📰

Today's News Highlights

🔐 The Hacker News Critical

The Top 10 Attack Surface Exposures in 2026

Today · 10:30 UTC

Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like Mo…

Read full article →
🏢 Rapid7 Blog Critical

Malware à la Mode: Tracking Dropping Elephant Tradecraft Through a China-Themed Loader Chain

Today · 11:20 UTC

Executive summaryRapid7 researchers have identified a sophisticated malware campaign attributed to the threat actor "Dropping Elephant," characterized by the use of a China-themed…

Read full article →
🔐 BleepingComputer Critical

CISA orders feds to patch max severity Joomla plugin flaw by Friday

Today · 10:09 UTC

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plu…

Read full article →
🏢 StepSecurity Critical

Mastra npm Supply Chain Attack: 140+ Packages Backdoored via easy-day-js Typosquat

Today · 08:24 UTC

On June 17, 2026, an attacker compromised the @mastra npm organization and quietly added easy-day-js as a dependency across 140+ packages in the Mastra AI framework ecosystem. easy…

Read full article →
🔐 BleepingComputer Critical

Microsoft working on Defender patch for RoguePlanet zero-day

Today · 08:32 UTC

Microsoft confirmed that it's working on a security patch for a Defender zero-day vulnerability named "RoguePlanet," disclosed one week ago. [...]

Read full article →
🔐 The Hacker News Critical

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Today · 09:38 UTC

Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating ar…

Read full article →

Top Stories by Impact

🔐 CISA Alerts Critical

Rockwell Automation RSLinx

Yesterday · 12:00 UTC

View CSAF Summary Successful exploitation of this vulnerability can lead to a denial of service, where the application will become unresponsive and will not recover on its own. The…

Read full article →
🔐 CISA Alerts Critical

Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP

Yesterday · 12:00 UTC

View CSAF Summary Successful exploitation of this vulnerability could cause a denial-of-service condition that may result in a major nonrecoverable fault (MNRF). The following vers…

Read full article →
🔐 CISA Alerts Critical

Rockwell Automation FLEX I/O EtherNet/IP Adapters

Yesterday · 12:00 UTC

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, account takeover, and cause loss of availability. The follow…

Read full article →
🔐 The Hacker News Critical

The Top 10 Attack Surface Exposures in 2026

Today · 10:30 UTC

Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like Mo…

Read full article →
🏢 Rapid7 Blog Critical

Does Your Security Programme Align With NIS2 Requirements?

15 Jun 2026 · 17:24 UTC

If your organization operates in the EU, or works with organizations that do, NIS2 is no longer something on the horizon. It is here and it applies to a far wider range of sectors…

Read full article →
🏢 Rapid7 Blog Critical

NIS2 is raising the bar. Here’s how to turn readiness into resilience.

15 Jun 2026 · 17:29 UTC

The NIS2 directive asks covered organizations to take a more structured approach to risk management, governance, supply chain security, and incident reporting. It expands the scope…

Read full article →
🏢 Rapid7 Blog Critical

Malware à la Mode: Tracking Dropping Elephant Tradecraft Through a China-Themed Loader Chain

Today · 11:20 UTC

Executive summaryRapid7 researchers have identified a sophisticated malware campaign attributed to the threat actor "Dropping Elephant," characterized by the use of a China-themed…

Read full article →
🔐 BleepingComputer Critical

CISA orders feds to patch max severity Joomla plugin flaw by Friday

Today · 10:09 UTC

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plu…

Read full article →
🔐

Cybersecurity

CISA Alerts

1

Rockwell Automation RSLinx

Critical

Yesterday · 12:00 UTC

View CSAF Summary Successful exploitation of this vulnerability can lead to a denial of service, where the application will become unresponsive and will not recover on its own. The following versions of RSLinx Classic Th…

Read full article →
2

Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP

Critical

Yesterday · 12:00 UTC

View CSAF Summary Successful exploitation of this vulnerability could cause a denial-of-service condition that may result in a major nonrecoverable fault (MNRF). The following versions of Rockwell Automation Logix 5370 &…

Read full article →
3

Rockwell Automation FLEX I/O EtherNet/IP Adapters

Critical

Yesterday · 12:00 UTC

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access, account takeover, and cause loss of availability. The following versions of Rockwell Automation FLEX…

Read full article →

The Hacker News

1

The Top 10 Attack Surface Exposures in 2026

Critical

Today · 10:30 UTC

Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like MongoBleed earlier this year, which let at…

Read full article →
2

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Critical

Today · 09:38 UTC

Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys…

Read full article →
3

Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization

Today · 11:58 UTC

For security teams, the findings never stop, but confidence in knowing which ones matter is becoming harder to maintain. The problem is no longer visibility. It's validation. Security teams must decide which findings war…

Read full article →

BleepingComputer

1

CISA orders feds to patch max severity Joomla plugin flaw by Friday

Critical

Today · 10:09 UTC

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in…

Read full article →
2

Microsoft working on Defender patch for RoguePlanet zero-day

Critical

Today · 08:32 UTC

Microsoft confirmed that it's working on a security patch for a Defender zero-day vulnerability named "RoguePlanet," disclosed one week ago. [...]

Read full article →
3

Microsoft confirms Office apps launch issues after June updates

Today · 11:54 UTC

Microsoft is investigating a new issue preventing third-party applications from launching Microsoft Office applications or opening documents on up-to-date Windows systems. [...]

Read full article →

Cloudflare Blog

1

Project Glasswing: what Mythos showed us

High

18 May 2026

Cloudflare shares findings from testing Mythos and other security-focused LLMs against live code across critical infrastructure, including model strengths, weaknesses, and what is needed before this work can scale.

Read full article →

Dark Reading

1

Fileless Phantom Stealer Targets Browser Credentials

High

Yesterday · 22:26 UTC

In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques designed to frustrate detection.

Read full article →
2

Security Community Slams US Ban on Exporting Mythos, Fable

Yesterday · 22:00 UTC

An open letter signed by dozens of security experts asked the government to reverse export restrictions on Anthropic's Claude Fable 5 and Mythos 5 models.

Read full article →
3

UK Social Media Ban for Minors Has Privacy Experts Worried

Today · 08:00 UTC

The UK will ban adolescents under 16 years old from user-to-user social-media platforms, despite age-verification issues and privacy concerns.

Read full article →

Infosecurity Magazine

1

AI Threats and Alert Fatigue Challenge Cybersecurity Teams

High

Today · 12:30 UTC

Filigran survey at Infosecurity Europe 2026 reveals AI-powered attacks as the top concern, with false positives, alert fatigue and manual processes draining security teams

Read full article →
2

EU Security Experts to Support Ukrainian Organizations in Case of Cyber-Attacks

Medium

Today · 09:45 UTC

Ukraine has been added to the EU Cybersecurity Reserve, which provides incident response services against large-scale incidents

Read full article →
3

Fifteen JetBrains Marketplace Plugins Found Stealing API Keys

Today · 09:10 UTC

Aikido Security has discovered at least 15 IDE plugins on the JetBrains Marketplace

Read full article →

Schneier on Security

1

AI Use by the US Government

Medium

Today · 11:04 UTC

On 14 April, the Trump administration quietly acknowledged the widespread use of AI to automate government processes. The office of management and budget (OMB) disclosed a staggering 3,611 active or planned use cases for…

Read full article →
2

The FCC Wants to Eliminate Burner Phones

15 Jun 2026 · 11:01 UTC

A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country’s telecoms to store a wealth of personal information ab…

Read full article →
3

Flock Cameras Are Being Used for Stalking

Yesterday · 11:03 UTC

There are over a dozen cases around the country where police officers are using the Flock surveillance camera system to obsessively and illegally stalk people. Alternate link.

Read full article →

CyberScoop

1

AI’s constant patching treadmill can be a security problem

Medium

Yesterday · 20:32 UTC

The breakneck speed of model releases may be creating short, silent security gaps as developers must choose between performance and security, according to a new report. The post AI’s constant patching treadmill can be a…

Read full article →
2

A case for how to shape ‘ingredient lists’ for AI models

Yesterday · 16:00 UTC

AI bills of materials (AIBOMs), modeled on standards that worked for software, could transform how policymakers understand and regulate AI. A new roadmap outlines what they need to include and how to get there. The post…

Read full article →
3

Lawmakers leary about Trump administration’s Anthropic order

Yesterday · 21:03 UTC

Some panned it, some said they needed more information, but caution figured into all of the responses. The post Lawmakers leary about Trump administration’s Anthropic order appeared first on CyberScoop.

Read full article →

Cybercrime Magazine

1

Virtual Or Full-Time CISO: ROI Calculator On Security Leadership

Yesterday · 12:19 UTC

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 16, 2026 – Read the full story from LinkedIn The 2026 CISO Report by Cybersecurity Ventures, published in partnership with Sopho…

Read full article →
2

Cybercrime is Accelerating: Preparing the Next Wave of Cybersecurity Experts

15 Jun 2026 · 13:14 UTC

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 15, 2026 – Read the full story from CMBlog By harnessing AI, cybercriminals are developing increasingly sophisticated techniques…

Read full article →

SANS Internet Storm Center

1

From a VHDX File to a Remcos RAT, (Tue, Jun 16th)

Yesterday · 07:09 UTC

Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094[1]). Once unzipped, it contains a VHDX file that discloses a malicious JavaScript after…

Read full article →
2

ISC Stormcast For Wednesday, June 17th, 2026 https://isc.sans.edu/podcastdetail/9976, (Wed, Jun 17th)

Today · 02:00 UTC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read full article →
3

ISC Stormcast For Tuesday, June 16th, 2026 https://isc.sans.edu/podcastdetail/9974, (Tue, Jun 16th)

Yesterday · 02:00 UTC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read full article →

Ars Technica

1

Trump admin tries to block Clean Air Act lawsuit over xAI's gas turbines

Yesterday · 22:22 UTC

NAACP lawsuit says xAI uses gas turbines without permits for Grok data center.

Read full article →
2

Year of free HPE software a “step in the correct direction” in VMware rivalry

Yesterday · 22:11 UTC

Partner tells Ars that HPE should be giving out more free VM Essentials licenses.

Read full article →
3

Cockroaches scurry around with thousands of pieces of bacterial genomes

Yesterday · 21:54 UTC

Transferring genes across species doesn't just happen in microbes.

Read full article →
🤖

AI & Technology

ITNews Australia

1

Access control flaw left FIFA World Cup match streams wide-open

Medium

Today · 03:09 UTC

Researcher could've controlled cameras and captured live stream keys.

Read full article →
2

NT Corrections to get electronic rostering system

Yesterday · 19:28 UTC

Commercial off-the-shelf platform to be used.

Read full article →
3

US closes probe into 2024 Delta Air Lines meltdown

Yesterday · 18:32 UTC

Sparked by CrowdStrike outage.

Read full article →

TechCrunch AI

1

DeepL acquires Mixhalo for live-event audio streaming and translation

Today · 12:14 UTC

With this acquisition, DeepL is opening an office in San Francisco to expand its U.S. business.

Read full article →
2

Pinterest launches an experimental AI shopping app called ‘Ask Pinterest’

Today · 11:00 UTC

Pinterest has launched 'Ask Pinterest,' an experimental AI-powered shopping app that lets users seek recommendations and inspiration through a conversational interface.

Read full article →
3

Anthropic’s latest feud with the Trump admin may actually help it, sales data suggests

Yesterday · 22:34 UTC

Anthropic's popularity with business users is growing so well that the latest beef with the government might actually boost it, data from Ramp suggests.

Read full article →

The Guardian Technology

1

Anthropic releases 'safe' version of Claude Mythos AI model to public

9 Jun 2026 · 22:28 UTC

Anthropic released Fable 5, a public version of its advanced Mythos AI model class, while keeping tighter controls around cybersecurity and other sensitive uses.

Read full article →

Wired AI

1

‘Dangerous’ AI Models Are Coming No Matter What

Yesterday · 17:50 UTC

The US government crackdown on Anthropic’s Claude Fable 5 and Mythos 5 hides a glaring truth: AI models with advanced hacking capabilities will soon be the norm.

Read full article →
2

My Father Wants to Age in Place. AI Will Be Watching

Yesterday · 14:00 UTC

Devices that monitor seniors for safety are appealing to worried loved ones and underresourced home care agencies.

Read full article →
3

What Do We Need From Our Homes Right Now?

Yesterday · 14:00 UTC

The global editorial directors of WIRED and Architectural Digest on teaming up to help you understand how we live today, and what comes next.

Read full article →

Ars Technica AI

1

Pentagon boasts of using AI to write reports mandated by Congress

Yesterday · 18:11 UTC

Pentagon also claims 1.5 million personnel are using generative AI tools.

Read full article →
2

Trump admin tries to block Clean Air Act lawsuit over xAI's gas turbines

Yesterday · 22:22 UTC

NAACP lawsuit says xAI uses gas turbines without permits for Grok data center.

Read full article →
3

Anthropic "pauses" token-based billing for its Claude Agent SDK

Yesterday · 21:00 UTC

Move originally planned for Monday would have heavily increased power users' costs.

Read full article →

Import AI

1

Import AI 461: "Alignment is not on track"; FrontierCode; and synthetic research interns

15 Jun 2026 · 11:30 UTC

Where are your agents right now?

Read full article →

The Guardian Technology

1

France to ditch Palantir’s AI data tools in favour of domestic provider

Yesterday · 17:08 UTC

Move to ChapsVision is to avoid ‘strategic dependencies’, says PM amid concern about reliance on US-controlled toolsFrance’s domestic intelligence service is to ditch AI data tools from the US tech company Palantir in fa…

Read full article →
2

SpaceX overtakes Amazon to become world’s fifth most valuable company

Yesterday · 18:37 UTC

Elon Musk’s firm briefly reached $2.97tn valuation days after its IPO following purchase of AI coding startup CursorSpaceX has overtaken Amazon to become the world’s fifth most valuable company days after its stock marke…

Read full article →
3

UK ministers lobby Trump to avert backlash against social media ban

Yesterday · 08:05 UTC

No 10 is worried about retaliation from White House over restrictions on under-16s’ internet useMinisters have embarked on a concerted lobbying operation to prevent a backlash from the Trump administration to the under-1…

Read full article →

MIT Technology Review AI

1

Want to get a data center online quickly? Give it some flex.

Yesterday · 09:00 UTC

At the end of a tense and scoreless first half of a soccer match between the English men’s team and rival Germany, millions of Brits let out a collective sigh and did what they so often do in moments of stress: They made…

Read full article →
2

Why do South Koreans love AI so much?

15 Jun 2026 · 18:46 UTC

This story originally appeared in The Algorithm, our weekly newsletter on AI. To get stories like this in your inbox first, sign up here. When I landed in Seoul after a grueling 12-hour flight from San Francisco, I walke…

Read full article →

The Verge

1

Will Matter finally be able to do what it should have always done?

Today · 12:00 UTC

Matter, the smart home interoperability standard, might finally get a feature that should have been there from day one: a single shared Matter network managed by multiple ecosystems. With this feature, called Joint Fabri…

Read full article →
2

Final Fantasy meets Zelda? Yes, please

Today · 12:00 UTC

Let's be real: There's no shortage of Zelda-style games to play right now. That's true even if you've exhausted all there is to see in Tears of the Kingdom or Echoes of Wisdom. Indie developers keep finding new ways to r…

Read full article →
3

My backyard made me a color-changing smart lighting convert

Today · 11:30 UTC

I'll admit it. I was wrong. Wildly colorful lighting is delightful for your smart home - well, outdoors, at least. Smart lighting is one of my favorite features of the smart home - it combines convenience with ambiance,…

Read full article →

Google DeepMind

1

Unlocking UK house-building with AI-accelerated planning

Yesterday · 21:29 UTC

UK government partners with Google DeepMind to build a new AI-powered prototype aimed at faster housing decisions.

Read full article →

NVIDIA AI Blog

1

Hands Free, AIs Forward: NVIDIA XR AI Brings Agents to AR Glasses

Yesterday · 22:30 UTC

NVIDIA XR AI is now available in public beta, giving developers a framework for building multimodal AI agents for AR glasses and XR devices.

Read full article →
2

Coherent Breaks Ground on Expanded Texas Facility, Scaling AI’s Optical Backbone

Yesterday · 22:10 UTC

AI runs at the speed of light. More and more, that light is made in Texas. Coherent broke ground today on an expanded manufacturing building in Sherman, Texas. The company makes the lasers, optical components and compoun…

Read full article →
3

HPE AI Factory With NVIDIA Expands for the Era of Agents

Yesterday · 16:30 UTC

Enterprises are moving agentic AI from proof of concept to production — and the next generation of AI factories are built for the era of agents. At HPE Discover Las Vegas, running through Thursday, June 18, NVIDIA and HP…

Read full article →

ABC Technology (AU)

1

NT's new climate resilience plan lists gas project as top priority

Today · 07:32 UTC

The Northern Territory government's newly released climate resilience plan has listed the acceleration of gas extraction at the Beetaloo Basin as a top priority. Environment groups have fiercely criticised the plan, sayi…

Read full article →
2

RBA warns financial industry to prepare for 'more shock-prone future'

Today · 07:30 UTC

A new era of strategic uncertainty has serious implications for Australia's financial industry, the Reserve Bank warns.

Read full article →
3

Glue Store closes after posting $8.4m loss as economic pain hits retailers

Today · 02:35 UTC

Glue Store announces its permanent closure, becoming the latest Australian retailer to fail this year.

Read full article →
🏢

Vendor Security

Rapid7 Blog

1

Does Your Security Programme Align With NIS2 Requirements?

Critical

15 Jun 2026 · 17:24 UTC

If your organization operates in the EU, or works with organizations that do, NIS2 is no longer something on the horizon. It is here and it applies to a far wider range of sectors than its predecessor, the original NIS D…

Read full article →
2

NIS2 is raising the bar. Here’s how to turn readiness into resilience.

Critical

15 Jun 2026 · 17:29 UTC

The NIS2 directive asks covered organizations to take a more structured approach to risk management, governance, supply chain security, and incident reporting. It expands the scope of who may be covered, raises expectati…

Read full article →
3

Malware à la Mode: Tracking Dropping Elephant Tradecraft Through a China-Themed Loader Chain

Critical

Today · 11:20 UTC

Executive summaryRapid7 researchers have identified a sophisticated malware campaign attributed to the threat actor "Dropping Elephant," characterized by the use of a China-themed decoy document to deliver a heavily rewo…

Read full article →

StepSecurity

1

Mastra npm Supply Chain Attack: 140+ Packages Backdoored via easy-day-js Typosquat

Critical

Today · 08:24 UTC

On June 17, 2026, an attacker compromised the @mastra npm organization and quietly added easy-day-js as a dependency across 140+ packages in the Mastra AI framework ecosystem. easy-day-js is a typosquat of the popular da…

Read full article →
2

Prevent npm and Python Supply Chain Attacks on Developer Machines with Package Configs

High

Yesterday · 21:05 UTC

npm and Python supply chain attacks run on developer machines and steal secrets. See how Package Configs audits registry, cooldown, and auth across your fleet

Read full article →

Palo Alto Unit 42

1

Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE

Critical

Yesterday · 10:00 UTC

Unit 42 discovered a Vertex AI Python SDK vulnerability that allows remote code execution via bucket squatting. Read the article for more. The post Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenan…

Read full article →
2

Inside the Modern SOC: The 72-Minute Race

15 Jun 2026 · 23:00 UTC

Attackers can move from access to exfiltration in 72 minutes. Learn how modern SOC teams close the speed gap with Unit 42's AI-driven automation, threat hunting, MDR and Managed XSIAM. The post Inside the Modern SOC: The…

Read full article →

Check Point Research

1

15th June – Threat Intelligence Report

Critical

15 Jun 2026 · 13:40 UTC

For the latest discoveries in cyber research for the week of 15th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The University of Nottingham, a UK research university, has suffered a da…

Read full article →

AWS Security

1

Threat tactic spotlight: Subdomain takeover

High

Yesterday · 17:53 UTC

In this blog post you’ll learn how to detect and prevent subdomain takeover – a tactic where threat actors exploit dangling DNS records to redirect traffic to attacker-controlled resources. We’ll explain the issue, how t…

Read full article →

Kaspersky Securelist

1

Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk

Medium

Yesterday · 09:00 UTC

Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform's built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China…

Read full article →

Microsoft Security

1

Microsoft Defender email security benchmarking: Key insights from one year of data

15 Jun 2026 · 16:00 UTC

See how Microsoft Defender performed in one year of real-world email security benchmarking against SEG and ICES vendors. The post Microsoft Defender email security benchmarking: Key insights from one year of data appeare…

Read full article →

OpenAI News

1

Predicting model behavior before release by simulating deployment

Yesterday · 00:00 UTC

OpenAI introduces Deployment Simulation, a method to predict AI model behavior before deployment using real conversation data to improve safety and evaluation accuracy.

Read full article →
2

Introducing the OpenAI Partner Network

14 Jun 2026 · 17:00 UTC

OpenAI launches the Partner Network, investing $150M to help global partners accelerate enterprise AI adoption, deployment, and transformation.

Read full article →

CrowdStrike Blog

1

Falcon Exposure Management Now Available for Third-Party Environments

Yesterday · 05:00 UTC

Read full article →
2

CrowdStrike Announces Continuous Identity for AI Agents

15 Jun 2026 · 05:00 UTC

Read full article →