Today's News Highlights
ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack
Today · 18:00 UTC
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push bac…
Read full article →Microsoft Attributes Mastra AI Supply Chain Attack to North Korea
Today · 11:30 UTC
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers
Read full article →22nd June – Threat Intelligence Report
Today · 16:00 UTC
For the latest discoveries in cyber research for the week of 22nd June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Texas Parks and Wildlife Departme…
Read full article →FFmpeg fixes PixelSmash flaw in widely used video decoder
Today · 21:05 UTC
A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under certain conditions, and can also trigger a denial-of-servic…
Read full article →One intrusion, two cyberattackers: Uncovering parallel threat activity
Today · 16:00 UTC
Ransomware case reveals two parallel threat actors, blending tactics and evasion—showing why isolated signals can often miss modern, overlapping cyberattacks. The post One intrusio…
Read full article →WhatsApp phishing attack uses fake business docs to hack PCs
Today · 22:42 UTC
An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access. [...]
Read full article →Top Stories by Impact
Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more
19 Jun 2026 · 17:08 UTC
This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation s…
Read full article →AutoJack: How a single page can RCE the host running your AI agent
19 Jun 2026 · 00:17 UTC
AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in…
Read full article →ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack
Today · 18:00 UTC
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push bac…
Read full article →Microsoft Attributes Mastra AI Supply Chain Attack to North Korea
Today · 11:30 UTC
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers
Read full article →22nd June – Threat Intelligence Report
Today · 16:00 UTC
For the latest discoveries in cyber research for the week of 22nd June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Texas Parks and Wildlife Departme…
Read full article →FFmpeg fixes PixelSmash flaw in widely used video decoder
Today · 21:05 UTC
A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under certain conditions, and can also trigger a denial-of-servic…
Read full article →One intrusion, two cyberattackers: Uncovering parallel threat activity
Today · 16:00 UTC
Ransomware case reveals two parallel threat actors, blending tactics and evasion—showing why isolated signals can often miss modern, overlapping cyberattacks. The post One intrusio…
Read full article →15 Malicious JetBrains Plugins Stole AI API Keys from 70,000 Developers
20 Jun 2026 · 19:06 UTC
A coordinated 8-month supply chain attack planted credential-stealing code inside fake AI coding assistants on the JetBrains Marketplace, quietly exfiltrating OpenAI, DeepSeek, and…
Read full article →Cybersecurity
The Hacker News
ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack
CriticalToday · 18:00 UTC
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code. "Attackers compromised the v…
Read full article →Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
HighToday · 16:13 UTC
Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial int…
Read full article →29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests
HighToday · 14:29 UTC
A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug tr…
Read full article →Infosecurity Magazine
Microsoft Attributes Mastra AI Supply Chain Attack to North Korea
CriticalToday · 11:30 UTC
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers
Read full article →Unpatchable BootROM Flaw Impacts Apple A12, A13 Chips
HighToday · 14:00 UTC
Apple BootROM exploit exposes unpatchable USB flaw on A12 and A13 devices
Read full article →GentleKiller Framework Disables Victims' Security Software
HighToday · 15:00 UTC
ESET details GentleKiller, the EDR-killer framework the Gentlemen ransomware gang gives affiliates
Read full article →BleepingComputer
FFmpeg fixes PixelSmash flaw in widely used video decoder
CriticalToday · 21:05 UTC
A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under certain conditions, and can also trigger a denial-of-service condition in applications like Kodi, E…
Read full article →WhatsApp phishing attack uses fake business docs to hack PCs
HighToday · 22:42 UTC
An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access. [...]
Read full article →JaredFromSubway MEV bot hacked in $15 million crypto theft
MediumToday · 21:52 UTC
The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities. [...]
Read full article →Cloudflare Blog
Project Glasswing: what Mythos showed us
High18 May 2026
Cloudflare shares findings from testing Mythos and other security-focused LLMs against live code across critical infrastructure, including model strengths, weaknesses, and what is needed before this work can scale.
Read full article →CyberScoop
Intel agencies: Frontier AI models will reshape cybersecurity faster than expected
MediumToday · 15:25 UTC
The joint warning from Five Eyes countries mirrors what many cybersecurity and AI experts have been saying for the past year. The post Intel agencies: Frontier AI models will reshape cybersecurity faster than expected ap…
Read full article →Court rules SAVE database illegal, orders it dismantled
Today · 22:07 UTC
A judge said the administration’s database violates the Privacy Act, the Social Security Act and the Administrative Procedures Act. The post Court rules SAVE database illegal, orders it dismantled appeared first on Cyber…
Read full article →Trump executive orders speed up post-quantum migration, boost industry
Today · 19:56 UTC
The orders accelerate the federal government’s transition to post-quantum encryption and will boost the domestic quantum computing industry. The post Trump executive orders speed up post-quantum migration, boost industry…
Read full article →Dark Reading
Crypto Heist Fueled by Elaborate Fake Reputation-Boosting Campaign
Today · 16:10 UTC
Attackers are using multiple online channels — including GitHub, YouTube, and VirusTotal — to build an illusion of trust to spread a cross-platform clipboard hijacker.
Read full article →Stressors, AI Forcing Changes to Cybersecurity Teams
19 Jun 2026 · 13:00 UTC
As threats proliferate and AI complicates cybersecurity, CISOs say the job is getting harder, but more companies still want cybersecurity expertise, if even on a part-time basis.
Read full article →Schneier on Security
Friday Squid Blogging: Victims of Unregulated Squid Fishing
19 Jun 2026 · 21:03 UTC
Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article. As usual, you can also use this squid post to talk about the security stories in the news that I hav…
Read full article →Anthropic’s Fable and the State of AI
19 Jun 2026 · 11:03 UTC
On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from acces…
Read full article →Professional Athletes and Wearables
Today · 11:02 UTC
I haven’t thought about the privacy issues surrounding professional athletes and wearables. Wearables present serious privacy issues for “Average Joe” consumers, who are entrusting tech companies to safely store and prot…
Read full article →Cybercrime Magazine
Midnight in the War Room: A Documentary On Cyber War
Today · 12:19 UTC
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 22, 2026 – Visit MidnightInTheWarRoom.com Cybersecurity Ventures predicted that cybercrime would cost the world $10.5 trillion i…
Read full article →Ars Technica
Report: Kennedy Space Center not ready for era of super heavy rockets
Today · 21:28 UTC
SpaceX has told NASA it plans to launch Starship every eight days from Kennedy.
Read full article →GM installs robots at flagship EV factory after laying off 1,300 workers
Today · 21:52 UTC
US autoworkers union warns of robot automation as dark factory future looms.
Read full article →Man used massage gun on his tired eyeballs. It went as well as you'd expect.
Today · 21:02 UTC
He had retinal tears and bruises from squishing his eyeballs with the gun.
Read full article →SANS Internet Storm Center
Webshells Remain Popular, (Mon, Jun 22nd)
Today · 14:10 UTC
Webshells have been popular for a long time. We already covered this topic across multiple diaries[1][2]. I spent some time to track them[3] and slighly paid less attention to them but today I found another one. It seems…
Read full article →ISC Stormcast For Monday, June 22nd, 2026 https://isc.sans.edu/podcastdetail/9980, (Mon, Jun 22nd)
Today · 02:00 UTC
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Read full article →eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address, (Fri, Jun 19th)
19 Jun 2026 · 08:37 UTC
I detected an interesting phishing email this morning. It targets a major Belgian bank:
Read full article →AI & Technology
Wired AI
OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos
HighToday · 17:00 UTC
Amid concerns about AI models’ cybersecurity capabilities, OpenAI revealed an improved version of GPT-5.5-Cyber and its “Patch the Planet” initiative to fix open-source software bugs.
Read full article →Meta Pauses Employee-Tracking Program Following Internal Data Leak
HighToday · 21:08 UTC
The move comes after the company left potentially sensitive data from the initiative exposed internally.
Read full article →Meta Exposed Data Internally From Its Controversial Employee-Tracking Program
MediumToday · 20:28 UTC
Employees had previously raised concerns about the initiative, which involves collecting workers’ keystroke data to train AI models.
Read full article →The Guardian Technology
AI models capable of devastating attacks on governments and business months away, rare Five Eyes statement warns
MediumToday · 13:00 UTC
Signal agencies in Australia, the US, the UK, New Zealand and Canada sound alarm after Trump blocks foreign nationals from Anthropic’s Fable AI modelPowerful AI models capable of devastating new cyber attacks on governme…
Read full article →Thirsty and power hungry: Australia is in the middle of a datacentre boom – but are they good for the economy?
Yesterday · 15:00 UTC
They’re a key part of the digital and AI economy but they come at a high environmental cost and offer few operational jobsFollow our Australia news live blog for latest updatesGet our breaking news email, free app or dai…
Read full article →Brands using AI-generated influencers to promote products on social media
Yesterday · 06:00 UTC
Investigation finds AI content that purports to show genuine customers, prompting calls for greater transparencyBrands promoting their products online are quietly deploying AI-generated influencers on social media, an in…
Read full article →The Verge
The Apple Watch SE 3 is just $199 for Prime Day
Today · 18:00 UTC
The Apple Watch SE 3 is at an all-time low of $199, making the sleeper hit of last year’s Apple Watches an even better value. While the Series 11 and Ultra 3 were iterative updates, the SE 3 was a wide-ranging glow-up th…
Read full article →Valve describes just how brutal RAM negotiations are in 2026
Today · 21:07 UTC
Valve's Steam Machine finally has a price: a whopping $1,049 for the 512GB configuration or $1,349 for the 2TB version. And those are without bundled controllers, which drive up the cost more. The prices are so high in p…
Read full article →AI is cursing renters with the promise of impossible homes
Today · 20:00 UTC
Joyce, a native New Yorker, didn't think finding her first solo apartment in the city would be easy. But she also didn't think it'd be "hell." After looking at a lot of tiny, overpriced places she described as "shitholes…
Read full article →ITNews Australia
Westpac brings automation and AIOps to life, chasing CPU and memory alerts
Today · 20:50 UTC
Reinforces priority focus areas.
Read full article →"Must act now" to counter AI-borne cyber attacks, 'Five Eyes' says
Today · 20:13 UTC
Cyber risk assumptions can become outdated in months, not years.
Read full article →Fake IT worker threat spreads outside tech sector in Australia
Today · 20:47 UTC
Healthcare unexpectedly prominent target.
Read full article →The Guardian Technology
Anthropic releases 'safe' version of Claude Mythos AI model to public
9 Jun 2026 · 22:28 UTC
Anthropic released Fable 5, a public version of its advanced Mythos AI model class, while keeping tighter controls around cybersecurity and other sensitive uses.
Read full article →MIT Technology Review AI
Three things to watch amid Anthropic’s latest feud with the government
Today · 18:00 UTC
This story originally appeared in The Algorithm, our weekly newsletter on AI. To get stories like this in your inbox first, sign up here. For those of you enjoying your summer unaware of Anthropic’s latest feud with the…
Read full article →A startup claims it broke through a bottleneck that’s holding back LLMs
19 Jun 2026 · 10:40 UTC
The Miami-based AI startup Subquadratic came out of stealth mode last month with a huge claim. It announced that it had solved a mathematical bottleneck that had been holding back large language models for almost a decad…
Read full article →AI News
L’Oréal brings Maybelline virtual try-on to ChatGPT
Today · 10:00 UTC
L’Oréal has announced a collaboration with OpenAI that will bring Maybelline New York’s virtual makeup try-on feature into ChatGPT. The announcement was made at VivaTech 2026. The partnership covers consumer-facing shopp…
Read full article →SAP and Google Cloud deploy agentic commerce architecture
19 Jun 2026 · 14:02 UTC
SAP and Google Cloud are deploying agentic commerce architecture to automate multi-agent marketing and retail operations at enterprise scale. SAP research indicates 78 percent of businesses consider AI essential for reta…
Read full article →Mitigating vendor lock-in with Sakana AI Fugu multi-agent models
Today · 16:11 UTC
Sakana AI launched Fugu to orchestrate multi-agent operations and mitigate single-vendor dependency risks in enterprise deployments. Enterprises face operational vulnerabilities when relying entirely on monolithic AI API…
Read full article →NVIDIA AI Blog
NAIRR Science Program Reshapes Scientific Research, Powered by NVIDIA AI Infrastructure
Today · 13:00 UTC
For the past two years, the U.S. National Science Foundation’s National Artificial Intelligence Research Resource (NAIRR) pilot program has driven innovative research across the U.S. for over 700 projects — spanning prot…
Read full article →At ISC, JUPITER Shows What Exascale Science Looks Like
Today · 13:00 UTC
JUPITER, Europe’s first exascale supercomputer at Germany’s Forschungszentrum Jülich, runs on NVIDIA Grace Hopper Superchips and NVIDIA Quantum-X800 InfiniBand networking — and it’s had a busy year. As the international…
Read full article →NVIDIA Vera CPU Opens the Way for Agentic Scientific AI at Los Alamos National Laboratory
Today · 13:00 UTC
Mission, Vision and Veritas — new Los Alamos National Laboratory (LANL) supercomputers to be built with HPE and NVIDIA — are tapping NVIDIA Vera CPUs to accelerate scientific discovery, unlocking agentic AI for science.…
Read full article →ABC Technology (AU)
Union launches bid to save Boag's brewery from closure
Today · 22:58 UTC
The United Workers Union has launched a petition calling on Boag's parent company Lion Australia to sell rather than close its Launceston brewery. The union has also written to Premier Jeremy Rockliff urging him to inter…
Read full article →Residents worried about dramatic increase to Menindee Lakes water release
Today · 21:34 UTC
Residents living along the Darling River are worried the decision to double water releases from the Menindee Lakes will remove the system's drought reserve. But authorities say it will help rebuild populations of Murray…
Read full article →Calls to upgrade 'sketchy' Sturt Highway freight route
Today · 20:53 UTC
Eight councils are calling for urgent safety upgrades to the popular freight and travel route spanning three states.
Read full article →TechCrunch AI
The AI world is getting ‘loopy’
Today · 20:53 UTC
The loop takes agentic AI a step further by authorizing a swarm of agents to work continuously in the background, endlessly.
Read full article →AI chipmaker Groq confirms $650M raise, re-staffs after Nvidia’s $20B not-acqui-hire deal
Today · 20:13 UTC
What does an AI company do after one of those not-acqui-hire deals? Groq raised money, is leaning into its neocloud business, and is hiring new execs.
Read full article →Nvidia wants to cut data center water use, but that’s not the same as fixing AI’s water problem
Today · 20:08 UTC
Nvidia announced a new cooling system that cuts water use inside the data center. But it does nothing to address AI's biggest water use — fossil fuel power plants.
Read full article →Ars Technica AI
GM installs robots at flagship EV factory after laying off 1,300 workers
Today · 21:52 UTC
US autoworkers union warns of robot automation as dark factory future looms.
Read full article →How Anthropic may have talked itself into an AI export ban
Today · 13:45 UTC
The company warned about dangers of advanced AI far more than rival OpenAI.
Read full article →Import AI
Import AI 462: Superpersuasion; self-sustaining AI; paths to ASI
Today · 12:31 UTC
How religious are beliefs in the singularity?
Read full article →Vendor Security
Rapid7 Blog
Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more
Critical19 Jun 2026 · 17:08 UTC
This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation side, the new windows/local/ntlm_relay_2_…
Read full article →Microsoft Security
AutoJack: How a single page can RCE the host running your AI agent
Critical19 Jun 2026 · 00:17 UTC
AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in localhost, missing authentication, and u…
Read full article →One intrusion, two cyberattackers: Uncovering parallel threat activity
CriticalToday · 16:00 UTC
Ransomware case reveals two parallel threat actors, blending tactics and evasion—showing why isolated signals can often miss modern, overlapping cyberattacks. The post One intrusion, two cyberattackers: Uncovering parall…
Read full article →Guarding AI memory
MediumToday · 19:07 UTC
What happens when threat actors target what AI remembers? Microsoft breaks down the risks and the defenses. The post Guarding AI memory appeared first on Microsoft Security Blog.
Read full article →Check Point Research
22nd June – Threat Intelligence Report
CriticalToday · 16:00 UTC
For the latest discoveries in cyber research for the week of 22nd June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Texas Parks and Wildlife Department has been affected by a third-party da…
Read full article →StepSecurity
15 Malicious JetBrains Plugins Stole AI API Keys from 70,000 Developers
Critical20 Jun 2026 · 19:06 UTC
A coordinated 8-month supply chain attack planted credential-stealing code inside fake AI coding assistants on the JetBrains Marketplace, quietly exfiltrating OpenAI, DeepSeek, and SiliconFlow API keys to an attacker-con…
Read full article →Palo Alto Unit 42
The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration
HighToday · 22:00 UTC
Unit 42 research details how attackers could exploit global name uniqueness in bucket hijacking to redirect cloud data streams across major CSPs. The post The Global Namespace Risk: Universal Bucket Hijacking Technique f…
Read full article →Threat Brief: Mitigating Large-Scale Credential Attacks
High20 Jun 2026 · 02:05 UTC
We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors' devices. The post Threat Brief: Mitigating Large-Scale Credential Attacks appe…
Read full article →CrowdStrike Blog
94% of Organizations Report Cloud Breaches: CrowdStrike State of CDR Survey
MediumToday · 05:00 UTC
Read full article →OpenAI News
Daybreak: Tools for securing every organization in the world
MediumToday · 10:00 UTC
OpenAI introduces new Daybreak tools, including Codex Security and GPT-5.5-Cyber, to help organizations find, validate, and patch vulnerabilities at scale.
Read full article →Patch the Planet: a Daybreak initiative to support open source maintainers
Today · 10:00 UTC
OpenAI introduces Patch the Planet, a Daybreak initiative helping open-source maintainers find, validate, and fix vulnerabilities with AI and expert review.
Read full article →Codex-maxxing for long-running work
Today · 00:00 UTC
Learn how Jason Liu uses Codex to preserve context, manage complex projects, and help work continue beyond a single prompt.
Read full article →Kaspersky Securelist
A VBScript campaign distributed through WhatsApp deploying RMM software
Today · 10:00 UTC
A Kaspersky researcher analyzes a global malicious campaign that distributes VBS scripts via WhatsApp delivering a UEMS RMM agent through a multi-stage infection chain.
Read full article →AWS Security
Prevent data exfiltration: AWS egress controls for cloud workloads
Today · 15:53 UTC
When securing an Amazon Web Services (AWS) environment, teams naturally prioritize inbound controls, firewalls, WAFs, and access policies, because that’s where the most visible threats originate. Outbound traffic, on the…
Read full article →Proofpoint Threat Insight
Proofpoint Joins the OpenAI Daybreak Cyber Partner Program to Advance Responsible AI-Powered Cyber Defense
Today · 10:31 UTC
Read full article →