The recently reported cyberattack against Tata Electronics is shaping up to be one of the most consequential attacks exposing important trade secrets belonging to Apple and, conceivably, other clients, including a slew of details about the upcoming iPhone 18 Pro. The attack follows May’s assault against key Apple manufacturing partner Foxconn. World Leaks iPhone 18 Pro Hackers from…
Find out the key differences between Cat6, Cat6A, and Cat7 cables. Discover which option delivers the right balance of speed, cost, and future readiness for your business network. Every business depends on reliable connectivity. Whether it is a small office, a retail store, a school, or a growing enterprise, the network infrastructure behind daily operations…
Learn how modern businesses can judge office software for ISO 27001 certification, GDPR-aligned data handling, encryption, and safer PDF workflows with clarity.
Plus, South Korea plots new chip plants, and AI brings bumper profits for memory producers
Hackers stole data from 4.38 million Aflac Japan customers after accessing its systems for 10 days before the breach was detected. Aflac Japan disclosed that hackers stole the personal information of 4.38 million customers and agents after gaining access to its systems between June 15 and June 25. Attackers stole data from the company policyholder…
The PCI Security Standards Council (PCI SSC) has launched its Training Venue Host Program, creating a new way for organizations with suitable training facilities to support payment security education while bringing industry training directly to their teams.
A malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information. […]
How’s the view?! Back to business, it’s now 8 years ago that Scott and I thought it would be a cool idea to build Why no HTTPS? We used the site to shame companies for not implementing their transport later security property, and to make it a bit of fun, we shamed by country as…
Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction. The cryptocurrency clipper activity has been codenamed Silent Swap by McAfee Labs. “The campaign is delivered through unsigned installers – observed in both .NET and Golang variants – that
Attackers exploited a critical SimpleHelp RMM bug to deploy TaskWeaver and Djinn Stealer malware
The Department of Homeland Security is bringing back a key cybersecurity information sharing effort with critical infrastructure, more than a year after the Trump administration shuttered an existing nerve center between government and private sector. The Alliance of National Councils for Homeland Operational Resilience – Critical Infrastructure program, first reported by CyberScoop in January, is meant…
A fake FIFA World Cup 2026 T-shirt giveaway scam is spreading Voidrift malware through personalized emails using company logos and trusted websites to bypass security filters.
Apple has released security updates for more than two dozen security vulnerabilities across iPhone, iPad, and Mac. The updates for iOS/iPadOS, MacOS Tahoe, and Safari were issued after testing on iOS 26.6 and iPadOS 26.6 betas. What stands out in the update is that a lot of the vulnerabilities were found in WebKit, the browser…
After using multiple security cameras from Ring, Blink, and more, I’ve found the best arrangement for my home.
The safety check that is supposed to stop an AI coding agent from running a dangerous command can be walked straight past using a shell trick that has been public for decades. New research from Adversa AI, which is named the bypass GuardFall, found it works against ten of the eleven popular open-source coding and computer-use…
Netflix has award-winning originals and a smart algorithm, but Peacock counters with live sports and a lower price.
The Department of State is offering up to $10 million for information on two Russian-linked hacking groups targeting Signal and WhatsApp users. This reward is being offered through the department’s Rewards for Justice (RFJ) program, which seeks information on foreign state-backed cyber actors targeting U.S. critical infrastructure and national security interests. The latest bounty focuses…
Aikido Security has acquired Root, uniting behind a shared mission to make it easy for developers and agents to build with secure open source and tackle the growing threat of supply chain attacks. Open source is the foundation of almost every application in the world, and it has become the primary entry point for attackers.…
Business Email Compromise is more than an email scam. It’s a coordinated operation involving compromised accounts, financial research, and cash-out networks. Flare explores how underground forums reveal how BEC attacks are planned and executed. […]
Exploitation attempts targeting a critical vulnerability (CVE-2026-46817) in Oracle Payments, the payment-processing module within Oracle’s E-Business Suite (EBS), have been spotted over the weekend, threat intelligence company Defused warned on Monday. The detected exploitation attempts (Source: Defused) “On 27 June 2026 our Oracle E-Business Suite decoys recorded the first in-the-wild exploitation of CVE-2026-46817 — roughly…
Cequence Security has announced general availability of Cequence Platform 9.0, an AI-native release that changes how users interact with API security tools. Platform 9.0 ships with a built-in AI Assistant, an open Model Context Protocol (MCP) server that exposes every platform capability to an organisation’s agents or automation workflows, a compliance-ready risk rules library mapped…
Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic. In many cases, the path in was visible just by watching what the app sent: a plaintext API key, a reusable token, or a backend server that accepted requests with no…
Jamf has announced general availability of AI Governance, a new capability within Jamf for Mac that enables IT and security teams to discover actively-used AI tools, enforce policy controls, and generate audit-ready reporting. Many organizations struggle to confidently audit and report on AI tool usage across their device fleet, including both sanctioned applications and unsanctioned…
Software updates are rolling out now for iPhone, iPad, and Mac, bringing fixes that weren’t supposed to arrive so soon. Here’s why.
Digi International has announced the launch of DANI, the Digi Artificial Network Intelligence agent, a purpose-built AI network operations agent natively embedded in a networking device management platform, Digi Remote Manager (DRM). Embedded directly within DRM as a value-added service, DANI enables network operators and managed service providers to monitor and diagnose network issues, identify…
Aflac has disclosed a data breach at its Japan subsidiary that exposed sensitive customer information, including policy details and bank account data. According to a filing with the U.S. Securities and Exchange Commission (SEC), Aflac Life Insurance Japan Ltd. discovered the unauthorized access on Jun. 25, 2026. The company determined that attackers accessed certain systems…
The TaskWeaver loader delivers Djinn Stealer, which targets dev credentials and AI tokens.
OpenMatter Network has announced the launch of its cryptographically verifiable platform for secure collaboration and AI governance, built on a simple premise: Don’t Trust Data. Prove It. For decades, organizations have relied on trust-based assumptions to secure data, execute workloads and govern digital systems. But as data becomes increasingly distributed and AI agents begin operating…
CISA’s BOD 26-04 changes how federal agencies patch and how security leaders must measure, justify, and communicate cyber risk to executives and boards. Key takeaways BOD 26-04 requires agencies to make and defend risk-based vulnerability prioritization decisions, including decisions to defer vulnerability remediation. This accountability requirement transforms vulnerability management from a technical operation into a…
Machine and agent identity security organization, AppViewX, has announced the launch of its first global partner program. The program is designed to provide the infrastructure, resources, and an engagement framework necessary to engage prospects and customers more effectively, deliver greater value, and maximize co-sell opportunities and profitability. AppViewX formalizes its channel strategy The AppViewX Partner…
Cybersecurity company Huntress has announced the general availability of its Managed Identity Security Posture Management (ISPM) service, expanding its Agentic Security Platform with tools that continuously identify and remediate identity security weaknesses across Microsoft 365 environments. The launch follows an Early Access program involving more than 12,000 Microsoft 365 tenants, where Huntress says it uncovered…
Cybersecurity leader Bitdefender has recently released an annual report in which cybersecurity professionals detailed their most urgent concerns, key challenges, and threat perceptions shaping security. Agentic AI, LLMs, and infrastructure breaches top the list of security concerns The 2026 Cybersecurity Assessment Report is an independent survey of over 1,200 IT and security professionals. Those surveyed…
Teams are dealing with a truly dangerous problem — automation that works, but that no one understands.
Patients are also three times more likely to trust AI in their doctor’s secure portal than a public chatbot.
In this post, I will show you how artificial intelligence is changing project management. Projects rarely go exactly as planned. A task takes longer than expected, priorities change midway through, or a small issue suddenly affects the whole schedule. Most project managers have dealt with situations like these. That is why many professionals look into…
This blog post is #4 in our series on Verifiable Digital Credentials (VDCs). Our other posts can be found via Post #1, Post #2, and Post #3. In earlier posts, we discussed how verifiable digital credentials (VDCs) are issued and compared the underlying credential formats (ISO/IEC “mdoc” vs. W3C Verifiable Credentials). In this post, we…
ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users
The growing use of AI agents is set to increase corporate AI token spend, and some companies are using techniques from the cloud era to control costs.
Google has removed a malicious browser extension masquerading as Perplexity AI after Microsoft researchers found it was intercepting users’ search traffic and routing queries through attacker-controlled servers before forwarding them to legitimate search engines. Microsoft Threat Intelligence said the extension masqueraded as the AI-powered answer engine to trick users into installing it. Based on its…
Apple released updates for iOS, iPadOS, macOS, and Safari, fixing WebKit flaws, four of which were found using AI tools like Claude and Codex Apple pushed out security updates for iOS, iPadOS, macOS, and Safari on Monday, and this round comes with a twist worth noticing. Four of the WebKit vulnerabilities patched were found using…
The FIFA World Cup 2026 opened on June 11. By that date, according to Check Point Research, the fraud infrastructure targeting it had already been built, staged, and partially deployed. Threat actor activity was pre-planned, months out, across three sectors and at least ten languages. Check Point Exposure Management published the FIFA World Cup 2026…
An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer. The intrusion involves the exploitation of CVE-2026-48558 (CVSS score: 10.0), a critical authentication bypass vulnerability impacting the OpenID Connect (OIDC) flow that an unauthenticated
American insurance giant Aflac has disclosed a new data breach after attackers breached its Japan subsidiary’s systems and stole personal and bank account information. […]
WhatsApp is letting users reserve usernames before its 2026 launch, giving people a way to chat without sharing phone numbers. Here is how it works, why it matters, and the security limits to know
Microsoft has introduced a new Teams admin policy that allows organizers to prevent third-party bots from joining meetings without approval. […]
A wave of phishing emails sent to Booking.com partner accommodations in Japan in May led to blockchain-hosted malware
With AI agents increasingly expected to remember conversations, preferences, and decisions over extended periods, Microsoft Research has developed Memora, a memory system designed to provide more scalable and reliable long-term recall than existing approaches. AI agents are increasingly expected to retain context across weeks or months rather than individual chat sessions. Memory can become fragmented,…
Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. The malware is capable of targeting Windows, macOS, and Linux systems, and “collects credentials associated with cloud platforms, source control, package registries, infrastructure tooling, AI development assistants, browsers, SSH, and cryptocurrency wallets,”…
This setting meshes perfectly with how my brain works, and I don’t miss deadlines anymore.
For a US automotive manufacturer working with more than 200 active vendors, supplier file intake had become a growing security and cost challenge. Suspicious submissions often reached the SOC without enough context, forcing Tier 1 analysts to escalate most cases and slowing detection and response across the business. By introducing a scalable triage and analysis process…
There are a variety of security concerns about artificial intelligence (AI), especially when it comes to the behavior of agentic AI. But until recently, the concept of locking down the models to prevent tampering hasn’t gotten a lot of attention. Now, a security technology called “confidential computing” has emerged that could help solve that problem:…
Kali Linux 2026.2, the second release of the year, is now available for download, featuring 9 new tools and numerous Kali NetHunter improvements. […]
The Blackfield ransomware gang is asking for a $2 million ransom from Nidec Corporation, a large Japanese manufacturer of electronic components for automotive and computing applications. […]
Woolworths is turning Olive, its long-running customer-service chatbot, into an AI agent that plans your meals, builds your basket and hunts for cheaper swaps. The upgrade runs…
Apple released updates for iOS/iPadOS, macOS, and Safari on Monday. There have been no updates for other Apple operating systems (visionOS, watchOS, tvOS). Usually, Apple updates all products at the same time. Most of the vulnerabilities affect the web browser (WebKit, libxslt, WebRTC, and Web Extension). Only four of the vulnerabilities are not directly related…
SonicWall records 264,000 events in first five months of 2026 as UK hospitals come under siege
Two researchers have found six security flaws in AirDrop and Quick Share, the wireless features that beam files between nearby devices with no cables or shared network. An attacker within wireless range, with just a laptop and no prior connection, can crash the sharing service on a Mac or iPhone set to receive from anyone,…
A utility called Fluent Cleaner will analyze your Windows environment to find and remove junk files, temp files, unused Registry entries, and other clutter – for free. Here’s how to use it.
Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments. A critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited in the wild, according to cybersecurity firm Defused Cyber. “CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being…
Wireless charging is a helpful feature, but you may not be getting the optimal speed with your accessories.
The future of work is likely to require a careful blend of human skills and AI agents. Here’s how to work successfully with your agentic counterparts.
Similar to the events that unfolded with the Conti ransomware group’s demise in 2022, leaked internal chat logs of the Black Basta cybercrime group last year gave us a peek behind the curtain of modern ransomware operations. We found that these groups have continued to evolve into highly sophisticated and organized syndicates, taking a corporate-style…
Google Cloud used its Sydney summit to declare the “agentic era” open for business. The proof points for the Australian version of the summit were satisfyingly local: Bunnings’…
CISA confirmed on Monday that ransomware gangs are now exploiting a Microsoft Defender privilege escalation vulnerability, dubbed BlueHammer, that has previously been abused in zero-day attacks. […]
Taiwanese authorities escalated a probe into the unauthorized diversion of advanced artificial-intelligence servers made by Super Micro Computer, as part of efforts to crack down on the alleged smuggling of Nvidia chips to China.
Convince an AI browser that it is playing a game, and it can hand over your login details. That is the finding behind BioShocking, a technique from security firm LayerX that tricked six AI browsers and assistants into copying a user’s credentials and sending them to an attacker. The targets included OpenAI’s ChatGPT Atlas, Perplexity’s Comet,…
Penetration testers who run Kali Linux inside virtual machines boot their systems faster after the 2026.2 release. The change comes from a decision about graphics firmware, the code that drives NVIDIA, AMD, and Intel GPUs. That firmware has grown large enough to slow the early stages of startup, and few virtual machines need it. Kali…
Report Fraud data reveals that more than half of 323 UK ransomware victims last year were SMEs
OpenClaw, a self-hosted personal AI assistant that connects to existing chat apps, is now available on iPhone, iPad and Apple Watch. The release brings chat, real-time voice conversations, approvals, device capabilities, and private automations to iOS. Connecting OpenClaw to iPhone The app pairs with an OpenClaw Gateway, enabling users to communicate with their AI assistant…
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run LoadMaster with the API enabled, update now. Progress published…
Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security. The WebKit vulnerabilities are listed below – CVE-2026-43707 – A memory corruption issue that could…
Phones and laptops ship with a feature that sends files to nearby devices over the air, with no cables, accounts, or prior pairing. Apple calls its version AirDrop. Google and Samsung call theirs Quick Share. Both run inside privileged background services that wake when another device comes within wireless range, and both read a stack…
AVG Mobile Security for iOS helps protect users against online threats with features including Web Guard, VPN, Scam Guardian Pro, Hack Alerts, and Photo Vault. It also identifies suspicious calls and scam text messages and helps keep personal information private while using Wi-Fi networks with its VPN. The app is available for Windows, macOS, Android,…
Across the open source world, people are reporting software flaws in record numbers, and the systems built to verify those reports are straining under the weight. The GitHub Advisory Database, which feeds automated security alerts to millions of projects, has reached a point where some new advisories take weeks to publish. In May 2026, the…
Boomi enables Australasian operations and services provider to centralise vendor management, connecting onboarding, compliance, and financial systems.
The latest email threats: real Microsoft login phishing, device code scams with a kill switch, split-click attacks, and the shift to malware delivery
A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances. “Easily exploitable vulnerability allows
The latest email threats: real Microsoft login phishing, device code scams with a kill switch, split-click attacks, and the shift to malware delivery
Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across diverse settings. OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory AI agents keep memory across sessions. Conversation history, vector stores, scratchpads, and RAG indexes persist between…
Containers power a large share of cloud-native applications, AI workloads, and testing and deployment pipelines. Developers working on Windows have long pulled in third-party software to build and run them. That step becomes optional with WSL containers, a feature that arrived at Microsoft Build 2026 and reached public preview in the pre-release version of the…
Dematic has wrapped up three days of innovation, industry engagement and education at CeMAT Australia 2026, showcasing the technologies, software and expertise shaping the…
Improving your online presence requires more than just guessing what works for your website.
CMMC requirements are appearing in defense contracts and moving down through supplier networks to thousands of companies new to this kind of compliance work. Many run on limited budgets with lean security teams. The picture comes from nearly 900 defense contractors, C3PAOs, federal suppliers, and cybersecurity professionals who attended the 2026 Secureframe National Cybersecurity Summit.…
For large organisations, scaling content production is a major challenge that often leads to quality issues or performance drops.
Improving your online presence requires more than just guessing what works for your website.
AI Offensive Security Engineer AGAPI | UAE | On-site – View job details As an AI Offensive Security Engineer, you will leverage AI and LLMs to accelerate offensive security research, exploit development, vulnerability discovery, and security automation. You will validate AI-generated findings through manual testing, conduct authorized security assessments, and produce high-quality technical reports and…
Vodafone’s EOFY sale is boasting major savings across devices, postpaid and prepaid plans, tablets, wearables and accessories.
Interactive doubles down on AI strategy, embedding AI internally as Customer Zero while accelerating customer adoption
