reconnaissance and intrusion support. On March 12, 2026, QiAnXin’s XLab threat detection system flagged a single IP address, 107.150.106.14, spreading a Linux binary through two vulnerabilities that were disclosed in 2013 and 2016 respectively. The binary had zero detections on…

Read more →

Travelling overseas this winter? The free Wi-Fi in your hotel lobby could cost you a lot more than the data you think you’re saving. Here’s the security case for a travel eSIM,…

Read more →

Plugin registries for AI agents use npm-style scopes like @openclaw/ and @clawhub/ to signal who published a package. But on ClawHub, a registry whose plugins run with Claude, OpenClaw, and other agents, those official scopes weren’t reserved to their owners for every package already published. In this Help Net Security video, Ax Sharma, Head of…

Read more →

usbliter8 is an unpatchable BootROM exploit affecting A12/A13 devices, enabling code execution and extending checkm8-like risks to newer iPhones. Security researchers at Paradigm Shift published a working exploit on June 18, 2026, called usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips. SecureROM is the first code that runs…

Read more →

Last week on Malwarebytes Labs: Nearly 15,000 infected websites cleaned in SocGholish crackdown Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap Microsoft working on a fix for RoguePlanet, a flaw that grants full PC control Retro gaming fans are the new target for fake GitHub malware Kodak confirms breach as…

Read more →

A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up in. QiAnXin’s XLab calls it AryStinger and counts at least 4,300 infected routers, a total it says is still rising. The distinction matters. AryStinger exists for the stage of an attack that…

Read more →

Twenty days after Dr Anna Harrison rebuilt her website for AI engines, a cold email arrived using phrases that existed nowhere except the technical pages she’d written for…

Read more →

A new report from INTERPOL has revealed a “dramatic increase” in cybercrime in Asia and the South Pacific, fueled by rapid digitalization, internet penetration, new technologies, organized criminal networks, and a disparity in cybersecurity maturity. According to INTERPOL’s 2025/2026 Asia and South Pacific Cyberthreat Assessment Report, phishing has emerged as the most widespread and

Read more →

In this interview with Help Net Security, Jaya Baloo, COO & CISO at Aisle, examines the debate over restricting access to cyber-capable AI models. She lays out the strongest argument for gating these tools, then explains where it breaks down for security teams who depend on the same capabilities for defense. Baloo argues that policymakers…

Read more →

The award-winning prototype shows how secure, governed AI can help teams move from customer requirements to a working proof of concept faster, with traceability and oversight…

Read more →

Encrypted DNS runs across much of the Internet. DNS over TLS, HTTPS, and QUIC keep the contents of a query away from anyone watching a network link. The encryption covers the message inside each packet. The packet still carries plaintext headers, and those values mark a flow as DNS. A new study measures this gap…

Read more →

Number Link lets a smart watch borrow your phone’s number over 4G at no extra cost on 28-day plans from $40. The big telcos still bill $5 to $10 a month for the same thing.

Read more →

Mobile app developers are packing AI features into everything from writing assistants to productivity tools and lifestyle apps. New research shows that securing access to those services remains a challenge. LLM API credential leakage via network traffic interception (Source: Research paper) Researchers from Wake Forest University analyzed 444 iOS applications with LLM features and found…

Read more →

St. Louis has long been a city where hard work, innovation, and financial ambition help individuals and families pursue long-term stability. As more aspects of daily life move…

Read more →

CyberCX, part of Accenture, has extended their multi-year partnership with Rugby Australia that will see Australia’s leading cyber security organisation continue as the…

Read more →

Artificial intelligence is already reshaping how organisations across Australia operate, from transport networks and retail environments through to healthcare and critical…

Read more →

The next major shift in enterprise technology is no longer centred on mobile apps or cloud platforms, but on autonomous software systems that can act, decide and transact…

Read more →

Out in the open road, signals often fade where trucks keep moving. When cell towers disappear behind hills or miles of empty land, staying linked gets tough. Yet delivery…

Read more →

Right now, factories move fast – too fast for slow updates. Changes pop up by the hour: what’s running on schedule, how much stock remains, whether machines are holding up, and…

Read more →

Linux distributions that ship systemd as their init system now have a new version to track. The systemd 261 update adds a cloud metadata subsystem, carries process state through kexec reboots, and continues a long-running effort to load external libraries on demand. Cloud metadata gets a local interface systemd 261 adds an IMDS subsystem for…

Read more →

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Inside GentleKiller: The EDR-Killer Powering The Gentlemen FortiBleed Exposes Global Credential-Spraying Operation CISA Warns of Active…

Read more →

As companies move quickly to adapt artificial intelligence, there are some areas where it may do more harm than good.

Read more →

Plus, the hacker sent to calm the U.S. government’s nerves about AI, the surprising benefits of 3-D-printed batteries, Elon’s $86 billion war chest and more.

Read more →

A previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into proxies for malicious traffic. […]

Read more →

With prices of new tech on the rise, the refurbished market never looked so good.

Read more →