Today's News Highlights
CISA warns of another cPanel plugin flaw exploited in attacks
Today · 10:47 UTC
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an actively exploited vulnerability (…
Read full article →Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Today · 10:30 UTC
Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said i…
Read full article →Critical Copilot vulnerability allowed hackers to seal 2FA code from users
Today · 11:15 UTC
SearchLeak exploit shows why the industry's approach to LLM security fails over and over.
Read full article →Critical Fortinet FortiSandbox flaws now exploited in attacks
Today · 09:19 UTC
Attackers are now exploiting several critical vulnerabilities in Fortinet's FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. [...]
Read full article →Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE
Today · 10:00 UTC
Unit 42 discovered a Vertex AI Python SDK vulnerability that allows remote code execution via bucket squatting. Read the article for more. The post Pickle in the Middle – Hijacking…
Read full article →Ransomware gang abuses Microsoft Teams relays to hide malicious traffic
Today · 10:18 UTC
DragonForce ransomware used a custom malware named 'Backdoor.Turn' to hide command-and-control traffic inside Microsoft Teams relay infrastructure. [...]
Read full article →Top Stories by Impact
Beyond the Score: Using AI to Translate CVEs into Real-World Business Risk
Yesterday · 14:44 UTC
Security leaders rarely struggle to gather data, but they often struggle to turn that data into something clear and meaningful for the business. In a typical week, a CISO might rec…
Read full article →CISA Adds Two Known Exploited Vulnerabilities to Catalog
Yesterday · 12:00 UTC
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-20262 Cisco Catalyst SD-WAN Manager…
Read full article →Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research
Yesterday · 14:00 UTC
Written by: Patrick Whitsell, John McGuiness Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People's Republic of China (PR…
Read full article →CISA warns of another cPanel plugin flaw exploited in attacks
Today · 10:47 UTC
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an actively exploited vulnerability (…
Read full article →Does Your Security Programme Align With NIS2 Requirements?
Yesterday · 17:24 UTC
If your organization operates in the EU, or works with organizations that do, NIS2 is no longer something on the horizon. It is here and it applies to a far wider range of sectors…
Read full article →NIS2 is raising the bar. Here’s how to turn readiness into resilience.
Yesterday · 17:29 UTC
The NIS2 directive asks covered organizations to take a more structured approach to risk management, governance, supply chain security, and incident reporting. It expands the scope…
Read full article →Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
Today · 10:30 UTC
Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said i…
Read full article →Critical Copilot vulnerability allowed hackers to seal 2FA code from users
Today · 11:15 UTC
SearchLeak exploit shows why the industry's approach to LLM security fails over and over.
Read full article →Cybersecurity
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CriticalYesterday · 12:00 UTC
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-20262 Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerabilit…
Read full article →BleepingComputer
CISA warns of another cPanel plugin flaw exploited in attacks
CriticalToday · 10:47 UTC
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an actively exploited vulnerability (CVE-2026-54420) in the LiteSpeed cPanel…
Read full article →Critical Fortinet FortiSandbox flaws now exploited in attacks
CriticalToday · 09:19 UTC
Attackers are now exploiting several critical vulnerabilities in Fortinet's FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. [...]
Read full article →Ransomware gang abuses Microsoft Teams relays to hide malicious traffic
CriticalToday · 10:18 UTC
DragonForce ransomware used a custom malware named 'Backdoor.Turn' to hide command-and-control traffic inside Microsoft Teams relay infrastructure. [...]
Read full article →The Hacker News
Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
CriticalToday · 10:30 UTC
Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-…
Read full article →China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth
HighToday · 09:44 UTC
Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. "The Windows variants discovered are internally marked as WIN_DRV and…
Read full article →Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive
Today · 11:30 UTC
Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and p…
Read full article →Infosecurity Magazine
DragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major Company
CriticalToday · 11:30 UTC
Command and control traffic exploited a Teams visitor token to make malicious activity look legitimate to defenders
Read full article →Chainguard, JPMorgan, BNY Team Up to Secure Open Source from AI Threats
HighToday · 11:00 UTC
Athena is a new an industry coalition to fix the vulnerabilities frontier AI models find before attackers can exploit them
Read full article →Over Two-Thirds of Security Pros Say Cyber Is Getting Harder
Today · 12:00 UTC
ISSA study finds most security professionals feel challenged by colleagues’ involvement in cyber
Read full article →CyberScoop
Google exposes China espionage group that’s been lurking in networks undetected since 2023
CriticalYesterday · 20:11 UTC
The revelation mirrors an alarming pattern of Chinese espionage groups dropping backdoors into critical infrastructure to intercept research and steal data with national security implications. The post Google exposes Chi…
Read full article →Cybersecurity experts don’t think Anthropic’s Fable 5 presents a unique threat
Yesterday · 16:07 UTC
Dozens of practitioners said the decision to place export controls on the foreign use of Fable are misguided, and recent jailbreak reports don’t show the model providing unique hacking capabilities. The post Cybersecurit…
Read full article →Anthropic disables new models after government calls them a national security concern
13 Jun 2026 · 18:29 UTC
The Commerce Department’s expert control decree led to the company shutting off access to Fable 5 and Mythos 5 worldwide, drawing sharp criticism from researchers and industry analysts. The post Anthropic disables new mo…
Read full article →Dark Reading
Copilot 'SearchLeak' Attack Allows 1-Click Data Theft
CriticalYesterday · 19:27 UTC
The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.
Read full article →China-Nexus Actor Spy on US Researchers Undetected for a Year
MediumYesterday · 17:00 UTC
Google discovered and disrupted the sprawling campaign, which stole RedCAP credentials to target numerous institutions and exfiltrate sensitive data.
Read full article →Most CISOs Report Pressure to Bury Bad Security News
Yesterday · 16:45 UTC
Executive leaders may not be saying it aloud, but business objectives and priorities don't always promote timely disclosures.
Read full article →Cloudflare Blog
Project Glasswing: what Mythos showed us
High18 May 2026
Cloudflare shares findings from testing Mythos and other security-focused LLMs against live code across critical infrastructure, including model strengths, weaknesses, and what is needed before this work can scale.
Read full article →Ars Technica
Heart protection from COVID shots remains amid updates, study finds
Yesterday · 21:04 UTC
Despite continued benefits, anti-vaccine rhetoric has driven down vaccination.
Read full article →Commodore’s newest gadget is a flip phone that blocks social media and browsers
Today · 09:00 UTC
Commodore's Call Back 8020 is a phone “where the customer is not the product."
Read full article →Key mission for Europe's commercial space enterprise scrubbed again
Yesterday · 23:40 UTC
Isar Aerospace is not hurting for money, but it is sorely lacking in the currency of flight experience.
Read full article →Cybercrime Magazine
Virtual Or Full-Time CISO: ROI Calculator On Security Leadership
Today · 12:19 UTC
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 16, 2026 – Read the full story from LinkedIn The 2026 CISO Report by Cybersecurity Ventures, published in partnership with Sopho…
Read full article →Cybercrime is Accelerating: Preparing the Next Wave of Cybersecurity Experts
Yesterday · 13:14 UTC
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 15, 2026 – Read the full story from CMBlog By harnessing AI, cybercriminals are developing increasingly sophisticated techniques…
Read full article →Schneier on Security
The FCC Wants to Eliminate Burner Phones
Yesterday · 11:01 UTC
A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country’s telecoms to store a wealth of personal information ab…
Read full article →Upcoming Speaking Engagements
14 Jun 2026 · 16:07 UTC
This is a current list of where and when I am scheduled to speak: I’m giving a keynote at Cybernation 2026 in Berlin, Germany, on June 24, 2026. I’m speaking at the Potsdam Conference on National Cybersecurity at the Has…
Read full article →Flock Cameras Are Being Used for Stalking
Today · 11:03 UTC
There are over a dozen cases around the country where police officers are using the Flock surveillance camera system to obsessively and illegally stalk people. Alternate link.
Read full article →SANS Internet Storm Center
From a VHDX File to a Remcos RAT, (Tue, Jun 16th)
Today · 07:09 UTC
Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094[1]). Once unzipped, it contains a VHDX file that discloses a malicious JavaScript after…
Read full article →ISC Stormcast For Tuesday, June 16th, 2026 https://isc.sans.edu/podcastdetail/9974, (Tue, Jun 16th)
Today · 02:00 UTC
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Read full article →Evil MSI Background: BASE64 Statistical Analysis, (Mon, Jun 15th)
Yesterday · 07:16 UTC
I like it when a fellow handler posts a diary entry about images with malicious content. Last one is Xavier: "The Evil MSI Background is Back!".
Read full article →AI & Technology
Ars Technica AI
Critical Copilot vulnerability allowed hackers to seal 2FA code from users
CriticalToday · 11:15 UTC
SearchLeak exploit shows why the industry's approach to LLM security fails over and over.
Read full article →Anthropic shuts down Fable, Mythos models following Trump admin directive
13 Jun 2026 · 03:00 UTC
Commerce dept. worries that a Fable 5 "jailbreak" could be a national security threat.
Read full article →Chipmaker Nvidia seeks to raise over $25B in first bond deal since 2021
Yesterday · 19:07 UTC
Debt sale set to test investor appetite for further exposure to AI sector amid a deluge of borrowing.
Read full article →TechCrunch AI
Malaysia’s AI agent-powered messaging app Respond.io raises $62.5M, eyes acquisitions
MediumToday · 06:59 UTC
Respond.io, one of Malaysia startups to watch, uses AI agents to handle high volumes of customer inquiries and charges per convo, not per seat.
Read full article →SpaceX to acquire Cursor for $60B in stock, days after blockbuster IPO
Today · 11:21 UTC
The deal is supposed to help SpaceX's struggling AI division. The company told IPO investors it sees a $26 trillion addressable market in AI.
Read full article →Sundar Pichai faces boos, walkout at Stanford graduation ceremony over Google’s Israel, ICE ties
Yesterday · 23:51 UTC
AI is once again at the heart of a college graduation protest — this time for the technology's use in Google's defense contracts.
Read full article →The Verge
Apple’s smart home camera service is starting to impress me
MediumToday · 12:00 UTC
Apple's HomeKit Secure Video service is getting in on the Apple Intelligence party to bring more descriptive alerts from your connected cameras and let you search footage using natural language. The Apple Home app is als…
Read full article →SpaceX is officially buying Cursor for $60 billion
Today · 11:41 UTC
Days after its massive IPO, SpaceX says it is spending $60 billion to buy Cursor - a bet designed to help Elon Musk's sprawling rocket / AI / social media behemoth win over lucrative enterprise customers and close the ga…
Read full article →These mechanical keyboards are two very different sides of the same beautifully made coin
Today · 12:30 UTC
Most mechanical keyboards are great these days, with colorful looks and satisfying typing sounds - even in budget-friendly ranges. But every so often, one stops me dead in my tracks. In this case, two of them. I've been…
Read full article →The Guardian Technology
Florida lawsuit accuses TikTok of violating state’s child social media ban
MediumYesterday · 21:18 UTC
State’s attorney general alleges TikTok exposed children to harmful sexual content and addictive featuresFlorida became the latest state to sue TikTok on Monday after the attorney general accused the company of violating…
Read full article →AI could help win ‘race against extinction’ of vital plants, say botanists
Today · 06:00 UTC
Tech is helping to identify and save new specimens and could open ‘genomic goldmine’ of fungi dataThe rise of AI and digitisation could be a turning point in the “race against extinction” faced by botanists trying to ide…
Read full article →UK ministers lobby Trump to avert backlash against social media ban
Today · 08:05 UTC
No 10 is worried about retaliation from White House over restrictions on under-16s’ internet useMinisters have embarked on a concerted lobbying operation to prevent a backlash from the Trump administration to the under-1…
Read full article →ITNews Australia
Amex ordered to implement access controls after insider privacy breaches
MediumToday · 04:06 UTC
OAIC gives card issuer six months to comply.
Read full article →Security leaders say lift export controls for Anthropic's Mythos-class models
Today · 04:04 UTC
Access limitations put defenders at a disadvantage.
Read full article →Telstra directs automation at triaging a 5G misconfiguration
Yesterday · 20:38 UTC
On the path to developing autonomous networks for 2030.
Read full article →The Guardian Technology
Anthropic releases 'safe' version of Claude Mythos AI model to public
9 Jun 2026 · 22:28 UTC
Anthropic released Fable 5, a public version of its advanced Mythos AI model class, while keeping tighter controls around cybersecurity and other sensitive uses.
Read full article →Wired AI
DOJ Lawyers Argue xAI Is ‘Vital’ for National Security in NAACP Lawsuit
Today · 03:06 UTC
In a bid to dismiss a lawsuit over xAI’s polluting gas turbines, the Justice Department claimed the company is integral to military operations—including the Iran War.
Read full article →‘Pretty Crazy’ Token Usage Is Testing Bosses’ Bet on AI
Today · 09:30 UTC
A Silicon Valley software maker and an ecommerce company reveal to WIRED how they are navigating the emerging challenge of “tokenomics.”
Read full article →Anthropic Is Still at Odds With the White House Over Claude Fable 5
Today · 00:53 UTC
Anthropic leaders flew to Washington, DC, to meet with White House officials on Monday. After high-level talks, they’re still split on the risk Claude Fable 5 presents.
Read full article →Import AI
Import AI 461: "Alignment is not on track"; FrontierCode; and synthetic research interns
Yesterday · 11:30 UTC
Where are your agents right now?
Read full article →MIT Technology Review AI
Want to get a data center online quickly? Give it some flex.
Today · 09:00 UTC
At the end of a tense and scoreless first half of a soccer match between the English men’s team and rival Germany, millions of Brits let out a collective sigh and did what they so often do in moments of stress: They made…
Read full article →Why do South Koreans love AI so much?
Yesterday · 18:46 UTC
This story originally appeared in The Algorithm, our weekly newsletter on AI. To get stories like this in your inbox first, sign up here. When I landed in Seoul after a grueling 12-hour flight from San Francisco, I walke…
Read full article →ABC Technology (AU)
Brewery fined following legal battle with Queensland council
Today · 07:07 UTC
A once popular brewery has been fined in court after shutting up shop earlier this year due to an ongoing legal battle with a Queensland council.
Read full article →Reserve Bank keeps interest rate at 4.35pc as economy slows
Today · 04:37 UTC
The Reserve Bank keeps the interest rate at 4.35pc as Australia's economy slows down.
Read full article →Craft retailer Lincraft to close rest of its stores in Australia and NZ
Today · 04:08 UTC
Retailer Lincraft will close the remainder of its shopfronts after more than 80 years of providing fabric, materials and homewares to Aussie crafters.
Read full article →Vendor Security
Rapid7 Blog
Beyond the Score: Using AI to Translate CVEs into Real-World Business Risk
CriticalYesterday · 14:44 UTC
Security leaders rarely struggle to gather data, but they often struggle to turn that data into something clear and meaningful for the business. In a typical week, a CISO might receive a report listing hundreds or even t…
Read full article →Does Your Security Programme Align With NIS2 Requirements?
CriticalYesterday · 17:24 UTC
If your organization operates in the EU, or works with organizations that do, NIS2 is no longer something on the horizon. It is here and it applies to a far wider range of sectors than its predecessor, the original NIS D…
Read full article →NIS2 is raising the bar. Here’s how to turn readiness into resilience.
CriticalYesterday · 17:29 UTC
The NIS2 directive asks covered organizations to take a more structured approach to risk management, governance, supply chain security, and incident reporting. It expands the scope of who may be covered, raises expectati…
Read full article →Mandiant Threat Intel
Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research
CriticalYesterday · 14:00 UTC
Written by: Patrick Whitsell, John McGuiness Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People's Republic of China (PRC)-nexus threat actor, targeting institu…
Read full article →Palo Alto Unit 42
Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE
CriticalToday · 10:00 UTC
Unit 42 discovered a Vertex AI Python SDK vulnerability that allows remote code execution via bucket squatting. Read the article for more. The post Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenan…
Read full article →Inside the Modern SOC: The 72-Minute Race
Yesterday · 23:00 UTC
Attackers can move from access to exfiltration in 72 minutes. Learn how modern SOC teams close the speed gap with Unit 42's AI-driven automation, threat hunting, MDR and Managed XSIAM. The post Inside the Modern SOC: The…
Read full article →Check Point Research
15th June – Threat Intelligence Report
CriticalYesterday · 13:40 UTC
For the latest discoveries in cyber research for the week of 15th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The University of Nottingham, a UK research university, has suffered a da…
Read full article →StepSecurity
400+ AUR Packages Hijacked: What the “Atomic Arch” Campaign Means for Supply-Chain Security
High13 Jun 2026 · 02:47 UTC
On June 11th 2026, security researchers and the Arch Linux community disclosed a large-scale supply-chain attack against the Arch User Repository (AUR). Attackers hijacked more than 400 community packages and turned them…
Read full article →Kaspersky Securelist
Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk
MediumToday · 09:00 UTC
Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform's built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China…
Read full article →Microsoft Security
Microsoft Defender email security benchmarking: Key insights from one year of data
Yesterday · 16:00 UTC
See how Microsoft Defender performed in one year of real-world email security benchmarking against SEG and ICES vendors. The post Microsoft Defender email security benchmarking: Key insights from one year of data appeare…
Read full article →OpenAI News
Introducing the OpenAI Partner Network
14 Jun 2026 · 17:00 UTC
OpenAI launches the Partner Network, investing $150M to help global partners accelerate enterprise AI adoption, deployment, and transformation.
Read full article →