Today's News Highlights
⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
Today · 10:55 UTC
It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mo…
Read full article →Microsoft Attributes Mastra AI Supply Chain Attack to North Korea
Today · 11:30 UTC
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers
Read full article →Klue Breach Enables Hackers to Compromise Cybersecurity Firms via OAuth Tokens
Today · 10:15 UTC
At least five cybersecurity firms confirmed they have been affected by a breach of business intelligence platform Klue via Salesforce integration
Read full article →Stop Your Legacy Infrastructure from Hijacking Your AI Agents
Today · 11:58 UTC
Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventin…
Read full article →Marinus will break energy 'deadlock' hobbling Tasmania, economist says
Today · 07:24 UTC
An economist says Marinus Link remains an investment in the national interest and will shore up Tasmania's energy security. It follows a report last week questioning the project's…
Read full article →Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices
Today · 09:11 UTC
Canada's spy service got a judge's permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federa…
Read full article →Top Stories by Impact
Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more
19 Jun 2026 · 17:08 UTC
This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation s…
Read full article →AutoJack: How a single page can RCE the host running your AI agent
19 Jun 2026 · 00:17 UTC
AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in…
Read full article →⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
Today · 10:55 UTC
It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mo…
Read full article →Microsoft Attributes Mastra AI Supply Chain Attack to North Korea
Today · 11:30 UTC
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers
Read full article →15 Malicious JetBrains Plugins Stole AI API Keys from 70,000 Developers
20 Jun 2026 · 19:06 UTC
A coordinated 8-month supply chain attack planted credential-stealing code inside fake AI coding assistants on the JetBrains Marketplace, quietly exfiltrating OpenAI, DeepSeek, and…
Read full article →Microsoft links Mastra AI supply chain attack to North Korean hackers
20 Jun 2026 · 14:09 UTC
Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoro…
Read full article →Klue Breach Enables Hackers to Compromise Cybersecurity Firms via OAuth Tokens
Today · 10:15 UTC
At least five cybersecurity firms confirmed they have been affected by a breach of business intelligence platform Klue via Salesforce integration
Read full article →Threat Brief: Mitigating Large-Scale Credential Attacks
20 Jun 2026 · 02:05 UTC
We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors' devices. The post Threat Brief: Mitiga…
Read full article →Cybersecurity
The Hacker News
⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
CriticalToday · 10:55 UTC
It’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much con…
Read full article →Stop Your Legacy Infrastructure from Hijacking Your AI Agents
MediumToday · 11:58 UTC
Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventing AI security programs by using legacy i…
Read full article →Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices
Today · 09:11 UTC
Canada's spy service got a judge's permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federal Court released a public version of the…
Read full article →Infosecurity Magazine
Microsoft Attributes Mastra AI Supply Chain Attack to North Korea
CriticalToday · 11:30 UTC
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers
Read full article →Klue Breach Enables Hackers to Compromise Cybersecurity Firms via OAuth Tokens
HighToday · 10:15 UTC
At least five cybersecurity firms confirmed they have been affected by a breach of business intelligence platform Klue via Salesforce integration
Read full article →UK Information Commissioner Resigns After Workplace Investigation
Today · 09:20 UTC
The UK’s data protection regulator the information commissioner has resigned after his position became “untenable”
Read full article →BleepingComputer
Microsoft links Mastra AI supply chain attack to North Korean hackers
Critical20 Jun 2026 · 14:09 UTC
Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. [...]
Read full article →New Prinz Eugen ransomware prioritizes recent files for encryption
Medium20 Jun 2026 · 15:23 UTC
A new ransomware operation named 'Prinz Eugen' prioritizes recently modified files for encryption and leaves no ransom note on the system. [...]
Read full article →AryStinger botnet infected thousands of D-Link routers worldwide
Yesterday · 14:14 UTC
A previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into proxies for malicious traffic. [...]
Read full article →Cloudflare Blog
Project Glasswing: what Mythos showed us
High18 May 2026
Cloudflare shares findings from testing Mythos and other security-focused LLMs against live code across critical infrastructure, including model strengths, weaknesses, and what is needed before this work can scale.
Read full article →Ars Technica
The UK will scan asylum-seekers’ faces for age checks—despite knowing the tech is flawed
20 Jun 2026 · 11:15 UTC
Tests of age-verification technology show the risks of life-altering errors.
Read full article →Trump admin’s coal investments assist plants with repeated violations
Yesterday · 17:49 UTC
At least three coal plants have been repeatedly cited for violating environmental regulations.
Read full article →Review: Widow's Bay is a boldly original take on comedic horror
Yesterday · 10:00 UTC
An eminently binge-able series that honors classic horror tropes while reinventing them in surprising ways
Read full article →Dark Reading
Stressors, AI Forcing Changes to Cybersecurity Teams
19 Jun 2026 · 13:00 UTC
As threats proliferate and AI complicates cybersecurity, CISOs say the job is getting harder, but more companies still want cybersecurity expertise, if even on a part-time basis.
Read full article →Schneier on Security
Friday Squid Blogging: Victims of Unregulated Squid Fishing
19 Jun 2026 · 21:03 UTC
Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article. As usual, you can also use this squid post to talk about the security stories in the news that I hav…
Read full article →Anthropic’s Fable and the State of AI
19 Jun 2026 · 11:03 UTC
On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from acces…
Read full article →Professional Athletes and Wearables
Today · 11:02 UTC
I haven’t thought about the privacy issues surrounding professional athletes and wearables. Wearables present serious privacy issues for “Average Joe” consumers, who are entrusting tech companies to safely store and prot…
Read full article →Cybercrime Magazine
Midnight in the War Room: A Documentary On Cyber War
Today · 12:19 UTC
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 22, 2026 – Visit MidnightInTheWarRoom.com Cybersecurity Ventures predicted that cybercrime would cost the world $10.5 trillion i…
Read full article →SANS Internet Storm Center
ISC Stormcast For Monday, June 22nd, 2026 https://isc.sans.edu/podcastdetail/9980, (Mon, Jun 22nd)
Today · 02:00 UTC
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Read full article →eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address, (Fri, Jun 19th)
19 Jun 2026 · 08:37 UTC
I detected an interesting phishing email this morning. It targets a major Belgian bank:
Read full article →AI & Technology
The Guardian Technology
Thirsty and power hungry: Australia is in the middle of a datacentre boom – but are they good for the economy?
Yesterday · 15:00 UTC
They’re a key part of the digital and AI economy but they come at a high environmental cost and offer few operational jobsFollow our Australia news live blog for latest updatesGet our breaking news email, free app or dai…
Read full article →Brands using AI-generated influencers to promote products on social media
Yesterday · 06:00 UTC
Investigation finds AI content that purports to show genuine customers, prompting calls for greater transparencyBrands promoting their products online are quietly deploying AI-generated influencers on social media, an in…
Read full article →To the tablet and beyond: does Toy Story 5 go hard enough on technology?
Yesterday · 05:00 UTC
The animated sequel sets up a tug-of-war between physical and digital play for children but is still eager not to be an anti-tech screedFor more than 30 years, Pixar’s signature Toy Story series has been entertaining chi…
Read full article →The Guardian Technology
Anthropic releases 'safe' version of Claude Mythos AI model to public
9 Jun 2026 · 22:28 UTC
Anthropic released Fable 5, a public version of its advanced Mythos AI model class, while keeping tighter controls around cybersecurity and other sensitive uses.
Read full article →ABC Technology (AU)
Marinus will break energy 'deadlock' hobbling Tasmania, economist says
Today · 07:24 UTC
An economist says Marinus Link remains an investment in the national interest and will shore up Tasmania's energy security. It follows a report last week questioning the project's business case.
Read full article →'All eyes are on the performance' as Canberra to Bali flights take off again
Today · 07:19 UTC
Virgin Australia launches direct flights from Canberra to Bali, becoming the first Australian carrier to fly internationally out of the capital.
Read full article →Bus fleet set to connect southern Gold Coast to existing light rail
Today · 00:14 UTC
The Queensland government has released the plan nine months after controversially scrapping stage 4 light rail amid community pushback.
Read full article →ITNews Australia
Trump no longer views Anthropic as national security threat
Yesterday · 20:52 UTC
Says AI company responded "very quickly" and "responsibly."
Read full article →NAB builds integrated ops hub for threat intelligence
Today · 07:27 UTC
Brings together personnel from tech, cyber, fraud and other domains.
Read full article →Suncorp to have AI agents in insurance claims process as soon as this month
Yesterday · 20:49 UTC
Five agents will handle various sub-processes.
Read full article →MIT Technology Review AI
A startup claims it broke through a bottleneck that’s holding back LLMs
19 Jun 2026 · 10:40 UTC
Miami-based AI startup Subquadratic came out of stealth mode last month with a huge claim. It announced that it had solved a mathematical bottleneck that had been holding back large language models for almost a decade. T…
Read full article →The Verge
Read this before you vibe-code another app
Today · 11:00 UTC
Bob Starr was delighted with his vibe-coded website. "Boomberg" showed how much US tax money is going to tech companies, and Starr launched it online immediately after making it. It wasn't until months after the site wen…
Read full article →Bose thinks it can be a media company for some reason
Yesterday · 18:53 UTC
The history books are littered with the corpses of corporate record labels started by companies that had no business being in the music industry. Bose thinks it can be the exception to the rule. It thinks it can be Red B…
Read full article →Cold Court’s debut EP is an infectious, glitchy genre mashup
Yesterday · 17:00 UTC
Cold Court is a brother-sister duo from Philly that seems to love nothing more than shoving all of their influences together in a messy soup that at least superficially resembles the hyperpop you've come to expect from a…
Read full article →Wired AI
Some Electricians Think Building Data Centers Is for Sellouts
Today · 09:30 UTC
Big Tech is throwing big money into data center buildouts. As national opposition to the facilities grows, some workers are beginning to question whether it’s worth it.
Read full article →World Cup Scams Are Getting Harder to Spot
Today · 09:30 UTC
From fake tickets to cloned websites, AI is magnifying World Cup scams. Can fans distinguish between what’s real and what’s not?
Read full article →28 Tips to Take Your ChatGPT Prompts to the Next Level
Yesterday · 10:30 UTC
Sure, anyone can use OpenAI’s chatbot. But with smart engineering, you can get way more interesting results.
Read full article →TechCrunch AI
When the Trump administration cracks down on Anthropic, who benefits?
Yesterday · 15:28 UTC
On the new episode of Equity, we discussed what actually prompted the administration's latest moves against Anthropic, and what this might mean for the AI ecosystem.
Read full article →Beyond Siri: Here are the practical AI features coming to your iPhone in iOS 27
Yesterday · 14:40 UTC
Siri’s AI overhaul may have grabbed the headlines at WWDC, but some of Apple’s most useful AI features are arriving elsewhere in iOS 27.
Read full article →Signal’s Meredith Whittaker wants you to remember that AI chatbots ‘are not your friends’
20 Jun 2026 · 20:32 UTC
"These are not your friends. These are not conscious beings. These are not sentient interlocutors.”
Read full article →NVIDIA AI Blog
Hotter Than a Hot Tub: The 45°C Breakthrough to Cool AI’s Biggest Machines
Today · 05:00 UTC
Hot tubs sit at about 38 to 40 degrees Celsius, warm enough that most people can only soak for about 15 minutes. NVIDIA’s newest AI servers can run their cooling liquid even hotter — up to 45 degrees Celsius, or 113 degr…
Read full article →Vendor Security
Rapid7 Blog
Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more
Critical19 Jun 2026 · 17:08 UTC
This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation side, the new windows/local/ntlm_relay_2_…
Read full article →Microsoft Security
AutoJack: How a single page can RCE the host running your AI agent
Critical19 Jun 2026 · 00:17 UTC
AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in localhost, missing authentication, and u…
Read full article →StepSecurity
15 Malicious JetBrains Plugins Stole AI API Keys from 70,000 Developers
Critical20 Jun 2026 · 19:06 UTC
A coordinated 8-month supply chain attack planted credential-stealing code inside fake AI coding assistants on the JetBrains Marketplace, quietly exfiltrating OpenAI, DeepSeek, and SiliconFlow API keys to an attacker-con…
Read full article →Palo Alto Unit 42
Threat Brief: Mitigating Large-Scale Credential Attacks
High20 Jun 2026 · 02:05 UTC
We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors' devices. The post Threat Brief: Mitigating Large-Scale Credential Attacks appe…
Read full article →Kaspersky Securelist
A VBScript campaign distributed through WhatsApp deploying RMM software
Today · 10:00 UTC
A Kaspersky researcher analyzes a global malicious campaign that distributes VBS scripts via WhatsApp delivering a UEMS RMM agent through a multi-stage infection chain.
Read full article →OpenAI News
Samsung Electronics brings ChatGPT and Codex to employees
Yesterday · 23:00 UTC
Samsung Electronics deploys ChatGPT Enterprise and Codex to employees worldwide, marking one of OpenAI’s largest enterprise AI rollouts.
Read full article →