📰

Today's News Highlights

🔐 BleepingComputer Critical

CISA warns of another cPanel plugin flaw exploited in attacks

Today · 10:47 UTC

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an actively exploited vulnerability (…

Read full article →
🔐 The Hacker News Critical

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Today · 10:30 UTC

Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said i…

Read full article →
🤖 Ars Technica AI Critical

Critical Copilot vulnerability allowed hackers to seal 2FA code from users

Today · 11:15 UTC

SearchLeak exploit shows why the industry's approach to LLM security fails over and over.

Read full article →
🔐 BleepingComputer Critical

Critical Fortinet FortiSandbox flaws now exploited in attacks

Today · 09:19 UTC

Attackers are now exploiting several critical vulnerabilities in Fortinet's FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. [...]

Read full article →
🏢 Palo Alto Unit 42 Critical

Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE

Today · 10:00 UTC

Unit 42 discovered a Vertex AI Python SDK vulnerability that allows remote code execution via bucket squatting. Read the article for more. The post Pickle in the Middle – Hijacking…

Read full article →
🔐 BleepingComputer Critical

Ransomware gang abuses Microsoft Teams relays to hide malicious traffic

Today · 10:18 UTC

DragonForce ransomware used a custom malware named 'Backdoor.Turn' to hide command-and-control traffic inside Microsoft Teams relay infrastructure. [...]

Read full article →

Top Stories by Impact

🏢 Rapid7 Blog Critical

Beyond the Score: Using AI to Translate CVEs into Real-World Business Risk

Yesterday · 14:44 UTC

Security leaders rarely struggle to gather data, but they often struggle to turn that data into something clear and meaningful for the business. In a typical week, a CISO might rec…

Read full article →
🔐 CISA Alerts Critical

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Yesterday · 12:00 UTC

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-20262 Cisco Catalyst SD-WAN Manager…

Read full article →
🏢 Mandiant Threat Intel Critical

Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research

Yesterday · 14:00 UTC

Written by: Patrick Whitsell, John McGuiness Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People's Republic of China (PR…

Read full article →
🔐 BleepingComputer Critical

CISA warns of another cPanel plugin flaw exploited in attacks

Today · 10:47 UTC

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an actively exploited vulnerability (…

Read full article →
🏢 Rapid7 Blog Critical

Does Your Security Programme Align With NIS2 Requirements?

Yesterday · 17:24 UTC

If your organization operates in the EU, or works with organizations that do, NIS2 is no longer something on the horizon. It is here and it applies to a far wider range of sectors…

Read full article →
🏢 Rapid7 Blog Critical

NIS2 is raising the bar. Here’s how to turn readiness into resilience.

Yesterday · 17:29 UTC

The NIS2 directive asks covered organizations to take a more structured approach to risk management, governance, supply chain security, and incident reporting. It expands the scope…

Read full article →
🔐 The Hacker News Critical

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Today · 10:30 UTC

Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said i…

Read full article →
🤖 Ars Technica AI Critical

Critical Copilot vulnerability allowed hackers to seal 2FA code from users

Today · 11:15 UTC

SearchLeak exploit shows why the industry's approach to LLM security fails over and over.

Read full article →
🔐

Cybersecurity

CISA Alerts

1

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Critical

Yesterday · 12:00 UTC

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-20262 Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerabilit…

Read full article →

BleepingComputer

1

CISA warns of another cPanel plugin flaw exploited in attacks

Critical

Today · 10:47 UTC

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an actively exploited vulnerability (CVE-2026-54420) in the LiteSpeed cPanel…

Read full article →
2

Critical Fortinet FortiSandbox flaws now exploited in attacks

Critical

Today · 09:19 UTC

Attackers are now exploiting several critical vulnerabilities in Fortinet's FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. [...]

Read full article →
3

Ransomware gang abuses Microsoft Teams relays to hide malicious traffic

Critical

Today · 10:18 UTC

DragonForce ransomware used a custom malware named 'Backdoor.Turn' to hide command-and-control traffic inside Microsoft Teams relay infrastructure. [...]

Read full article →

The Hacker News

1

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Critical

Today · 10:30 UTC

Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-…

Read full article →
2

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

High

Today · 09:44 UTC

Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. "The Windows variants discovered are internally marked as WIN_DRV and…

Read full article →
3

Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive

Today · 11:30 UTC

Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and p…

Read full article →

Infosecurity Magazine

1

DragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major Company

Critical

Today · 11:30 UTC

Command and control traffic exploited a Teams visitor token to make malicious activity look legitimate to defenders

Read full article →
2

Chainguard, JPMorgan, BNY Team Up to Secure Open Source from AI Threats

High

Today · 11:00 UTC

Athena is a new an industry coalition to fix the vulnerabilities frontier AI models find before attackers can exploit them

Read full article →
3

Over Two-Thirds of Security Pros Say Cyber Is Getting Harder

Today · 12:00 UTC

ISSA study finds most security professionals feel challenged by colleagues’ involvement in cyber

Read full article →

CyberScoop

1

Google exposes China espionage group that’s been lurking in networks undetected since 2023

Critical

Yesterday · 20:11 UTC

The revelation mirrors an alarming pattern of Chinese espionage groups dropping backdoors into critical infrastructure to intercept research and steal data with national security implications. The post Google exposes Chi…

Read full article →
2

Cybersecurity experts don’t think Anthropic’s Fable 5 presents a unique threat

Yesterday · 16:07 UTC

Dozens of practitioners said the decision to place export controls on the foreign use of Fable are misguided, and recent jailbreak reports don’t show the model providing unique hacking capabilities. The post Cybersecurit…

Read full article →
3

Anthropic disables new models after government calls them a national security concern

13 Jun 2026 · 18:29 UTC

The Commerce Department’s expert control decree led to the company shutting off access to Fable 5 and Mythos 5 worldwide, drawing sharp criticism from researchers and industry analysts. The post Anthropic disables new mo…

Read full article →

Dark Reading

1

Copilot 'SearchLeak' Attack Allows 1-Click Data Theft

Critical

Yesterday · 19:27 UTC

The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.

Read full article →
2

China-Nexus Actor Spy on US Researchers Undetected for a Year

Medium

Yesterday · 17:00 UTC

Google discovered and disrupted the sprawling campaign, which stole RedCAP credentials to target numerous institutions and exfiltrate sensitive data.

Read full article →
3

Most CISOs Report Pressure to Bury Bad Security News

Yesterday · 16:45 UTC

Executive leaders may not be saying it aloud, but business objectives and priorities don't always promote timely disclosures.

Read full article →

Cloudflare Blog

1

Project Glasswing: what Mythos showed us

High

18 May 2026

Cloudflare shares findings from testing Mythos and other security-focused LLMs against live code across critical infrastructure, including model strengths, weaknesses, and what is needed before this work can scale.

Read full article →

Ars Technica

1

Heart protection from COVID shots remains amid updates, study finds

Yesterday · 21:04 UTC

Despite continued benefits, anti-vaccine rhetoric has driven down vaccination.

Read full article →
2

Commodore’s newest gadget is a flip phone that blocks social media and browsers

Today · 09:00 UTC

Commodore's Call Back 8020 is a phone “where the customer is not the product."

Read full article →
3

Key mission for Europe's commercial space enterprise scrubbed again

Yesterday · 23:40 UTC

Isar Aerospace is not hurting for money, but it is sorely lacking in the currency of flight experience.

Read full article →

Cybercrime Magazine

1

Virtual Or Full-Time CISO: ROI Calculator On Security Leadership

Today · 12:19 UTC

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 16, 2026 – Read the full story from LinkedIn The 2026 CISO Report by Cybersecurity Ventures, published in partnership with Sopho…

Read full article →
2

Cybercrime is Accelerating: Preparing the Next Wave of Cybersecurity Experts

Yesterday · 13:14 UTC

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 15, 2026 – Read the full story from CMBlog By harnessing AI, cybercriminals are developing increasingly sophisticated techniques…

Read full article →

Schneier on Security

1

The FCC Wants to Eliminate Burner Phones

Yesterday · 11:01 UTC

A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country’s telecoms to store a wealth of personal information ab…

Read full article →
2

Upcoming Speaking Engagements

14 Jun 2026 · 16:07 UTC

This is a current list of where and when I am scheduled to speak: I’m giving a keynote at Cybernation 2026 in Berlin, Germany, on June 24, 2026. I’m speaking at the Potsdam Conference on National Cybersecurity at the Has…

Read full article →
3

Flock Cameras Are Being Used for Stalking

Today · 11:03 UTC

There are over a dozen cases around the country where police officers are using the Flock surveillance camera system to obsessively and illegally stalk people. Alternate link.

Read full article →

SANS Internet Storm Center

1

From a VHDX File to a Remcos RAT, (Tue, Jun 16th)

Today · 07:09 UTC

Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094[1]). Once unzipped, it contains a VHDX file that discloses a malicious JavaScript after…

Read full article →
2

ISC Stormcast For Tuesday, June 16th, 2026 https://isc.sans.edu/podcastdetail/9974, (Tue, Jun 16th)

Today · 02:00 UTC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read full article →
3

Evil MSI Background: BASE64 Statistical Analysis, (Mon, Jun 15th)

Yesterday · 07:16 UTC

I like it when a fellow handler posts a diary entry about images with malicious content. Last one is Xavier: "The Evil MSI Background is Back!".

Read full article →
🤖

AI & Technology

Ars Technica AI

1

Critical Copilot vulnerability allowed hackers to seal 2FA code from users

Critical

Today · 11:15 UTC

SearchLeak exploit shows why the industry's approach to LLM security fails over and over.

Read full article →
2

Anthropic shuts down Fable, Mythos models following Trump admin directive

13 Jun 2026 · 03:00 UTC

Commerce dept. worries that a Fable 5 "jailbreak" could be a national security threat.

Read full article →
3

Chipmaker Nvidia seeks to raise over $25B in first bond deal since 2021

Yesterday · 19:07 UTC

Debt sale set to test investor appetite for further exposure to AI sector amid a deluge of borrowing.

Read full article →

TechCrunch AI

1

Malaysia’s AI agent-powered messaging app Respond.io raises $62.5M, eyes acquisitions

Medium

Today · 06:59 UTC

Respond.io, one of Malaysia startups to watch, uses AI agents to handle high volumes of customer inquiries and charges per convo, not per seat.

Read full article →
2

SpaceX to acquire Cursor for $60B in stock, days after blockbuster IPO

Today · 11:21 UTC

The deal is supposed to help SpaceX's struggling AI division. The company told IPO investors it sees a $26 trillion addressable market in AI.

Read full article →
3

Sundar Pichai faces boos, walkout at Stanford graduation ceremony over Google’s Israel, ICE ties

Yesterday · 23:51 UTC

AI is once again at the heart of a college graduation protest — this time for the technology's use in Google's defense contracts.

Read full article →

The Verge

1

Apple’s smart home camera service is starting to impress me

Medium

Today · 12:00 UTC

Apple's HomeKit Secure Video service is getting in on the Apple Intelligence party to bring more descriptive alerts from your connected cameras and let you search footage using natural language. The Apple Home app is als…

Read full article →
2

SpaceX is officially buying Cursor for $60 billion

Today · 11:41 UTC

Days after its massive IPO, SpaceX says it is spending $60 billion to buy Cursor - a bet designed to help Elon Musk's sprawling rocket / AI / social media behemoth win over lucrative enterprise customers and close the ga…

Read full article →
3

These mechanical keyboards are two very different sides of the same beautifully made coin

Today · 12:30 UTC

Most mechanical keyboards are great these days, with colorful looks and satisfying typing sounds - even in budget-friendly ranges. But every so often, one stops me dead in my tracks. In this case, two of them. I've been…

Read full article →

The Guardian Technology

1

Florida lawsuit accuses TikTok of violating state’s child social media ban

Medium

Yesterday · 21:18 UTC

State’s attorney general alleges TikTok exposed children to harmful sexual content and addictive featuresFlorida became the latest state to sue TikTok on Monday after the attorney general accused the company of violating…

Read full article →
2

AI could help win ‘race against extinction’ of vital plants, say botanists

Today · 06:00 UTC

Tech is helping to identify and save new specimens and could open ‘genomic goldmine’ of fungi dataThe rise of AI and digitisation could be a turning point in the “race against extinction” faced by botanists trying to ide…

Read full article →
3

UK ministers lobby Trump to avert backlash against social media ban

Today · 08:05 UTC

No 10 is worried about retaliation from White House over restrictions on under-16s’ internet useMinisters have embarked on a concerted lobbying operation to prevent a backlash from the Trump administration to the under-1…

Read full article →

ITNews Australia

1

Amex ordered to implement access controls after insider privacy breaches

Medium

Today · 04:06 UTC

OAIC gives card issuer six months to comply.

Read full article →
2

Security leaders say lift export controls for Anthropic's Mythos-class models

Today · 04:04 UTC

Access limitations put defenders at a disadvantage.

Read full article →
3

Telstra directs automation at triaging a 5G misconfiguration

Yesterday · 20:38 UTC

On the path to developing autonomous networks for 2030.

Read full article →

The Guardian Technology

1

Anthropic releases 'safe' version of Claude Mythos AI model to public

9 Jun 2026 · 22:28 UTC

Anthropic released Fable 5, a public version of its advanced Mythos AI model class, while keeping tighter controls around cybersecurity and other sensitive uses.

Read full article →

Wired AI

1

DOJ Lawyers Argue xAI Is ‘Vital’ for National Security in NAACP Lawsuit

Today · 03:06 UTC

In a bid to dismiss a lawsuit over xAI’s polluting gas turbines, the Justice Department claimed the company is integral to military operations—including the Iran War.

Read full article →
2

‘Pretty Crazy’ Token Usage Is Testing Bosses’ Bet on AI

Today · 09:30 UTC

A Silicon Valley software maker and an ecommerce company reveal to WIRED how they are navigating the emerging challenge of “tokenomics.”

Read full article →
3

Anthropic Is Still at Odds With the White House Over Claude Fable 5

Today · 00:53 UTC

Anthropic leaders flew to Washington, DC, to meet with White House officials on Monday. After high-level talks, they’re still split on the risk Claude Fable 5 presents.

Read full article →

Import AI

1

Import AI 461: "Alignment is not on track"; FrontierCode; and synthetic research interns

Yesterday · 11:30 UTC

Where are your agents right now?

Read full article →

MIT Technology Review AI

1

Want to get a data center online quickly? Give it some flex.

Today · 09:00 UTC

At the end of a tense and scoreless first half of a soccer match between the English men’s team and rival Germany, millions of Brits let out a collective sigh and did what they so often do in moments of stress: They made…

Read full article →
2

Why do South Koreans love AI so much?

Yesterday · 18:46 UTC

This story originally appeared in The Algorithm, our weekly newsletter on AI. To get stories like this in your inbox first, sign up here. When I landed in Seoul after a grueling 12-hour flight from San Francisco, I walke…

Read full article →

ABC Technology (AU)

1

Brewery fined following legal battle with Queensland council

Today · 07:07 UTC

A once popular brewery has been fined in court after shutting up shop earlier this year due to an ongoing legal battle with a Queensland council.

Read full article →
2

Reserve Bank keeps interest rate at 4.35pc as economy slows

Today · 04:37 UTC

The Reserve Bank keeps the interest rate at 4.35pc as Australia's economy slows down.

Read full article →
3

Craft retailer Lincraft to close rest of its stores in Australia and NZ

Today · 04:08 UTC

Retailer Lincraft will close the remainder of its shopfronts after more than 80 years of providing fabric, materials and homewares to Aussie crafters.

Read full article →
🏢

Vendor Security

Rapid7 Blog

1

Beyond the Score: Using AI to Translate CVEs into Real-World Business Risk

Critical

Yesterday · 14:44 UTC

Security leaders rarely struggle to gather data, but they often struggle to turn that data into something clear and meaningful for the business. In a typical week, a CISO might receive a report listing hundreds or even t…

Read full article →
2

Does Your Security Programme Align With NIS2 Requirements?

Critical

Yesterday · 17:24 UTC

If your organization operates in the EU, or works with organizations that do, NIS2 is no longer something on the horizon. It is here and it applies to a far wider range of sectors than its predecessor, the original NIS D…

Read full article →
3

NIS2 is raising the bar. Here’s how to turn readiness into resilience.

Critical

Yesterday · 17:29 UTC

The NIS2 directive asks covered organizations to take a more structured approach to risk management, governance, supply chain security, and incident reporting. It expands the scope of who may be covered, raises expectati…

Read full article →

Mandiant Threat Intel

1

Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research

Critical

Yesterday · 14:00 UTC

Written by: Patrick Whitsell, John McGuiness Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People's Republic of China (PRC)-nexus threat actor, targeting institu…

Read full article →

Palo Alto Unit 42

1

Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE

Critical

Today · 10:00 UTC

Unit 42 discovered a Vertex AI Python SDK vulnerability that allows remote code execution via bucket squatting. Read the article for more. The post Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenan…

Read full article →
2

Inside the Modern SOC: The 72-Minute Race

Yesterday · 23:00 UTC

Attackers can move from access to exfiltration in 72 minutes. Learn how modern SOC teams close the speed gap with Unit 42's AI-driven automation, threat hunting, MDR and Managed XSIAM. The post Inside the Modern SOC: The…

Read full article →

Check Point Research

1

15th June – Threat Intelligence Report

Critical

Yesterday · 13:40 UTC

For the latest discoveries in cyber research for the week of 15th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The University of Nottingham, a UK research university, has suffered a da…

Read full article →

StepSecurity

1

400+ AUR Packages Hijacked: What the “Atomic Arch” Campaign Means for Supply-Chain Security

High

13 Jun 2026 · 02:47 UTC

On June 11th 2026, security researchers and the Arch Linux community disclosed a large-scale supply-chain attack against the Arch User Repository (AUR). Attackers hijacked more than 400 community packages and turned them…

Read full article →

Kaspersky Securelist

1

Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk

Medium

Today · 09:00 UTC

Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform's built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China…

Read full article →

Microsoft Security

1

Microsoft Defender email security benchmarking: Key insights from one year of data

Yesterday · 16:00 UTC

See how Microsoft Defender performed in one year of real-world email security benchmarking against SEG and ICES vendors. The post Microsoft Defender email security benchmarking: Key insights from one year of data appeare…

Read full article →

OpenAI News

1

Introducing the OpenAI Partner Network

14 Jun 2026 · 17:00 UTC

OpenAI launches the Partner Network, investing $150M to help global partners accelerate enterprise AI adoption, deployment, and transformation.

Read full article →

CrowdStrike Blog

1

CrowdStrike Announces Continuous Identity for AI Agents

Yesterday · 05:00 UTC

Read full article →