📰

Today's News Highlights

🔐 BleepingComputer Critical

Max severity Ivanti Sentry vulnerability now exploited in attacks

Today · 06:20 UTC

Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways…

Read full article →
🔐 The Hacker News Critical

OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack

Today · 09:45 UTC

The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPEC…

Read full article →
🔐 Infosecurity Magazine Critical

Extortion-Only Attacks Increase, With Data Theft Dominating Ransomware Claims

Today · 10:20 UTC

Extortion-only attacks are increasing as data theft drives most ransomware claims, with many organizations unable to stop stolen data from being exposed

Read full article →
🔐 The Hacker News High

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

Today · 06:23 UTC

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The ch…

Read full article →
🏢 Palo Alto Unit 42 High

Trust No Skill: Integrity Verification for AI Agent Supply Chains

Today · 10:00 UTC

Protect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage attack chains. The post Trust No Skill: Integrity Ver…

Read full article →
🔐 BleepingComputer High

Microsoft fixes BitLocker recovery bug on Windows Server 2025

Today · 08:44 UTC

Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. [...]

Read full article →

Top Stories by Impact

🏢 Rapid7 Blog Critical

Patch Tuesday - June 2026

9 Jun 2026 · 21:04 UTC

Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public…

Read full article →
🏢 Rapid7 Blog Critical

CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry

Yesterday · 10:21 UTC

OverviewOn June 9, 2026, Ivanti published a security advisory for two critical vulnerabilities affecting Ivanti Sentry (formerly known as MobileIron Sentry), which per the vendor w…

Read full article →
🔐 CISA Alerts Critical

Siemens KACO Blueplanet Inverters

9 Jun 2026 · 12:00 UTC

View CSAF Summary KACO blueplanet Inverters contain multiple vulnerabilities that could allow an attacker to derive the credentials from the devices serial number and misuse them t…

Read full article →
🔐 CISA Alerts Critical

Schneider Electric EcoStruxure Panel Server

9 Jun 2026 · 12:00 UTC

View CSAF Summary Schneider Electric is aware of its vulnerability in its EcoStruxure Panel Server offer. The EcoStruxure Panel Server is a high performance, modular gateway with e…

Read full article →
🔐 Krebs on Security Critical

A Record-Breaking Patch Tuesday for June 2026

9 Jun 2026 · 22:07 UTC

Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's…

Read full article →
🔐 CISA Alerts Critical

CISA Adds Three Known Exploited Vulnerabilities to Catalog

9 Jun 2026 · 12:00 UTC

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-7473 Arista Extensible Operating S…

Read full article →
🔐 BleepingComputer Critical

Max severity Ivanti Sentry vulnerability now exploited in attacks

Today · 06:20 UTC

Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways…

Read full article →
🏢 Rapid7 Blog Critical

Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans

Yesterday · 16:26 UTC

Blake McDermott is Senior Threat Hunter at Rapid7.Every week, threat hunt teams are faced with a steady flow of blogs, advisories, and DFIR reports containing valuable intelligence…

Read full article →
🔐

Cybersecurity

CISA Alerts

1

Siemens KACO Blueplanet Inverters

Critical

9 Jun 2026 · 12:00 UTC

View CSAF Summary KACO blueplanet Inverters contain multiple vulnerabilities that could allow an attacker to derive the credentials from the devices serial number and misuse them to gain unauthorized access. KACO new ene…

Read full article →
2

Schneider Electric EcoStruxure Panel Server

Critical

9 Jun 2026 · 12:00 UTC

View CSAF Summary Schneider Electric is aware of its vulnerability in its EcoStruxure Panel Server offer. The EcoStruxure Panel Server is a high performance, modular gateway with enhanced cybersecurity that provides easy…

Read full article →
3

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Critical

9 Jun 2026 · 12:00 UTC

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-7473 Arista Extensible Operating System Incomplete Comparison with Missing…

Read full article →

Krebs on Security

1

A Record-Breaking Patch Tuesday for June 2026

Critical

9 Jun 2026 · 22:07 UTC

Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly thre…

Read full article →
2

Who Runs the Ransomware Group ‘The Gentlemen?’

High

Yesterday · 14:03 UTC

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affi…

Read full article →

BleepingComputer

1

Max severity Ivanti Sentry vulnerability now exploited in attacks

Critical

Today · 06:20 UTC

Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. [...]

Read full article →
2

Microsoft fixes BitLocker recovery bug on Windows Server 2025

High

Today · 08:44 UTC

Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. [...]

Read full article →
3

Nottingham University data breach affects over 450,000 students

Medium

Today · 07:27 UTC

The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. [...]

Read full article →

The Hacker News

1

OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack

Critical

Today · 09:45 UTC

The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolo…

Read full article →
2

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

High

Today · 06:23 UTC

GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques th…

Read full article →
3

AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.

Today · 11:30 UTC

For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by seve…

Read full article →

Infosecurity Magazine

1

Extortion-Only Attacks Increase, With Data Theft Dominating Ransomware Claims

Critical

Today · 10:20 UTC

Extortion-only attacks are increasing as data theft drives most ransomware claims, with many organizations unable to stop stolen data from being exposed

Read full article →
2

Most Cybersecurity Teams Struggle to Find Time for Training on New Cyber Threats

Today · 12:30 UTC

Organizations are aware of the challenges that new technologies like AI bring: but cybersecurity staff struggle to make time for the required training during working hours

Read full article →
3

Interpol Dismantles SniperDz Phishing-as-a-Service Platform

Today · 11:30 UTC

New revelations by Group-IB expose the full scale of the decade-old SniperDz phishing operation

Read full article →

Dark Reading

1

Bug Bounty Research Triggers ServiceNow Security Alert

Critical

Yesterday · 20:07 UTC

Bug bounty research inadvertently led organizations to believe they were being breached through their ServiceNow instances.

Read full article →
2

CISA Rewrites Federal Patching Requirements for AI Threat Era

High

Yesterday · 21:17 UTC

The new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred.

Read full article →
3

Chinese, N. Korean Threat Groups Build on Asia-Pacific Success

Today · 00:01 UTC

North Korea's gross domestic product (GDP) has grown, in part because of the cybercrime gains of groups linked to the nation, which target business and financial firms.

Read full article →

CyberScoop

1

CISA directive orders agencies to prioritize vulnerability patching in a new way

High

Yesterday · 16:07 UTC

A vulnerability that meets all four criteria would need to be fixed within three days, for instance. The post CISA directive orders agencies to prioritize vulnerability patching in a new way appeared first on CyberScoop.

Read full article →
2

Microsoft breaks Patch Tuesday record with 206 vulnerabilities

High

9 Jun 2026 · 19:53 UTC

Fears and warnings about a roaring flood of error-riddled software have materialized. And the disease is spreading. The post Microsoft breaks Patch Tuesday record with 206 vulnerabilities appeared first on CyberScoop.

Read full article →
3

OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers

Yesterday · 20:20 UTC

The company says there’s little evidence it influenced any real policy discussion. The post OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers appeared first on CyberScoop.

Read full article →

Cloudflare Blog

1

Project Glasswing: what Mythos showed us

High

18 May 2026

Cloudflare shares findings from testing Mythos and other security-focused LLMs against live code across critical infrastructure, including model strengths, weaknesses, and what is needed before this work can scale.

Read full article →

Cybercrime Magazine

1

2026 CISO Compensation Data: Salaries, Bonuses, Equity

9 Jun 2026 · 12:41 UTC

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 9, 2026 – Read the report The 2026 CISO Report from Cybersecurity Ventures in partnership with Sophos examines the latest compen…

Read full article →
2

New Book: Cybersecurity for Accounting and Business

Yesterday · 13:12 UTC

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 10, 2026 – Read the book Cybersecurity for Accounting and Business, a new book co-authored by Nancy Bagranoff, Professor at Univ…

Read full article →
3

WireBadger Malicious Cable Detector For Penetration Testers And Red Teams

8 Jun 2026 · 12:46 UTC

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 8, 2026 – WireBadger production information USB technology was designed for convenience and universal compatibility. When a cabl…

Read full article →

SANS Internet Storm Center

1

How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)

Yesterday · 08:29 UTC

Back in 2023, I wrote a diary[1] discussing how commonly X-Frame-Options and CSP headers containing the frame-ancestors directive were used on 1 million most popular domains on the internet (based on the Tranco list[2]),…

Read full article →
2

ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th)

Today · 02:25 UTC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read full article →
3

ISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966, (Wed, Jun 10th)

Yesterday · 02:00 UTC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read full article →

Schneier on Security

1

Enhanced License Plate Tracking

Today · 11:01 UTC

The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers (ALPRs) that would mean the devices, as well as capture the license plate of passing vehic…

Read full article →
2

NSO Group Hacking WhatsApp Despite Court Order

Yesterday · 11:08 UTC

WhatsApp has caught the NSO Group phishing its users, in violation of a court order.

Read full article →
3

GPS As a Key Distribution Platform

9 Jun 2026 · 15:06 UTC

This is interesting: The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, turning each satellite into a hidden “numbers station,” according…

Read full article →

Ars Technica

1

Several things I like about macOS 27 Golden Gate that have nothing to do with AI

Today · 11:00 UTC

AI aside, Golden Gate includes a bunch of subtle-but-helpful improvements.

Read full article →
2

Diabetes org apologizes for ejecting scientists over criticism of Trump

Yesterday · 22:16 UTC

For days after the stunning incident, the ADA had doubled-down on the choice.

Read full article →
3

Man sues Florida cops over arrest spurred by "93% match" in facial recognition

Yesterday · 21:30 UTC

Lawsuit: "Police let an error-prone AI system stand in for an investigation."

Read full article →
🤖

AI & Technology

The Guardian Technology

1

Palantir to sue Sadiq Khan over blocked £50m Met police contract

Medium

9 Jun 2026 · 15:13 UTC

US spy-tech company to challenge London mayor’s intervention after he raised concerns over breach of procurement rulesPalantir intends to sue the London mayor, Sadiq Khan, after he blocked a contract between the US spy-t…

Read full article →
2

Crackdown on tech platforms will go ahead despite US intervention, says No 10

9 Jun 2026 · 17:47 UTC

US embassy came out against UK’s proposed under-16 social media ban, which would affect American firmsWhite House displeasure over the prospect of an under-16 social media ban will not deter the UK from cracking down on…

Read full article →
3

AI absolutism is breaking our brains. The apocalyptic future we’re being sold isn’t inevitable

Today · 10:30 UTC

Nor is the dreamy promise that this tech will unlock boundless potential and productivityEverything we hear about artificial intelligence is conflicting, and hearing about it feels inescapable. AI is terrible. AI is wond…

Read full article →

ITNews Australia

1

Marathon OAIC investigation finds Optus breached 51,000 customers' privacy

Medium

Today · 06:23 UTC

In White Pages case.

Read full article →
2

Westpac is embedding AI across its core "flows"

Today · 08:41 UTC

Lays out vision for more personalised consumer finance and service.

Read full article →
3

Microsoft limits employee use of Anthropic's Claude Fable 5

Yesterday · 20:46 UTC

Over data retention concerns.

Read full article →

Wired AI

1

Wrongful Arrest Exposes Failures in One of the Oldest Police Face-Recognition Tools in the US

Yesterday · 14:00 UTC

The ACLU is suing two Florida police departments over the arrest of a Fort Myers man in a child-abduction case, saying officers treated a flawed face-recognition match as a near-certain ID.

Read full article →
2

Anthropic Walks Back Policy That Could Have ‘Sabotaged’ AI Researchers Using Claude

Today · 03:11 UTC

The company changed course after researchers spoke out against the policy, which would have covertly limited Claude’s ability to develop competing AI models.

Read full article →
3

China Opens World’s First Wind-Powered Underwater Data Center

Yesterday · 13:39 UTC

With an initial capacity of 24 megawatts, the innovative data center uses seawater as a natural cooling system.

Read full article →

The Guardian Technology

1

Anthropic releases 'safe' version of Claude Mythos AI model to public

9 Jun 2026 · 22:28 UTC

Anthropic released Fable 5, a public version of its advanced Mythos AI model class, while keeping tighter controls around cybersecurity and other sensitive uses.

Read full article →

The Verge

1

Anthropic apologizes for invisible Claude Fable guardrails

Today · 11:40 UTC

Anthropic has apologized for stealthily throttling its new AI model, Claude Fable 5, with hidden guardrails that undermine both researchers and rivals using it to develop competing systems. The company says it is reversi…

Read full article →
2

iFixit Trump phone teardown confirms it’s an HTC dupe

Today · 10:40 UTC

After getting its hands on a Trump phone and tearing it apart, iFixit has confirmed what I first reported back in February: the T1 Phone is an almost exact duplicate of the HTC U24 Pro. iFixit partnered with NBC to get h…

Read full article →
3

The library rules (and so do library streaming services)

Today · 11:30 UTC

Summer is almost here, and that means getting outside, having fun in the sun, and touching grass. But if you need to cool down for a bit, allow me to sing the praises of the library. If your local library system is anyth…

Read full article →

MIT Technology Review AI

1

Google DeepMind is worried about what happens when millions of agents start to interact

Today · 11:00 UTC

Google DeepMind is funding research into the potential dangers of situations where millions of different AI agents interact with each other online. According to Rohin Shah, who directs the company’s AGI safety and alignm…

Read full article →
2

Learning to lead in a hybrid human-AI enterprise

9 Jun 2026 · 10:20 UTC

As adoption of AI agents looks set to surge by as much as 300% in the next two years, leadership teams are carefully considering the implications of a hybrid human-AI workforce. Unlike existing enterprise-level automatio…

Read full article →
3

Five things you need to know about AI

9 Jun 2026 · 09:16 UTC

At SXSW London last week I gave a talk called “Five things you need to know about AI,” in which I shared what I think are the biggest themes in AI right now. I pulled a few things from our first AI10 list, an annual guid…

Read full article →

TechCrunch AI

1

Anthropic’s Dario Amodei has just one direct report

Today · 03:53 UTC

If you doubted his genius, doubt no more.

Read full article →
2

Opendoor’s India exit is fueling a bigger conversation about AI and outsourcing

Today · 04:02 UTC

The decision comes as India emerges as the world’s largest GCC market.

Read full article →
3

xAI fired an engineer who raised alarms about Grok safety, new lawsuit claims

Yesterday · 22:31 UTC

A former xAI engineer is suing the company and SpaceX, alleging he was fired for raising AI safety concerns about Grok days before SpaceX's historic IPO.

Read full article →

Ars Technica AI

1

Anthropic says these topics are too dangerous to let its Fable 5 model talk about

9 Jun 2026 · 19:20 UTC

New frontier model refuses cybersecurity, biology, and chemistry queries.

Read full article →
2

Google DeepMind releases DiffusionGemma, a model that runs local AI 4x faster

Yesterday · 19:29 UTC

Diffusion AI is most common in image generation, but it can make text outputs much faster.

Read full article →
3

Nobody needs AI to search the Internet, court says in ruling against Google

Yesterday · 17:19 UTC

Google AI Overview court loss in Germany could spell doom for AI search industry.

Read full article →

Google DeepMind

1

Investing in multi-agent AI safety research

Yesterday · 10:21 UTC

Google DeepMind and partners announce a $10M funding call for multi-agent safety research.

Read full article →
2

DiffusionGemma: 4x faster text generation

Yesterday · 16:24 UTC

Read full article →
3

Fluid, natural voice translation with Gemini 3.5 Live Translate

9 Jun 2026 · 15:16 UTC

Gemini 3.5 Live Translate brings near real-time, natural speech translation to Google AI Studio, Google Translate and Google Meet.

Read full article →

ABC Technology (AU)

1

Bluesfest creditors owed $7 million, financial report reveals

Today · 09:14 UTC

A report into the cancelled Byron Bay Bluesfest reveals creditors are unlikely to be repaid the millions of dollars they are owed.

Read full article →
2

BHP bracing for strike after WA workers back industrial action

Today · 07:59 UTC

Unionised workers at BHPs operations in Port Hedland could walk off the job as soon as next week after endorsing protected industrial action.

Read full article →
3

ACT education minister censured in Assembly as schools close for strike

Today · 02:29 UTC

ACT MLA Yvette Berry is censured in the Legislative Assembly over her record as minister for housing and education amid a teachers' strike that has closed schools across the territory.

Read full article →

Import AI

1

Import AI 460: Reward hacking society, RSI data from Anthropic; and RL-based quadcopter racing

8 Jun 2026 · 12:31 UTC

When will markets price the singularity?

Read full article →

NVIDIA AI Blog

1

For Robotaxis, Safety Must Be Built In, Not Bolted On

Yesterday · 19:00 UTC

A car pulls up to the curb. The app says, “Your ride is here.” No one’s in the driver’s seat. For people who live in one of the dozens of cities now hosting robotaxi services, this is already a reality. The robotaxi indu…

Read full article →
2

NVIDIA Accelerates Google DeepMind’s DiffusionGemma for Local AI

Yesterday · 16:15 UTC

Today, Google DeepMind released DiffusionGemma — an experimental open model built for exceptionally fast text generation. NVIDIA has optimized DiffusionGemma to run even faster across NVIDIA GeForce RTX GPUs, the NVIDIA…

Read full article →
3

NVIDIA Confidential Computing to Help Expand Apple’s Private Cloud Compute

9 Jun 2026 · 22:34 UTC

NVIDIA GPUs with Confidential Computing are now used for confidential inference in Apple’s Private Cloud Compute (PCC), as it expands beyond Apple’s data centers to Google Cloud. Unveiled during Apple’s annual WWDC gathe…

Read full article →
🏢

Vendor Security

Rapid7 Blog

1

Patch Tuesday - June 2026

Critical

9 Jun 2026 · 21:04 UTC

Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to…

Read full article →
2

CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry

Critical

Yesterday · 10:21 UTC

OverviewOn June 9, 2026, Ivanti published a security advisory for two critical vulnerabilities affecting Ivanti Sentry (formerly known as MobileIron Sentry), which per the vendor website is an “in-line gateway that manag…

Read full article →
3

Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans

Critical

Yesterday · 16:26 UTC

Blake McDermott is Senior Threat Hunter at Rapid7.Every week, threat hunt teams are faced with a steady flow of blogs, advisories, and DFIR reports containing valuable intelligence about adversary behaviors, tactics, tec…

Read full article →

Check Point Research

1

8th June – Threat Intelligence Report

Critical

8 Jun 2026 · 14:47 UTC

For the latest discoveries in cyber research for the week of 1st June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES DentaQuest, a U.S. dental benefits administrator owned by Sun Life, has su…

Read full article →

CrowdStrike Blog

1

June 2026 Patch Tuesday: Microsoft Patches 206 Vulnerabilities Including Three Publicly Disclosed Zero-Days

Critical

9 Jun 2026 · 05:00 UTC

Read full article →
2

CrowdStrike 2026 Technology Threat Landscape Report: China’s Ambitions Fuel Attacks

Medium

9 Jun 2026 · 05:00 UTC

Read full article →
3

CrowdStrike Expands Identity Leadership with OpenID and IDPro

Yesterday · 05:00 UTC

Read full article →

AWS Security

1

ICYMI: May 2026 @AWS Security

High

8 Jun 2026 · 21:00 UTC

Read all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Secu…

Read full article →
2

Operationalizing AWS security: A maturity roadmap

8 Jun 2026 · 16:18 UTC

Enabling security tooling is the starting point. Making it operational—where findings drive decisions, response times are measurable, and your security posture improves week over week—is where most organizations struggle…

Read full article →

Palo Alto Unit 42

1

Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257

High

9 Jun 2026 · 14:05 UTC

We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257. The post Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 appeared first on Unit 42.

Read full article →
2

Trust No Skill: Integrity Verification for AI Agent Supply Chains

High

Today · 10:00 UTC

Protect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage attack chains. The post Trust No Skill: Integrity Verification for AI Agent Supply Chains app…

Read full article →
3

Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility

Medium

9 Jun 2026 · 22:00 UTC

Unit 42 research examines attack scenarios targeting cloud logging services. Learn how to defend against log manipulation and defense evasion. The post Blinding the Watchmen: Abusing Cloud Logging Services for Defense Ev…

Read full article →

Microsoft Security

1

AI brands as bait: How threat actors are using the AI hype in social engineering

High

8 Jun 2026 · 16:00 UTC

As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. The post AI brands as bait: How threat actors are using the AI h…

Read full article →
2

Turn specs into evals for any agent with ASSERT

Yesterday · 16:00 UTC

Adaptive Spec-driven Scoring for Evaluation and Regression Testing (ASSERT) is an open-source framework for converting natural language behavior requirements into executable evaluations of AI models and agents. The post…

Read full article →
3

Reconstructing AI activity in investigations

9 Jun 2026 · 17:35 UTC

Learn how to investigate AI activity in Microsoft 365 Copilot and Azure AI services using a structured, telemetry-driven approach. This playbook helps security teams reconstruct events, assess data exposure, and detect p…

Read full article →

Microsoft Threat Intel

1

AI brands as bait: How threat actors are using the AI hype in social engineering

High

8 Jun 2026 · 16:00 UTC

As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. The post AI brands as bait: How threat actors are using the AI h…

Read full article →

Cisco Talos

1

Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities

High

9 Jun 2026 · 21:21 UTC

Microsoft Patch Tuesday details for June 2026.

Read full article →

StepSecurity

1

New in the Threat Center: Compromised Components, Now Available via API

High

9 Jun 2026 · 21:04 UTC

StepSecurity's new Threat Center API returns the compromised packages for any supply chain incident, so you can automate response and confirm exposure fast.

Read full article →
2

Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter

High

9 Jun 2026 · 21:04 UTC

An attacker hijacked a co-founder's GitHub account for gpt-pilot, a 33K-star AI coding tool, and force-pushed a credential-stealing Shai-Hulud payload to the main branch. The ruff Python linter caught formatting and lint…

Read full article →
3

The Hades Campaign: Graph ML PyPI Packages Deploy Cross-Platform Memory Scrapers, AI Analyst Misdirection, and a Wiper Deterrent

Medium

9 Jun 2026 · 21:04 UTC

On June 8, 2026, multiple Graph ML PyPI packages in the bioinformatics ecosystem were compromised in the Hades campaign, deploying cross-platform memory scrapers, AI prompt injections to misdirect scanners, and a token-r…

Read full article →

OpenAI News

1

Access OpenAI models and Codex through your Oracle cloud commitment

Yesterday · 20:00 UTC

Access OpenAI models and Codex through Oracle Cloud, using existing commitments to build and deploy AI with enterprise security and governance.

Read full article →
2

How an astrophysicist uses Codex to help simulate black holes

Today · 00:00 UTC

Discover how astrophysicist Chi-kwan Chan uses Codex to build black hole simulations, helping scientists study extreme physics and test Einstein’s theory of general relativity.

Read full article →
3

Supporting Europe’s work in ensuring a trustworthy AI ecosystem

Today · 00:00 UTC

OpenAI supports the EU Code of Practice on AI content transparency, advancing provenance standards and tools to help people understand AI-generated content.

Read full article →