Today's News Highlights
The Top 10 Attack Surface Exposures in 2026
Today · 10:30 UTC
Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like Mo…
Read full article →Malware à la Mode: Tracking Dropping Elephant Tradecraft Through a China-Themed Loader Chain
Today · 11:20 UTC
Executive summaryRapid7 researchers have identified a sophisticated malware campaign attributed to the threat actor "Dropping Elephant," characterized by the use of a China-themed…
Read full article →CISA orders feds to patch max severity Joomla plugin flaw by Friday
Today · 10:09 UTC
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plu…
Read full article →Mastra npm Supply Chain Attack: 140+ Packages Backdoored via easy-day-js Typosquat
Today · 08:24 UTC
On June 17, 2026, an attacker compromised the @mastra npm organization and quietly added easy-day-js as a dependency across 140+ packages in the Mastra AI framework ecosystem. easy…
Read full article →Microsoft working on Defender patch for RoguePlanet zero-day
Today · 08:32 UTC
Microsoft confirmed that it's working on a security patch for a Defender zero-day vulnerability named "RoguePlanet," disclosed one week ago. [...]
Read full article →Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
Today · 09:38 UTC
Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating ar…
Read full article →Top Stories by Impact
Rockwell Automation RSLinx
Yesterday · 12:00 UTC
View CSAF Summary Successful exploitation of this vulnerability can lead to a denial of service, where the application will become unresponsive and will not recover on its own. The…
Read full article →Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP
Yesterday · 12:00 UTC
View CSAF Summary Successful exploitation of this vulnerability could cause a denial-of-service condition that may result in a major nonrecoverable fault (MNRF). The following vers…
Read full article →Rockwell Automation FLEX I/O EtherNet/IP Adapters
Yesterday · 12:00 UTC
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, account takeover, and cause loss of availability. The follow…
Read full article →The Top 10 Attack Surface Exposures in 2026
Today · 10:30 UTC
Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like Mo…
Read full article →Does Your Security Programme Align With NIS2 Requirements?
15 Jun 2026 · 17:24 UTC
If your organization operates in the EU, or works with organizations that do, NIS2 is no longer something on the horizon. It is here and it applies to a far wider range of sectors…
Read full article →NIS2 is raising the bar. Here’s how to turn readiness into resilience.
15 Jun 2026 · 17:29 UTC
The NIS2 directive asks covered organizations to take a more structured approach to risk management, governance, supply chain security, and incident reporting. It expands the scope…
Read full article →Malware à la Mode: Tracking Dropping Elephant Tradecraft Through a China-Themed Loader Chain
Today · 11:20 UTC
Executive summaryRapid7 researchers have identified a sophisticated malware campaign attributed to the threat actor "Dropping Elephant," characterized by the use of a China-themed…
Read full article →CISA orders feds to patch max severity Joomla plugin flaw by Friday
Today · 10:09 UTC
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plu…
Read full article →Cybersecurity
CISA Alerts
Rockwell Automation RSLinx
CriticalYesterday · 12:00 UTC
View CSAF Summary Successful exploitation of this vulnerability can lead to a denial of service, where the application will become unresponsive and will not recover on its own. The following versions of RSLinx Classic Th…
Read full article →Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP
CriticalYesterday · 12:00 UTC
View CSAF Summary Successful exploitation of this vulnerability could cause a denial-of-service condition that may result in a major nonrecoverable fault (MNRF). The following versions of Rockwell Automation Logix 5370 &…
Read full article →Rockwell Automation FLEX I/O EtherNet/IP Adapters
CriticalYesterday · 12:00 UTC
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, account takeover, and cause loss of availability. The following versions of Rockwell Automation FLEX…
Read full article →The Hacker News
The Top 10 Attack Surface Exposures in 2026
CriticalToday · 10:30 UTC
Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like MongoBleed earlier this year, which let at…
Read full article →Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
CriticalToday · 09:38 UTC
Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys…
Read full article →Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization
Today · 11:58 UTC
For security teams, the findings never stop, but confidence in knowing which ones matter is becoming harder to maintain. The problem is no longer visibility. It's validation. Security teams must decide which findings war…
Read full article →BleepingComputer
CISA orders feds to patch max severity Joomla plugin flaw by Friday
CriticalToday · 10:09 UTC
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in…
Read full article →Microsoft working on Defender patch for RoguePlanet zero-day
CriticalToday · 08:32 UTC
Microsoft confirmed that it's working on a security patch for a Defender zero-day vulnerability named "RoguePlanet," disclosed one week ago. [...]
Read full article →Microsoft confirms Office apps launch issues after June updates
Today · 11:54 UTC
Microsoft is investigating a new issue preventing third-party applications from launching Microsoft Office applications or opening documents on up-to-date Windows systems. [...]
Read full article →Cloudflare Blog
Project Glasswing: what Mythos showed us
High18 May 2026
Cloudflare shares findings from testing Mythos and other security-focused LLMs against live code across critical infrastructure, including model strengths, weaknesses, and what is needed before this work can scale.
Read full article →Dark Reading
Fileless Phantom Stealer Targets Browser Credentials
HighYesterday · 22:26 UTC
In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques designed to frustrate detection.
Read full article →Security Community Slams US Ban on Exporting Mythos, Fable
Yesterday · 22:00 UTC
An open letter signed by dozens of security experts asked the government to reverse export restrictions on Anthropic's Claude Fable 5 and Mythos 5 models.
Read full article →UK Social Media Ban for Minors Has Privacy Experts Worried
Today · 08:00 UTC
The UK will ban adolescents under 16 years old from user-to-user social-media platforms, despite age-verification issues and privacy concerns.
Read full article →Infosecurity Magazine
AI Threats and Alert Fatigue Challenge Cybersecurity Teams
HighToday · 12:30 UTC
Filigran survey at Infosecurity Europe 2026 reveals AI-powered attacks as the top concern, with false positives, alert fatigue and manual processes draining security teams
Read full article →EU Security Experts to Support Ukrainian Organizations in Case of Cyber-Attacks
MediumToday · 09:45 UTC
Ukraine has been added to the EU Cybersecurity Reserve, which provides incident response services against large-scale incidents
Read full article →Fifteen JetBrains Marketplace Plugins Found Stealing API Keys
Today · 09:10 UTC
Aikido Security has discovered at least 15 IDE plugins on the JetBrains Marketplace
Read full article →Schneier on Security
AI Use by the US Government
MediumToday · 11:04 UTC
On 14 April, the Trump administration quietly acknowledged the widespread use of AI to automate government processes. The office of management and budget (OMB) disclosed a staggering 3,611 active or planned use cases for…
Read full article →The FCC Wants to Eliminate Burner Phones
15 Jun 2026 · 11:01 UTC
A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country’s telecoms to store a wealth of personal information ab…
Read full article →Flock Cameras Are Being Used for Stalking
Yesterday · 11:03 UTC
There are over a dozen cases around the country where police officers are using the Flock surveillance camera system to obsessively and illegally stalk people. Alternate link.
Read full article →CyberScoop
AI’s constant patching treadmill can be a security problem
MediumYesterday · 20:32 UTC
The breakneck speed of model releases may be creating short, silent security gaps as developers must choose between performance and security, according to a new report. The post AI’s constant patching treadmill can be a…
Read full article →A case for how to shape ‘ingredient lists’ for AI models
Yesterday · 16:00 UTC
AI bills of materials (AIBOMs), modeled on standards that worked for software, could transform how policymakers understand and regulate AI. A new roadmap outlines what they need to include and how to get there. The post…
Read full article →Lawmakers leary about Trump administration’s Anthropic order
Yesterday · 21:03 UTC
Some panned it, some said they needed more information, but caution figured into all of the responses. The post Lawmakers leary about Trump administration’s Anthropic order appeared first on CyberScoop.
Read full article →Cybercrime Magazine
Virtual Or Full-Time CISO: ROI Calculator On Security Leadership
Yesterday · 12:19 UTC
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 16, 2026 – Read the full story from LinkedIn The 2026 CISO Report by Cybersecurity Ventures, published in partnership with Sopho…
Read full article →Cybercrime is Accelerating: Preparing the Next Wave of Cybersecurity Experts
15 Jun 2026 · 13:14 UTC
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 15, 2026 – Read the full story from CMBlog By harnessing AI, cybercriminals are developing increasingly sophisticated techniques…
Read full article →SANS Internet Storm Center
From a VHDX File to a Remcos RAT, (Tue, Jun 16th)
Yesterday · 07:09 UTC
Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094[1]). Once unzipped, it contains a VHDX file that discloses a malicious JavaScript after…
Read full article →ISC Stormcast For Wednesday, June 17th, 2026 https://isc.sans.edu/podcastdetail/9976, (Wed, Jun 17th)
Today · 02:00 UTC
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Read full article →ISC Stormcast For Tuesday, June 16th, 2026 https://isc.sans.edu/podcastdetail/9974, (Tue, Jun 16th)
Yesterday · 02:00 UTC
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Read full article →Ars Technica
Trump admin tries to block Clean Air Act lawsuit over xAI's gas turbines
Yesterday · 22:22 UTC
NAACP lawsuit says xAI uses gas turbines without permits for Grok data center.
Read full article →Year of free HPE software a “step in the correct direction” in VMware rivalry
Yesterday · 22:11 UTC
Partner tells Ars that HPE should be giving out more free VM Essentials licenses.
Read full article →Cockroaches scurry around with thousands of pieces of bacterial genomes
Yesterday · 21:54 UTC
Transferring genes across species doesn't just happen in microbes.
Read full article →AI & Technology
ITNews Australia
Access control flaw left FIFA World Cup match streams wide-open
MediumToday · 03:09 UTC
Researcher could've controlled cameras and captured live stream keys.
Read full article →NT Corrections to get electronic rostering system
Yesterday · 19:28 UTC
Commercial off-the-shelf platform to be used.
Read full article →US closes probe into 2024 Delta Air Lines meltdown
Yesterday · 18:32 UTC
Sparked by CrowdStrike outage.
Read full article →TechCrunch AI
DeepL acquires Mixhalo for live-event audio streaming and translation
Today · 12:14 UTC
With this acquisition, DeepL is opening an office in San Francisco to expand its U.S. business.
Read full article →Pinterest launches an experimental AI shopping app called ‘Ask Pinterest’
Today · 11:00 UTC
Pinterest has launched 'Ask Pinterest,' an experimental AI-powered shopping app that lets users seek recommendations and inspiration through a conversational interface.
Read full article →Anthropic’s latest feud with the Trump admin may actually help it, sales data suggests
Yesterday · 22:34 UTC
Anthropic's popularity with business users is growing so well that the latest beef with the government might actually boost it, data from Ramp suggests.
Read full article →The Guardian Technology
Anthropic releases 'safe' version of Claude Mythos AI model to public
9 Jun 2026 · 22:28 UTC
Anthropic released Fable 5, a public version of its advanced Mythos AI model class, while keeping tighter controls around cybersecurity and other sensitive uses.
Read full article →Wired AI
‘Dangerous’ AI Models Are Coming No Matter What
Yesterday · 17:50 UTC
The US government crackdown on Anthropic’s Claude Fable 5 and Mythos 5 hides a glaring truth: AI models with advanced hacking capabilities will soon be the norm.
Read full article →My Father Wants to Age in Place. AI Will Be Watching
Yesterday · 14:00 UTC
Devices that monitor seniors for safety are appealing to worried loved ones and underresourced home care agencies.
Read full article →What Do We Need From Our Homes Right Now?
Yesterday · 14:00 UTC
The global editorial directors of WIRED and Architectural Digest on teaming up to help you understand how we live today, and what comes next.
Read full article →Ars Technica AI
Pentagon boasts of using AI to write reports mandated by Congress
Yesterday · 18:11 UTC
Pentagon also claims 1.5 million personnel are using generative AI tools.
Read full article →Trump admin tries to block Clean Air Act lawsuit over xAI's gas turbines
Yesterday · 22:22 UTC
NAACP lawsuit says xAI uses gas turbines without permits for Grok data center.
Read full article →Anthropic "pauses" token-based billing for its Claude Agent SDK
Yesterday · 21:00 UTC
Move originally planned for Monday would have heavily increased power users' costs.
Read full article →Import AI
Import AI 461: "Alignment is not on track"; FrontierCode; and synthetic research interns
15 Jun 2026 · 11:30 UTC
Where are your agents right now?
Read full article →The Guardian Technology
France to ditch Palantir’s AI data tools in favour of domestic provider
Yesterday · 17:08 UTC
Move to ChapsVision is to avoid ‘strategic dependencies’, says PM amid concern about reliance on US-controlled toolsFrance’s domestic intelligence service is to ditch AI data tools from the US tech company Palantir in fa…
Read full article →SpaceX overtakes Amazon to become world’s fifth most valuable company
Yesterday · 18:37 UTC
Elon Musk’s firm briefly reached $2.97tn valuation days after its IPO following purchase of AI coding startup CursorSpaceX has overtaken Amazon to become the world’s fifth most valuable company days after its stock marke…
Read full article →UK ministers lobby Trump to avert backlash against social media ban
Yesterday · 08:05 UTC
No 10 is worried about retaliation from White House over restrictions on under-16s’ internet useMinisters have embarked on a concerted lobbying operation to prevent a backlash from the Trump administration to the under-1…
Read full article →MIT Technology Review AI
Want to get a data center online quickly? Give it some flex.
Yesterday · 09:00 UTC
At the end of a tense and scoreless first half of a soccer match between the English men’s team and rival Germany, millions of Brits let out a collective sigh and did what they so often do in moments of stress: They made…
Read full article →Why do South Koreans love AI so much?
15 Jun 2026 · 18:46 UTC
This story originally appeared in The Algorithm, our weekly newsletter on AI. To get stories like this in your inbox first, sign up here. When I landed in Seoul after a grueling 12-hour flight from San Francisco, I walke…
Read full article →The Verge
Will Matter finally be able to do what it should have always done?
Today · 12:00 UTC
Matter, the smart home interoperability standard, might finally get a feature that should have been there from day one: a single shared Matter network managed by multiple ecosystems. With this feature, called Joint Fabri…
Read full article →Final Fantasy meets Zelda? Yes, please
Today · 12:00 UTC
Let's be real: There's no shortage of Zelda-style games to play right now. That's true even if you've exhausted all there is to see in Tears of the Kingdom or Echoes of Wisdom. Indie developers keep finding new ways to r…
Read full article →My backyard made me a color-changing smart lighting convert
Today · 11:30 UTC
I'll admit it. I was wrong. Wildly colorful lighting is delightful for your smart home - well, outdoors, at least. Smart lighting is one of my favorite features of the smart home - it combines convenience with ambiance,…
Read full article →Google DeepMind
Unlocking UK house-building with AI-accelerated planning
Yesterday · 21:29 UTC
UK government partners with Google DeepMind to build a new AI-powered prototype aimed at faster housing decisions.
Read full article →NVIDIA AI Blog
Hands Free, AIs Forward: NVIDIA XR AI Brings Agents to AR Glasses
Yesterday · 22:30 UTC
NVIDIA XR AI is now available in public beta, giving developers a framework for building multimodal AI agents for AR glasses and XR devices.
Read full article →Coherent Breaks Ground on Expanded Texas Facility, Scaling AI’s Optical Backbone
Yesterday · 22:10 UTC
AI runs at the speed of light. More and more, that light is made in Texas. Coherent broke ground today on an expanded manufacturing building in Sherman, Texas. The company makes the lasers, optical components and compoun…
Read full article →HPE AI Factory With NVIDIA Expands for the Era of Agents
Yesterday · 16:30 UTC
Enterprises are moving agentic AI from proof of concept to production — and the next generation of AI factories are built for the era of agents. At HPE Discover Las Vegas, running through Thursday, June 18, NVIDIA and HP…
Read full article →ABC Technology (AU)
NT's new climate resilience plan lists gas project as top priority
Today · 07:32 UTC
The Northern Territory government's newly released climate resilience plan has listed the acceleration of gas extraction at the Beetaloo Basin as a top priority. Environment groups have fiercely criticised the plan, sayi…
Read full article →RBA warns financial industry to prepare for 'more shock-prone future'
Today · 07:30 UTC
A new era of strategic uncertainty has serious implications for Australia's financial industry, the Reserve Bank warns.
Read full article →Glue Store closes after posting $8.4m loss as economic pain hits retailers
Today · 02:35 UTC
Glue Store announces its permanent closure, becoming the latest Australian retailer to fail this year.
Read full article →Vendor Security
Rapid7 Blog
Does Your Security Programme Align With NIS2 Requirements?
Critical15 Jun 2026 · 17:24 UTC
If your organization operates in the EU, or works with organizations that do, NIS2 is no longer something on the horizon. It is here and it applies to a far wider range of sectors than its predecessor, the original NIS D…
Read full article →NIS2 is raising the bar. Here’s how to turn readiness into resilience.
Critical15 Jun 2026 · 17:29 UTC
The NIS2 directive asks covered organizations to take a more structured approach to risk management, governance, supply chain security, and incident reporting. It expands the scope of who may be covered, raises expectati…
Read full article →Malware à la Mode: Tracking Dropping Elephant Tradecraft Through a China-Themed Loader Chain
CriticalToday · 11:20 UTC
Executive summaryRapid7 researchers have identified a sophisticated malware campaign attributed to the threat actor "Dropping Elephant," characterized by the use of a China-themed decoy document to deliver a heavily rewo…
Read full article →StepSecurity
Mastra npm Supply Chain Attack: 140+ Packages Backdoored via easy-day-js Typosquat
CriticalToday · 08:24 UTC
On June 17, 2026, an attacker compromised the @mastra npm organization and quietly added easy-day-js as a dependency across 140+ packages in the Mastra AI framework ecosystem. easy-day-js is a typosquat of the popular da…
Read full article →Prevent npm and Python Supply Chain Attacks on Developer Machines with Package Configs
HighYesterday · 21:05 UTC
npm and Python supply chain attacks run on developer machines and steal secrets. See how Package Configs audits registry, cooldown, and auth across your fleet
Read full article →Palo Alto Unit 42
Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE
CriticalYesterday · 10:00 UTC
Unit 42 discovered a Vertex AI Python SDK vulnerability that allows remote code execution via bucket squatting. Read the article for more. The post Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenan…
Read full article →Inside the Modern SOC: The 72-Minute Race
15 Jun 2026 · 23:00 UTC
Attackers can move from access to exfiltration in 72 minutes. Learn how modern SOC teams close the speed gap with Unit 42's AI-driven automation, threat hunting, MDR and Managed XSIAM. The post Inside the Modern SOC: The…
Read full article →Check Point Research
15th June – Threat Intelligence Report
Critical15 Jun 2026 · 13:40 UTC
For the latest discoveries in cyber research for the week of 15th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The University of Nottingham, a UK research university, has suffered a da…
Read full article →AWS Security
Threat tactic spotlight: Subdomain takeover
HighYesterday · 17:53 UTC
In this blog post you’ll learn how to detect and prevent subdomain takeover – a tactic where threat actors exploit dangling DNS records to redirect traffic to attacker-controlled resources. We’ll explain the issue, how t…
Read full article →Kaspersky Securelist
Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk
MediumYesterday · 09:00 UTC
Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform's built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China…
Read full article →Microsoft Security
Microsoft Defender email security benchmarking: Key insights from one year of data
15 Jun 2026 · 16:00 UTC
See how Microsoft Defender performed in one year of real-world email security benchmarking against SEG and ICES vendors. The post Microsoft Defender email security benchmarking: Key insights from one year of data appeare…
Read full article →OpenAI News
Predicting model behavior before release by simulating deployment
Yesterday · 00:00 UTC
OpenAI introduces Deployment Simulation, a method to predict AI model behavior before deployment using real conversation data to improve safety and evaluation accuracy.
Read full article →Introducing the OpenAI Partner Network
14 Jun 2026 · 17:00 UTC
OpenAI launches the Partner Network, investing $150M to help global partners accelerate enterprise AI adoption, deployment, and transformation.
Read full article →CrowdStrike Blog
Falcon Exposure Management Now Available for Third-Party Environments
Yesterday · 05:00 UTC
Read full article →