Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. “Our priority is to protect customers and the broader ecosystem,” a Microsoft spokesperson told The Hacker News via email.…
AI, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Risk Management
CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector
The Cybersecurity and Infrastructure Agency wants to fundamentally reevaluate how it prioritizes risks and vulnerabilities, both for privately-owned critical infrastructure and within the federal government, acting director Nick Andersen said Tuesday. The plans include a binding operational directive for federal agencies set to be published Wednesday and getting more specific with critical infrastructure owners and…
Exploits, Global Security News
XBOW tests Anthropic’s Mythos Preview for offensive security
Anthropic’s Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit discovery, reverse engineering, and live-site validation. […]
AI, Europe, Global Security News, privacy
Apple’s AI plans show promise, but proof of success still to come — analysts
WWDC26 felt like a defining platform moment. Apple is no longer simply promising that AI will arrive eventually; it is arguing that Apple Intelligence and Siri AI should become central to the future of its ecosystem. If that works, the company will have turned AI from a perceived weakness into a new reason to stay inside Apple’s…
Global Security News
AI-Generated Code Security Risks: Why “Vibe Coding” Can Break Your App – WC #1
AI, Global Security News
Apple’s Siri Meets the Memory Crunch
Plus, an AI investing phenom draws gobs of money, and rockets for AI computing could take off.
AI, Data Breaches, Global Security News, malware
Miasma Worm Compromises 73 Microsoft GitHub Repositories
The Miasma worm compromised 73 Microsoft GitHub repos, spreading via AI coding tools and stealing cloud credentials from developers and CI/CD systems. A self-replicating worm called Miasma has compromised 73 Microsoft GitHub repositories and forced GitHub staff to disable them. The affected repos include core Azure infrastructure like azure-functions-host and the entire Durable Task family…
Global Security News
GitHub disables Microsoft repos pushing password-stealing malware
Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. […]
AI, Global Security News, Government & Policy
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.
Compliance, Global Security News
75% of Firms Deploy Vulnerable Code Amid Pressure on CISOs, Report Finds
Checkmarx report warns that business pressure is among the reason security leaders let security compliance slip
Cybersecurity, Global Security News
Best Guide to Choosing a Dedicated Server Without Overspending
In this post, I will give you the best guide to choosing a dedicated server without overspending. What is a Dedicated Server? A dedicated server is a powerful type of hosting where an entire physical server is assigned to a single user or business. Unlike shared hosting, where multiple users share the same resources, a…
AI, Cybersecurity, Global Security News
Security in the Post-Mythos Era
Discover how AI-driven vulnerability discovery is reshaping the cybersecurity landscape. Learn why foundational hardening and proactive threat detection are now essential for defending against zero-day threats in the post-AI era.
AI, Global Security News
AI Coding Adoption Hits 97% but Governance Lags Behind
Most dev teams use AI coding assistants but only 30% have full governance in place
AI, Global Security News
Time to integrate AI into the core of the business
The most successful companies will turn AI into a persistent, intelligent layer that protects the enterprise.
Global Security News
Live Q&A: California Votes—Ask Us Your Questions
Join a live written chat with WSJ reporter Laura Nelson from 3 p.m. – 4 p.m. ET. today. Subscribers can submit their questions in the comments space below.
AI, Exploits, Global Security News
New Veeam vulnerability exposes backup servers to RCE attacks
Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. […]
AI, Data Breaches, Global Security News, Government & Policy
French government messaging platform breached through account hijacking
French authorities are investigating a compromise of Tchap, the government’s secure messaging platform, after hackers hijacked a user account and gained access to public chat rooms. Tchap is the French government’s messaging platform for civil servants, ministries, and public agencies. Built on the open-source Matrix protocol, it was developed to keep government communications on infrastructure…
AI, Cybersecurity, Exploits, Global Security News, Network Security
Cisco customers encounter another SD-WAN zero-day under attack
Cisco customers are confronting yet another actively exploited zero-day vulnerability affecting the vendor’s SD-WAN management software, reinforcing pressure on organizations that have experienced rare breaks from active threats this year. The vulnerability — CVE-2026-20245 — marks the seventh actively exploited zero-day in Cisco SD-WANs this year. Cisco said it first became aware of active exploitation…
Global Security News
Critical phpBB Flaw Lets Attackers Hijack Any Account with One Request
Critical phpBB authentication bypass lets attackers hijack any account with one request
AI, Global Security News
Elastic brings AI-driven incident investigation to Kubernetes and observability tools
Elastic has introduced an agentic Kubernetes investigation workflow and MCP-based observability skills that diagnose incidents the moment an alert fires. By the time an SRE opens the alert, the root cause has already been identified, evidence has been assembled, and recommended next steps have been surfaced. For teams running Kubernetes at scale, the gap between…
AI, Global Security News
Filigran launches XTM One to automate CTEM with AI agents
Filigran has announced XTM One, an AI-native agentic layer that automates Continuous Threat Exposure Management (CTEM) workflows across the Filigran XTM Platform. XTM One introduces a dedicated AI orchestration layer that connects OpenCTI and OpenAEV into a single, continuous workflow. Security teams move manually between tools, ingesting threat intelligence in one system, building attack scenarios…
GeekGuyBlog, Uncategorized
Top 5 Tech Picks for June 2026
Welcome to my monthly tech roundup! June 2026 has brought some incredible innovations, from screenless AI wearables to laptops pushing the boundaries of mobile gaming. If you’re looking to upgrade your gear this summer, you’ve come to the right place. 1. Fitbit Air Google has officially disrupted the wearable market with the new Fitbit Air.…
AI, Cybersecurity, Global Security News
Rockwell Automation adds AI-powered security tools to SecureOT Suite
Rockwell Automation has announced the launch of three enhanced offerings within the SecureOT solution suite: OT Cybersecurity Assessment Suite, SecureOT Platform Managed Services and Managed Secure Remote Access (MSRA). Facing an increasing volume of alerts and limited visibility into operational technology (OT) assets, cybersecurity teams are under pressure to detect and respond quickly. SecureOT’s industrial…
AI, Global Security News
FlexPoint Intros AI Agents to Automate MSP Invoicing
FlexPoint has launched a new suite of AI-powered accounts receivable (AR) agents designed specifically for managed service providers (MSPs) to automate collections, payment follow-up, and other financial workflows that traditionally require hours of manual work each month. The company says its new AR Agents automate the entire invoice-to-cash lifecycle, bringing autonomous AI capabilities to an…
AI, Exploits, Global Security News, Russia
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and SHADOW-EARTH-066 (aka UAC-0226). It involves the exploitation of CVE-2025-8088, a path traversal flaw…
AI, Apps, Funding, Global Security News
OpenAI Filing Signals Next Phase of AI Growth
OpenAI has confidentially filed draft registration paperwork with the U.S. Securities and Exchange Commission, taking a major step toward a potential initial public offering and setting up what could become one of the largest technology market debuts in history. The ChatGPT maker confirmed the filing on June 8 but did not provide a timeline for…
Global Security News
Suspected North Korean actors use fake ‘coding assignments’ to steal crypto
Targets are encouraged to clone Git repositories to their VS Code or Cursor code editors.
Global Security News, Network Security
Cisco SASE with Meraki: Get in the Fast Lane to SASE
Simplify your security with Cisco SASE with Meraki. Easily integrate SD-WAN with SSE for fast, automated protection across your hybrid network.
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
Check Point warns of ransomware-linked attacks exploiting outdated VPN protocol
Check Point has issued emergency hotfixes for a pair of vulnerabilities affecting VPN deployments that still use the deprecated Internet Key Exchange version 1 (IKEv1) protocol, warning that one of the flaws is already being exploited in the wild. The more serious issue allows attackers to establish VPN sessions without a valid password, potentially giving…
AI, Global Security News, Network Security
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself, all without human intervention and without touching a commercial AI service. The preprint, posted…
Exploits, Global Security News
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild – Patch Now
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome’s JavaScript and WebAssembly engine. “Out-of-bounds read and write in V8 in Google Chrome prior to…
AI, Cybersecurity, Exploits, Global Security News
LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)
A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog on Monday. About CVE-2026-42271 LiteLLM is an open-source library that provides a unified interface for calling many different large language…
AI, Global Security News, Network Security
The Hidden Security Risk in Modern Networks: The Work Between Tools
Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort. But the same challenges persist. Outages still last hours, causing significant financial losses, operational disruption, and reputational impact. Threat response and mean time to
AI, Data Breaches, Global Security News
Maine Govt Portal Lists 10M Discord Data Breach Notice, But Filing Shows Red Flags
Maine Attorney General portal lists a Discord breach notice claiming 10 million affected, but odd filing details leave it unverified and questionable.
AI, Exploits, Global Security News
Google patches Chrome zero-day exploited in the wild (CVE-2026-11645)
Google has fixed 74 vulnerabilities in Chrome, including a high-severity zero-day (CVE-2026-11645) that has been exploited in the wild. “Google is aware that an exploit for CVE-2026-11645 exists in the wild,” the company said in a Monday security advisory. The fix has been shipped in Chrome 149.0.7827.102/.103 for Windows and macOS and Chrome 149.0.7827.102 for…
Data Breaches, Global Security News
Apple Intelligence can now replace weak passwords without user intervention
Apple’s next generation of Apple Intelligence, the company’s personal intelligence system, expands its capabilities and introduces new security features in Passwords. Automatically Fix Passwords (Source: Apple) Introduced as a standalone app in 2024, Passwords gives users a central place to store and access passwords, passkeys, Wi-Fi credentials, and verification codes. It alerts users when a…
AI, Apps, Cybersecurity, Exploits, Global Security News, malware
Security shifts to the human layer as AI scams surge
Cybercriminals are increasingly reshaping familiar social-engineering campaigns around the way employees use AI, with separate advisories from Microsoft and Google documenting how attackers are adapting scams to AI-powered tools, trusted digital services, and changing workplace behavior. Microsoft Threat Intelligence, in its advisory, said threat actors are “leveraging the wider global interest around AI itself as…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy
Filigran Debuts XTM One to Automate Threat Exposure Management
Cybersecurity company Filigran has unveiled XTM One, an AI-native agentic layer that automates Continuous Threat Exposure Management (CTEM) workflows across the Filigran XTM Platform. XTM One automates CTEM handoffs According to Filigran, XTM One was built to address the bottleneck of security teams having to manually move between their tools, particularly when ingesting threat intelligence…
AI, Data Breaches, Global Security News, Government & Policy
French govt messaging service breached in account hijacking attack
DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government’s encrypted messaging platform. […]
AI, Apps, Exploits, Global Security News
Google fixes the fifth actively exploited Chrome zero-day of 2026
Google fixed a new Chrome zero-day, tracked as CVE-2026-11645, in the V8 JavaScript engine, which is already being exploited in the wild. Google released emergency updates to address a new Chrome zero-day vulnerability, tracked as CVE-2026-11645, that has been exploited in the wild. This flaw is the fifth Chrome zero-day that is being exploited in…
AI, Global Security News
Handala Claims Israeli Radar Hack, But Evidence Shows Phone Admin Panel
An Iranian-linked hacker group called Handala claimed to have hit Israeli military targets with massive cyberattacks on Sunday,…
Global Security News
Google Releases Patch for Chrome Vulnerability Exploited in the Wild
The flaw, CVE-2026-11645, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page
AI, Compliance, Cybersecurity, Data Security, Endpoint, Global Security News, malware, Network Security, Risk Management
Protecting 50,000 Users: How ANY.RUN Drives Incident Prevention at UMass Boston
Securing a university means defending a highly open environment, where thousands of users, devices, and external connections create constant exposure to risk. We had a unique opportunity to get an inside look at how these operations are run at a powerhouse R1 institution, the University of Massachusetts Boston. We sat down with Daniel Mayer, Endpoint…
AI, Apps, Cybersecurity, Global Security News, Network Security, Risk Management
NetRise Builds New Partner Program for MSSPs, VARs, More
Security company NetRise is abandoning the go-it-alone strategy in its war against hidden software vulnerabilities. The Austin, Texas-based software supply chain security specialist announced the rollout of its new Discovery Partner Program today. NetRise bets on the channel to scale software risk management The initiative is a deliberate shift toward a partner-first business model, aiming…
AI, Global Security News
Apple expands what parents can block, approve, and limit
Apple has previewed a set of new child safety features coming to iPhone, iPad, and the Mac later this year, expanding parental controls with tools that help families manage app access, web browsing, communication, and screen time. The features will arrive with updates to iOS 27, iPadOS 27, and macOS 27 this fall. Apple said…
Global Security News
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the drive for contention…
AI, Compliance, Global Security News
CIOs get temporary relief as US court blocks $100,000 H-1B fee
A US federal judge has ruled that the Trump administration’s $100,000 fee on new H-1B visa petitions was unlawful, giving technology companies temporary relief from a policy that threatened to raise the cost of hiring foreign skilled workers. The decision removes, at least for now, a major cost burden for employers that use the H-1B program to…
AI, Global Security News
The New Siri AI’s Greatest Power: It’s Just There
Apple’s assistant got a face-lift and a brain transplant. But if it’s a success, credit will be due to its familiarity and accessibility.
Exploits, Global Security News
Check Point Warns Critical Auth Bypass Bug Exploited in the Wild
Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin
AI, Cybersecurity, Exploits, Global Security News
Mythos Preview can weaponize N-day vulnerabilities in hours
Mythos Preview can develop working exploits from newly disclosed software vulnerabilities in hours, cutting down a process that has historically taken days or weeks, according to Anthropic. Anthropic’s recent cybersecurity research has largely focused on zero-days, vulnerabilities unknown to software vendors. The new study examines N-days, vulnerabilities that have already been disclosed and patched but…
AI, Global Security News
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems. “The compromised releases shipped a *-setup.pth file that attempts to…
Global Security News
Scanner Results Are a Starting Point. Here’s What Comes Next. – Federico Kirschbaum – ASW #386
AI, APAC, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security
AI worm prototype shows attackers don’t need Mythos to take over your network
Researchers from the University of Toronto developed a computer worm prototype powered by an AI agent that successfully self-replicated to different systems within a simulated computer network. The worm used a free large language model (LLM) running on local hardware and exploited a combination of older and new vulnerabilities, as well as misconfigurations that remain…
Europe, Global Security News
Infosecurity Europe: Why JLR’s CISO Enforced In-Person Password Resets Following Cyber-Attack
Speaking at Infosecurity Europe, Ashish Shrestha, former CISO at Jaguar Land Rover revealed why he wanted over 30,000 employees to change their passwords in the immediate aftermath of the incident
AI, Exploits, Global Security News, Government & Policy
CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day
CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. […]
Global Security News
WhatsApp Discovers NSO Group-Linked Spearphishing Attempts
Meta’s WhatsApp demands contempt ruling after users report NSO Group-linked phishing
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities (KEV) catalog. The two flaws added to the catalog are: CVE-2026-42271 (CVSS score…
AI, APAC, Exploits, Global Security News
CVE-2026-23111: Linux nf_tables Flaw Enables Root Exploits
A Linux kernel nf_tables bug lets local users gain root via use-after-free caused by a logic error; patch removes a single “!”. CVE-2026-23111 lives in nf_tables, the Linux kernel’s packet filtering framework. Exodus Intelligence researcher Oliver Sieber found the bug in early 2025 and chained it into a full local privilege escalation. The flaw was…
AI, Cybersecurity, Funding, Global Security News, Government & Policy, Network Security, Risk Management
Trump’s new AI order — hallucinations aren’t just for LLMs
Years ago, right-wingers coined the phrase “Trump Derangement Syndrome” (TDS) to describe people who hate US President Donald J. Trump. (I think it better describes the president’s outlandish, truth-challenged statements and the followers who think he can do no wrong.) What’s really deranged is his recent AI executive order. First, a little history. As you…
Exploits, Global Security News
Google patches new Chrome zero-day flaw exploited in the wild
Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. […]
AI, Cybersecurity, Exploits, Global Security News
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command injection vulnerability that could allow any authenticated user to run arbitrary commands on the
AI, Cybersecurity, Exploits, Global Security News
The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic
The advent of AI-assisted vulnerability discovery and autonomous exploit development has brought about a new age in cybersecurity—one in which we can no longer rely on patching as a primary defense mechanism. Patching is, by definition, a reactive approach to security. It cannot occur until after a vulnerability is discovered and a vendor fix is…
AI, Global Security News, Risk Management
Treating AI agents like service accounts for federated query security
In this interview with Help Net Security, Paras Malhotra, CISO at Starburst, explains how the company handles data governance across federated query environments. Topics include layering Starburst’s access controls above native source permissions, tiering vendor risk across more than 200 partners and connectors, and building audit trails for autonomous agents. The conversation covers how AIDA…
AI, Endpoint, Exploits, Global Security News, malware, Network Security
Meet Hades: The malware that lies to AI security agents
Threat actors are continuing their onslaught against software supply chains, now with malware named after death itself. The newly-discovered Hades Campaign is a “highly sophisticated” supply chain compromise that targets Python developer environments and runs as soon as infected packages are imported. It uses the popular Bun toolkit to silently execute multi-layer payloads that can…
GeekGuyBlog
Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks
A surge in cyber extortion is targeting U.S. law firms, revealing alarming tactics by the Silent Ransom Group that threaten sensitive legal data.
AI, Global Security News, malware
Malware ships with bugs that defenders could use against it
Static analysis tools have spent years scanning legitimate software for security bugs before it goes out the door. The same scanners work on malware, and malware carries a steady supply of its own bugs. Researchers ran four of these tools across 658 leaked malware projects and found that close to 90 percent contained at least…
AI, china, Global Security News, Government & Policy, Risk Management
The security questions around Chinese AI coding models in U.S. software
Software developers across the United States are using AI models built in China to write, debug, and review code, drawn by prices below those of American alternatives. These models carry risks for the security of American software, according to a report from Booz Allen Hamilton, which tested how the models respond when the user appears…
AI, Apps, Cybersecurity, Global Security News
Cybersecurity jobs available right now: June 9, 2026
Application Security Architect INTENSITY Global Group | Israel | Hybrid – View job details As an Application Security Architect, you will design secure application architectures, perform threat modeling and security assessments, define security standards and controls, integrate security into the SDLC and CI/CD pipelines, support application security tooling and incident response, and guide engineering teams…
AI, Apps, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, Risk Management
OpenAI’s Lockdown Mode is trying to solve the problem that it created
OpenAI’s move to implement a Lockdown Mode that tries to limit data exfiltration by shutting down external capabilities is being seen as making the best out of a bad situation. But Lockdown Mode doesn’t block exfiltration as much as it slightly reduces it, and the reality of enterprises using multiple AI vendors for their agentic…
Global Security News, Risk Management
U.S. Expands List of Chinese Tech Companies It Says Assist Beijing’s Military
Some well-known companies were added to the annually updated list, which designates them as a U.S. national-security risk.
Global Security News
ISC Stormcast For Tuesday, June 9th, 2026 https://isc.sans.edu/podcastdetail/9964, (Tue, Jun 9th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Global Security News, Government & Policy
American citizen pleads guilty to spying for China
Thomas Weir Pauken II, 50, admitted to conspiring with multiple individuals to exfiltrate data for the Chinese government.
Global Security News
Check Point patches critical VPN flaw exploited in zero-day attacks
This vulnerability affects deployments configured to use the deprecated IKEv1 key exchange protocol.
AI, Global Security News
FTC orders Illuminate Education to improve data security after student data breach
The FTC’s order stems from allegations that Illuminate failed to implement reasonable security controls, contributing to a December 2021 cyberattack.
Global Security News
Guardz introduces agentic reporting to simplify MSP security communication
The new reporting feature introduces a conversational interface, allowing MSPs to interact directly with their security data using natural language.
Global Security News, privacy
Massachusetts lawmakers pass consumer data privacy bill
The Massachusetts House unanimously passed the Consumer Data Privacy Act, a bill that will give residents rights to access and delete their data held by large tech firms.
Global Security News
Silverfort integrates identity controls with Microsoft Copilot Studio agents
The new integration evaluates every access request made by a Copilot agent in real time, providing a decision before the action is executed.
Data Breaches, Global Security News
WhatsApp Says It Blocked Pegasus Spyware Campaign Linked to NSO
WhatsApp says it blocked Israeli firm NSO’s Pegasus spyware activity and is asking a US court to treat the targeting as an injunction breach.
AI, Data Breaches, Global Security News
University of Oxford discloses data breach via third-party career platform
The breach occurred on May 28, with attackers gaining access to users’ first names, last names, email addresses, and encrypted passwords for those not using Single Sign-On.
Global Security News
Ubiquiti UniFi OS server vulnerabilities allow unauthenticated remote code execution
The security flaws, tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, were addressed in May and impacted UniFi OS Server versions 5.0.6 and earlier.
Global Security News, malware
NFCShare Android malware spreads via fake banking app updates on GitHub
New variants of the NFCShare Android malware are being distributed as fake updates for legitimate banking apps hosted on GitHub. […]
AI, Apps, Data Breaches, Endpoint, Europe, Exploits, Global Security News, malware, Risk Management
Hackers Didn’t Hack Instagram: They Convinced Meta’s AI to Hand Over More Than 20,000 Accounts
Meta’s disclosure that attackers abused an AI-assisted account recovery system to hijack more than 20,000 Instagram accounts is rapidly becoming one of the most consequential security incidents in the emerging era of agentic AI. While early headlines framed the event as hackers “tricking” Meta AI into stealing accounts, the technical reality appears considerably more complex—and…
AI, Data Breaches, Global Security News
SoFi confirms third-party data breach at Hong Kong subsidiary
SoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information. […]
AI, Exploits, Global Security News, Network Security
Attackers exploiting unpatched Cisco SD-WAN flaw
Cisco warns customers of an actively exploited high-severity vulnerability in Catalyst SD-WAN Manager, an enterprise network management system that has been targeted by hackers multiple times in the past. Located in the command-line interface, the flaw allows authenticated attackers to escalate privileges to root and take over the entire system. The vulnerability, tracked as CVE-2026-20245,…
Global Security News
OpenAI Files for IPO
Plus, the Trump administration’s $100,000 H-1B visa fee is declared unlawful, and private racetracks zoom into view.
Global Security News
OpenAI Kicks Off IPO Process in Test of Investor Appetite for Top AI Labs
The ChatGPT-maker confidentially filed for an offering that could come as soon as the fall.
AI, china, Europe, Global Security News, privacy
WWDC: Did Apple make the AI grade this year?
There were several key components to emerge from Apple’s developer conference Monday as the company sought to reassure users (and investors) that it has met the existential challenge represented by AI. Aside from a serious focus on Siri AI and embedded Apple Intelligence across its varied platforms, officials also hailed a slew of performance/usability tweaks,…
Global Security News
Meta Launches ‘Workforce Academy’ to Train Workers to Build Data Centers
The five-week program, which is free of charge and guarantees a job, follows a recent layoff of 8,000 employees.
Global Security News
New Apple feature automatically changes your compromised passwords
At WWDC 26, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. This works in Safari, and it’s rolling out with iOS 27. […]
AI, Apps, Compliance, Endpoint, Global Security News, Network Security, Risk Management, Venture
ICYMI: May 2026 @AWS Security
Read all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Security Blog posts This month’s AWS Security Blog posts covered AI security, network protection, identity management, compliance frameworks, and supply chain security. Read…
Global Security News
Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks
The financially motivated group is combining vishing, IT impersonation, and in-person office intrusions to steal data and extort victims.
AI, Apps, Global Security News, Government & Policy, Risk Management
Meta Accuses NSO of Violating WhatsApp Court Injunction
Meta says NSO violated a court injunction by targeting WhatsApp users again through phishing campaigns and test accounts. Last year, WhatsApp won a landmark case against NSO Group, the Israeli spyware vendor behind Pegasus, and secured a permanent court injunction barring the company from ever targeting WhatsApp or its users again. The court was unambiguous:…
AI, Global Security News, malware
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages
Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets. […]
Global Security News
Check Point VPN Flaw Exploited Since Early May
A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident.
AI, Exploits, Global Security News
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel’s nf_tables packet-filtering code and was patched upstream on February 5, 2026. Exodus Intelligence released its full technical walkthrough on June…
Global Security News
Silent Ransom Group moves to in-person method if vishing attempt fails
Mandiant warns Silent Ransom Group uses vishing and even in-person visits to steal data.
Global Security News
Silent Ransom Group moves to in-person method if vishing attempt fails
GTIG report follows FBI advisory warning organizations that UNC3753 has been walking right in to shops and stealing data.
Global Security News
Iran Signed a Ceasefire — Its Hackers Didn’t
An extension of the Geneva Conventions could impose restrictions on cyberwarfare under ceasefire conditions and close a major loophole in international conflict.
Global Security News
Operation FlutterBridge Uses Fake Google Ads to Spread macOS Backdoor
Operation FlutterBridge uses fake Google ads and shell companies to deploy FlutterShell, a new macOS backdoor targeting unsuspecting users.
AI, Global Security News
WhatsApp says it disrupted new NSO spyware phishing attacks
WhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attacks. […]