Group-IB, INTERPOL and Algerian Police dismantle decade-old SniperDZ phishing network used to steal credentials, with its alleged developer arrested.
Category: Global Security News
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
CISA orders federal agencies to “patch smarter”
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive that will change how the US federal government approaches vulnerability management. The directive arrives as the patching problem has become nearly unmanageable, driven by a surge in newly published vulnerabilities and by AI tools that are accelerating both security research and…
Global Security News
AI Identity Security: The Hidden Risks of Non-Human Identities & Agents – WC #1
Global Security News
Authorities dismantle ‘AudiA6’ ransomware crypto-laundering service
Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. […]
AI, Global Security News
The AI Exchange: Innovators in Payment Security Featuring SecurityMetrics
Welcome to the PCI Security Standards Council’s blog series, The AI Exchange: Innovators in Payment Security. This special, ongoing feature of our PCI Perspectives blog offers a resource for payment security industry stakeholders to exchange information about how they are adopting and implementing artificial intelligence (AI) into their organizations.
Global Security News, Risk Management
CISA Orders Agencies to Patch by Risk, Not Severity
New CISA directive tells federal agencies to patch by real-world risk, not CVSS severity scores
AI, Global Security News
See the VCs and Family Offices at the Core of the Mega IPO Wave
About three dozen investors, from Silicon Valley titans to a family office in Tampa, hold stakes in SpaceX, OpenAI and Anthropic.
AI, Global Security News
Proxmox releases Mail Gateway 9.1 with quarantine and backup encryption changes
Proxmox Mail Gateway 9.1 adds updated system components, changes to the spam quarantine interface, and encryption for backups. It works as a mail proxy positioned between the firewall and internal mail servers, screening incoming and outgoing traffic for spam, viruses, Trojans, and phishing attempts. Updated system components Version 9.1 runs on Debian 13.5 Trixie and…
AI, Global Security News
How autonomous defense and remediation stands up to AI cyber threats
AI tools like ADR can help humans and machines work side-by-side to defeat today’s threats.
AI, Apps, Global Security News
OnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data Theft
OnyxC2 is a MaaS stealer targeting 210+ apps, using DLL sideloading, encrypted payloads, and remote access features to evade detection. OnyxC2 appeared on a cybercrime forum earlier this year and is sold as a subscription service: $250 per month for the standard build, $500 for the premium tier that includes HVNC, and $6,000 for an…
AI, Apps, Global Security News
OnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data Theft
OnyxC2 is a MaaS stealer targeting 210+ apps, using DLL sideloading, encrypted payloads, and remote access features to evade detection. OnyxC2 appeared on a cybercrime forum earlier this year and is sold as a subscription service: $250 per month for the standard build, $500 for the premium tier that includes HVNC, and $6,000 for an…
AI, Cybersecurity, Global Security News, Government & Policy, Network Security, Risk Management
Team Cymru Expands APJ Operations With New Sydney Hub
External threat intelligence provider Team Cymru has announced the expansion of its Asia-Pacific and Japan (APJ) operations, with Sydney serving as the company’s regional operational hub. The announcement follows RISEx Sydney, where Team Cymru leadership met with customers, partners, and public-sector stakeholders from across the region. Expansion responds to regional cyber visibility demand According to…
Global Security News
Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface Management
Torrance, United States / California, 11th June 2026, CyberNewswire
AI, Global Security News
Why AI-driven threats are exposing the limits of MSP security stacks
AI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automation, and recovery are becoming essential. […]
AI, Global Security News
Cybercriminals Use Fake AI Guides and Dev Tools to Spread AsyncRAT Malware
Fake AI guides hide a multi-stage chain that drops AsyncRAT, with signs of AI-assisted coding
Global Security News
Bezos Bats Down AI Job Loss Fears While Launching New Venture
The new startup Prometheus seeks to build an “artificial general engineer” that can design and manufacture complex physical products.
Global Security News
Musk Confidant Antonio Gracias Set for $68 Billion SpaceX Win
Gracias and his firm Valor Equity Partners are the second-largest SpaceX shareholder.
AI, Global Security News, malware
Fake Spotify Premium tutorials on TikTok and Instagram Reels spread malware
Cybercriminals are using TikTok and Instagram Reels videos to spread Vidar, an infostealer malware, through fake downloads for popular paid software, according to ReversingLabs. The researchers uncovered two campaigns behind the activity, each using a different approach to draw in viewers before sending them to external download sites. One campaign centered on fake software installation…
AI, Cybersecurity, Global Security News
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
Most good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason is simple. Cybersecurity is full of work that deserves recognition and rarely gets it. Products that quietly close real gaps. Teams that stop incidents nobody…
AI, Global Security News, malware, Network Security
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories
It’s been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there’s a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real credentials. The bigger problem is how polished…
AI, Global Security News, malware
Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware
Hackers are using fake Claude Code guide and AI PDFs to spread AsyncRAT malware via Windows attack using PowerShell and Defender exclusions.
AI, Data Breaches, Endpoint, Exploits, Global Security News, Risk Management
ServiceNow fixes API issue after reports of suspicious tenant activity
ServiceNow is notifying customers after discovering and remediating a vulnerability that could have exposed data via an unauthenticated API endpoint on affected instances. The issue emerged publicly after customers began discussing security notifications from ServiceNow and reports of suspicious activity linked to their environments. According to the company’s advisory, the vulnerability was initially reported through…
AI, APAC, Global Security News, Network Security
OSF Digital Joins Salesforce FDE Partner Network
OSF Digital, a Salesforce-exclusive consulting and services firm, has been chosen to participate in the Salesforce Forward Deployed Engineering (FDE) Partner Network. Salesforce FDE partner network builds agentic AI skills OSF Digital will join a network of firms adopting deep learning, expert skills, and specialized training from Salesforce’s internal teams to help organizations “turn agentic…
Data Breaches, Global Security News
Coupang hit with record $409 million data breach fine in Korea
The Personal Information Protection Commission (PIPC), South Korea’s data protection regulator, has fined e-commerce giant Coupang a record 624.6 billion won (roughly $409 million) following a massive data breach affecting more than 37 million customers […]
Data Breaches, Global Security News, Risk Management
The Hidden Security Risks of Poor Software Testing
Poor Software Testing can expose hidden flaws, vulnerable dependencies and weak controls, increasing breach risks, downtime and costly fixes after release.
Cybersecurity, Global Security News
CISA tells govt agencies to patch critical exploited flaws in 3 days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies. […]
AI, Cybersecurity, Exploits, Global Security News
Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert
A zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being exploited in the wild, Charles Carmakal, CTO at cybersecurity firm Mandiant, part of Google Cloud, warned today. The warning comes a day after Oracle published an out-of-band security alert about the flaw, which is remotely exploitable without authentication, may result in remote code execution, and…
AI, Cybersecurity, Global Security News
Most Cybersecurity Teams Struggle to Find Time for Training on New Cyber Threats
Organizations are aware of the challenges that new technologies like AI bring: but cybersecurity staff struggle to make time for the required training during working hours
AI, Global Security News
‘Mythos-level’ Fable model released to public: How Anthropic plans to prevent misuse
Safeguard layers aim to block and reroute cyber-related requests while retaining Mythos-level capabilities.
Global Security News
Interpol Dismantles SniperDz Phishing-as-a-Service Platform
New revelations by Group-IB expose the full scale of the decade-old SniperDz phishing operation
AI, Global Security News
AI Broke Vulnerability Management. That’s Why CISOs Are Moving Budget to BAS.
For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that work. Today, that buffer is gone. AI…
AI, Compliance, Cybersecurity, Global Security News, Risk Management
AI vendor FDEs: Key considerations and concerns
When it comes to AI deployments, IT leaders are often caught in an awkward middle space, trying to reconcile conflicting directives from senior management with constantly changing AI models, capabilities, and costs; data governance and security needs; and the limitations of their own team. “Very few real benefits can be attained by simply purchasing an…
AI, Exploits, Global Security News, malware, Risk Management
Chaotic Eclipse Strikes Again: New Zero-Day Unlocks BitLocker in Four Hours of Research
GreatXML bypasses BitLocker via Defender offline scan artifacts, giving SYSTEM shell in Recovery Mode. No patch exists. Any machine that ran an offline scan is vulnerable. On June 10, security researcher Chaotic Eclipse (aka Nightmare Eclipse) published a new working exploit dubbed GreatXML that bypasses BitLocker and opens a command shell with full SYSTEM privileges…
AI, china, Global Security News, Government & Policy
FBI seizes 13 websites linked to alleged Chinese intelligence-gathering effort
Federal authorities have seized 13 internet domains allegedly used to target current and former U.S. government employees and military personnel with access to classified and sensitive information. The post FBI seizes 13 websites linked to alleged Chinese intelligence-gathering effort appeared first on Help Net Security.
AI, Global Security News
Extortion-Only Attacks Increase, With Data Theft Dominating Ransomware Claims
Extortion-only attacks are increasing as data theft drives most ransomware claims, with many organizations unable to stop stolen data from being exposed
AI, Global Security News, Network Security, Risk Management
What SRE teams need before they trust AI agents
The future of reliability will not be defined by whether site reliability engineering (SRE) teams use AI agents, but by the conditions under which they choose to trust them. In high-stakes systems, trust is never granted because a demo looks impressive; it is earned through observability, constraints, accountability and repeated evidence that the system helps…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
China-linked recon botnet outpaces enterprise defenses
A botnet made up of compromised small office and Internet of Things devices has grown into a larger reconnaissance network capable of rapidly identifying vulnerable internet-facing systems after public vulnerability disclosures, researchers said. The botnet, tracked by Lumen’s Black Lotus Labs as JDY, now comprises more than 1,500 compromised small office and home office, or…
AI, Exploits, Global Security News, Network Security
Fortinet patched a new critical FortiSandbox flaw
Fortinet patched a critical FortiSandbox vulnerability that could let unauthenticated attackers remotely execute commands via crafted HTTP requests. Fortinet released security updates to address several vulnerabilities affecting FortiSandbox, FortiOS, FortiProxy, and FortiPortal. The most severe issue, tracked as CVE-2026-25089 (CVSS score of 9.8), is an OS command injection flaw in FortiSandbox products. The vulnerability could…
AI, Global Security News
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain…
AI, Global Security News, privacy, Venture
How to opt out of Google’s new AI training default
Heads-up, my fellow Android-appreciating animals: Google’s in the midst of rolling out a subtle change to its privacy settings that’s well worth your while to notice. The change includes a new clause that says the company can use images, files, video, and audio from your interactions with Google Lens, Search, and Gemini Live to train…
Global Security News
Meta’s Subscription Push Exposes Its Weak Hand in AI
Charging users is the latest idea to expand beyond ads—a pickle Meta isn’t likely to get out of soon.
AI, Global Security News, malware
9 out of 10 people can no longer distinguish real from AI-generated content
Online fraud is becoming harder to distinguish from legitimate activity as AI-generated messages, voices, photos, reviews, and identities become more convincing. Nearly nine in ten adults say they can no longer tell what is real from AI-generated content, according to the latest Malwarebytes survey. The share increased from 66% in 2025 to 85% in 2026.…
Global Security News
New “Agentjacking” Attacks Could Hijack AI Coding Agents
Tenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary code
AI, APAC, Cloud Security, Cybersecurity, Data Breaches, Exploits, Global Security News, Politics, Risk Management
Frontier AI models offer sneak peak of seismic cyber shifts ahead
The advent of Claude Mythos combined with the release of OpenAI’s GPT-5.5 have changed the threat model for CISOs. The arrival of those frontier AI models — and the ones soon to follow — makes it much easier to discover and chain vulnerabilities at a speed and scale that will require most cyber departments to…
AI, Endpoint, Global Security News, Government & Policy, Network Security, privacy, Risk Management
Aged-domain acquisition: The tradecraft phishing operators are using to bypass your mail filter’s reputation score
I’ve spent the past two years working on incident response and threat intelligence, and the pattern I’m about to describe is one I keep seeing show up in cases that should have been caught at the email gateway. The kit families change. The lure templates change. The constant is that phishing-as-a-service operators are buying aged…
Global Security News
Microsoft fixes BitLocker recovery bug on Windows Server 2025
Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. […]
AI, Global Security News
Check Point expands MSP platform with with AI governance and unified security bundles
Check Point has announced a major expansion of its Managed Service Provider (MSP) platform, designed to help MSPs secure AI adoption, streamline operations and simplify managed security delivery. The announcement brings together three strategic innovations under a single MSP vision: Securing AI and AI usage for MSPs A new multi-tenant MSP management platform with Management…
AI, Compliance, Cybersecurity, Europe, Global Security News, malware, Network Security, Risk Management
From Infosecurity Europe to CONFidence and C1b3rWall: What Security Teams Are Prioritizing in 2026
Three cities, three cybersecurity conferences, and plenty of conversations with security professionals across Europe. Over the past few weeks, the ANY.RUN team joined Infosecurity Europe in London, CONFidence Conference in Kraków, and C1b3rWall Congress in Ávila. While every event had its own focus, the discussions pointed in the same direction: security teams need faster investigations,…
AI, Europe, Global Security News, Network Security
HubSpot Partner Ecosystem Projected to Reach $42B by 2030
HubSpot is betting big that its partners will turn software into gold as the internet shifts from a network of websites into a playground for AI agents. According to data from the 2026 HubSpot Partner Report — The State of Ecosystems — the customer platform’s partner network has been named one of the top 10…
AI, Global Security News
IDnow launches Trust Platform to help regulated firms move from KYC to continuous trust
IDnow has announced the launch of the IDnow Trust Platform, designed to help regulated organisations orchestrate identity verification, fraud prevention, biometric authentication, and qualified digital trust services throughout the customer lifecycle. “The identity industry is entering its biggest transformation since onboarding first went digital,” said Andreas Bodczek, CEO of IDnow. “For years, organisations treated identity…
AI, Compliance, Global Security News, Network Security
VMware Renewals Put Broadcom Migration Pressure Back in Focus
It is that time again for VMware customers. With another major renewal cycle approaching and a new wave of contracts set to expire in early 2027, organizations are once again weighing whether the platform remains worth the cost—and what options exist if it does not. Higher costs open VMware environments to potential migrations For MSPs,…
AI, Apps, Global Security News, Network Security
Rubrik Q&A: New Partner Integrations, AI Solutions Launched
Recently, Rubrik, a security and AI operations company, made a series of announcements, including new partner integrations and a new agentic-first AI platform. The announcements represent Rubrik’s ongoing commitment to ensuring enterprises are agentic-ready and resilient. You can read more about the announcements here. In light of these new announcements, below is a Q&A with…
AI, Apps, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security
JDY Botnet Evolves After KV Takedown, Targets Military Networks
JDY botnet scans SOHO/IoT devices globally to map services and targets, especially US military networks. Lumen’s Black Lotus Labs reported the resurgence of the JDY botnet, a covert reconnaissance network tied to Chinese state-sponsored hacking groups including Volt Typhoon. The network was first spotted in late 2023 as a cluster inside KV-botnet. The U.S. government…
AI, Data Breaches, Global Security News
Nottingham University data breach affects over 450,000 students
The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. […]
AI, Global Security News
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub has announced what it said are “breaking changes” coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the “npm install” command to trigger the execution of malicious code using npm lifecycle hooks. “Npm install”…
Global Security News
Max severity Ivanti Sentry vulnerability now exploited in attacks
Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. […]
Apps, Global Security News, Risk Management
Threat actors are recruiting the people who hold cloud logins
Companies keep most of their data and applications in cloud platforms that anyone can reach with the right login. That setup turns each employee holding those credentials into a security variable, and members of the cybercrime underground have built methods to reach those people. Intel 471 tracked this activity into 2026 and sorted insider risk…
Apps, Global Security News, privacy
Making the cloud prove it followed your privacy wishes
Making companies that store personal data in cloud key-value databases handle deletion requests by running the operation and confirming the job is complete. The people making those requests and the regulators overseeing them have had limited means to confirm the data is gone or that the record of its removal is genuine. GDPRuler, a middleware…
AI, Global Security News
Prompt injection still drives most agentic AI security failures in production
A backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model gateway for CrewAI, DSPy, Microsoft GraphRAG, and dozens of other AI agent frameworks. Anyone pulling an update during that window pulled in an autonomous attack bot named hackerbot-claw along…
AI, Global Security News
X Square Robot open sources its robot-free data collection framework
Companies building robots for physical work spend large amounts of time and money operating machines by hand to gather training examples. Each session with a physical robot produces a small number of demonstrations per day, which slows the growth of datasets used to train embodied AI. Human demonstrators offer a cheaper source of data, and…
AI, Global Security News, Risk Management
Organizations can’t see much of their mobile AI activity
Organizations have limited visibility into AI activity on mobile devices despite security leaders expressing confidence in their AI governance, according to Lookout’s “Solving for the Mobile AI Blind Spot: Executive Confidence Meets Technical Reality” report. Mobile AI visibility gaps Enterprises lack visibility into a large share of mobile AI activity taking place on both corporate-owned…
Global Security News
ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
AI, Global Security News
OpenAI Considers Drastic Price Cuts, Anticipating War for Users With Anthropic
The company might lower prices for tokens, the central unit for gauging AI costs, though the discussions are still in flux.
AI, Global Security News
Anthropic’s New Fable AI Model Is Met With User Backlash Over Restrictions
Guardrails make the powerful model less useful for AI researchers, though the company said it would grant safeguard-free access to the science community.
AI, Global Security News
What the SpaceX IPO Means for This Texas Border Town
Watch Micah Maidenberg report from Brownsville, Texas, the largest city in a region already straining to accommodate Elon Musk’s grand ambitions.
AI, Apps, Cybersecurity, Exploits, Global Security News, Risk Management
GitHub finally pulls the plug on automatic install script execution for npm
The ability for attackers to leverage automatic install script execution in npm will finally come to an end when expected changes arrive from GitHub in July. Coders will still be able to enable the function, but the default setting will block it. In V12, default settings are changing, GitHub said in its changelog, noting, “it…
AI, Global Security News
What to Know About Drone-Boat Maker Behind Iran Helicopter Crew Rescue
Saronic’s unmanned Corsair plucked two aviators from the Strait of Hormuz; startup is worth $9.3 billion.
AI, Global Security News
The hidden cost of enterprise AI: 6.4 hours a week babysitting bots
While AI is proliferating across the workplace, it is introducing a new productivity paradox: While the technology makes work feel faster, it actually pushes more burden onto employees to provide context, perform quality checks, then rinse and repeat across numerous disparate tools. This, according to a new survey of 6,000 full-time digital workers by Glean’s…
Global Security News
Canada Proposes Social-Media Ban for Children Under 16
The law would likely apply to American tech companies like Meta and Snapchat but with exemptions if safety requirements are met.
AI, Global Security News
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success
North Korea’s gross domestic product (GDP) has grown, in part because of the cybercrime gains of groups linked to the nation, which target business and financial firms.
AI, Global Security News
Bug bounties in the Mythos era
How AI is rewriting vulnerability research, and how our program has adapted
Exploits, Global Security News
CISA directs federal agencies on prioritization of cyber vulnerabilities
The new directive, BOD 26-04, mandates that federal agencies focus on vulnerabilities that affect publicly exposed assets, can be fully automated by attackers, allow for complete system control, or show evidence of active exploitation.
AI, Global Security News, Government & Policy
JDY botnet expands, enabling rapid exploitation of disclosed vulnerabilities
Initially flagged as part of the KV-botnet, JDY has evolved into an independent reconnaissance capability following the U.S. government’s takedown of KV in early 2024.
Global Security News
Ransomware group The Gentlemen linked to Russian national
The Gentlemen ransomware group, as analyzed by Check Point Software, operates on a ransomware-as-a-service model, attracting skilled hackers with an unusually high 90/10 affiliate revenue split.
AI, Exploits, Global Security News
ShinyHunters gang targets Oracle PeopleSoft servers in data theft attacks
The ShinyHunters gang is exploiting a combination of old and zero-day vulnerabilities, referred to as a “gadget chain,” to target both cloud and on-premises Oracle PeopleSoft instances.
Apps, Global Security News
Scammers use short videos on social media to spread Vidar infostealer
This new attack method, reported by ReversingLabs, involves creating seemingly helpful tutorial videos that promise free access to premium applications such as Spotify Premium or Microsoft Word.
Global Security News
Zscaler expands zero-trust SASE platform with AI-driven management
The expanded SASE platform features the ZAgent Framework, enabling administrators to manage configurations, troubleshooting, and policies using natural-language prompts.
Global Security News
NPM v12 to block supply-chain attacks with new security measures
The upcoming npm v12 will introduce stricter security protocols for the “npm install” command, a critical step in downloading and installing project dependencies.
AI, Cybersecurity, Global Security News
Smashing Security podcast #471: This AI worm just rewrote its own rules
Researchers at the University of Toronto have built a worm that thinks for itself. Using free off-the-shelf AI models it works out how to break into each new computer it encounters, and hijacks the powerful ones to host its own AI brain. And then the researchers discovered their creation had quietly removed the list of…
Global Security News
ServiceNow says security researchers, not hackers, accessed data
ServiceNow investigates access issue, says no attacker activity found.
AI, Exploits, Global Security News
Path traversal flaw in AI dev platform Langflow exploited in attacks
Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. […]
Global Security News
CISA Rewrites Federal Patching Requirements for AI Threat Era
The new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred.
AI, Global Security News, Government & Policy
FBI Seizes China-Linked Fake Consulting Sites Targeting US Clearance Holders
The Justice Department and FBI seized 13 fake consulting websites that officials say targeted US clearance holders with paid research work designed to obtain sensitive government information.
AI, Global Security News
The ‘Miasma’ worm source code briefly leaked on GitHub
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. […]
AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
CISA tells agencies to patch smarter, not harder — foreshadowing broader industry practice
Security teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows are accelerating, and vulnerabilities have become attackers’ top initial access vector of choice. Last year, organizations fully remediated only 26% of the vulnerabilities that attackers were actively exploiting in the wild — down from 38%…
AI, china, Data Breaches, Funding, Global Security News, Government & Policy, Network Security
OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers
OpenAI’s threat intelligence team tracked what it believes are two distinct clusters of activity online from groups with ties to China and posting content seemingly designed to stoke anger around divisive topics like AI and data centers. The first, dubbed “Data Center Bandwagon,” used ChatGPT to create imagery and social media comments claiming data center…
AI, Endpoint, Exploits, Global Security News, Network Security
Ivanti patches critical Sentry flaws that lead to full device takeover
IT software provider Ivanti fixed two vulnerabilities in Ivanti Sentry, a secure mobile gateway appliance formerly called MobileIron Sentry. The flaws could allow unauthenticated remote attackers to gain complete control of deployments. One of the vulnerabilities, CVE-2026-10523, credited to researcher Bryan Lam, allows attackers to bypass authentication and create arbitrary administrative accounts on appliances. The…
Data Breaches, Global Security News
Bug Bounty Research Triggers ServiceNow Security Alert
Bug bounty research inadvertently led organizations to believe they were being breached through their ServiceNow instances.
AI, Global Security News
GitHub announces npm security changes to tackle supply-chain attacks
GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the ‘npm install’ command. […]
AI, Apps, Cloud Security, Cybersecurity, Global Security News, Network Security, Risk Management
News alert: Cloud security report finds fragmented tools widening the cloud complexity gap
WASHINGTON, Jun. 10, 2026, CyberNewswire–The 2026 Cloud Security Report from Cybersecurity Insiders, produced in collaboration with Fortinet, finds that 69% of organizations cite tool sprawl and visibility gaps as the top factor limiting cloud security effectiveness. Based on a survey of 1,163 IT and cybersecurity professionals, the report shows the strain: 66% lack strong confidence…
AI, Global Security News
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks
Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. […]
Global Security News
How to Turn Images into Animated Videos with AI: A Wondershare Filmora Guide
This article was created in collaboration with Wondershare.
Exploits, Global Security News, malware
Scammers Use TikTok and Instagram Reels to Spread Vidar Infostealer
ReversingLabs reveals how hackers exploit social media engagement metrics to deliver Vidar infostealer malware to thousands of unsuspecting users.
AI, Cybersecurity, Endpoint, Global Security News, Network Security, Risk Management
ConnectWise Platform Brings Predictive IT to MSPs
ConnectWise is making a substantial change to the way it wants customers to interact with its software stack. This week, the company unveiled the ConnectWise Platform, a new environment that pulls together PSA, RMM, cybersecurity, automation, orchestration, agentic AI, and third-party integrations. ConnectWise introduces its Predictive IT platform The launch sits within a larger Predictive…
Global Security News
Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet
The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft.
Global Security News
PCI SSC Publishes New Guidance on Compensating Controls and the Customized Approach
The PCI Security Standards Council (PCI SSC) has released a new information supplement, PCI DSS v4.x: Guidance for Compensating Controls and the Customized Approach. The document provides practical guidance to help assessed entities and assessors navigate two options in PCI DSS v4.x that provide flexibility but are often misunderstood – the use of compensating controls…
Global Security News
Chinese APTs have made identity part of the intrusion path
Don’t merely identify the attacker – understand how they behave.
AI, Global Security News
Apple Silicon boosts the TCO benefit of Macs — report
Apple Silicon Macs fail at less than half the rate of Intel Macs, dramatically reducing the platform’s already industry-leading total cost of ownership (TCO), according to data revealed by London, UK-based Apple reseller Hoxton Macs. While it’s true the data is based on a relatively small sample group, it does seem to reflect what the industry in…
china, Cybersecurity, Global Security News, Network Security
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
Cybersecurity researchers have warned of a “resurgence and expansion” of JDY, a covert network associated with China-nexus state-sponsored threat actors. “The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlled, high-performance scanner used to discover, fingerprint, and continuously map exposed services at scale,” Lumen’s
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Risk Management
CISA directive orders agencies to prioritize vulnerability patching in a new way
The Cybersecurity and Infrastructure Security Agency on Wednesday ordered federal agencies to prioritize vulnerabilities based on four criteria, as part of push to “patch smarter, not harder.” Federal agencies should emphasize patches for vulnerabilities that affect a publicly exposed asset, allow an attacker to fully automate exploitation, give attackers the ability to take over control…