📰

Today's News Highlights

🔐 The Hacker News Critical

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

Today · 10:55 UTC

It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mo…

Read full article →
🔐 Infosecurity Magazine Critical

Microsoft Attributes Mastra AI Supply Chain Attack to North Korea

Today · 11:30 UTC

North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers

Read full article →
🔐 Infosecurity Magazine High

Klue Breach Enables Hackers to Compromise Cybersecurity Firms via OAuth Tokens

Today · 10:15 UTC

At least five cybersecurity firms confirmed they have been affected by a breach of business intelligence platform Klue via Salesforce integration

Read full article →
🔐 The Hacker News Medium

Stop Your Legacy Infrastructure from Hijacking Your AI Agents

Today · 11:58 UTC

Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventin…

Read full article →
🤖 ABC Technology (AU)

Marinus will break energy 'deadlock' hobbling Tasmania, economist says

Today · 07:24 UTC

An economist says Marinus Link remains an investment in the national interest and will shore up Tasmania's energy security. It follows a report last week questioning the project's…

Read full article →
🔐 The Hacker News

Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices

Today · 09:11 UTC

Canada's spy service got a judge's permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federa…

Read full article →

Top Stories by Impact

🏢 Rapid7 Blog Critical

Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

19 Jun 2026 · 17:08 UTC

This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation s…

Read full article →
🏢 Microsoft Security Critical

AutoJack: How a single page can RCE the host running your AI agent

19 Jun 2026 · 00:17 UTC

AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in…

Read full article →
🔐 The Hacker News Critical

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

Today · 10:55 UTC

It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mo…

Read full article →
🔐 Infosecurity Magazine Critical

Microsoft Attributes Mastra AI Supply Chain Attack to North Korea

Today · 11:30 UTC

North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers

Read full article →
🏢 StepSecurity Critical

15 Malicious JetBrains Plugins Stole AI API Keys from 70,000 Developers

20 Jun 2026 · 19:06 UTC

A coordinated 8-month supply chain attack planted credential-stealing code inside fake AI coding assistants on the JetBrains Marketplace, quietly exfiltrating OpenAI, DeepSeek, and…

Read full article →
🔐 BleepingComputer Critical

Microsoft links Mastra AI supply chain attack to North Korean hackers

20 Jun 2026 · 14:09 UTC

Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoro…

Read full article →
🔐 Infosecurity Magazine High

Klue Breach Enables Hackers to Compromise Cybersecurity Firms via OAuth Tokens

Today · 10:15 UTC

At least five cybersecurity firms confirmed they have been affected by a breach of business intelligence platform Klue via Salesforce integration

Read full article →
🏢 Palo Alto Unit 42 High

Threat Brief: Mitigating Large-Scale Credential Attacks

20 Jun 2026 · 02:05 UTC

We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors' devices. The post Threat Brief: Mitiga…

Read full article →
🔐

Cybersecurity

The Hacker News

1

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

Critical

Today · 10:55 UTC

It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much con…

Read full article →
2

Stop Your Legacy Infrastructure from Hijacking Your AI Agents

Medium

Today · 11:58 UTC

Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventing AI security programs by using legacy i…

Read full article →
3

Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices

Today · 09:11 UTC

Canada's spy service got a judge's permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federal Court released a public version of the…

Read full article →

Infosecurity Magazine

1

Microsoft Attributes Mastra AI Supply Chain Attack to North Korea

Critical

Today · 11:30 UTC

North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers

Read full article →
2

Klue Breach Enables Hackers to Compromise Cybersecurity Firms via OAuth Tokens

High

Today · 10:15 UTC

At least five cybersecurity firms confirmed they have been affected by a breach of business intelligence platform Klue via Salesforce integration

Read full article →
3

UK Information Commissioner Resigns After Workplace Investigation

Today · 09:20 UTC

The UK’s data protection regulator the information commissioner has resigned after his position became “untenable”

Read full article →

BleepingComputer

1

Microsoft links Mastra AI supply chain attack to North Korean hackers

Critical

20 Jun 2026 · 14:09 UTC

Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. [...]

Read full article →
2

New Prinz Eugen ransomware prioritizes recent files for encryption

Medium

20 Jun 2026 · 15:23 UTC

A new ransomware operation named 'Prinz Eugen' prioritizes recently modified files for encryption and leaves no ransom note on the system. [...]

Read full article →
3

AryStinger botnet infected thousands of D-Link routers worldwide

Yesterday · 14:14 UTC

A previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into proxies for malicious traffic. [...]

Read full article →

Cloudflare Blog

1

Project Glasswing: what Mythos showed us

High

18 May 2026

Cloudflare shares findings from testing Mythos and other security-focused LLMs against live code across critical infrastructure, including model strengths, weaknesses, and what is needed before this work can scale.

Read full article →

Ars Technica

1

The UK will scan asylum-seekers’ faces for age checks—despite knowing the tech is flawed

20 Jun 2026 · 11:15 UTC

Tests of age-verification technology show the risks of life-altering errors.

Read full article →
2

Trump admin’s coal investments assist plants with repeated violations

Yesterday · 17:49 UTC

At least three coal plants have been repeatedly cited for violating environmental regulations.

Read full article →
3

Review: Widow's Bay is a boldly original take on comedic horror

Yesterday · 10:00 UTC

An eminently binge-able series that honors classic horror tropes while reinventing them in surprising ways

Read full article →

Dark Reading

1

Stressors, AI Forcing Changes to Cybersecurity Teams

19 Jun 2026 · 13:00 UTC

As threats proliferate and AI complicates cybersecurity, CISOs say the job is getting harder, but more companies still want cybersecurity expertise, if even on a part-time basis.

Read full article →

Schneier on Security

1

Friday Squid Blogging: Victims of Unregulated Squid Fishing

19 Jun 2026 · 21:03 UTC

Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article. As usual, you can also use this squid post to talk about the security stories in the news that I hav…

Read full article →
2

Anthropic’s Fable and the State of AI

19 Jun 2026 · 11:03 UTC

On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from acces…

Read full article →
3

Professional Athletes and Wearables

Today · 11:02 UTC

I haven’t thought about the privacy issues surrounding professional athletes and wearables. Wearables present serious privacy issues for “Average Joe” consumers, who are entrusting tech companies to safely store and prot…

Read full article →

Cybercrime Magazine

1

Midnight in the War Room: A Documentary On Cyber War

Today · 12:19 UTC

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 22, 2026 – Visit MidnightInTheWarRoom.com Cybersecurity Ventures predicted that cybercrime would cost the world $10.5 trillion i…

Read full article →

SANS Internet Storm Center

1

ISC Stormcast For Monday, June 22nd, 2026 https://isc.sans.edu/podcastdetail/9980, (Mon, Jun 22nd)

Today · 02:00 UTC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read full article →
2

eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address, (Fri, Jun 19th)

19 Jun 2026 · 08:37 UTC

I detected an interesting phishing email this morning. It targets a major Belgian bank:

Read full article →
🤖

AI & Technology

The Guardian Technology

1

Thirsty and power hungry: Australia is in the middle of a datacentre boom – but are they good for the economy?

Yesterday · 15:00 UTC

They’re a key part of the digital and AI economy but they come at a high environmental cost and offer few operational jobsFollow our Australia news live blog for latest updatesGet our breaking news email, free app or dai…

Read full article →
2

Brands using AI-generated influencers to promote products on social media

Yesterday · 06:00 UTC

Investigation finds AI content that purports to show genuine customers, prompting calls for greater transparencyBrands promoting their products online are quietly deploying AI-generated influencers on social media, an in…

Read full article →
3

To the tablet and beyond: does Toy Story 5 go hard enough on technology?

Yesterday · 05:00 UTC

The animated sequel sets up a tug-of-war between physical and digital play for children but is still eager not to be an anti-tech screedFor more than 30 years, Pixar’s signature Toy Story series has been entertaining chi…

Read full article →

The Guardian Technology

1

Anthropic releases 'safe' version of Claude Mythos AI model to public

9 Jun 2026 · 22:28 UTC

Anthropic released Fable 5, a public version of its advanced Mythos AI model class, while keeping tighter controls around cybersecurity and other sensitive uses.

Read full article →

ABC Technology (AU)

1

Marinus will break energy 'deadlock' hobbling Tasmania, economist says

Today · 07:24 UTC

An economist says Marinus Link remains an investment in the national interest and will shore up Tasmania's energy security. It follows a report last week questioning the project's business case.

Read full article →
2

'All eyes are on the performance' as Canberra to Bali flights take off again

Today · 07:19 UTC

Virgin Australia launches direct flights from Canberra to Bali, becoming the first Australian carrier to fly internationally out of the capital.

Read full article →
3

Bus fleet set to connect southern Gold Coast to existing light rail

Today · 00:14 UTC

The Queensland government has released the plan nine months after controversially scrapping stage 4 light rail amid community pushback.

Read full article →

ITNews Australia

1

Trump no longer views Anthropic as national security threat

Yesterday · 20:52 UTC

Says AI company responded "very ​quickly" and "responsibly."

Read full article →
2

NAB builds integrated ops hub for threat intelligence

Today · 07:27 UTC

Brings together personnel from tech, cyber, fraud and other domains.

Read full article →
3

Suncorp to have AI agents in insurance claims process as soon as this month

Yesterday · 20:49 UTC

Five agents will handle various sub-processes.

Read full article →

MIT Technology Review AI

1

A startup claims it broke through a bottleneck that’s holding back LLMs

19 Jun 2026 · 10:40 UTC

Miami-based AI startup Subquadratic came out of stealth mode last month with a huge claim. It announced that it had solved a mathematical bottleneck that had been holding back large language models for almost a decade. T…

Read full article →

The Verge

1

Read this before you vibe-code another app

Today · 11:00 UTC

Bob Starr was delighted with his vibe-coded website. "Boomberg" showed how much US tax money is going to tech companies, and Starr launched it online immediately after making it. It wasn't until months after the site wen…

Read full article →
2

Bose thinks it can be a media company for some reason

Yesterday · 18:53 UTC

The history books are littered with the corpses of corporate record labels started by companies that had no business being in the music industry. Bose thinks it can be the exception to the rule. It thinks it can be Red B…

Read full article →
3

Cold Court’s debut EP is an infectious, glitchy genre mashup

Yesterday · 17:00 UTC

Cold Court is a brother-sister duo from Philly that seems to love nothing more than shoving all of their influences together in a messy soup that at least superficially resembles the hyperpop you've come to expect from a…

Read full article →

Wired AI

1

Some Electricians Think Building Data Centers Is for Sellouts

Today · 09:30 UTC

Big Tech is throwing big money into data center buildouts. As national opposition to the facilities grows, some workers are beginning to question whether it’s worth it.

Read full article →
2

World Cup Scams Are Getting Harder to Spot

Today · 09:30 UTC

From fake tickets to cloned websites, AI is magnifying World Cup scams. Can fans distinguish between what’s real and what’s not?

Read full article →
3

28 Tips to Take Your ChatGPT Prompts to the Next Level

Yesterday · 10:30 UTC

Sure, anyone can use OpenAI’s chatbot. But with smart engineering, you can get way more interesting results.

Read full article →

TechCrunch AI

1

When the Trump administration cracks down on Anthropic, who benefits?

Yesterday · 15:28 UTC

On the new episode of Equity, we discussed what actually prompted the administration's latest moves against Anthropic, and what this might mean for the AI ecosystem.

Read full article →
2

Beyond Siri: Here are the practical AI features coming to your iPhone in iOS 27

Yesterday · 14:40 UTC

Siri’s AI overhaul may have grabbed the headlines at WWDC, but some of Apple’s most useful AI features are arriving elsewhere in iOS 27.

Read full article →
3

Signal’s Meredith Whittaker wants you to remember that AI chatbots ‘are not your friends’

20 Jun 2026 · 20:32 UTC

"These are not your friends. These are not conscious beings. These are not sentient interlocutors.”

Read full article →

NVIDIA AI Blog

1

Hotter Than a Hot Tub: The 45°C Breakthrough to Cool AI’s Biggest Machines

Today · 05:00 UTC

Hot tubs sit at about 38 to 40 degrees Celsius, warm enough that most people can only soak for about 15 minutes. NVIDIA’s newest AI servers can run their cooling liquid even hotter — up to 45 degrees Celsius, or 113 degr…

Read full article →
🏢

Vendor Security

Rapid7 Blog

1

Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

Critical

19 Jun 2026 · 17:08 UTC

This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation side, the new windows/local/ntlm_relay_2_…

Read full article →

Microsoft Security

1

AutoJack: How a single page can RCE the host running your AI agent

Critical

19 Jun 2026 · 00:17 UTC

AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in localhost, missing authentication, and u…

Read full article →

StepSecurity

1

15 Malicious JetBrains Plugins Stole AI API Keys from 70,000 Developers

Critical

20 Jun 2026 · 19:06 UTC

A coordinated 8-month supply chain attack planted credential-stealing code inside fake AI coding assistants on the JetBrains Marketplace, quietly exfiltrating OpenAI, DeepSeek, and SiliconFlow API keys to an attacker-con…

Read full article →

Palo Alto Unit 42

1

Threat Brief: Mitigating Large-Scale Credential Attacks

High

20 Jun 2026 · 02:05 UTC

We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors' devices. The post Threat Brief: Mitigating Large-Scale Credential Attacks appe…

Read full article →

Kaspersky Securelist

1

A VBScript campaign distributed through WhatsApp deploying RMM software

Today · 10:00 UTC

A Kaspersky researcher analyzes a global malicious campaign that distributes VBS scripts via WhatsApp delivering a UEMS RMM agent through a multi-stage infection chain.

Read full article →

OpenAI News

1

Samsung Electronics brings ChatGPT and Codex to employees

Yesterday · 23:00 UTC

Samsung Electronics deploys ChatGPT Enterprise and Codex to employees worldwide, marking one of OpenAI’s largest enterprise AI rollouts.

Read full article →