A study by the University of Toronto shows how artificial intelligence can power autonomous worms capable of tailoring attacks against Windows, Linux and IoT devices. A group of researchers from the University of Toronto has demonstrated how open-source artificial intelligence models can be used to create a new category of computer worms capable of autonomously…
Category: AI
AI, Global Security News, malware
Every set of AI guardrails can be broken by the right prompt
Companies that build AI systems wrap them in guardrails meant to block harmful output, including deepfakes, malware, and instructions for making biological weapons or illicit drugs. When a user prompts the system for such content, the guardrails are designed to flag the request and refuse. A new mathematical proof sets a limit on how secure…
AI, Apps, Endpoint, Global Security News
How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)
Back in 2023, I wrote a diary[1] discussing how commonly X-Frame-Options and CSP headers containing the frame-ancestors directive were used on 1 million most popular domains on the internet (based on the Tranco list[2]), and how they were set. Given that three years have passed since then, I thought it might be interesting to repeat…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy
France’s Government Messaging App Tchap Got Breached
France’s government chat app Tchap was breached after a single account was compromised, exposing messages and data from public channels. Tchap, the encrypted messaging platform developed by the French government for its civil servants and made mandatory last year, was breached on June 7. ANSSI, France’s cybersecurity agency, detected the intrusion. The vector was straightforward:…
AI, Global Security News
Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards
On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability but by a layer of safety classifiers. Fable 5 goes to the public. Its twin, Claude Mythos 5, the same underlying…
AI, Compliance, Global Security News, privacy
Plugable CEO: Local AI Creates MSP Opportunity
As businesses reassess the cost, privacy, and performance tradeoffs of cloud-based AI, Plugable CEO Lynn Smurthwaite-Murphy sees local AI becoming a more urgent channel opportunity for IT resellers and MSPs. In an interview with Channel Insider, Smurthwaite-Murphy said AI adoption remains “all over the map” as companies experiment with cloud-based models, emerging open-source tools, and…
AI, Exploits, Global Security News
ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. “On June 5, 2026, ServiceNow applied a security update to hosted customer instances,” the company revealed in an advisory that requires customer access. “The update concerned a security issue that could allow…
AI, Global Security News
The security in smartphones is helping send them to landfills
Billions of working smartphones reach the end of their service lives each year and move into drawers, recycling streams, and waste piles. The WEEE Forum estimated that 5.3 billion mobile phones became electronic waste in 2022. Many of these devices still function. The average smartphone stays in use for about three years, and owners often…
AI, Global Security News
NOVA microhypervisor brings AMD DMA isolation to shared AI infrastructure
BlueRock has issued the latest open-source release of its NOVA Microhypervisor with DMA remapping support for AMD platforms that have IOMMU hardware virtualization. The capability is enabled by default and extends hardware-level isolation across virtual machines, devices, and memory in shared execution environments. Background on NOVA NOVA combines microkernel and hypervisor functions in a small…
AI, Exploits, Global Security News
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet. “The exploit is a race condition, so it’s a hit or miss,” the researcher, who published the exploit under a new GitHub account, “MSNightmare” said. “I have managed to…
AI, Cybersecurity, Global Security News
Product showcase: Staying ahead of the threat horizon with Aunoo
Aunoo is an open strategic intelligence platform that uses AI agents to monitor intelligence sources, including for cybersecurity, to compile a daily briefing and alert on defined criteria. Each source is checked for credibility and quality before it is included. The platform runs in any browser and can send its findings via Slack, Discord, Teams,…
AI, Global Security News, Risk Management
Cyber resilience metrics that drive action
In this Help Net Security video, Pete Bowers, COO at NormCyber, explains how organizations can build a cyber resilience metrics program that supports better decisions. He questions common ways of measuring resilience, such as risk registers, tool scores, and annual tests, and points out their limits. These methods often rely on opinion, narrow data, or…
AI, china, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, privacy, Risk Management
UK move to filter photos and messages triggers encryption worries for CISOs
UK Prime Minister Keir Starmer’s speech on Monday insisting that tech companies create device controls to somehow block children from viewing or creating sexually explicit imagery has raised alarms among CISOs, who worry that the same technology could undermine enterprise security. Starmer gave tech firms three months to create and implement such restrictions voluntarily, at…
AI, china, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, privacy, Risk Management
UK move to filter photos and messages triggers encryption worries for CISOs
UK Prime Minister Keir Starmer’s speech on Monday insisting that tech companies create device controls to somehow block children from viewing or creating sexually explicit imagery has raised alarms among CISOs, who worry that the same technology could undermine enterprise security. Starmer gave tech firms three months to create and implement such restrictions voluntarily, at…
AI, Global Security News
Scams now operate like real businesses with budgets and targets
Social media has overtaken email as a primary attack vector, showing changes in how people consume information and interact online, according to Bitdefender’s Global Scam Intelligence Report 2026. Fraud campaigns use advertisements, sponsored content, impersonation pages, and direct messages to reach users. Global scam breakdown by category (Source: Bitdefender) One in seven consumers fell victim…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
Enterprises know AI-generated code is vulnerable; they’re shipping it anyway
AI-generated code is riddled with security flaws, yet enterprises are shipping more of it than ever before. Why? Perhaps they’re over-confident, lack true visibility into security risks, or are simply choosing to ignore the problem and hope it goes away. It’s a dangerous game to play at the dawn of the agentic AI era, as…
AI, Compliance, Global Security News, Network Security, Risk Management
Working group formed to develop standard for AI-native docs
LF AI & Data Foundation, a division of the Linux Foundation, launched a working group on Tuesday that will focus on the development of DocLang, a specification intended to support interoperable document processing across AI and agentic workflows. The working group, founded by premier members IBM, Nvidia and Red Hat, is tasked with the creation…
AI, Global Security News
Anthropic rolls out Claude Fable 5, but it’s available for a limited time
Anthropic has begun rolling out a new model called “Fable,” which is based on the same underlying model as Mythos, its most powerful AI model class. […]
AI, Global Security News
Economists Weigh In on the Future of Work and AI
How 16 top economists think AI will change the job market, and how to prepare.
AI, Global Security News
GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026
This year’s Pwn2Own competition in Berlin revealed just how much of the AI stack remains exposed — and the gap between what these tools promise and what they can withstand point to the fragile security foundations underneath.
AI, Exploits, Global Security News
Microsoft Releases Record-Breaking Patch Tuesday With 208 CVEs
Microsoft Patch Tuesday security updates for June 2026 fix a record 208 CVEs, including one actively exploited zero-day and multiple critical RCE flaws. Microsoft Patch Tuesday security updates for June 2026 mark a record. Microsoft shipped fixes for 208 CVEs across Windows, Office, Azure, Exchange, Hyper-V, Secure Boot, BitLocker, and a range of AI tooling.…
AI, Exploits, Global Security News, Network Security
AI-driven computer worm demonstrates autonomous network exploitation
The AI worm, tested on an isolated 33-host network, demonstrated a significant ability to adapt and exploit.
AI, Global Security News
Veeam releases security update for critical backup server vulnerability
The vulnerability, tracked as CVE-2026-44963, affects Veeam Backup & Replication (VBR) versions 12.3.2.4465 and earlier, with the fix available in version 12.3.2.4854.
AI, Global Security News
Rubrik enhances data security with AI agents and autonomous recovery
Rubrik introduced Rubrik AI, an agent-first interface for its Security Cloud and Agent Cloud, allowing customers to define business outcomes that the software executes by reasoning over data, identities, and deployed agents.
AI, Global Security News
CISA to reevaluate risk prioritization for critical infrastructure and federal agencies
CISA is set to release a binding operational directive for federal agencies, aiming to revise vulnerability management practices.
AI, Global Security News, Network Security
Iranian-linked hackers claim cyberattack on Israeli military, but evidence is weak
As reported by HackRead, an Iranian-linked hacker group named Handala claimed on Sunday, June 7, 2026, to have conducted significant cyberattacks against Israeli military targets, including disrupting signal networks and radar systems.
AI, Exploits, Global Security News, malware
A Record-Breaking Patch Tuesday for June 2026
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company’s monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft’s most dire “critical” rating, and exploit code for at least three of the weaknesses is now…
AI, Global Security News
OpenClaw AI agent found falling for phishing attacks, spills user data
Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. […]
AI, Global Security News
Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address
“Ghost-Sender” uses Exchange Online or on-premises in hybrid mode with a third-party mail server or spam filter to achieve this level of spoofing.
AI, Exploits, Global Security News
Microsoft breaks Patch Tuesday record with 206 vulnerabilities
Microsoft addressed a whopping 206 vulnerabilities lurking in its vast portfolio of business products and foundational systems in this month’s Patch Tuesday update, marking the vendor’s largest monthly batch of security patches on record, according to researchers. The massive assortment of vulnerabilities in Microsoft’s latest defect dump accentuates an alarming trend across technology — fears…
AI, Apps, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Anthropic releases Mythos-class Fable 5 model with safeguards for cyber risks
Anthropic unveiled two new powerful AI models built on its previously restricted Mythos architecture: Claude Fable 5, which is being made broadly available, and Claude Mythos 5, which remains limited to a small group of cybersecurity and infrastructure partners. Anthropic describes Fable 5 as the most capable model it has ever released to the public,…
AI, Apps, Compliance, Europe, Global Security News, Government & Policy
Nextcloud adds Euro-Office to Hub workplace suite, expands AI assistant
MUNICH — Nextcloud has integrated Euro-Office into its workplace application suite, one of several updates to Nextcloud Hub unveiled on Tuesday that include a new compliance app for large organizations and a program to support developers building for its platform. The announcements came during the company’s Nextcloud Summit 2026 here. Euro-Office, announced in March, is…
AI, Endpoint, Exploits, Global Security News, Risk Management
CVE-2026-11645: Chrome Zero-Day Vulnerability Exploited in the Wild
Google has released emergency Chrome updates to address a Chrome zero-day vulnerability, a high-severity out-of-bounds read/write issue in the V8 JavaScript engine. Google says an exploit exists in the wild, and the patched Stable builds are rolling out as 149.0.7827.102.103 for Windows and Mac and 149.0.7827.102 for Linux. Public reporting says the flaw can be…
AI, Exploits, Global Security News, Risk Management
CVE-2026-50751: Check Point VPN Authentication Bypass Exploited in Targeted Attacks
Organizations continue to face elevated risk from edge-device flaws that can hand attackers an initial foothold without valid credentials. CVE-2026-50751 is a critical authentication bypass issue in Check Point VPN Remote Access and Mobile Access that allows a remote, unauthenticated attacker to establish a VPN session without a valid user password. According to public reporting,…
AI, Apps, Endpoint, Exploits, Global Security News, Network Security
Microsoft June 2026 Patch Tuesday, (Tue, Jun 9th)
Microsoft today released patches for 204 vulnerabilities. 38 of these vulnerabilities are considered critical, and three have been disclosed before today. Six of the vulnerabilities affect Microsoft cloud solutions and do not require any user action. In addition, Microsoft incorporated 360 different vulnerabilities affecting Chromium into its Edge browser. This is certainly a busier-than-usual patch…
AI, Apps, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Rubrik Brings Claude-Focused Tooling, Partner Program to Market
Rubrik, a security and AI operations company, has announced a new partner program and enhancements to bolster AI resilience and recovery. Rubrik Agent Cloud for Anthropic’s Claude Code and Claude Cowork will enable organizations to deploy Claude-powered agents at scale with observability, control, and agent rewind. Rubrik’s new cross-platform Rubrik AI automates and accelerates response…
AI, Global Security News
Meta to Use Off-Site Business Data for Feed and AI Personalization
Meta on Tuesday announced that it will use information shared by other businesses to personalize users’ feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads. “Businesses often share information about people’s activity on their sites with us to make ads more relevant,” Meta said in a statement. “We already…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Anthropic’s new model is Mythos on a leash
Earlier this year, Anthropic executives said that their new AI model, Claude Mythos, had such powerful capabilities for harm that they would not release it publicly. On Tuesday, the company said it was making an altered version of Mythos available to the public, promising “new guardrails” that thwart the model’s best-in-class performance in hacking and…
AI, Exploits, Global Security News, Network Security
Critical Veeam RCE Flaw Lets Low-Privilege Users Take Over Backup Servers
Veeam addressed a critical RCE vulnerability flaw in Backup & Replication that lets low-privileged domain users take control of backup servers. Veeam has patched a critical remote code execution vulnerability, tracked as CVE-2026-44963 (CVSS v4 Score of 9.4), affecting Backup & Replication version 12.x. The flaw could allow a low-privileged domain user to execute code on…
AI, Global Security News
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. “A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain…
AI, Global Security News
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. “Our priority is to protect customers and the broader ecosystem,” a Microsoft spokesperson told The Hacker News via email.…
AI, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Risk Management
CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector
The Cybersecurity and Infrastructure Agency wants to fundamentally reevaluate how it prioritizes risks and vulnerabilities, both for privately-owned critical infrastructure and within the federal government, acting director Nick Andersen said Tuesday. The plans include a binding operational directive for federal agencies set to be published Wednesday and getting more specific with critical infrastructure owners and…
AI, Europe, Global Security News, privacy
Apple’s AI plans show promise, but proof of success still to come — analysts
WWDC26 felt like a defining platform moment. Apple is no longer simply promising that AI will arrive eventually; it is arguing that Apple Intelligence and Siri AI should become central to the future of its ecosystem. If that works, the company will have turned AI from a perceived weakness into a new reason to stay inside Apple’s…
AI, Global Security News
Apple’s Siri Meets the Memory Crunch
Plus, an AI investing phenom draws gobs of money, and rockets for AI computing could take off.
AI, Data Breaches, Global Security News, malware
Miasma Worm Compromises 73 Microsoft GitHub Repositories
The Miasma worm compromised 73 Microsoft GitHub repos, spreading via AI coding tools and stealing cloud credentials from developers and CI/CD systems. A self-replicating worm called Miasma has compromised 73 Microsoft GitHub repositories and forced GitHub staff to disable them. The affected repos include core Azure infrastructure like azure-functions-host and the entire Durable Task family…
AI, Global Security News, Government & Policy
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.
AI, Cybersecurity, Global Security News
Security in the Post-Mythos Era
Discover how AI-driven vulnerability discovery is reshaping the cybersecurity landscape. Learn why foundational hardening and proactive threat detection are now essential for defending against zero-day threats in the post-AI era.
AI, Global Security News
AI Coding Adoption Hits 97% but Governance Lags Behind
Most dev teams use AI coding assistants but only 30% have full governance in place
AI, Global Security News
Time to integrate AI into the core of the business
The most successful companies will turn AI into a persistent, intelligent layer that protects the enterprise.
AI, Exploits, Global Security News
New Veeam vulnerability exposes backup servers to RCE attacks
Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. […]
AI, Data Breaches, Global Security News, Government & Policy
French government messaging platform breached through account hijacking
French authorities are investigating a compromise of Tchap, the government’s secure messaging platform, after hackers hijacked a user account and gained access to public chat rooms. Tchap is the French government’s messaging platform for civil servants, ministries, and public agencies. Built on the open-source Matrix protocol, it was developed to keep government communications on infrastructure…
AI, Cybersecurity, Exploits, Global Security News, Network Security
Cisco customers encounter another SD-WAN zero-day under attack
Cisco customers are confronting yet another actively exploited zero-day vulnerability affecting the vendor’s SD-WAN management software, reinforcing pressure on organizations that have experienced rare breaks from active threats this year. The vulnerability — CVE-2026-20245 — marks the seventh actively exploited zero-day in Cisco SD-WANs this year. Cisco said it first became aware of active exploitation…
AI, Global Security News
Elastic brings AI-driven incident investigation to Kubernetes and observability tools
Elastic has introduced an agentic Kubernetes investigation workflow and MCP-based observability skills that diagnose incidents the moment an alert fires. By the time an SRE opens the alert, the root cause has already been identified, evidence has been assembled, and recommended next steps have been surfaced. For teams running Kubernetes at scale, the gap between…
AI, Global Security News
Filigran launches XTM One to automate CTEM with AI agents
Filigran has announced XTM One, an AI-native agentic layer that automates Continuous Threat Exposure Management (CTEM) workflows across the Filigran XTM Platform. XTM One introduces a dedicated AI orchestration layer that connects OpenCTI and OpenAEV into a single, continuous workflow. Security teams move manually between tools, ingesting threat intelligence in one system, building attack scenarios…
AI, Cybersecurity, Global Security News
Rockwell Automation adds AI-powered security tools to SecureOT Suite
Rockwell Automation has announced the launch of three enhanced offerings within the SecureOT solution suite: OT Cybersecurity Assessment Suite, SecureOT Platform Managed Services and Managed Secure Remote Access (MSRA). Facing an increasing volume of alerts and limited visibility into operational technology (OT) assets, cybersecurity teams are under pressure to detect and respond quickly. SecureOT’s industrial…
AI, Global Security News
FlexPoint Intros AI Agents to Automate MSP Invoicing
FlexPoint has launched a new suite of AI-powered accounts receivable (AR) agents designed specifically for managed service providers (MSPs) to automate collections, payment follow-up, and other financial workflows that traditionally require hours of manual work each month. The company says its new AR Agents automate the entire invoice-to-cash lifecycle, bringing autonomous AI capabilities to an…
AI, Exploits, Global Security News, Russia
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and SHADOW-EARTH-066 (aka UAC-0226). It involves the exploitation of CVE-2025-8088, a path traversal flaw…
AI, Apps, Funding, Global Security News
OpenAI Filing Signals Next Phase of AI Growth
OpenAI has confidentially filed draft registration paperwork with the U.S. Securities and Exchange Commission, taking a major step toward a potential initial public offering and setting up what could become one of the largest technology market debuts in history. The ChatGPT maker confirmed the filing on June 8 but did not provide a timeline for…
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
Check Point warns of ransomware-linked attacks exploiting outdated VPN protocol
Check Point has issued emergency hotfixes for a pair of vulnerabilities affecting VPN deployments that still use the deprecated Internet Key Exchange version 1 (IKEv1) protocol, warning that one of the flaws is already being exploited in the wild. The more serious issue allows attackers to establish VPN sessions without a valid password, potentially giving…
AI, Global Security News, Network Security
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself, all without human intervention and without touching a commercial AI service. The preprint, posted…
AI, Cybersecurity, Exploits, Global Security News
LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)
A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog on Monday. About CVE-2026-42271 LiteLLM is an open-source library that provides a unified interface for calling many different large language…
AI, Global Security News, Network Security
The Hidden Security Risk in Modern Networks: The Work Between Tools
Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort. But the same challenges persist. Outages still last hours, causing significant financial losses, operational disruption, and reputational impact. Threat response and mean time to
AI, Data Breaches, Global Security News
Maine Govt Portal Lists 10M Discord Data Breach Notice, But Filing Shows Red Flags
Maine Attorney General portal lists a Discord breach notice claiming 10 million affected, but odd filing details leave it unverified and questionable.
AI, Exploits, Global Security News
Google patches Chrome zero-day exploited in the wild (CVE-2026-11645)
Google has fixed 74 vulnerabilities in Chrome, including a high-severity zero-day (CVE-2026-11645) that has been exploited in the wild. “Google is aware that an exploit for CVE-2026-11645 exists in the wild,” the company said in a Monday security advisory. The fix has been shipped in Chrome 149.0.7827.102/.103 for Windows and macOS and Chrome 149.0.7827.102 for…
AI, Apps, Cybersecurity, Exploits, Global Security News, malware
Security shifts to the human layer as AI scams surge
Cybercriminals are increasingly reshaping familiar social-engineering campaigns around the way employees use AI, with separate advisories from Microsoft and Google documenting how attackers are adapting scams to AI-powered tools, trusted digital services, and changing workplace behavior. Microsoft Threat Intelligence, in its advisory, said threat actors are “leveraging the wider global interest around AI itself as…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy
Filigran Debuts XTM One to Automate Threat Exposure Management
Cybersecurity company Filigran has unveiled XTM One, an AI-native agentic layer that automates Continuous Threat Exposure Management (CTEM) workflows across the Filigran XTM Platform. XTM One automates CTEM handoffs According to Filigran, XTM One was built to address the bottleneck of security teams having to manually move between their tools, particularly when ingesting threat intelligence…
AI, Data Breaches, Global Security News, Government & Policy
French govt messaging service breached in account hijacking attack
DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government’s encrypted messaging platform. […]
AI, Apps, Exploits, Global Security News
Google fixes the fifth actively exploited Chrome zero-day of 2026
Google fixed a new Chrome zero-day, tracked as CVE-2026-11645, in the V8 JavaScript engine, which is already being exploited in the wild. Google released emergency updates to address a new Chrome zero-day vulnerability, tracked as CVE-2026-11645, that has been exploited in the wild. This flaw is the fifth Chrome zero-day that is being exploited in…
AI, Global Security News
Handala Claims Israeli Radar Hack, But Evidence Shows Phone Admin Panel
An Iranian-linked hacker group called Handala claimed to have hit Israeli military targets with massive cyberattacks on Sunday,…
AI, Compliance, Cybersecurity, Data Security, Endpoint, Global Security News, malware, Network Security, Risk Management
Protecting 50,000 Users: How ANY.RUN Drives Incident Prevention at UMass Boston
Securing a university means defending a highly open environment, where thousands of users, devices, and external connections create constant exposure to risk. We had a unique opportunity to get an inside look at how these operations are run at a powerhouse R1 institution, the University of Massachusetts Boston. We sat down with Daniel Mayer, Endpoint…
AI, Apps, Cybersecurity, Global Security News, Network Security, Risk Management
NetRise Builds New Partner Program for MSSPs, VARs, More
Security company NetRise is abandoning the go-it-alone strategy in its war against hidden software vulnerabilities. The Austin, Texas-based software supply chain security specialist announced the rollout of its new Discovery Partner Program today. NetRise bets on the channel to scale software risk management The initiative is a deliberate shift toward a partner-first business model, aiming…
AI, Global Security News
Apple expands what parents can block, approve, and limit
Apple has previewed a set of new child safety features coming to iPhone, iPad, and the Mac later this year, expanding parental controls with tools that help families manage app access, web browsing, communication, and screen time. The features will arrive with updates to iOS 27, iPadOS 27, and macOS 27 this fall. Apple said…
AI, Compliance, Global Security News
CIOs get temporary relief as US court blocks $100,000 H-1B fee
A US federal judge has ruled that the Trump administration’s $100,000 fee on new H-1B visa petitions was unlawful, giving technology companies temporary relief from a policy that threatened to raise the cost of hiring foreign skilled workers. The decision removes, at least for now, a major cost burden for employers that use the H-1B program to…
AI, Global Security News
The New Siri AI’s Greatest Power: It’s Just There
Apple’s assistant got a face-lift and a brain transplant. But if it’s a success, credit will be due to its familiarity and accessibility.
AI, Cybersecurity, Exploits, Global Security News
Mythos Preview can weaponize N-day vulnerabilities in hours
Mythos Preview can develop working exploits from newly disclosed software vulnerabilities in hours, cutting down a process that has historically taken days or weeks, according to Anthropic. Anthropic’s recent cybersecurity research has largely focused on zero-days, vulnerabilities unknown to software vendors. The new study examines N-days, vulnerabilities that have already been disclosed and patched but…
AI, Global Security News
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems. “The compromised releases shipped a *-setup.pth file that attempts to…
AI, APAC, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Network Security
AI worm prototype shows attackers don’t need Mythos to take over your network
Researchers from the University of Toronto developed a computer worm prototype powered by an AI agent that successfully self-replicated to different systems within a simulated computer network. The worm used a free large language model (LLM) running on local hardware and exploited a combination of older and new vulnerabilities, as well as misconfigurations that remain…
AI, Exploits, Global Security News, Government & Policy
CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day
CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. […]
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities (KEV) catalog. The two flaws added to the catalog are: CVE-2026-42271 (CVSS score…
AI, APAC, Exploits, Global Security News
CVE-2026-23111: Linux nf_tables Flaw Enables Root Exploits
A Linux kernel nf_tables bug lets local users gain root via use-after-free caused by a logic error; patch removes a single “!”. CVE-2026-23111 lives in nf_tables, the Linux kernel’s packet filtering framework. Exodus Intelligence researcher Oliver Sieber found the bug in early 2025 and chained it into a full local privilege escalation. The flaw was…
AI, Cybersecurity, Funding, Global Security News, Government & Policy, Network Security, Risk Management
Trump’s new AI order — hallucinations aren’t just for LLMs
Years ago, right-wingers coined the phrase “Trump Derangement Syndrome” (TDS) to describe people who hate US President Donald J. Trump. (I think it better describes the president’s outlandish, truth-challenged statements and the followers who think he can do no wrong.) What’s really deranged is his recent AI executive order. First, a little history. As you…
AI, Cybersecurity, Exploits, Global Security News
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command injection vulnerability that could allow any authenticated user to run arbitrary commands on the
AI, Cybersecurity, Exploits, Global Security News
The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic
The advent of AI-assisted vulnerability discovery and autonomous exploit development has brought about a new age in cybersecurity—one in which we can no longer rely on patching as a primary defense mechanism. Patching is, by definition, a reactive approach to security. It cannot occur until after a vulnerability is discovered and a vendor fix is…
AI, Global Security News, Risk Management
Treating AI agents like service accounts for federated query security
In this interview with Help Net Security, Paras Malhotra, CISO at Starburst, explains how the company handles data governance across federated query environments. Topics include layering Starburst’s access controls above native source permissions, tiering vendor risk across more than 200 partners and connectors, and building audit trails for autonomous agents. The conversation covers how AIDA…
AI, Endpoint, Exploits, Global Security News, malware, Network Security
Meet Hades: The malware that lies to AI security agents
Threat actors are continuing their onslaught against software supply chains, now with malware named after death itself. The newly-discovered Hades Campaign is a “highly sophisticated” supply chain compromise that targets Python developer environments and runs as soon as infected packages are imported. It uses the popular Bun toolkit to silently execute multi-layer payloads that can…
AI, Global Security News, malware
Malware ships with bugs that defenders could use against it
Static analysis tools have spent years scanning legitimate software for security bugs before it goes out the door. The same scanners work on malware, and malware carries a steady supply of its own bugs. Researchers ran four of these tools across 658 leaked malware projects and found that close to 90 percent contained at least…
AI, china, Global Security News, Government & Policy, Risk Management
The security questions around Chinese AI coding models in U.S. software
Software developers across the United States are using AI models built in China to write, debug, and review code, drawn by prices below those of American alternatives. These models carry risks for the security of American software, according to a report from Booz Allen Hamilton, which tested how the models respond when the user appears…
AI, Apps, Cybersecurity, Global Security News
Cybersecurity jobs available right now: June 9, 2026
Application Security Architect INTENSITY Global Group | Israel | Hybrid – View job details As an Application Security Architect, you will design secure application architectures, perform threat modeling and security assessments, define security standards and controls, integrate security into the SDLC and CI/CD pipelines, support application security tooling and incident response, and guide engineering teams…
AI, Apps, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Network Security, Risk Management
OpenAI’s Lockdown Mode is trying to solve the problem that it created
OpenAI’s move to implement a Lockdown Mode that tries to limit data exfiltration by shutting down external capabilities is being seen as making the best out of a bad situation. But Lockdown Mode doesn’t block exfiltration as much as it slightly reduces it, and the reality of enterprises using multiple AI vendors for their agentic…
AI, Global Security News
FTC orders Illuminate Education to improve data security after student data breach
The FTC’s order stems from allegations that Illuminate failed to implement reasonable security controls, contributing to a December 2021 cyberattack.
AI, Data Breaches, Global Security News
University of Oxford discloses data breach via third-party career platform
The breach occurred on May 28, with attackers gaining access to users’ first names, last names, email addresses, and encrypted passwords for those not using Single Sign-On.
AI, Apps, Data Breaches, Endpoint, Europe, Exploits, Global Security News, malware, Risk Management
Hackers Didn’t Hack Instagram: They Convinced Meta’s AI to Hand Over More Than 20,000 Accounts
Meta’s disclosure that attackers abused an AI-assisted account recovery system to hijack more than 20,000 Instagram accounts is rapidly becoming one of the most consequential security incidents in the emerging era of agentic AI. While early headlines framed the event as hackers “tricking” Meta AI into stealing accounts, the technical reality appears considerably more complex—and…
AI, Data Breaches, Global Security News
SoFi confirms third-party data breach at Hong Kong subsidiary
SoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information. […]
AI, Exploits, Global Security News, Network Security
Attackers exploiting unpatched Cisco SD-WAN flaw
Cisco warns customers of an actively exploited high-severity vulnerability in Catalyst SD-WAN Manager, an enterprise network management system that has been targeted by hackers multiple times in the past. Located in the command-line interface, the flaw allows authenticated attackers to escalate privileges to root and take over the entire system. The vulnerability, tracked as CVE-2026-20245,…
AI, china, Europe, Global Security News, privacy
WWDC: Did Apple make the AI grade this year?
There were several key components to emerge from Apple’s developer conference Monday as the company sought to reassure users (and investors) that it has met the existential challenge represented by AI. Aside from a serious focus on Siri AI and embedded Apple Intelligence across its varied platforms, officials also hailed a slew of performance/usability tweaks,…
AI, Apps, Compliance, Endpoint, Global Security News, Network Security, Risk Management, Venture
ICYMI: May 2026 @AWS Security
Read all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Security Blog posts This month’s AWS Security Blog posts covered AI security, network protection, identity management, compliance frameworks, and supply chain security. Read…
AI, Apps, Global Security News, Government & Policy, Risk Management
Meta Accuses NSO of Violating WhatsApp Court Injunction
Meta says NSO violated a court injunction by targeting WhatsApp users again through phishing campaigns and test accounts. Last year, WhatsApp won a landmark case against NSO Group, the Israeli spyware vendor behind Pegasus, and secured a permanent court injunction barring the company from ever targeting WhatsApp or its users again. The court was unambiguous:…
AI, Global Security News, malware
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages
Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets. […]
AI, Exploits, Global Security News
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel’s nf_tables packet-filtering code and was patched upstream on February 5, 2026. Exodus Intelligence released its full technical walkthrough on June…
AI, Global Security News
WhatsApp says it disrupted new NSO spyware phishing attacks
WhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attacks. […]