📰

Today's News Highlights

🔐 The Hacker News Critical

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Today · 09:56 UTC

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-…

Read full article →
🔐 BleepingComputer Critical

Microsoft links Mastra AI supply chain attack to North Korean hackers

Today · 14:09 UTC

Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoro…

Read full article →
🏢 Palo Alto Unit 42 High

Threat Brief: Mitigating Large-Scale Credential Attacks

Today · 02:05 UTC

We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors' devices. The post Threat Brief: Mitiga…

Read full article →
🤖 The Guardian Technology Medium

Key Trump allies and Musk on leaked list for secretive Peter Thiel retreat

Today · 12:00 UTC

Figures including Jared Kushner and Scott Bessent named in directory of Dialog participants that was exposed onlineA website leak has exposed participants in the secretive, Peter T…

Read full article →
🔐 Ars Technica

The UK will scan asylum-seekers’ faces for age checks—despite knowing the tech is flawed

Today · 11:15 UTC

Tests of age-verification technology show the risks of life-altering errors.

Read full article →
🤖 The Guardian Technology

A viral doomsday scenario aims to shake Europe out of its AI complacency

Today · 09:59 UTC

Does a thought-experiment about US ascendancy in the technology say as much about AI jitters as it does about the reality?It’s 2031 and the US and China are about to tear Europe in…

Read full article →

Top Stories by Impact

🏢 Rapid7 Blog Critical

Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

Yesterday · 17:08 UTC

This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation s…

Read full article →
🔐 The Hacker News Critical

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Today · 09:56 UTC

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-…

Read full article →
🔐 CISA Alerts Critical

AzeoTech DAQFactory

18 Jun 2026 · 12:00 UTC

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution. The following vers…

Read full article →
🔐 CISA Alerts Critical

Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT

18 Jun 2026 · 12:00 UTC

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive health-related information and prevent legitimate users from establis…

Read full article →
🏢 Rapid7 Blog Critical

Malware à la Mode: Tracking Dropping Elephant Tradecraft Through a China-Themed Loader Chain

17 Jun 2026 · 11:20 UTC

Executive summaryRapid7 researchers have identified a sophisticated malware campaign attributed to the threat actor "Dropping Elephant," characterized by the use of a China-themed…

Read full article →
🏢 Rapid7 Blog Critical

Why Security Teams Need To Start Earlier

18 Jun 2026 · 14:45 UTC

Security leaders are facing an unusual set of circumstances. The drumbeat for better security prioritization has been rising for years in boardrooms around the world. The desire is…

Read full article →
🏢 Microsoft Security Critical

AutoJack: How a single page can RCE the host running your AI agent

Yesterday · 00:17 UTC

AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in…

Read full article →
🔐 The Hacker News Critical

Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

Yesterday · 18:37 UTC

Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips.…

Read full article →
🔐

Cybersecurity

The Hacker News

1

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Critical

Today · 09:56 UTC

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium…

Read full article →
2

Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

Critical

Yesterday · 18:37 UTC

Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips. That code is burned into the silicon at…

Read full article →
3

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes

High

Yesterday · 18:33 UTC

The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affiliates for impairing system defenses before…

Read full article →

CISA Alerts

1

AzeoTech DAQFactory

Critical

18 Jun 2026 · 12:00 UTC

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution. The following versions of AzeoTech DAQFactory are affected…

Read full article →
2

Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT

Critical

18 Jun 2026 · 12:00 UTC

View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive health-related information and prevent legitimate users from establishing a connection with the device. The f…

Read full article →
3

CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure

Critical

18 Jun 2026 · 12:00 UTC

CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials. This activity, referred to…

Read full article →

BleepingComputer

1

Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin

Critical

Yesterday · 20:25 UTC

Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. [...]

Read full article →
2

Klue OAuth breach victim list grows as Icarus hackers claim attack

Critical

Yesterday · 22:31 UTC

Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers' Salesforce environments, as the new "Icarus" extortion gr…

Read full article →
3

Microsoft links Mastra AI supply chain attack to North Korean hackers

Critical

Today · 14:09 UTC

Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. [...]

Read full article →

Infosecurity Magazine

1

Operation Endgame Disrupts Malware Network Linked to Major Ransomware Gang

Critical

Yesterday · 10:15 UTC

SocGholish malware has been removed from 15,000 sites associated with Evil Corp hackers

Read full article →
2

AWS Unveils 'Continuum,' an AI-Powered Vulnerability Management Platform

Medium

Yesterday · 11:00 UTC

Working with frontier AI models, this new platform aims to help discovering, prioritizing, validating and remediating code vulnerabilities

Read full article →
3

Confidence Lacks in Threat Detection Across Non-Email Channels like Slack and Teams

Medium

Yesterday · 09:00 UTC

Half of cybersecurity leaders lack confidence in detecting threats on Slack, Teams and other non-email platforms, despite growing attacker focus

Read full article →

Cloudflare Blog

1

Project Glasswing: what Mythos showed us

High

18 May 2026

Cloudflare shares findings from testing Mythos and other security-focused LLMs against live code across critical infrastructure, including model strengths, weaknesses, and what is needed before this work can scale.

Read full article →

CyberScoop

1

Authorities disrupt Evil Corp’s SocGholish botnet

Medium

18 Jun 2026 · 22:03 UTC

Cybersecurity firms, researchers and officials took down 106 servers and remediated nearly 15,000 sites that were infected with the malware. The post Authorities disrupt Evil Corp’s SocGholish botnet appeared first on Cy…

Read full article →
2

How software development’s speed obsession enabled TeamPCP’s chaos crusade

18 Jun 2026 · 15:25 UTC

The threat group’s remarkable success targeting open-source software was inevitable and fueled by the industry’s decision to prioritize code shipping over security. The post How software development’s speed obsession ena…

Read full article →
3

Congress tees up No FAKES Act, aiming at AI-generated deepfakes

18 Jun 2026 · 20:20 UTC

While preventing third parties from profiting off unauthorized deepfakes of artists and performers is a bipartisan concern, some business and digital rights groups are opposed. The post Congress tees up No FAKES Act, aim…

Read full article →

Dark Reading

1

Novo Nordisk Breach Exposes Software Development Pipeline Risk

Medium

18 Jun 2026 · 20:05 UTC

A leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem.

Read full article →
2

Stressors, AI Forcing Changes to Cybersecurity Teams

Yesterday · 13:00 UTC

As threats proliferate and AI complicates cybersecurity, CISOs say the job is getting harder, but more companies still want cybersecurity expertise, if even on a part-time basis.

Read full article →
3

Operation Escaneo Signals Shift in LatAm Threat Landscape

18 Jun 2026 · 19:09 UTC

The threat group's curious business model may combine opportunistic monetization alongside intel collection, without much coordination between the two.

Read full article →

Schneier on Security

1

Embedding Forbidden Text in Spyware to Discourage AI Analysis

18 Jun 2026 · 11:04 UTC

At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The _index.js payload begins with a large JavaScript block comment…

Read full article →
2

Friday Squid Blogging: Victims of Unregulated Squid Fishing

Yesterday · 21:03 UTC

Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article. As usual, you can also use this squid post to talk about the security stories in the news that I hav…

Read full article →
3

Anthropic’s Fable and the State of AI

Yesterday · 11:03 UTC

On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from acces…

Read full article →

SANS Internet Storm Center

1

The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th)

18 Jun 2026 · 01:49 UTC

[This is a Guest Diary by Adam Nason, an ISC intern as part of the SANS.edu BACS program]

Read full article →
2

eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address, (Fri, Jun 19th)

Yesterday · 08:37 UTC

I detected an interesting phishing email this morning. It targets a major Belgian bank:

Read full article →
3

ISC Stormcast For Thursday, June 18th, 2026 https://isc.sans.edu/podcastdetail/9978, (Thu, Jun 18th)

18 Jun 2026 · 02:00 UTC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read full article →

Ars Technica

1

The UK will scan asylum-seekers’ faces for age checks—despite knowing the tech is flawed

Today · 11:15 UTC

Tests of age-verification technology show the risks of life-altering errors.

Read full article →
2

Rocket Report: Rebuild begins at Blue Origin launch pad; Relativity targets Mars

Yesterday · 13:36 UTC

A French launch startup is scrapping the name of its rocket, apparently due to a trademark issue.

Read full article →
3

As global warming threatens corals, scientists search for reefs that can take the heat

Yesterday · 11:15 UTC

Researchers say these coral strongholds may help repopulate more degraded reefs.

Read full article →

Krebs on Security

1

‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm

18 Jun 2026 · 17:37 UTC

For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. Thi…

Read full article →

Cybercrime Magazine

1

Nir Zuk: Backstory of a Cybersecurity Legend

17 Jun 2026 · 13:20 UTC

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 17, 2026 – Watch the YouTube video “I started my cybersecurity ‘career’ as one of the earlier virus developers in the world,” Ni…

Read full article →
🤖

AI & Technology

The Guardian Technology

1

Key Trump allies and Musk on leaked list for secretive Peter Thiel retreat

Medium

Today · 12:00 UTC

Figures including Jared Kushner and Scott Bessent named in directory of Dialog participants that was exposed onlineA website leak has exposed participants in the secretive, Peter Thiel-founded Dialog retreats which inclu…

Read full article →
2

A viral doomsday scenario aims to shake Europe out of its AI complacency

Today · 09:59 UTC

Does a thought-experiment about US ascendancy in the technology say as much about AI jitters as it does about the reality?It’s 2031 and the US and China are about to tear Europe into pieces.The US ploughed vast sums into…

Read full article →
3

On the trail of the dotcom queen: how Julie Meyer left a pattern of unpaid bills, missing funds and broken dreams in her wake

Yesterday · 07:00 UTC

Investigation: The entrepreneur was once the toast of London’s tech scene, a ‘global leader of tomorrow’ who starred on Dragons’ Den and promised untold riches for the startups she championed. But people she worked with…

Read full article →

ITNews Australia

1

ASD draws a hard line on developers lacking security skills

Medium

18 Jun 2026 · 01:36 UTC

Updated ASD ISM drops with new and revised controls.

Read full article →
2

CBA appoints new group CIO

18 Jun 2026 · 23:35 UTC

Elevates CTO to executive leadership team.

Read full article →
3

LMG bets on Slack as an enterprise platform

18 Jun 2026 · 04:02 UTC

Unifies company messaging in move away from email.

Read full article →

The Guardian Technology

1

Anthropic releases 'safe' version of Claude Mythos AI model to public

9 Jun 2026 · 22:28 UTC

Anthropic released Fable 5, a public version of its advanced Mythos AI model class, while keeping tighter controls around cybersecurity and other sensitive uses.

Read full article →

TechCrunch AI

1

Is the US government’s Anthropic ban accidentally helping the brand?

Yesterday · 16:08 UTC

Just as last week was ending, the US government forced Anthropic to pull its two newest models, Fable 5 and Mythos 5, citing national security concerns after Amazon researchers allegedly found a way to bypass Fable 5’s g…

Read full article →
2

The US banned Anthropic’s Fable 5 release, but the numbers don’t seem to care

Yesterday · 16:01 UTC

Just as last week was ending, the US government forced Anthropic to pull its two newest models, Fable 5 and Mythos 5, citing national security concerns after Amazon researchers allegedly found a way to bypass Fable 5’s g…

Read full article →
3

From PGP to Mythos: a brief history of export controls that didn’t stop anyone

Yesterday · 22:40 UTC

For the last 30 years, stopping the flow of cybersecurity-related software has proven to be ineffective. It's unclear why it would work now with Anthropic’s cybersecurity model Mythos.

Read full article →

MIT Technology Review AI

1

A startup claims it broke through a bottleneck that’s holding back LLMs

Yesterday · 10:40 UTC

Miami-based AI startup Subquadratic came out of stealth mode last month with a huge claim. It announced that it had solved a mathematical bottleneck that had been holding back large language models for almost a decade. T…

Read full article →

The Verge

1

Moves of the Diamond Hand is an unfinished, irresistibly weird dice-based RPG

Today · 14:00 UTC

From its opening minutes, Moves of the Diamond Hand is upfront about what it offers: You're going to have a lot of strange conversations, and you're going to roll a lot of dice. Get on board with this proposition, and th…

Read full article →
2

Toy Story has the right take on tech

Today · 12:00 UTC

Hi, friends! Welcome to Installer No. 133, your guide to the best and Verge-iest stuff in the world. (If you're new here, welcome, happy belated Juneteenth, and also you can read all the old editions at the Installer hom…

Read full article →
3

SwitchBot’s Standing Circulator Fan is worth fighting for

Today · 07:00 UTC

I can't remember the last time I got excited about a fan. Normally, I just buy whatever Vornado or Dreo model fits my budget, but that was before I started testing the battery-powered Standing Circulator Fan from SwitchB…

Read full article →

Wired AI

1

Siri AI Hands On: A Smart, Helpful Assistant

Today · 10:00 UTC

The new Siri AI is conversational, omnipresent, and actually helpful.

Read full article →
2

How the Peter Thiel-Linked Dialog Club Secretly Ranks Its Members

18 Jun 2026 · 22:12 UTC

Leaked files show the invite-only network grades members by their money and fame, shaping who’s in, who’s out, and who pays.

Read full article →
3

The White House Is Making Up Its Rules for AI in Real Time

18 Jun 2026 · 21:03 UTC

Anthropic still can’t distribute Claude Mythos or Fable 5 after running afoul of the Trump administration. But no one can say exactly what the company did wrong.

Read full article →

Ars Technica AI

1

As China looms, Taiwan makes more drones for defense and the US military

18 Jun 2026 · 21:21 UTC

Taiwan's drone spending plans for defense could also boost business overseas.

Read full article →
2

Bernie Sanders unveils $7 trillion plan to give Americans control of AI industry

18 Jun 2026 · 17:02 UTC

Biggest AI firms will likely recoil at Bernie Sanders' AI wealth fund.

Read full article →
3

AI coding agents taught robots how to install GPUs and cut zip ties

17 Jun 2026 · 19:25 UTC

Nvidia's self-improvement program for robots enlists teams of AI coding agents.

Read full article →

NVIDIA AI Blog

1

How FERC’s Large-Load Interconnection Actions Help Address Grid Stress, Improve Affordability

18 Jun 2026 · 20:00 UTC

In a consequential grid infrastructure decision, the Federal Energy Regulatory Commission (FERC) today issued a major milestone on large-load interconnection impacting how those building AI factories, semiconductor fabri…

Read full article →
2

At Cannes Lions, NVIDIA Partners Reshape Advertising and Marketing With AI

18 Jun 2026 · 13:00 UTC

The digital era gave the advertising and marketing industry speed; the AI era is giving it autonomous operations. For companies building next-generation technologies for advertising and marketing, the question is no long…

Read full article →
3

Sync and Stream: GeForce NOW Connects to Members’ Game Libraries Across Devices

18 Jun 2026 · 13:00 UTC

Play favorite titles from popular game libraries, keep progress synced and jump back into gaming sessions on virtually any device. That’s the power of GeForce NOW cloud gaming. From providing access to members’ favorite…

Read full article →

ABC Technology (AU)

1

Proposed urea plant secures $2.4b worth of deals without being built

Today · 02:00 UTC

The Australian Fertilizer Corporation has secured offtake agreements with international and domestic customers to sell its entire production capacity, despite not yet being built.

Read full article →
2

Peanut industry confidence returns after Crumptons takes over Bega sites

Yesterday · 20:30 UTC

After being tossed a lifeline last year, Queensland's peanut harvest is in full swing with plans in place to help the industry thrive once again.

Read full article →
3

Getting rid of an old fridge? Here's what you need to know

Yesterday · 18:30 UTC

Chemicals hiding in old fridges and air conditioners can contribute to the greenhouse gas effect if not properly disposed.

Read full article →
🏢

Vendor Security

Rapid7 Blog

1

Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

Critical

Yesterday · 17:08 UTC

This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation side, the new windows/local/ntlm_relay_2_…

Read full article →
2

Malware à la Mode: Tracking Dropping Elephant Tradecraft Through a China-Themed Loader Chain

Critical

17 Jun 2026 · 11:20 UTC

Executive summaryRapid7 researchers have identified a sophisticated malware campaign attributed to the threat actor "Dropping Elephant," characterized by the use of a China-themed decoy document to deliver a heavily rewo…

Read full article →
3

Why Security Teams Need To Start Earlier

Critical

18 Jun 2026 · 14:45 UTC

Security leaders are facing an unusual set of circumstances. The drumbeat for better security prioritization has been rising for years in boardrooms around the world. The desire is there, but the processes of the past ar…

Read full article →

Microsoft Security

1

AutoJack: How a single page can RCE the host running your AI agent

Critical

Yesterday · 00:17 UTC

AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in localhost, missing authentication, and u…

Read full article →
2

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

High

18 Jun 2026 · 03:43 UTC

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend against supply chain attacks using Microsoft Defender and actionable threat intelligence. The po…

Read full article →
3

New Forrester study shows customers who unified with Microsoft Security benefited from 124% ROI

18 Jun 2026 · 19:36 UTC

New Forrester Total Economic Impact™ study shows Microsoft Security consolidation delivers ROI, lowers risk, and prepares organizations to secure AI. The post New Forrester study shows customers who unified with Microsof…

Read full article →

StepSecurity

1

Mastra npm Supply Chain Attack: 140+ Packages Backdoored via easy-day-js Typosquat

Critical

18 Jun 2026 · 10:03 UTC

On June 17, 2026, an attacker compromised the @mastra npm organization and quietly added easy-day-js as a dependency across 140+ packages in the Mastra AI framework ecosystem. easy-day-js is a typosquat of the popular da…

Read full article →
2

15 Malicious JetBrains Plugins Stole AI API Keys from 70,000 Developers

Critical

Yesterday · 20:44 UTC

A coordinated 8-month supply chain attack planted credential-stealing code inside fake AI coding assistants on the JetBrains Marketplace, quietly exfiltrating OpenAI, DeepSeek, and SiliconFlow API keys to an attacker-con…

Read full article →
3

Prevent npm and Python Supply Chain Attacks on Developer Machines with Package Configs

High

18 Jun 2026 · 10:03 UTC

npm and Python supply chain attacks run on developer machines and steal secrets. See how Package Configs audits registry, cooldown, and auth across your fleet

Read full article →

Microsoft Threat Intel

1

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

High

18 Jun 2026 · 03:43 UTC

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend against supply chain attacks using Microsoft Defender and actionable threat intelligence. The po…

Read full article →

Palo Alto Unit 42

1

Threat Brief: Mitigating Large-Scale Credential Attacks

High

Today · 02:05 UTC

We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors' devices. The post Threat Brief: Mitigating Large-Scale Credential Attacks appe…

Read full article →

AWS Security

1

Accelerate security investigations with Kiro CLI

High

18 Jun 2026 · 19:24 UTC

When a security event occurs in your Amazon Web Services (AWS) environment, rapid response is critical. However security teams often struggle with time-consuming, manual processes that slow down investigations. Analysts…

Read full article →
2

Spring 2026 SOC 1 and 2 reports are now available in OSCAL format

18 Jun 2026 · 16:50 UTC

Amazon Web Services (AWS) is excited to release the Spring 2026 System and Organization Controls (SOC) 1 and 2 reports in machine-readable OSCAL format alongside the PDF version of the reports. The reports cover 188 serv…

Read full article →
3

Introducing AWS Continuum: Security at machine speed

17 Jun 2026 · 15:34 UTC

What we believe We’ve been thinking deeply about enterprise security. The operating model that served us for the past decade (collect telemetry, store it, query it, build dashboards to watch it) is no longer keeping pace…

Read full article →

CrowdStrike Blog

1

New Abuse of the ClickOnce Technology, Part 2: Stop Threat Actors from Clicking Once and Staying Forever

18 Jun 2026 · 05:00 UTC

Read full article →
2

New Abuse of the ClickOnce Technology, Part 1: The Inner Workings of ClickOnce Application Deployment

18 Jun 2026 · 05:00 UTC

Read full article →
3

After Executive Order 14409: Next Steps for Securing AI

17 Jun 2026 · 05:00 UTC

Read full article →

OpenAI News

1

New usage analytics and updated spend controls for enterprises

18 Jun 2026 · 17:00 UTC

OpenAI introduces new spend controls and usage analytics for ChatGPT Enterprise, helping organizations manage costs and scale AI with confidence.

Read full article →
2

Using AI to help physicians diagnose rare genetic diseases affecting children

18 Jun 2026 · 08:00 UTC

Researchers used an OpenAI reasoning model to help diagnose rare diseases, identifying 18 new diagnoses in previously unsolved cases.

Read full article →
3

Improving health intelligence in ChatGPT

18 Jun 2026 · 11:00 UTC

Learn how GPT-5.5 Instant improves ChatGPT’s health and wellness responses with stronger reasoning, better context, clearer communication, and physician-informed evaluations.

Read full article →

Cisco Talos

1

Close Encounters of the Human Kind

18 Jun 2026 · 18:00 UTC

In the latest Threat Source, Hazel channels her inner Spielberg to explore why humans are delightfully irrational, reminding us that while security best practices are simple in theory, they’re a lot harder to pull off wh…

Read full article →
2

Scripting the disassembler: Local agentic reverse engineering through vbdec’s live COM object model

18 Jun 2026 · 10:00 UTC

Cisco Talos detailed a new approach to reverse engineering that pairs local AI agents with traditional analysis tools like the VB6 disassembler vbdec. Instead of awkwardly bolting AI onto the software, vbdec exposes its…

Read full article →

Check Point Research

1

From Stars to Upvotes: Fake Reputation Fueling a Crypto Clipboard Hijacker

17 Jun 2026 · 13:38 UTC

Key Points Introduction In this research, we analyze a clipboard hijacker campaign that is hidden inside a collection of “solutions” and “tools” that claim to give users an unfair advantage. These offers include Solana a…

Read full article →