A new ransomware operation named ‘Prinz Eugen’ prioritizes recently modified files for encryption and leaves no ransom note on the system. […]

Read more →

Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. […]

Read more →

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that’s installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens

Read more →

Anthropic’s hopes for a blockbuster IPO could depend as much on the ballot box as on investors.

Read more →

With plans to boost prices, Apple is counting on an affluent user base able to shell out $1,000 or more for a device.

Read more →

FortiBleed exposed a massive campaign that made billions of login attempts against Fortinet VPNs, compromising organizations worldwide. FortiBleed wasn’t a targeted hack. It was a factory. A multi-operator crew ran an industrial-scale attack against Fortinet FortiGate SSL VPN devices worldwide, and security researcher Volodymyr “Bob” Diachenko of SecurityDiscovery.com caught them only because they left their…

Read more →

FortiBleed exposed credentials for 74,000 Fortinet devices, with attackers actively exploiting the leak to target systems worldwide. On June 18, CISA issued an emergency alert after reports surfaced that credentials for approximately 74,000 Fortinet firewalls and VPN gateways had been leaked in what researchers are calling FortiBleed. The agency confirmed that threat actors were actively…

Read more →

Electric vehicles get sold on a simple promise: cheaper to run, cleaner to drive. Plug in overnight, skip the petrol station, and watch the savings stack up. That pitch holds…

Read more →

Consumer tech is being squeezed as chip production falls short and national-security fears limit buying from China.

Read more →

Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. […]

Read more →

Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips. That code is burned into the silicon at manufacture. No software update can reach it. Affected devices will carry this flaw for as long as they stay in use. This is not…

Read more →

The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affiliates for impairing system defenses before deploying the encryptor. This mature portfolio of EDR-terminating tools is centered around a framework that’s known as GentleKiller. “They also incorporate third-party or

Read more →

Meteor 3.0 helped Rocket.Chat move from Node.js 14 to Node.js 20, cutting runtime debt after Fibers removal and reducing supply-chain risk across federal users.

Read more →

With the market capitalization of AI companies soaring, US Senator Bernie Sanders is looking to give the American people a piece of the action. The veteran senator for Vermont has introduced the American AI Sovereign Wealth Fund Bill, aiming to give the public a 50 percent ownership in the largest AI companies in the US.…

Read more →

An IT executive changing jobs usually attracts little attention outside a narrow group of people, but Noam Shazeer’s move from Google to OpenAI is as momentous as any high-value soccer transfer. He announced the news in a post on X: “I’m excited to share that I’ll be joining OpenAI and look forward to working with…

Read more →

The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its license system vendor that exposed personal information for more than three million individuals. […]

Read more →

We’re always happy to end the week with some positive news. A law enforcement action called Operation Endgame just delivered a major win against the long‑running SocGholish (aka FakeUpdates) operation. SocGholish is a malware framework that has been active since at least 2017 and is best known for abusing hacked, legitimate WordPress sites to push…

Read more →

Apple has long marketed itself as the privacy-first tech giant. So why is it making a change to Hide My Email that will make it easier for websites to block anonymous sign-ups – and harder for you to stay private online? Read more in my article on the Hot for Security blog.

Read more →

Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker’s web page, and that page’s JavaScript can reach a privileged local service on the same machine and spawn a process on the host. No credentials, no…

Read more →

In this post, I will talk about the best AI Alert Triage tools for modern SOC teams. This guide covers the leading AI alert triage tools available to modern SOC teams, what each one actually does, and how to evaluate the category against your operational needs. What AI Alert Triage Actually Means The SANS 2025…

Read more →

Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites. “With these actions we deprive cybercriminals of access to infected computer systems,” Maikel Rollman of the Netherlands National High Tech Crime Unit said. “This prevents

Read more →

Google, Microsoft, OpenAI, and others want to help enterprises demonstrate that their AI applications are behaving themselves through the creation of a new foundation. The Appia Foundation will, it explained rather impenetrably, “establish modular specifications that provide a connecting layer to bridge foundational global standards with practical, trusted assessments across the global AI value chain.”…

Read more →

Microsoft Office users may find that some of their applications are failing to open when called on by third-party applications. It’s an issue that has emerged after the latest round of Microsoft updates. The problem affects Word, Excel, and other Office applications opened from third-party offerings including CCH Engagement, Workpaper Manager, Zotero, or dental office…

Read more →

Microsoft Office users may find that some of their applications are failing to open when called on by third-party applications. It’s an issue that has emerged after the latest round of Microsoft updates. The problem affects Word, Excel, and other Office applications opened from third-party offerings including CCH Engagement, Workpaper Manager, Zotero, or dental office…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices. The sweeping campaign, believed to be the work of Russian-speaking threat actors, has been codenamed FortiBleed. The number of compromised devices stands at

Read more →

OpenAI has introduced spend controls and enhanced usage analytics for ChatGPT Enterprise to enable organizations to monitor AI adoption, track consumption across teams, and set budgets for AI usage. But, analysts cautioned, it still can’t show how those costs lead to business benefits. The new features provide administrators with centralized dashboards showing how ChatGPT is…

Read more →

Someone is pretending to be your bank, your government, or your local planning office. And according to the FTC, they’re making billions doing it. Read more in my article on the Fortra blog.

Read more →

Nintendo America employee records were exposed via TinyPulse after Shadowbyt3 claimed theft of HR files, tax forms, bank data, and staff survey responses.

Read more →

Operation EndGame disrupted SocGholish, taking down 106 servers and cleaning 14,971 WordPress sites used to spread fake-update malware. On June 18, 2026, law enforcement agencies from the Netherlands, Canada, the United States, and Germany, coordinated through Europol, executed a joint action week against SocGholish, one of the most persistent and widely deployed malware distribution networks…

Read more →

New York, USA, 19th June 2026, CyberNewswire

Read more →

AI agents can access data, trigger workflows, deploy code, and interact with critical business systems, often with little oversight. Token Security breaks down why AI agents are becoming a new identity and governance challenge. […]

Read more →

As threats proliferate and AI complicates cybersecurity, CISOs say the job is getting harder, but more companies still want cybersecurity expertise, if even on a part-time basis.

Read more →

Cybersecurity vendor Huntress was among multiple companies hit by a breach originating at Klue, a market intelligence platform used to integrate CRM and sales data across various business tools. Huntress published a detailed account of the incident on June 18, framing it as a “security domino effect” that began with one compromised integration credential and…

Read more →

A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malicious trading and gambling tools appear trustworthy, Check Point researchers found. According to the researchers, the attackers packaged the malware as tools designed to help users make money. The offerings included cryptocurrency sniper bots and gambling “predictors”…

Read more →

Apple has patched a Bluetooth flaw in Beats Studio Buds that could potentially turn your earbuds into a nearby wiretap. When you buy a pair of Bluetooth earbuds, you expect them to play your music and your calls—not someone else’s. But a vulnerability in Apple’s Beats Studio Buds shows how that trust can be abused,…

Read more →

Penetration Testing is used to identify and report back on security vulnerabilities to allow the client time to remedy the vulnerabilities. The post Penetration Testing Services in South Africa appeared first on Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa..

Read more →

One of the most commonly used Microsoft programs, Excel is highly useful for data collecting, processing, and analysis. To fully harness Excel’s powers, though, you need to make use of formulas. Excel formulas allow you to perform calculations, analyze data, and return results quickly and accurately. The usefulness of formulas is even greater once you…

Read more →

Working with frontier AI models, this new platform aims to help discovering, prioritizing, validating and remediating code vulnerabilities

Read more →

Google has introduced hand gesture verification for reCAPTCHA, a new method for verifying that a user is human. Google’s reCAPTCHA is part of Google Cloud Fraud Defense, a fraud and abuse prevention platform for bot, account, and transaction protection. It uses risk analysis and challenge-based verification to help organizations identify automated activity and suspicious behavior.…

Read more →

In this post, I will highlight the top AI SOC platforms to watch in 2026. In the age of ever-rising alert volumes, tighter budgets, and sophisticated adversaries, the question is no longer “Should we use AI in the SOC?” It’s “How do we use AI so it augments human analysts rather than replaces them?”. Here…

Read more →

SocGholish malware has been removed from 15,000 sites associated with Evil Corp hackers

Read more →

As AI shifts from output-generating large language models (LLMs) to armies of agents taking actions on their own, there is a growing threat that failures could affect system reliability. Temporal, a Bellevue, WA firm founded in 2019, hopes to solve that problem by stabilizing AI and long-running computing processes through “durable execution,” a technology that…

Read more →

People who run accounts on the open source social network Mastodon can now group profiles together and share those groups across the web. The 4.6 release centers on a feature called Collections, along with reworked profiles, email newsletters, server administration controls, and a set of accessibility changes. Server controls The release gives server administrators a…

Read more →

Google’s latest and greatest Android version is officially now out in the world and available — but if you’re using any phone other than a Pixel, that doesn’t mean much for you just yet. The reason why is simple: Despite Google officially launching Android 17 and starting to send it out to Android phone-owners this…

Read more →

ANY.RUN has been recognized as the Best Security Investigation Platform 2026 at the Cybersecurity Stars Awards by The Hacker News.  This award reflects our dedication to building solutions that make a real impact on daily security operations.  At ANY.RUN, we help SOC and MSSP teams worldwide streamline threat investigation workflows through confident decision-making, full malware and phishing visibility, and actionable insights thataccelerate incident investigations and response.  We thank our global community of security professionals for continuously trusting our solutions and supporting our growth!  Reinforcing Our Position as a Market…

Read more →

Android’s developer verification protections will take effect on September 30, 2026, starting with users in Brazil, Indonesia, Singapore, and Thailand. Developers distributing apps through participating stores in those markets must complete the verification process by the deadline. Google Play, HONOR App Market, OPPO App Market, Galaxy Store, Palm Store, V-Appstore, and GetApps will begin verifying…

Read more →

Accenture is expanding its position with the acquisition of a majority stake in Dragos and all of runZero and NetRise to deliver end-to-end operational technology (OT) security for the critical infrastructure and industrial operations underpinning power grids, pipelines, manufacturing, distribution facilities and data centers. The Dragos Platform will expand to cover the extended environment that…

Read more →

Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To that end, organizations will be unable to connect to Salesforce via the app until further notice, the American cloud-based software company noted in an alert…

Read more →

You are a security leader at a small or medium-sized business (SMB), and your organization has decided to adopt Claude. If you are like me, after the initial “surprise” wears off, you probably want to quickly get your arms around what adopting Claude means for the business, and for security specifically. Below are some lessons…

Read more →

BlackFog has announced the general availability of ADX Vision for macOS, extending its shadow AI detection, governance, and prevention platform to Apple endpoints. With this release, enterprises can now apply a single, consistent AI data-loss policy across Windows and macOS devices to stop sensitive data from leaving the organization through unsanctioned LLMs. The release addresses…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Fortinet customers to secure their devices after nearly 74,000 firewall and VPN credentials were exposed in a data leak dubbed “FortiBleed.” […]

Read more →

Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting the Airoha Bluetooth audio SDK that makes it possible to pair a Bluetooth audio…

Read more →

Branded SMS sender IDs are the names that appear at the top of texts to identify businesses like AusPost, Med-Appt or myGov. Under new anti-scam laws, messages sent by…

Read more →

National law firm Holding Redlich has partnered with Legora, the agentic AI platform for legal professionals, to deploy the platform across the firm’s Property and Corporate &…

Read more →

Decentralized storage networks already hand pieces of people’s data to strangers’ machines. The lasting question across these networks is whether the machine holding the data can read it. A research paper by Gregory Magarshak, a professor at IENYC, describes a system called Safecloud built on one design rule: the nodes that store data see only…

Read more →

24 Billion Records Left Open Online: Passwords, Emails, and Everything Else Exposed database with 24 Billion records revealed stolen credentials from infostealers, Telegram channels, and breach collections, risking account takeovers. Cybernews researchers found an exposed Elasticsearch cluster on June 12th containing 24 billion records and more than 8.3 terabytes of data. They triple-checked the numbers.…

Read more →

Many large enterprises discard most of the log data their systems generate, and they do it on purpose to keep costs down. A Dynatrace survey of 450 senior IT leaders at large enterprises found that half of organizations drop or never collect an average of 86 percent of their logs, even after filtering and aggregation.…

Read more →

Cybercrime is taking a larger share of criminal activity in Asia and the Pacific. More than half of surveyed jurisdictions reported that cybercrime accounts for over 30% of all crimes recorded nationally, according to INTERPOL’s 2025/2026 Asia and South Pacific Cyberthreat Assessment Report. Distribution of malware types detected within the Asia and South Pacific region…

Read more →

Vodafone Australia says all services are back online after a network-hub failure disrupted mobile calls and data for customers across the country on Thursday morning.

Read more →

Whether it’s optimising the home office for peak productivity or preparing for the most anticipated gaming release of the decade, GTA VI, Kogan.com EOFY deals on computer…

Read more →