Critical Oracle EBS flaw now exploited, prompting urgent patching guidance.

Read more →

Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse.

Read more →

New Microsoft research shows how attackers can hijack AI agents that act on a user’s behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider. The trick is that the agent never breaks a rule. Every step looks routine, so in a default setup no alarm…

Read more →

A new two-stage malware family called RustDuck is hijacking home routers, IP cameras, Android boxes, and poorly secured servers, then stitching them into a network built to knock websites and online services offline. Researchers at QiAnXin’s XLab have tracked it since February 2026, and say the real story is not how big it is today, but how…

Read more →

EvilTokens phishing hides takeover clues until browser execution leaving SOC teams needing deeper visibility to validate threats faster and reduce account risk.

Read more →

The recently reported cyberattack against Tata Electronics is shaping up to be one of the most consequential attacks exposing important trade secrets belonging to Apple and, conceivably, other clients, including a slew of details about the upcoming iPhone 18 Pro. The attack follows May’s assault against key Apple manufacturing partner Foxconn. World Leaks iPhone 18 Pro Hackers from…

Read more →

Plus, South Korea plots new chip plants, and AI brings bumper profits for memory producers

Read more →

Nissan says employees’ data was stolen via the Oracle PeopleSoft zero-day campaign

Read more →

Hackers stole data from 4.38 million Aflac Japan customers after accessing its systems for 10 days before the breach was detected. Aflac Japan disclosed that hackers stole the personal information of 4.38 million customers and agents after gaining access to its systems between June 15 and June 25. Attackers stole data from the company policyholder…

Read more →

The PCI Security Standards Council (PCI SSC) has launched its Training Venue Host Program, creating a new way for organizations with suitable training facilities to support payment security education while bringing industry training directly to their teams.

Read more →

Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI)

Read more →

A malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information. […]

Read more →

Cybersecurity researchers have flagged an active browser extension campaign that is designed to steal cryptocurrency by stealthily replacing wallet addresses when unsuspecting users initiate a transaction. The cryptocurrency clipper activity has been codenamed Silent Swap by McAfee Labs. “The campaign is delivered through unsigned installers – observed in both .NET and Golang variants – that

Read more →

Attackers exploited a critical SimpleHelp RMM bug to deploy TaskWeaver and Djinn Stealer malware

Read more →

Parham Eftekhari discusses AI, quantum and the future of critical infrastructure trust.

Read more →

The Department of Homeland Security is bringing back a key cybersecurity information sharing effort with critical infrastructure, more than a year after the Trump administration shuttered an existing nerve center between government and private sector. The Alliance of National Councils for Homeland Operational Resilience – Critical Infrastructure program, first reported by CyberScoop in January, is meant…

Read more →

A fake FIFA World Cup 2026 T-shirt giveaway scam is spreading Voidrift malware through personalized emails using company logos and trusted websites to bypass security filters.

Read more →

This is the way: The old will protect the young until the young protects the old.

Read more →

DC, United States, 30th June 2026, CyberNewswire

Read more →

Boston, Massachusetts, 30th June 2026, CyberNewswire

Read more →

After using multiple security cameras from Ring, Blink, and more, I’ve found the best arrangement for my home.

Read more →

The safety check that is supposed to stop an AI coding agent from running a dangerous command can be walked straight past using a shell trick that has been public for decades. New research from Adversa AI, which is named the bypass GuardFall, found it works against ten of the eleven popular open-source coding and computer-use…

Read more →

The Department of State is offering up to $10 million for information on two Russian-linked hacking groups targeting Signal and WhatsApp users.  This reward is being offered through the department’s Rewards for Justice (RFJ) program, which seeks information on foreign state-backed cyber actors targeting U.S. critical infrastructure and national security interests.  The latest bounty focuses…

Read more →

Aikido Security has acquired Root, uniting behind a shared mission to make it easy for developers and agents to build with secure open source and tackle the growing threat of supply chain attacks. Open source is the foundation of almost every application in the world, and it has become the primary entry point for attackers.…

Read more →

Cequence Security has announced general availability of Cequence Platform 9.0, an AI-native release that changes how users interact with API security tools. Platform 9.0 ships with a built-in AI Assistant, an open Model Context Protocol (MCP) server that exposes every platform capability to an organisation’s agents or automation workflows, a compliance-ready risk rules library mapped…

Read more →

Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic. In many cases, the path in was visible just by watching what the app sent: a plaintext API key, a reusable token, or a backend server that accepted requests with no…

Read more →

Jamf has announced general availability of AI Governance, a new capability within Jamf for Mac that enables IT and security teams to discover actively-used AI tools, enforce policy controls, and generate audit-ready reporting. Many organizations struggle to confidently audit and report on AI tool usage across their device fleet, including both sanctioned applications and unsanctioned…

Read more →

Digi International has announced the launch of DANI, the Digi Artificial Network Intelligence agent, a purpose-built AI network operations agent natively embedded in a networking device management platform, Digi Remote Manager (DRM). Embedded directly within DRM as a value-added service, DANI enables network operators and managed service providers to monitor and diagnose network issues, identify…

Read more →

Aflac has disclosed a data breach at its Japan subsidiary that exposed sensitive customer information, including policy details and bank account data. According to a filing with the U.S. Securities and Exchange Commission (SEC), Aflac Life Insurance Japan Ltd. discovered the unauthorized access on Jun. 25, 2026.  The company determined that attackers accessed certain systems…

Read more →

The TaskWeaver loader delivers Djinn Stealer, which targets dev credentials and AI tokens.

Read more →

OpenMatter Network has announced the launch of its cryptographically verifiable platform for secure collaboration and AI governance, built on a simple premise: Don’t Trust Data. Prove It. For decades, organizations have relied on trust-based assumptions to secure data, execute workloads and govern digital systems. But as data becomes increasingly distributed and AI agents begin operating…

Read more →

New York, United States, 30th June 2026, CyberNewswire

Read more →

Melbourne, Florida, 30th June 2026, CyberNewswire

Read more →

CISA’s BOD 26-04 changes how federal agencies patch and how security leaders must measure, justify, and communicate cyber risk to executives and boards. Key takeaways BOD 26-04 requires agencies to make and defend risk-based vulnerability prioritization decisions, including decisions to defer vulnerability remediation. This accountability requirement transforms vulnerability management from a technical operation into a…

Read more →

Machine and agent identity security organization, AppViewX, has announced the launch of its first global partner program. The program is designed to provide the infrastructure, resources, and an engagement framework necessary to engage prospects and customers more effectively, deliver greater value, and maximize co-sell opportunities and profitability. AppViewX formalizes its channel strategy The AppViewX Partner…

Read more →

Cybersecurity company Huntress has announced the general availability of its Managed Identity Security Posture Management (ISPM) service, expanding its Agentic Security Platform with tools that continuously identify and remediate identity security weaknesses across Microsoft 365 environments. The launch follows an Early Access program involving more than 12,000 Microsoft 365 tenants, where Huntress says it uncovered…

Read more →

Teams are dealing with a truly dangerous problem — automation that works, but that no one understands.

Read more →

In this post, I will show you how artificial intelligence is changing project management. Projects rarely go exactly as planned. A task takes longer than expected, priorities change midway through, or a small issue suddenly affects the whole schedule. Most project managers have dealt with situations like these. That is why many professionals look into…

Read more →

This blog post is #4 in our series on Verifiable Digital Credentials (VDCs). Our other posts can be found via Post #1, Post #2, and Post #3. In earlier posts, we discussed how verifiable digital credentials (VDCs) are issued and compared the underlying credential formats (ISO/IEC “mdoc” vs. W3C Verifiable Credentials). In this post, we…

Read more →

ReliaQuest report warns of a surge in ClickFix social engineering attacks against Windows and macOS users

Read more →

The growing use of AI agents is set to increase corporate AI token spend, and some companies are using techniques from the cloud era to control costs.

Read more →

Google has removed a malicious browser extension masquerading as Perplexity AI after Microsoft researchers found it was intercepting users’ search traffic and routing queries through attacker-controlled servers before forwarding them to legitimate search engines. Microsoft Threat Intelligence said the extension masqueraded as the AI-powered answer engine to trick users into installing it. Based on its…

Read more →

Apple released updates for iOS, iPadOS, macOS, and Safari, fixing WebKit flaws, four of which were found using AI tools like Claude and Codex Apple pushed out security updates for iOS, iPadOS, macOS, and Safari on Monday, and this round comes with a twist worth noticing. Four of the WebKit vulnerabilities patched were found using…

Read more →

The FIFA World Cup 2026 opened on June 11. By that date, according to Check Point Research, the fraud infrastructure targeting it had already been built, staged, and partially deployed. Threat actor activity was pre-planned, months out, across three sectors and at least ten languages. Check Point Exposure Management published the FIFA World Cup 2026…

Read more →

An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer. The intrusion involves the exploitation of CVE-2026-48558 (CVSS score: 10.0), a critical authentication bypass vulnerability impacting the OpenID Connect (OIDC) flow that an unauthenticated

Read more →

American insurance giant Aflac has disclosed a new data breach after attackers breached its Japan subsidiary’s systems and stole personal and bank account information. […]

Read more →

WhatsApp is letting users reserve usernames before its 2026 launch, giving people a way to chat without sharing phone numbers. Here is how it works, why it matters, and the security limits to know

Read more →

Microsoft has introduced a new Teams admin policy that allows organizers to prevent third-party bots from joining meetings without approval. […]

Read more →

A wave of phishing emails sent to Booking.com partner accommodations in Japan in May led to blockchain-hosted malware

Read more →

Read more in my article on the Hot for Security blog.

Read more →

With AI agents increasingly expected to remember conversations, preferences, and decisions over extended periods, Microsoft Research has developed Memora, a memory system designed to provide more scalable and reliable long-term recall than existing approaches. AI agents are increasingly expected to retain context across weeks or months rather than individual chat sessions. Memory can become fragmented,…

Read more →

There are a variety of security concerns about artificial intelligence (AI), especially when it comes to the behavior of agentic AI. But until recently, the concept of locking down the models to prevent tampering hasn’t gotten a lot of attention. Now, a security technology called “confidential computing” has emerged that could help solve that problem:…

Read more →

Kali Linux 2026.2, the second release of the year, is now available for download, featuring 9 new tools and numerous Kali NetHunter improvements. […]

Read more →

The Blackfield ransomware gang is asking for a $2 million ransom from Nidec Corporation, a large Japanese manufacturer of electronic components for automotive and computing applications. […]

Read more →

Woolworths is turning Olive, its long-running customer-service chatbot, into an AI agent that plans your meals, builds your basket and hunts for cheaper swaps. The upgrade runs…

Read more →

Apple released updates for iOS/iPadOS, macOS, and Safari on Monday. There have been no updates for other Apple operating systems (visionOS, watchOS, tvOS). Usually, Apple updates all products at the same time. Most of the vulnerabilities affect the web browser (WebKit, libxslt, WebRTC, and Web Extension). Only four of the vulnerabilities are not directly related…

Read more →

Brick is building a devoted user base of phone addicts who want to stop doomscrolling

Read more →

SonicWall records 264,000 events in first five months of 2026 as UK hospitals come under siege

Read more →

Two researchers have found six security flaws in AirDrop and Quick Share, the wireless features that beam files between nearby devices with no cables or shared network. An attacker within wireless range, with just a laptop and no prior connection, can crash the sharing service on a Mac or iPhone set to receive from anyone,…

Read more →

Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments. A critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited in the wild, according to cybersecurity firm Defused Cyber. “CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being…

Read more →

The future of work is likely to require a careful blend of human skills and AI agents. Here’s how to work successfully with your agentic counterparts.

Read more →

Read more →

Taiwanese authorities escalated a probe into the unauthorized diversion of advanced artificial-intelligence servers made by Super Micro Computer, as part of efforts to crack down on the alleged smuggling of Nvidia chips to China.

Read more →

Report Fraud data reveals that more than half of 323 UK ransomware victims last year were SMEs

Read more →

Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security. The WebKit vulnerabilities are listed below – CVE-2026-43707 – A memory corruption issue that could…

Read more →

Phones and laptops ship with a feature that sends files to nearby devices over the air, with no cables, accounts, or prior pairing. Apple calls its version AirDrop. Google and Samsung call theirs Quick Share. Both run inside privileged background services that wake when another device comes within wireless range, and both read a stack…

Read more →

Latest updates in Oracle Cloud SCM also include new inventory optimisation capabilities.

Read more →

Across the open source world, people are reporting software flaws in record numbers, and the systems built to verify those reports are straining under the weight. The GitHub Advisory Database, which feeds automated security alerts to millions of projects, has reached a point where some new advisories take weeks to publish. In May 2026, the…

Read more →

Boomi enables Australasian operations and services provider to centralise vendor management, connecting onboarding, compliance, and financial systems.

Read more →

The latest email threats: real Microsoft login phishing, device code scams with a kill switch, split-click attacks, and the shift to malware delivery

Read more →

A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances. “Easily exploitable vulnerability allows

Read more →

The latest email threats: real Microsoft login phishing, device code scams with a kill switch, split-click attacks, and the shift to malware delivery

Read more →