📰

Today's News Highlights

🔐 BleepingComputer Critical

CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day

Today · 08:18 UTC

CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks…

Read full article →
🔐 BleepingComputer Critical

Google patches new Chrome zero-day flaw exploited in the wild

Today · 06:56 UTC

Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. […

Read full article →
🔐 Infosecurity Magazine Critical

Google Releases Patch for Chrome Vulnerability Exploited in the Wild

Today · 10:15 UTC

The flaw, CVE-2026-11645, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page

Read full article →
🔐 Infosecurity Magazine Critical

Check Point Warns Critical Auth Bypass Bug Exploited in the Wild

Today · 09:30 UTC

Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin

Read full article →
🔐 The Hacker News Critical

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

Today · 09:13 UTC

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI…

Read full article →
🔐 BleepingComputer High

French govt messaging service breached in account hijacking attack

Today · 10:53 UTC

DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government's encrypted messaging platf…

Read full article →

Top Stories by Impact

🏢 Rapid7 Blog Critical

Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)

Yesterday · 17:05 UTC

OverviewOn June 8, 2026, Check Point published a security advisory for CVE-2026-50751, a critical authentication bypass vulnerability affecting Check Point Remote Access VPN, Mobil…

Read full article →
🔐 BleepingComputer Critical

CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day

Today · 08:18 UTC

CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks…

Read full article →
🔐 Dark Reading Critical

Check Point VPN Flaw Exploited Since Early May

Yesterday · 20:28 UTC

A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident.

Read full article →
🔐 Schneier on Security Critical

Critical Zcash Vulnerability Found and Fixed

Yesterday · 17:06 UTC

If you’re a user—owner?—of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool usi…

Read full article →
🔐 CISA Alerts Critical

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Yesterday · 12:00 UTC

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-42271 BerriAI LiteLLM Command Inject…

Read full article →
🔐 BleepingComputer Critical

Google patches new Chrome zero-day flaw exploited in the wild

Today · 06:56 UTC

Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. […

Read full article →
🔐 Infosecurity Magazine Critical

Google Releases Patch for Chrome Vulnerability Exploited in the Wild

Today · 10:15 UTC

The flaw, CVE-2026-11645, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page

Read full article →
🔐 Infosecurity Magazine Critical

Check Point Warns Critical Auth Bypass Bug Exploited in the Wild

Today · 09:30 UTC

Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin

Read full article →
🔐

Cybersecurity

BleepingComputer

1

CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day

Critical

Today · 08:18 UTC

CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. [...]

Read full article →
2

Google patches new Chrome zero-day flaw exploited in the wild

Critical

Today · 06:56 UTC

Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. [...]

Read full article →
3

French govt messaging service breached in account hijacking attack

High

Today · 10:53 UTC

DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government's encrypted messaging platform. [...]

Read full article →

Dark Reading

1

Check Point VPN Flaw Exploited Since Early May

Critical

Yesterday · 20:28 UTC

A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident.

Read full article →
2

Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks

Yesterday · 20:59 UTC

The financially motivated group is combining vishing, IT impersonation, and in-person office intrusions to steal data and extort victims.

Read full article →
3

Iran Signed a Ceasefire — Its Hackers Didn't

Yesterday · 19:07 UTC

An extension of the Geneva Conventions could impose restrictions on cyberwarfare under ceasefire conditions and close a major loophole in international conflict.

Read full article →

Schneier on Security

1

Critical Zcash Vulnerability Found and Fixed

Critical

Yesterday · 17:06 UTC

If you’re a user—owner?—of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired…

Read full article →
2

Anthropic’s Project Glasswing Update

Critical

Yesterday · 11:01 UTC

In April, Anthropic initated Project Glasswing. The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritic…

Read full article →

CISA Alerts

1

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Critical

Yesterday · 12:00 UTC

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-42271 BerriAI LiteLLM Command Injection Vulnerability CVE-2026-50751 Check P…

Read full article →

Infosecurity Magazine

1

Google Releases Patch for Chrome Vulnerability Exploited in the Wild

Critical

Today · 10:15 UTC

The flaw, CVE-2026-11645, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page

Read full article →
2

Check Point Warns Critical Auth Bypass Bug Exploited in the Wild

Critical

Today · 09:30 UTC

Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin

Read full article →
3

Infosecurity Europe: Why JLR’s CISO Enforced In-Person Password Resets Following Cyber-Attack

Medium

Today · 09:00 UTC

Speaking at Infosecurity Europe, Ashish Shrestha, former CISO at Jaguar Land Rover revealed why he wanted over 30,000 employees to change their passwords in the immediate aftermath of the incident

Read full article →

The Hacker News

1

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

Critical

Today · 09:13 UTC

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style…

Read full article →
2

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

Medium

Today · 09:50 UTC

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission pro…

Read full article →
3

The Hidden Security Risk in Modern Networks: The Work Between Tools

Today · 11:30 UTC

Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort. But…

Read full article →

SANS Internet Storm Center

1

TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)

Critical

Yesterday · 17:07 UTC

This diary continues the Internet Storm Center&#;x26;#;39;s tracking of the TeamPCP supply chain campaign, first documented in the SANS white paper When the Security Scanner Became the Weapon and most recently in the han…

Read full article →
2

ISC Stormcast For Tuesday, June 9th, 2026 https://isc.sans.edu/podcastdetail/9964, (Tue, Jun 9th)

Today · 02:00 UTC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read full article →
3

ISC Stormcast For Monday, June 8th, 2026 https://isc.sans.edu/podcastdetail/9962, (Mon, Jun 8th)

Yesterday · 02:00 UTC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read full article →

Cloudflare Blog

1

Project Glasswing: what Mythos showed us

High

18 May 2026

Cloudflare shares findings from testing Mythos and other security-focused LLMs against live code across critical infrastructure, including model strengths, weaknesses, and what is needed before this work can scale.

Read full article →

CyberScoop

1

Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint

Medium

Yesterday · 17:11 UTC

The company said it spotted a spearphishing campaign linked to the Israeli spyware maker targeting WhatsApp users, despite a court order prohibiting it. The post Meta accuses NSO Group of defying spyware injunction, file…

Read full article →
2

The AI security race needs accountability, not overregulation

Yesterday · 10:00 UTC

Partnership between policymakers and tech companies, not government oversight, offers the best path forward for responsible AI innovation. The post The AI security race needs accountability, not overregulation appeared f…

Read full article →

Cybercrime Magazine

1

WireBadger Malicious Cable Detector For Penetration Testers And Red Teams

Yesterday · 12:46 UTC

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 8, 2026 – WireBadger production information USB technology was designed for convenience and universal compatibility. When a cabl…

Read full article →

Ars Technica

1

FCC lifts looming deadline for Amazon Leo satellite broadband constellation

Today · 00:59 UTC

The waiver "serves the public interest by promoting a second large satellite broadband constellation."

Read full article →
2

Tests suggest Russian satellites can jam GPS on a continental scale

Yesterday · 21:56 UTC

Mystery of GPS interference across Europe raises questions about Russian motives.

Read full article →
3

macOS 27 requires Apple Silicon, as Apple draws down the Intel Mac era

Yesterday · 21:03 UTC

You'll need an M1 or better to run the next release of macOS.

Read full article →
🤖

AI & Technology

Ars Technica AI

1

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Medium

Yesterday · 18:34 UTC

73 packages run self-replicating stealer as soon as they're opened by an AI agent.

Read full article →
2

Say hi to "Siri AI"—Apple announces new, more "conversational" voice assistant

Yesterday · 19:30 UTC

New features coming this fall alongside two-tiered, Google-powered AI model overhaul.

Read full article →
3

Gemini 3.5 and Antigravity come to Google NotebookLM

Yesterday · 19:00 UTC

NotebookLM is getting a big upgrade, but it's only for AI Ultra and enterprise accounts right now.

Read full article →

ITNews Australia

1

Apple bumps up security in fresh operating system releases

Medium

Today · 03:20 UTC

Slew of security and privacy updates announced at WWDC.

Read full article →
2

Perth Airport to deploy 70 IT, OT systems for new terminal

Today · 07:34 UTC

Appoints overseer for technology design and commissioning.

Read full article →
3

In Pictures: iTnews Cloud Covered Breakfast Summit - Sydney

Today · 03:39 UTC

Powered by Microsoft & Dicker Data - Sponsored by Antares Solutions and cubesys

Read full article →

The Verge

1

Marshall’s Stockwell speaker gets a replaceable battery that runs twice as long

Today · 12:00 UTC

Marshall has announced a new version of its stylish Stockwell Bluetooth speaker, putting a new focus on repairability. The Stockwell III, the brand's first update to this model since early 2019, features a similar design…

Read full article →
2

Hue’s SpatialAware finally made me appreciate color-changing lights

Today · 11:00 UTC

I've been a fan of Philips Hue smart lights since the early days. It's one of the few staples in my ever-changing smart home. However, when the Bridge Pro launched late last year, it wasn't immediately obvious why I shou…

Read full article →
3

Amazon employees ask Seattle to put the brakes on new data centers

Today · 10:00 UTC

On Tuesday, the Seattle City Council will vote on whether to enact a one-year moratorium on new data centers - just two months after several companies proposed building five large-scale centers in the city. Among the mor…

Read full article →

The Guardian Technology

1

Child sexual abuse victims in England and Wales to get help to remove online images

Yesterday · 23:01 UTC

Echo project will help erase images as part of package of support to end ‘prolonged suffering of survivors’Victims of child sexual abuse in England and Wales will be given help to remove online images of their abuse as p…

Read full article →
2

Doctors and NHS could be sued for mistakes made by AI tools, report warns

Today · 08:00 UTC

Medical Protection Society calls for law to be overhauled to help medics avoid liability for errors made by technologyDoctors and the NHS could be sued for medical negligence over mistakes made by artificial intelligence…

Read full article →
3

World’s first wind-powered underwater datacentre starts operating in China

Today · 05:00 UTC

Datacentre off Shanghai coast uses less power and water than land-based equivalent The world’s first wind-powered underwater datacentre has started operations off the coast of Shanghai, as China presses forwards with sol…

Read full article →

MIT Technology Review AI

1

Learning to lead in a hybrid human-AI enterprise

Today · 10:20 UTC

As adoption of AI agents looks set to surge by as much as 300% in the next two years, leadership teams are carefully considering the implications of a hybrid human-AI workforce. Unlike existing enterprise-level automatio…

Read full article →
2

Five things you need to know about AI

Today · 09:16 UTC

At SXSW London last week I gave a talk called “Five things you need to know about AI,” in which I shared what I think are the biggest themes in AI right now. I pulled a few things from our first AI10 list, an annual guid…

Read full article →

Wired AI

1

Alex Vindman Survived Trump’s Retaliation Machine. Now He’s Running for Senate

Today · 10:30 UTC

In 2019, Alex Vindman testified during President Trump’s first impeachment trial–a decision that ended his military career. Now he wants to challenge the president from the halls of Congress.

Read full article →
2

OpenAI Confidentially Files for IPO on the Heels of SpaceX and Anthropic

Yesterday · 21:31 UTC

The ChatGPT-maker announced it has filed paperwork to go public, just a week after rival Anthropic took the same step.

Read full article →
3

Apple’s New Siri AI Is Ready to Get Personal

Yesterday · 18:17 UTC

From a stand-alone app to a Google Gemini partnership, here’s everything you need to know from WWDC 2026 about Apple’s upcoming overhaul of Siri.

Read full article →

TechCrunch AI

1

How an e-scooter founder raised $5 million to build space data centers

Today · 12:00 UTC

Orbital founder Euwyn Poon built 250,000 scooters at Spin. Now he wants to launch 10,000 space data centers.

Read full article →
2

Why Apple’s slow-and-steady AI bet is starting to look pretty smart

Today · 01:56 UTC

Can Apple's new AI glow up put to bed accusations that it's losing an all-important industry race?

Read full article →
3

Mercor’s Brendan Foody calls out Sequoia, accusing it of ‘dual-pricing’ valuation tricks

Today · 00:45 UTC

Sequoia is just one of the top firms that sells same equity at two different prices.

Read full article →

Import AI

1

Import AI 460: Reward hacking society, RSI data from Anthropic; and RL-based quadcopter racing

Yesterday · 12:31 UTC

When will markets price the singularity?

Read full article →

NVIDIA AI Blog

1

How the UK Is Turning Sovereign AI Ambition Into Action With NVIDIA Technologies

Yesterday · 06:00 UTC

A year ago at London Tech Week, NVIDIA founder and CEO Jensen Huang and U.K. Prime Minister Keir Starmer made a declaration: the U.K. would be an AI maker, not an AI taker. At this year’s event, NVIDIA and its partners a…

Read full article →
2

NVIDIA and LG Group Build an AI Factory to Advance Physical AI, Mobility and AI Infrastructure

Yesterday · 03:00 UTC

NVIDIA and LG Group are building an AI factory to accelerate LG Group’s next wave of AI-driven businesses, spanning robotics, autonomous driving, data center technologies and GPU cloud services. The AI factory will provi…

Read full article →
3

NVIDIA and Doosan Group Collaborate to Advance Physical AI and AI Factory Infrastructure

7 Jun 2026 · 23:00 UTC

NVIDIA and Doosan Group are expanding their collaboration to advance new opportunities across physical AI, robotics and AI factory infrastructure, spanning Doosan Robotics, Doosan Bobcat, Doosan Enerbility and Doosan Cor…

Read full article →

ABC Technology (AU)

1

Western Sydney International Airport opening date announced

Today · 12:06 UTC

After 15 years of planning, seven years of construction and a year of testing, Western Sydney International Airport has confirmed its opening date for passengers.

Read full article →
2

Redevelopment of Brisbane milk factory site proposed ahead of Olympics

Today · 08:14 UTC

Developer Mark Stockwell has revealed plans for an apartment tower, hotel and Olympic hub at the Parmalat milk processing site on Brisbane's central riverfront.

Read full article →
3

Notre Dame university halts new nursing student enrolments for another year

Today · 08:07 UTC

The university says it will not take new students for its nursing program for another year, as it needs to "rebalance enrolments across the program within accredited program capacity".

Read full article →
🏢

Vendor Security

Rapid7 Blog

1

Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)

Critical

Yesterday · 17:05 UTC

OverviewOn June 8, 2026, Check Point published a security advisory for CVE-2026-50751, a critical authentication bypass vulnerability affecting Check Point Remote Access VPN, Mobile Access, and Spark Firewall products. T…

Read full article →

Check Point Research

1

8th June – Threat Intelligence Report

Critical

Yesterday · 14:47 UTC

For the latest discoveries in cyber research for the week of 1st June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES DentaQuest, a U.S. dental benefits administrator owned by Sun Life, has su…

Read full article →

StepSecurity

1

Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Agents

Critical

6 Jun 2026 · 11:10 UTC

On June 5, 2026, the Miasma worm campaign reached Microsoft's Azure GitHub organizations. GitHub disabled 73 repositories across four Microsoft GitHub organizations after a malicious commit was pushed to the Azure/durabl…

Read full article →
2

Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter

High

Yesterday · 21:21 UTC

An attacker hijacked a co-founder's GitHub account for gpt-pilot, a 33K-star AI coding tool, and force-pushed a credential-stealing Shai-Hulud payload to the main branch. The ruff Python linter caught formatting and lint…

Read full article →
3

The Hades Campaign: Graph ML PyPI Packages Deploy Cross-Platform Memory Scrapers, AI Analyst Misdirection, and a Wiper Deterrent

Medium

Yesterday · 17:30 UTC

On June 8, 2026, multiple Graph ML PyPI packages in the bioinformatics ecosystem were compromised in the Hades campaign, deploying cross-platform memory scrapers, AI prompt injections to misdirect scanners, and a token-r…

Read full article →

AWS Security

1

ICYMI: May 2026 @AWS Security

High

Yesterday · 21:00 UTC

Read all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Secu…

Read full article →
2

Operationalizing AWS security: A maturity roadmap

Yesterday · 16:18 UTC

Enabling security tooling is the starting point. Making it operational—where findings drive decisions, response times are measurable, and your security posture improves week over week—is where most organizations struggle…

Read full article →

Microsoft Security

1

AI brands as bait: How threat actors are using the AI hype in social engineering

High

Yesterday · 16:00 UTC

As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. The post AI brands as bait: How threat actors are using the AI h…

Read full article →

Microsoft Threat Intel

1

AI brands as bait: How threat actors are using the AI hype in social engineering

High

Yesterday · 16:00 UTC

As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. The post AI brands as bait: How threat actors are using the AI h…

Read full article →

Palo Alto Unit 42

1

When “Hi, This Is IT” Comes Through Microsoft Teams

Medium

Yesterday · 23:00 UTC

Attackers are increasingly targeting collaboration platforms like Microsoft Teams. Learn the risks and key steps to strengthen your organization's security. The post When “Hi, This Is IT” Comes Through Microsoft Teams ap…

Read full article →

OpenAI News

1

Introducing the OpenAI Economic Research Exchange

Yesterday · 00:00 UTC

OpenAI launches the Economic Research Exchange to study AI’s impact on jobs, productivity, and the economy. Applications are now open for selected research projects.

Read full article →
2

Confidential submission of draft S-1 to the SEC

Yesterday · 14:00 UTC

OpenAI confirms a confidential S-1 submission to the SEC and has not yet determined timing for further action.

Read full article →
3

Built to benefit everyone: our plan

Yesterday · 01:30 UTC

A vision for the future of AI, focusing on access, safety, and shared prosperity as OpenAI works to ensure AGI benefits everyone.

Read full article →

CrowdStrike Blog

1

CrowdStrike and Zscaler Bring Continuous Identity to Zero Trust Access

Yesterday · 05:00 UTC

Read full article →