Meteor 3.0 helped Rocket.Chat move from Node.js 14 to Node.js 20, cutting runtime debt after Fibers removal and reducing supply-chain risk across federal users.

Read more →

The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its license system vendor that exposed personal information for more than three million individuals. […]

Read more →

We’re always happy to end the week with some positive news. A law enforcement action called Operation Endgame just delivered a major win against the long‑running SocGholish (aka FakeUpdates) operation. SocGholish is a malware framework that has been active since at least 2017 and is best known for abusing hacked, legitimate WordPress sites to push…

Read more →

Apple has long marketed itself as the privacy-first tech giant. So why is it making a change to Hide My Email that will make it easier for websites to block anonymous sign-ups – and harder for you to stay private online? Read more in my article on the Hot for Security blog.

Read more →

Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker’s web page, and that page’s JavaScript can reach a privileged local service on the same machine and spawn a process on the host. No credentials, no…

Read more →

In this post, I will talk about the best AI Alert Triage tools for modern SOC teams. This guide covers the leading AI alert triage tools available to modern SOC teams, what each one actually does, and how to evaluate the category against your operational needs. What AI Alert Triage Actually Means The SANS 2025…

Read more →

Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites. “With these actions we deprive cybercriminals of access to infected computer systems,” Maikel Rollman of the Netherlands National High Tech Crime Unit said. “This prevents

Read more →

Google, Microsoft, OpenAI, and others want to help enterprises demonstrate that their AI applications are behaving themselves through the creation of a new foundation. The Appia Foundation will, it explained rather impenetrably, “establish modular specifications that provide a connecting layer to bridge foundational global standards with practical, trusted assessments across the global AI value chain.”…

Read more →

Microsoft Office users may find that some of their applications are failing to open when called on by third-party applications. It’s an issue that has emerged after the latest round of Microsoft updates. The problem affects Word, Excel, and other Office applications opened from third-party offerings including CCH Engagement, Workpaper Manager, Zotero, or dental office…

Read more →

Microsoft Office users may find that some of their applications are failing to open when called on by third-party applications. It’s an issue that has emerged after the latest round of Microsoft updates. The problem affects Word, Excel, and other Office applications opened from third-party offerings including CCH Engagement, Workpaper Manager, Zotero, or dental office…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices. The sweeping campaign, believed to be the work of Russian-speaking threat actors, has been codenamed FortiBleed. The number of compromised devices stands at

Read more →

OpenAI has introduced spend controls and enhanced usage analytics for ChatGPT Enterprise to enable organizations to monitor AI adoption, track consumption across teams, and set budgets for AI usage. But, analysts cautioned, it still can’t show how those costs lead to business benefits. The new features provide administrators with centralized dashboards showing how ChatGPT is…

Read more →

Someone is pretending to be your bank, your government, or your local planning office. And according to the FTC, they’re making billions doing it. Read more in my article on the Fortra blog.

Read more →

Nintendo America employee records were exposed via TinyPulse after Shadowbyt3 claimed theft of HR files, tax forms, bank data, and staff survey responses.

Read more →

Operation EndGame disrupted SocGholish, taking down 106 servers and cleaning 14,971 WordPress sites used to spread fake-update malware. On June 18, 2026, law enforcement agencies from the Netherlands, Canada, the United States, and Germany, coordinated through Europol, executed a joint action week against SocGholish, one of the most persistent and widely deployed malware distribution networks…

Read more →

New York, USA, 19th June 2026, CyberNewswire

Read more →

AI agents can access data, trigger workflows, deploy code, and interact with critical business systems, often with little oversight. Token Security breaks down why AI agents are becoming a new identity and governance challenge. […]

Read more →

As threats proliferate and AI complicates cybersecurity, CISOs say the job is getting harder, but more companies still want cybersecurity expertise, if even on a part-time basis.

Read more →

Cybersecurity vendor Huntress was among multiple companies hit by a breach originating at Klue, a market intelligence platform used to integrate CRM and sales data across various business tools. Huntress published a detailed account of the incident on June 18, framing it as a “security domino effect” that began with one compromised integration credential and…

Read more →

A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malicious trading and gambling tools appear trustworthy, Check Point researchers found. According to the researchers, the attackers packaged the malware as tools designed to help users make money. The offerings included cryptocurrency sniper bots and gambling “predictors”…

Read more →

Apple has patched a Bluetooth flaw in Beats Studio Buds that could potentially turn your earbuds into a nearby wiretap. When you buy a pair of Bluetooth earbuds, you expect them to play your music and your calls—not someone else’s. But a vulnerability in Apple’s Beats Studio Buds shows how that trust can be abused,…

Read more →

Penetration Testing is used to identify and report back on security vulnerabilities to allow the client time to remedy the vulnerabilities. The post Penetration Testing Services in South Africa appeared first on Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa..

Read more →

One of the most commonly used Microsoft programs, Excel is highly useful for data collecting, processing, and analysis. To fully harness Excel’s powers, though, you need to make use of formulas. Excel formulas allow you to perform calculations, analyze data, and return results quickly and accurately. The usefulness of formulas is even greater once you…

Read more →

Working with frontier AI models, this new platform aims to help discovering, prioritizing, validating and remediating code vulnerabilities

Read more →

Google has introduced hand gesture verification for reCAPTCHA, a new method for verifying that a user is human. Google’s reCAPTCHA is part of Google Cloud Fraud Defense, a fraud and abuse prevention platform for bot, account, and transaction protection. It uses risk analysis and challenge-based verification to help organizations identify automated activity and suspicious behavior.…

Read more →

In this post, I will highlight the top AI SOC platforms to watch in 2026. In the age of ever-rising alert volumes, tighter budgets, and sophisticated adversaries, the question is no longer “Should we use AI in the SOC?” It’s “How do we use AI so it augments human analysts rather than replaces them?”. Here…

Read more →

SocGholish malware has been removed from 15,000 sites associated with Evil Corp hackers

Read more →

As AI shifts from output-generating large language models (LLMs) to armies of agents taking actions on their own, there is a growing threat that failures could affect system reliability. Temporal, a Bellevue, WA firm founded in 2019, hopes to solve that problem by stabilizing AI and long-running computing processes through “durable execution,” a technology that…

Read more →

People who run accounts on the open source social network Mastodon can now group profiles together and share those groups across the web. The 4.6 release centers on a feature called Collections, along with reworked profiles, email newsletters, server administration controls, and a set of accessibility changes. Server controls The release gives server administrators a…

Read more →

Google’s latest and greatest Android version is officially now out in the world and available — but if you’re using any phone other than a Pixel, that doesn’t mean much for you just yet. The reason why is simple: Despite Google officially launching Android 17 and starting to send it out to Android phone-owners this…

Read more →

ANY.RUN has been recognized as the Best Security Investigation Platform 2026 at the Cybersecurity Stars Awards by The Hacker News.  This award reflects our dedication to building solutions that make a real impact on daily security operations.  At ANY.RUN, we help SOC and MSSP teams worldwide streamline threat investigation workflows through confident decision-making, full malware and phishing visibility, and actionable insights thataccelerate incident investigations and response.  We thank our global community of security professionals for continuously trusting our solutions and supporting our growth!  Reinforcing Our Position as a Market…

Read more →

Android’s developer verification protections will take effect on September 30, 2026, starting with users in Brazil, Indonesia, Singapore, and Thailand. Developers distributing apps through participating stores in those markets must complete the verification process by the deadline. Google Play, HONOR App Market, OPPO App Market, Galaxy Store, Palm Store, V-Appstore, and GetApps will begin verifying…

Read more →

Accenture is expanding its position with the acquisition of a majority stake in Dragos and all of runZero and NetRise to deliver end-to-end operational technology (OT) security for the critical infrastructure and industrial operations underpinning power grids, pipelines, manufacturing, distribution facilities and data centers. The Dragos Platform will expand to cover the extended environment that…

Read more →

Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To that end, organizations will be unable to connect to Salesforce via the app until further notice, the American cloud-based software company noted in an alert…

Read more →

You are a security leader at a small or medium-sized business (SMB), and your organization has decided to adopt Claude. If you are like me, after the initial “surprise” wears off, you probably want to quickly get your arms around what adopting Claude means for the business, and for security specifically. Below are some lessons…

Read more →

BlackFog has announced the general availability of ADX Vision for macOS, extending its shadow AI detection, governance, and prevention platform to Apple endpoints. With this release, enterprises can now apply a single, consistent AI data-loss policy across Windows and macOS devices to stop sensitive data from leaving the organization through unsanctioned LLMs. The release addresses…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Fortinet customers to secure their devices after nearly 74,000 firewall and VPN credentials were exposed in a data leak dubbed “FortiBleed.” […]

Read more →

Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting the Airoha Bluetooth audio SDK that makes it possible to pair a Bluetooth audio…

Read more →

Branded SMS sender IDs are the names that appear at the top of texts to identify businesses like AusPost, Med-Appt or myGov. Under new anti-scam laws, messages sent by…

Read more →

National law firm Holding Redlich has partnered with Legora, the agentic AI platform for legal professionals, to deploy the platform across the firm’s Property and Corporate &…

Read more →

Decentralized storage networks already hand pieces of people’s data to strangers’ machines. The lasting question across these networks is whether the machine holding the data can read it. A research paper by Gregory Magarshak, a professor at IENYC, describes a system called Safecloud built on one design rule: the nodes that store data see only…

Read more →

24 Billion Records Left Open Online: Passwords, Emails, and Everything Else Exposed database with 24 Billion records revealed stolen credentials from infostealers, Telegram channels, and breach collections, risking account takeovers. Cybernews researchers found an exposed Elasticsearch cluster on June 12th containing 24 billion records and more than 8.3 terabytes of data. They triple-checked the numbers.…

Read more →

Many large enterprises discard most of the log data their systems generate, and they do it on purpose to keep costs down. A Dynatrace survey of 450 senior IT leaders at large enterprises found that half of organizations drop or never collect an average of 86 percent of their logs, even after filtering and aggregation.…

Read more →

Cybercrime is taking a larger share of criminal activity in Asia and the Pacific. More than half of surveyed jurisdictions reported that cybercrime accounts for over 30% of all crimes recorded nationally, according to INTERPOL’s 2025/2026 Asia and South Pacific Cyberthreat Assessment Report. Distribution of malware types detected within the Asia and South Pacific region…

Read more →

Vodafone Australia says all services are back online after a network-hub failure disrupted mobile calls and data for customers across the country on Thursday morning.

Read more →

Whether it’s optimising the home office for peak productivity or preparing for the most anticipated gaming release of the decade, GTA VI, Kogan.com EOFY deals on computer…

Read more →

The Oracle Critical Security Patch update (CSPU) released this week contains 245 newly-announced fixes for supported on-premises software, some of which impact multiple products. It is in reaction to an industry trend to announce and fix security holes much more quickly, and complements Oracle’s traditional quarterly patch schedule. The current batch of patches affects a…

Read more →

Wielding its war chest to win data-center customers for its silicon, the world’s second-biggest company is taking a page from No. 1.

Read more →

Global success of AI-related companies in South Korea, Taiwan and Japan stokes red-hot market fever.

Read more →

Blue Yonder has reported continued momentum in the first quarter of 2026, adding 30 new customers and expanding its portfolio of AI-driven supply chain capabilities.

Read more →

New Zealand’s leading digital services and connectivity provider partners with Rimini Street to stabilise mission-critical Oracle systems, solve complex interoperability…

Read more →

One-click MCP Server integration closes the production feedback loop to create a seamless path from integrated development environment to production

Read more →

The iPhone maker’s clout as a buyer has taken a major hit from the AI boom.

Read more →

Keeping telecom spending under control is one of the harder infrastructure challenges facing large organizations today. Between juggling carrier contracts, reconciling invoices…

Read more →

Guidewire, the platform insurers trust to engage, innovate, and grow efficiently, has announced announced that it will host its second InsurPitch Sydney on Wednesday 5 August 2026.

Read more →

The clipboard hijacker campaign also uses “ghost networks” on social media to boost engagement.

Read more →

The Gentlemen ransomware-as-a-service (RaaS) is actively developing and maintaining a suite of endpoint detection and response (EDR) killers to help affiliates evade detection in attacks. […]

Read more →

The Agentjacking attack bypasses the need for stolen credentials or direct network access.

Read more →

Authorities on Thursday disrupted a botnet, a malware framework and seized infrastructure that Evil Corp and other cybercrime groups used to steal data and break into various networks. The globally coordinated effort targeted SocGholish, multi-stage malware that has compromised websites, redirected users to traffic distribution systems (TDS) and slipped malware into their networks since 2017.…

Read more →

The majority of attacks against these organizations were DDoS floods, with a notable difference in duration compared to attacks on Cloudflare’s broader customer base.

Read more →

The attack involved the theft of OAuth credentials from Klue’s Battlecards integration, which threat actors then used to access and exfiltrate data from customer Salesforce instances.

Read more →

Authorities from the Netherlands, Canada, the United States, and Germany removed the SocGholish malware and backdoors from 14,971 compromised WordPress websites, also taking 106 servers and domains offline.

Read more →

The vulnerability, identified as CVE-2025-20701, was discovered by researchers Dennis Heinze and Frieder Steinmetz of ERNW GmbH.

Read more →

The Shadowbyt3$ threat group claimed responsibility for the incident, alleging the exfiltration of sensitive employee data, including bank statements and W-9 forms.

Read more →

The new ADX Vision for macOS targets the increasing use of unsanctioned generative AI tools within organizations.

Read more →

The Texas Parks & Wildlife department disclosed that hackers gained access to its license system vendor, which processes hunting and fishing license sales.

Read more →

Identiverse 2026 highlighted identity’s expanding role in AI, trust and governance.

Read more →

The Senate Judiciary Committee approved a new bill this week that seeks to prevent unauthorized deepfakes of American artists, performers and public figures. While the bill sailed through a committee voice vote, both Senators and outside groups say they’re worried it could become a tool for the powerful to quash free speech.  The NO FAKES…

Read more →