FOE
Bleeping Computer
Anthropic rolls out Sonnet 5 with near-Opus 4.8 performance at a lower price
FOE
Bleeping Computer
New BioShocking attack manipulates AI browser into data theft
FOE
Dark Reading
Fake Bug Report Hijacks AI Coding Agents at Scale
FOE
Bleeping Computer
Microsoft accelerates quantum-safe roadmap as risks grow
FOE
Bleeping Computer
Malicious PyPI packages give hackers control of Telegram bot servers
FOE
Dark Reading
Attackers Hijack Exposed AI Endpoints to Power Offensive Ops
FRIEND
EPIC
Coalition Amicus Brief Urges New York Court of Appeals to Reject “All-Content” Search Warrant
FOE
Ars Technica (Security)
New attack provides one more reason why AI browsers are a bad idea
FOE
The Register (Security)
Infosec professionals sour on automated pentesting tools
FRIEND
Dark Reading
Why Identity Security Is Your Cyber Career Entry Point
FOE
Dark Reading
Phishers Gain Persistence at EU, Asia Hospitality Orgs
FRIEND
EPIC
PRESS RELEASE: Four Leading Privacy Experts and Advocates Join EPIC’s Advisory Board
FOE
The Hacker News
Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data
FOE
The Hacker News
RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS
FOE
The Register (Security)
Huntress CEO says threat hunter used 'poor judgment' in alerting ransomware crim about law enforcement probe
FOE
The Hacker News
Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
FOE
Bleeping Computer
Fake Perplexity extension on Chrome Web Store tracked searches
FOE
The Hacker News
Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses
FRIEND
Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: Reading is fundamental
FOE
The Hacker News
GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks
FOE
Bleeping Computer
Lessons from the Underground: How to Combat Business Email Compromise
FOE
SecurityWeek
BlueHammer Vulnerability Exploited in Ransomware Attacks
FOE
The Hacker News
282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study
FOE
Dark Reading
AI-Generated Workflows Are a Silent Security Disaster
FOE
SecurityWeek
Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks
FOE
SecurityWeek
Aflac Japan Data Breach Impacts 4.38 Million
FOE
Schneier on Security
The Realities of AI Video Surveillance
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Shake it out
FOE
CISA Alerts
Frangoteam FUXA SCADA/HMI
FOE
CISA Alerts
XZ Utils vulnerability impacting B&R Products
FOE
CISA Alerts
Delta Electronics DVP12SE PLC
FRIEND
CISA Alerts
Schneider Electric EcoStruxure IT Data Center Expert
FOE
CISA Alerts
Schneider Electric EasyLogic T150 and Saitel DP RTU
FOE
CISA Alerts
OFFIS DCMTK Toolkit
FOE
CISA Alerts
StoneFly Storage Concentrator
FOE
CISA Alerts
Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M
FRIEND
SecurityWeek
Hacker Conversations: Chris Thompson, Former Head of IBM X-Force Red, Co-Founder of RemoteThreat
FRIEND
SecurityWeek
Supreme Court Rules Constitutional Privacy Protections Apply to Cellphone Users’ Location History
FOE
CSO Online
Malicious Chromium extension spoofs Perplexity AI to hijack browser searches
FOE
The Hacker News
What the Numbers Say About FIFA 2026 Cyber Risk
FOE
SecurityWeek
Exploitation of Recent Oracle E-Business Suite Vulnerability Begins
FOE
The Hacker News
Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer
FOE
Bleeping Computer
Insurance giant Aflac discloses data breach after subsidiary hack
FRIEND
Bleeping Computer
Microsoft adds smarter bot protection to Teams meetings
FRIEND
Bleeping Computer
Microsoft adds smarter bot protection to Teams meetings
FOE
SecurityWeek
The AI Token Costs That Can Break Cybersecurity
FRIEND
Bleeping Computer
Kali Linux 2026.2 released with 9 new tools, NetHunter updates
FOE
Bleeping Computer
Blackfield ransomware asks Nidec Corporation for $2 million ransom
FRIEND
SANS Internet Storm Center
June 2026 Apple Updates, (Tue, Jun 30th)
FOE
The Hacker News
AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks
FOE
SecurityWeek
Nissan Employee Data Breached in Oracle PeopleSoft Hack
FOE
Bleeping Computer
CISA: Windows BlueHammer flaw now exploited by ransomware gangs
FOE
SecurityWeek
Critical SimpleHelp Vulnerability Exploited for Malware Delivery
FOE
The Hacker News
New BioShocking Attack Tricks AI Browsers Into Leaking User Credentials
FOE
EFF Deeplinks
LGBT Q&A: What Data Are Companies in the UK Collecting When Verifying My Age?
FOE
The Hacker News
Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
FRIEND
The Hacker News
Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs
FRIEND
SecurityWeek
Quantifind Raises $200 Million for AI-Native Risk Intelligence
FRIEND
The Register (Security)
Microsoft builds a bouncer to keep bots out of Teams meetings
FOE
SecurityWeek
New Controller Flaws Expose Highway Signs and Billboards to Remote Hacking
FOE
The Hacker News
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
FOE
The Register (Security)
India’s central bank mandated use of .bank domains to enhance trust – but its registry leaked sensitive info
FOE
Sophos News
A double-edged bleeding edge: Classifying AI threats
FOE
The Register (Security)
Security researchers tricked LLMs into giving them cocaine recipes by abusing role models for prompt injection
FOE
Dark Reading
NIST Enrichment Reductions Impact CVE Coverage, Accuracy
FOE
The Register (Security)
Four years into Ukraine invasion, Russia turns influence-ops back to US and Europe
FOE
Ars Technica (Security)
US offers $10 million for info on group behind Signal and WhatsApp hacking spree
FOE
Dark Reading
'Djinn' Stealer Targets Cloud, AI Credentials
FOE
Dark Reading
Vulnerabilities Expose Private Data in Indian Government Systems
FOE
EPIC
PRESS RELEASE: EPIC Condemns Supreme Court’s Assault on Agency Independence, Consumer Protection, and the Rule of Law
FRIEND
EPIC
PRESS RELEASE: EPIC Celebrates Supreme Court’s Opinion in Consequential Geofencing Case
FOE
Bleeping Computer
Nissan discloses employee data breach linked to Oracle zero-day attacks
FRIEND
EPIC
PRESS RELEASE: EPIC Celebrates Supreme Court’s Opinion in Consequential Geofencing Case
FOE
Bleeping Computer
NAIC says public data stolen in ShinyHunters' PeopleSoft breach
FOE
The Register (Security)
Anonymous researcher drops 0-day 'exploitarium' repo
FOE
EPIC
PRESS RELEASE: EPIC Condemns Supreme Court’s Assault on Agency Independence, Consumer Protection, and the Rule of Law
FOE
Dark Reading
Can Clothes Make You Invisible to Facial Recognition?
FOE
Dark Reading
Iran, Russia, China Target Water Systems for Sabotage
FOE
The Hacker News
Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input
FOE
EFF Deeplinks
EFF to Gov. Pritzker: Veto Illinois’ HB 5511
FRIEND
Bleeping Computer
WhatsApp rolls out usernames to help users hide their phone number
FRIEND
EFF Deeplinks
Victory! Supreme Court Says Constitution Protects People’s Location Data
FRIEND
Bleeping Computer
Microsoft extends Windows Server 2022 hotpatching until October 2027
FRIEND
The Hacker News
WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private
FOE
Schneier on Security
Factoring RSA Keys with Many Zeros
FRIEND
SecurityWeek
WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy
FRIEND
Bleeping Computer
U.S. offers $10 million for hackers targeting WhatsApp, Signal users
FOE
The Hacker News
Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks
FOE
The Hacker News
⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More
FOE
SecurityWeek
Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines
FRIEND
SecurityWeek
Straiker Raises $64 Million for AI Security Platform
FOE
Bleeping Computer
Agentic AI Has an Identity Problem and Attackers Know It
FOE
Bleeping Computer
Critical SimpleHelp flaw exploited to deploy new stealer malware
FOE
Bleeping Computer
Hackers now exploit critical Oracle E-Business flaw in attacks
FOE
The Register (Security)
AI may be good at finding security vulnerabilities, but it can't beat human stupidity
FOE
SecurityWeek
Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack
FRIEND
The Register (Security)
Microsoft keeps Windows Server 2022 hotpatching alive into 2027
FOE
Bleeping Computer
Webinar: Why business email compromise attacks keep succeeding
FRIEND
SANS Internet Storm Center
Adding some Automation to the favicon.ico method of Host Recon, (Mon, Jun 29th)
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: Let’s make this easy
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
The Hacker News
236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers
FOE
Dark Reading
Amazon Q VS Extension Flaw Leads to Cloud Credential Theft
FOE
The Hacker News
Why Post-Quantum Cryptography Starts With Credentials
FOE
The Hacker News
Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse
FOE
Bleeping Computer
US seizes hundreds of FIFA World Cup illegal streaming domains
FOE
SecurityWeek
‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access
FOE
The Register (Security)
Nissan says Oracle PeopleSoft break-in may have spilled payroll records, SSNs
FOE
Schneier on Security
Robot Police Officers
FRIEND
SecurityWeek
OpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurity Review
FOE
The Intercept (Privacy)
The Businessman Who Helped Peter Thiel Kill Gawker Wanted to Save Journalism. Then His Site Went Dark.
FOE
SecurityWeek
US Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve
FOE
The Hacker News
Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts
FRIEND
SecurityWeek
OpenAI Unveils GPT-5.6 Sol as Its Most Advanced Cybersecurity AI
FOE
The Hacker News
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
FOE
The Hacker News
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
FOE
Risky Business News
Risky Bulletin: Microsoft disrupts StegoAd operation
FOE
CISA KEV
CVE-2026-48558: SimpleHelp Authentication Bypass Vulnerability
FOE
Bleeping Computer
Data breach exposes up to 14.2 million email logins at six ISPs
FOE
The Intercept (Privacy)
Online Age Verification Law Could Kill Whistleblowing
FRIEND
SANS Internet Storm Center
YARA-X 1.18.0 and 1.19.0 Release, (Sun, Jun 28th)
FOE
The Hacker News
Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials
FOE
Bleeping Computer
Clean GitHub repo tricks AI coding agents into running malware
FRIEND
The Hacker News
OpenAI Previews GPT-5.6 Sol With Restricted Access and Stronger Cyber Safeguards
FOE
SecurityWeek
Chinese Framework Powers 200,000 Scam Sites
FOE
Dark Reading
Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk
FOE
The Register (Security)
It's looking like a hot, messy summer for security teams as AI finds countless previously hidden vulns
FOE
CSO Online
Hackers exploit critical PTC Windchill PLM software flaw
FOE
Bleeping Computer
FBI: Russian hackers now target Signal backup recovery keys
FOE
The Register (Security)
Even the Secret Service won't use company-issued phones
FOE
Bleeping Computer
CISA sets urgent deadline to fix Cisco flaw exploited in attacks
FOE
The Hacker News
FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys
FOE
Dark Reading
AI Decline? Confidence in Autonomous Penetration Testing Falls
FOE
The Hacker News
New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
FOE
Bleeping Computer
Polymarket customers lose $3 million in supply-chain attack
FOE
Bleeping Computer
Cybersecurity firms targeted by fraudulent OpenAI organization invites
FRIEND
Dark Reading
Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions
FOE
Schneier on Security
Meta Is Testing Facial Recognition for Police and Military
FRIEND
Dark Reading
New Initiative Tackles Security for End-of-Life Open Source Software
FOE
CSO Online
Malware authors subvert AI detection systems
FOE
The Hacker News
Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign
FRIEND
EFF Deeplinks
EFF to Grindr: This Pride Month, Put Safety and Privacy Over Profits
FRIEND
EFF Deeplinks
Hate “The Algorithm?” RSS Is One of the Tools You’ve Been Looking For
FRIEND
Dark Reading
AI Won't Wipe-Out Entry-Level Cybersecurity Jobs
FOE
The Register (Security)
Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds
FOE
SecurityWeek
Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories
FOE
EFF Deeplinks
Lawmakers Must Act Now to Prevent Armed Police Drones
FOE
EFF Deeplinks
We Can Still Stop California’s 3D Printer Surveillance Scheme
FOE
SecurityWeek
More Klue Breach Victims Identified as Hackers Get Hacked
FOE
CSO Online
Cyberattacks pose a ‘threat to life’ in Australia
FOE
SecurityWeek
In Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk Layoffs
FRIEND
Bleeping Computer
Your First GRC Agent: A Red Teamer's Walkthrough
FRIEND
The Hacker News
Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
FOE
Dark Reading
Meeting Trump's 2030 Quantum Deadline Will be Expensive, Complex
FOE
The Hacker News
New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
FRIEND
Dark Reading
Thanks for Crushing the Submissions Inbox. We're Trying to Keep Up
FRIEND
SecurityWeek
Nebulock Raises $25 Million for AI-Native Contextual Security
FOE
The Hacker News
CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
FOE
The Register (Security)
Miasma campaign poisons 20-plus npm packages, hunts for developer secrets
FOE
CISA Alerts
Russian Intelligence Services Continue to Target Commercial Messaging Applications
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: There’s a lot of new words
FOE
The Hacker News
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
FOE
The Hacker News
Guardian Agents: The Next Layer of Identity Governance
FRIEND
SecurityWeek
Linux Foundation Unveils New Open Source Security Project Akrites
FOE
The Hacker News
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
FOE
Schneier on Security
One Million Passports Leaked Online
FRIEND
CSO Online
What CISOs need to tell the board about zero trust in OT: A 90-day communication and action plan
FOE
CSO Online
Proposed US law would make AI risk reporting a legal obligation
FOE
SecurityWeek
$3 Million Reportedly Stolen in Polymarket Hack
FOE
The Hacker News
Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant
FRIEND
CSO Online
Mythos is a signal, not a siren: What frontier AI should change for CISOs
FOE
SecurityWeek
Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets
FOE
The Hacker News
Russia Used Cellebrite on Jailed Activist's iPhone Months After Sales Cutoff
FOE
SecurityWeek
First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild
FOE
SecurityWeek
New Enterprise-Ready MCP Specification Brings New Security Challenges
FRIEND
CSO Online
GDPR at 10: Landmark data protections, increasing business burden
FOE
The Hacker News
Google Details Turla's New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks
FOE
The Register (Security)
Security boss thought MFA would be too much security
FRIEND
SecurityWeek
Philip Martin Joins Uber as Chief Information Security Officer
FOE
Risky Business News
Risky Bulletin: Law enforcement agencies and security firms take down Amadey and StealerC
FOE
The Register (Security)
Chinese cybersecurity company claims it’s built a better-than-Mythos bug finder
FOE
EFF Deeplinks
Primed for Malware: Stop Selling Compromised Android Devices
FOE
Bleeping Computer
Anthropic is testing desktop-like Claude Cowork for mobile
FRIEND
Dark Reading
Robinhood Cuts Access Approval Time to Support High-Velocity Development
FRIEND
Bleeping Computer
Poland busts SIM-swapping gang tied to millions in crypto theft
FOE
The Register (Security)
Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs
FOE
Dark Reading
In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw
FRIEND
EFF Deeplinks
EFF, TEDIC and CEJIL Challenge Secrecy in the Use of Face Recognition in Paraguay
FOE
Dark Reading
Russian APT 'Gamaredon' Upgrades Its Arsenal, Requiring New Defenses
FOE
EFF Deeplinks
Four Years After Dobbs, Anti-Abortion Lawmakers Keep Coming for Online Speech
FOE
The Register (Security)
Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues
FOE
Dark Reading
EdTech Attackers Shift From Schools to Their Software Suppliers
FOE
Bleeping Computer
Order-tracking app Shop abused to push callback phishing attacks
FOE
Dark Reading
Local Police Collusion Hampers Crackdown on Asian Scam Centers
FRIEND
Bleeping Computer
Microsoft quietly extends free Windows 10 ESU support to October 2027
FRIEND
The Intercept (Privacy)
Cops Warn CEO Bodyguards That Luigi Mangione Fever Could Spark Class War
FOE
EFF Deeplinks
The FCC’s Spam Call Proposal Is Just a Data Collection Scheme
FOE
Schneier on Security
AI and Liability
FOE
Bleeping Computer
New macOS malware embeds fake errors to confuse AI analysis tools
FOE
EFF Deeplinks
Are Your Local Police Using Flock Safety ALPRs to Scan for Immigrants?
FOE
Bleeping Computer
PirloTV sports piracy network disrupted as 44 domains seized
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: I need a formula reference
FOE
Bleeping Computer
Bluekit phishing kit adopts browser-in-the-middle for login theft
FOE
The Hacker News
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
FRIEND
Bleeping Computer
The Four Elevations of Effective Fraud Prevention
FRIEND
SecurityWeek
Runlayer Raises $30 Million in Series A Funding
FOE
The Hacker News
ThreatsDay Bulletin: Smart TV Proxyware, 24-Year curl Bug, AI Crime Forums + 13 More Stories
FRIEND
Bleeping Computer
Webinar: Why account takeovers remain one of the hardest threats to stop
FRIEND
SecurityWeek
Cal Water Finds No Evidence of OT Activity After Hackers Claimed They Could Disrupt Water Supply
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: We need a ladder
FOE
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
pydicom pynetdicom Library
FOE
CISA Alerts
Horner Automation Cscape
FOE
CISA Alerts
Yokogawa FAST/TOOLS and CI Server
FOE
CISA Alerts
Delta Electronics DTM Soft
FOE
CISA Alerts
OHIF Viewers DICOM
FOE
CISA Alerts
H.VIEW HV-500S6 IP Camera
FOE
CISA Alerts
Daktronics Controller Firmware
FOE
CISA Alerts
Schneider Electric PowerLogic P7
FOE
CISA Alerts
EVoke Systems Charging Station Management System
FOE
Schneier on Security
Interesting Paper Exploring Prompt Injection
FOE
SecurityWeek
Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning
FRIEND
The Hacker News
Surviving the Mythos Era: Richard Bejtlich on the Case for NDR
FOE
SecurityWeek
GitLab Patches Code Execution, Information Disclosure Vulnerabilities
FRIEND
CSO Online
Rethinking the balance between AI oversight and innovation
FOE
Dark Reading
Europe Evolves Into Ransomware's Favorite Region
FOE
SecurityWeek
25-Year-Old Vulnerability Patched in Curl
FOE
The Hacker News
New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis
FRIEND
SecurityWeek
SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary Edition
FRIEND
CSO Online
GRC is broken. FedRAMP 20x might fix it
FOE
The Hacker News
New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns
FOE
Risky Business News
Srsly Risky Biz: Open Weight Model Advances Make the Mythos Debate Moot
FRIEND
SecurityWeek
NIST Opens Updated IoT Security Guidance to Public Review
FOE
SecurityWeek
Chrome 149 Update Resolves 18 Severe Vulnerabilities
FOE
The Register (Security)
UK school’s network left wide open for invasion, student found
FOE
EFF Deeplinks
The KIDS Act Would Require Age Checks To Get Online
FOE
SecurityWeek
Cisco SD-WAN Zero-Day Exploited Months Before Patching
FOE
The Hacker News
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
FOE
The Register (Security)
Nation-state actors cracked critical Australian infrastructure to ‘cripple it at a time of their choosing’
FOE
SANS Internet Storm Center
What do Ports Hear When Nobody's Listening? An Assessment of Automated Cybercrime [Guest Diary], (Wed, Jun 24th)
FRIEND
Professor Messer
Professor Messer’s SY0-701 Security+ Study Group – June 2026
FOE
CISA KEV
CVE-2026-12569: PTC Windchill and FlexPLM Improper Input Validation Vulnerability
FOE
CISA KEV
CVE-2026-20230: Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
FRIEND
Bleeping Computer
Google releases new privacy controls for activity history, personalization
FOE
The Register (Security)
The hits keep on coming for Cisco vulnerabilities
FOE
CSO Online
Be on the lookout for Mistic, a new backdoor used by ransomware broker
FOE
Bleeping Computer
DraftKings hacker 'Snoopy' sentenced to 18 months in prison
FOE
Bleeping Computer
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access
FOE
Dark Reading
Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure
FOE
Ars Technica (Security)
One-two punch delivered in global operation disrupts cybercrime "assembly line"
FOE
Bleeping Computer
Malicious Edge extension abuses Native Messaging as bridge to malware
FOE
Dark Reading
2026 FIFA World Cup Faces Surge in Cyber Threats
FOE
The Intercept (Privacy)
The Intercept Sues to Uncover Secretive Government Anti-Protester Database
FOE
Dark Reading
Do CISOs Need a Code of Ethics?
FOE
BrightTALK InfoSec
From Vendors to Digital Workers: Verifying Trust in the Agentic Supply Chain
FOE
The Register (Security)
Microsoft uses AI to link two malware operations in racketeering suit
FOE
SecurityWeek
When Information Becomes the Attack Surface – Understanding AI Agent Traps
FOE
CSO Online
Scattered Spider duo convicted over $38M Transport for London attack
FOE
The Hacker News
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
FOE
Dark Reading
More Malicious OpenClaw Skills Threaten AI Supply Chain
FRIEND
EFF Deeplinks
🦅 Domestic Spying Takes an L | EFFector 38.12
FRIEND
BrightTALK InfoSec
Trusted Supply Chains Start with Verified Data
FOE
The Hacker News
Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
FOE
SecurityWeek
Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware
FOE
Bleeping Computer
CISA warns of max severity Ubiquiti flaws exploited in attacks
FRIEND
Bleeping Computer
Amadey, StealC malware operations disrupted in Operation Endgame action
FRIEND
SecurityWeek
Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk
FOE
Bleeping Computer
Securing the service desk: Why social engineering attacks keep succeeding
FOE
Black Hills Information Security
Insufficient Egress Filtering: How Weak Outbound Controls Enable Attacks
FOE
SecurityWeek
macOS Weaknesses Chained to Silently Disable Endpoint Security Agents
FOE
Privacy International
Collateral Damage: Claude Mythos and the Privacy Risks of AI
FOE
SecurityWeek
Third DraftKings Hacker Sentenced to 18 Months in Prison
FOE
The Hacker News
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
FOE
SecurityWeek
Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Vroom vroom
FRIEND
CISA Alerts
Using SASE in a Modern TIC 3.0 Solution
FOE
Dark Reading
Apple's MacOS Gap Lets Users Disable Security Tools
FOE
SecurityWeek
Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed
FOE
The Register (Security)
London cops bring live facial recognition to West End
FOE
SecurityWeek
New ‘Mistic’ RAT Opens Door to Several Ransomware Families
FOE
CSO Online
Attackers exploit Cisco Unified CM flaw weeks after patch release
FOE
The Hacker News
Dawn of the Apex Agentic Adversary
FOE
Schneier on Security
Embedding Forbidden Text in Spyware to Discourage AI Analysis
FOE
SecurityWeek
Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking
FOE
Bleeping Computer
Stealthy Mistic backdoor linked to ransomware access broker KongTuke
FOE
CSO Online
How a malicious AI agent skill passed security checks and reached 26,000 users
FOE
SecurityWeek
BeyondTrust, LastPass Impacted by Klue-Salesforce Incident
FOE
CSO Online
Kahneman, ‘Where’s Waldo’ and the Nexus pass: A CISO’s mental model for the AI era
FRIEND
The Hacker News
DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering
FRIEND
SecurityWeek
Webinar Today: Modern Exposure Validation in the AI Era
FRIEND
CSO Online
AI-SPM buyer’s guide: 14 tools to secure your AI infrastructure
FOE
The Hacker News
Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root
FOE
SANS Internet Storm Center
Linux Process Name Masquerading, (Wed, Jun 24th)
FOE
Risky Business News
Risky Bulletin: The FortiBleed incident is so much worse than a simple credentials leak
FOE
SecurityWeek
Hackers Exploiting Cisco Unified CM Vulnerability
FOE
The Register (Security)
You have got to be KDDI-ng – Japanese telco exposes 14.2 million managed email credentials
FOE
SecurityWeek
Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official Says
FOE
CSO Online
Meta pauses employee monitoring program after data protections fail
FOE
CSO Online
Hole in widely-used FFmpeg codec could crash media servers or enable RCE
FOE
Ars Technica (Security)
White House drastically shortens deadline for dropping quantum-vulnerable crypto
FOE
Bleeping Computer
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
FOE
Bleeping Computer
Tata Electronics confirms cyberattack as hackers leak data
FOE
Dark Reading
Scope of Salesforce Attacks Expands as Icarus Leaks Data
FRIEND
Bleeping Computer
Windows 11 KB5095093 update rolls out new Point-in-Time restore feature
FOE
Bleeping Computer
Healthtech firm Xolis suffers data breach impacting 1.4 million people
FOE
The Intercept (Privacy)
Prairieland Defendant Sentenced to 30 Years in Prison for Moving a Box of Antifascist Zines
FOE
Dark Reading
'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows
FOE
Bleeping Computer
New macOS ClickFix attack silently mounts DMGs to push infostealer
FRIEND
CSO Online
Trump sets post-quantum crypto deadlines, launches broader federal quantum initiative
FOE
The Hacker News
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
FOE
The Register (Security)
Mythos discovers 'Squidbleed,' a memory leak that's gone undetected since Clinton era
FRIEND
SecurityWeek
Dragos Unveils AI for OT Security
FRIEND
Krebs on Security
Scattered Spider Hackers Plead Guilty on Day 1 of Trial
FOE
SecurityWeek
Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps
FOE
Bleeping Computer
Scattered Spider members plead guilty to hacking Transport for London
FOE
The Hacker News
Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
FRIEND
The Hacker News
Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration
FRIEND
Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: We need more apples
FRIEND
The Hacker News
GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
FOE
Bleeping Computer
The Exploit Doesn't Exist. You Can Still Prove It Works Against You
FOE
Bleeping Computer
LastPass confirms data breach in Klue supply chain attack
FOE
Dark Reading
SocGholish Takedown Highlights Malicious TDS Threats
FOE
SecurityWeek
Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks
FRIEND
SecurityWeek
CISO Conversations: Carl Froggett – Combining CISO and CIO at Deep Instinct
FOE
Dark Reading
FortiBleed Attackers Turn Firewalls Into Credential Stealers as Heists Persist
FRIEND
Bleeping Computer
Webinar: Why email security teams are drowning in alerts
FOE
CSO Online
Unpatched SharePoint servers opened the door to multiple attackers, Microsoft finds
FRIEND
SecurityWeek
Algerian Man Extradited to US for Running Cybercrime Marketplaces
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: Do not overfill
FOE
CISA Alerts
CISA Adds Four Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
Hubbell Aclara Metrum Cellular Web Interface
FOE
CISA Alerts
Siemens WinCC Certificate Manager
FOE
CISA Alerts
ABB Freelance Security Lock
FOE
CISA Alerts
Siemens SINEC INS
FOE
CISA Alerts
Siemens SIPROTEC 5 Using DIGSI5 Protocol
FOE
CISA Alerts
Siemens Products using OpenSSL
FOE
CISA Alerts
Impact of Linux Kernel vulnerabilities on B&R products
FOE
SecurityWeek
FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances
FOE
The Hacker News
Agentic AI: The Weapon That No Longer Needs a Warrior
FRIEND
SecurityWeek
OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery
FOE
Schneier on Security
Anthropic’s Fable 5 Model Jailbroken Within Days
FRIEND
CSO Online
OpenAI rolls out AI-led push to fix open-source software flaws
FOE
SecurityWeek
Russian Initial Access Broker Behind FortiBleed Campaign
FOE
SecurityWeek
Canadian Electricity Provider London Hydro Discloses Data Breach
FOE
The Hacker News
Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT
FRIEND
SecurityWeek
Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration
FRIEND
CSO Online
Cybersecurity is no longer about protection. It’s about survival.
FOE
SecurityWeek
Xsolis Data Breach Affects 1.4 Million Individuals
FOE
The Hacker News
WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
FOE
The Register (Security)
Five Eyes spooks warn AI means infosec incidents can become ‘major operational and financial crises’
FRIEND
The Hacker News
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
FOE
SANS Internet Storm Center
CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration., (Tue, Jun 23rd)
FOE
CSO Online
Change your cyber risk strategy to meet AI threats, Five Eyes countries warn CSOs
FRIEND
The Register (Security)
Sniff out stale AI override advice with this open source CLI
FRIEND
Sophos News
The Cybersecurity Poverty Line: Why it exists and why Sophos exists to erase it
FOE
CISA KEV
CVE-2025-67038: Lantronix EDS5000 Code Injection Vulnerability
FOE
CISA KEV
CVE-2026-34909: Ubiquiti UniFi OS Path Traversal Vulnerability
FRIEND
CSO Online
GitHub Actions hardens checkout security to block ‘pwn request’ attacks
FRIEND
The Register (Security)
OpenAI: Yoo-hoo, look over here, we do that security stuff too!
FOE
Bleeping Computer
WhatsApp phishing attack uses fake business docs to hack PCs
FOE
Bleeping Computer
JaredFromSubway MEV bot hacked in $15 million crypto theft
FOE
Dark Reading
DifyTap Bugs Let Attackers 'Wiretap' AI Chat Histories
FOE
Bleeping Computer
FFmpeg fixes PixelSmash flaw in widely used video decoder
FRIEND
The Register (Security)
Cloudflare teams up with big browsers to help websites tell welcome from unwelcome visitors
FOE
Bleeping Computer
FortiBleed campaign used custom FortiGate sniffer to steal credentials
FOE
The Register (Security)
Security shops among the 'hundreds' of Klue hack victims
FRIEND
EPIC
PRESS RELEASE: Federal Judge Shuts Down Trump-Vance Voter Purge Database
FRIEND
EPIC
PRESS RELEASE: Federal Judge Shuts Down Trump-Vance Voter Purge Database
FRIEND
Ars Technica (Security)
Following user outcry, AMD reinstates memory encryption in consumer CPUs
FOE
The Hacker News
ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack
FRIEND
Bleeping Computer
Microsoft says Windows 11 26H2 is coming soon, details upgrade process
FOE
Bleeping Computer
Microsoft fixes AutoGen Studio flaw that enabled code execution
FRIEND
CSO Online
AWS Continuum offers devs help with securing code
FOE
CSO Online
Klue breach exposed Salesforce CRM data through stolen OAuth tokens
FOE
The Hacker News
Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
FOE
Dark Reading
Crypto Heist Fueled by Elaborate Fake Reputation-Boosting Campaign
FOE
EPIC
EPIC, NCLC Object to Proposed CFPB Recordkeeping Change That Would Jeopardize Worker Privacy
FOE
The Hacker News
29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests
FOE
The Register (Security)
Canadian utility fesses up to data breach, but key details remain off-grid
FOE
Dark Reading
He Thought He Was Secure; His Phone Number Got Stolen Anyway
FOE
SANS Internet Storm Center
Webshells Remain Popular, (Mon, Jun 22nd)
FOE
Bleeping Computer
A Glimpse into the “Search Your Target” Market for Stolen Credentials
FOE
SecurityWeek
Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data
FOE
The Hacker News
New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer
FOE
The Register (Security)
Brazil probes emergency warning system after nationwide rogue alert
FOE
The Hacker News
Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: It might eventually work
FOE
The Hacker News
Stop Your Legacy Infrastructure from Hijacking Your AI Agents
FOE
SecurityWeek
Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data
FOE
The Register (Security)
Health board apologizes for phishing staff with with bogus vacation day
FOE
SecurityWeek
North Korean Hackers Blamed for Mastra NPM Supply Chain Attack
FOE
Schneier on Security
Professional Athletes and Wearables
FOE
The Hacker News
⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
FOE
SecurityWeek
What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks
FOE
SecurityWeek
New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones
FOE
The Register (Security)
Gizmodo readers hit with ClickFix malware prompts after account compromise
FOE
SecurityWeek
Fortinet Responds to FortiBleed Campaign
FRIEND
The Hacker News
Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices
FOE
SecurityWeek
More Cybersecurity Firms Disclose Impact From Klue Hack
FRIEND
CSO Online
Anatomy of a retail ransomware attack: Tabletop simulates modern mayhem methods
FRIEND
CSO Online
6 security leader tips for mastering business risk
FOE
The Hacker News
AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network
FOE
The Hacker News
INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific
FOE
SecurityWeek
Texas Parks & Wildlife Data Breach Affects 3 Million Individuals
FOE
Risky Business News
Risky Bulletin: Klue breach impacts security firms
FRIEND
CSO Online
Why Southeast Asia CISOs Need Zero Trust as Their AI Control Plane – AI Agents, Data Borders and Supply Chains
FRIEND
Sophos News
Introducing Sophos Firewall Config Studio 2.6
FOE
Bleeping Computer
AryStinger botnet infected thousands of D-Link routers worldwide
FOE
Bleeping Computer
New Prinz Eugen ransomware prioritizes recent files for encryption
FOE
The Register (Security)
Why Amazon hates 'human-in-the-loop' AI governance
FOE
Bleeping Computer
Microsoft links Mastra AI supply chain attack to North Korean hackers
FOE
The Hacker News
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
FOE
SecurityWeek
French President Urges US to Share Cutting-Edge AI and Democracies to Cooperate on Regulation
FOE
The Intercept (Privacy)
FBI Tried to Flip Anti-ICE Protesters Into Informants
FOE
Bleeping Computer
Klue OAuth breach victim list grows as Icarus hackers claim attack
FRIEND
Schneier on Security
Friday Squid Blogging: Victims of Unregulated Squid Fishing
FOE
Bleeping Computer
Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin
FOE
CSO Online
Threat actor adds advanced ‘EDR killer’ tools to ransomware-as-a-service platform
FOE
The Hacker News
Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
FOE
The Hacker News
The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes
FOE
Bleeping Computer
Texas govt data breach exposes over 3 million driver’s licenses
FOE
The Register (Security)
Researchers drop checkm8-style BootROM exploit for A12 and A13 iPhones
FOE
The Hacker News
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
FOE
SecurityWeek
In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum
FOE
The Hacker News
Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites
FOE
CSO Online
Microsoft broke some OLE automations with latest Windows update
FOE
The Hacker News
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices
FRIEND
Privacy International
Key highlights of our 2026 results by season
FOE
Bleeping Computer
Every AI Agent Is an Identity. Most Organizations Don't Treat Them That Way
FOE
The Register (Security)
Everything's bigger and better in Texas – even data breaches
FOE
Dark Reading
Stressors, AI Forcing Changes to Cybersecurity Teams
FRIEND
Bleeping Computer
Webinar: How attackers bypass MFA and how defenders can respond
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: That explains the neon LEDs
FRIEND
The Hacker News
From Assistive to Agentic: The AI Shift That's Redefining Threat Management
FOE
Bleeping Computer
Microsoft: June 2026 Windows updates break Recycle Bin prompts
FOE
SecurityWeek
CryptoBandits Malware Doubles as a Backdoor, Abuses Tor
FOE
The Register (Security)
Britain's privacy watchdog quits after 'poor judgment' admission
FOE
Schneier on Security
Anthropic’s Fable and the State of AI
FOE
The Register (Security)
Rights groups brand Home Office's AI age guesser for asylum-seekers as biased and inaccurate
FOE
SecurityWeek
FortiBleed: 86,000 Fortinet Device Credentials Compromised
FOE
Bleeping Computer
CISA: Splunk Enterprise flaw actively exploited, patch by Sunday
FOE
The Hacker News
Forget Data Leakage: Shadow AI's Real Threat Is Access Control
FRIEND
CSO Online
Breaking the SOC triangle: How AI reshapes security operations trade-offs
FOE
EFF Deeplinks
The UK’s New Under-16 Social Media Ban Will Cause More Harm Than It Prevents
FOE
EFF Deeplinks
EFF Joins 60+ Groups Urging the UK to Halt Face Estimation at the Border
FOE
SecurityWeek
Cybersecurity Firms Impacted by Klue Supply Chain Attack
FOE
The Hacker News
Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data
FRIEND
CSO Online
Security considerations for adopting Claude Code and Cowork for SMBs
FOE
Bleeping Computer
NY man charged after harassing college student with AI-generated nudes
FOE
CSO Online
Microsoft says web-enabled AI agents can trigger host-level RCE
FRIEND
SecurityWeek
Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC
FOE
SANS Internet Storm Center
eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address, (Fri, Jun 19th)
FOE
CSO Online
M365 Copilot SearchLeak: Your prompt injection attack surface just got bigger
FOE
Bleeping Computer
CISA warns Fortinet users to secure devices after FortiBleed leak
FOE
SecurityWeek
15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown
FOE
The Hacker News
Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone
FOE
Risky Business News
Risky Bulletin: Canada’s spy agency allowed to remove a botnet from Canadian devices
FOE
SecurityWeek
Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure
FOE
CSO Online
Oracle releases 245 new security patches, all rated ‘high-priority security’
FOE
Ars Technica (Security)
Microsoft discovers new lightweight backdoor that steals cryptocurrency
FOE
EFF Deeplinks
Canada Is Forging Ahead with Its Dangerous Surveillance Bill
FOE
Bleeping Computer
Gentlemen ransomware uses multiple EDR killers to disable defenses
FRIEND
EFF Deeplinks
EFF Thanks SerpApi For Helping Us Protect Free Speech Online
FRIEND
EPIC
EPIC Supports California Kids Online Safety Bill if Lawmakers Remove Social Media Ban
FRIEND
Professor Messer
Professor Messer’s N10-009 Network+ Study Group – June 2026
FOE
Dark Reading
Novo Nordisk Breach Exposes Software Development Pipeline Risk
FRIEND
EFF Deeplinks
Call for Submissions: Digital Pride
FOE
Ars Technica (Security)
Apple patches high-severity eavesdropping vulnerability in Beats Studio Buds
FOE
EFF Deeplinks
A New Bill Takes Aim at Government Pressure to Silence Lawful Online Speech
FRIEND
EFF Deeplinks
Court Records Should Be Free
FOE
Dark Reading
Operation Escaneo Signals Shift in LatAm Threat Landscape
FRIEND
EFF Deeplinks
Field Notes from a Year of OPSEC Training
FOE
EFF Deeplinks
AI Regulation Should Be Rational, Not Retaliatory
FOE
Bleeping Computer
Nintendo confirms data stolen in WebMD subsidiary cyberattack
FOE
Dark Reading
FIFA Bug Exposes World Cup Streams to Remote Takeover
FOE
Krebs on Security
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
FOE
The Hacker News
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
FOE
SecurityWeek
Majority of Internet-Accessible REDCap Servers Outdated
FOE
The Intercept (Privacy)
Undercover Cops Infiltrated Delaney Hall ICE Protest to Spy and Make Arrest
FOE
Dark Reading
Salesforce Data Thefts Continue via Klue App Compromise
FOE
EPIC
The Verge: The midterms are going to be a data security nightmare
FOE
Bleeping Computer
USB worm spreads crypto-stealing malware via Windows shortcut files
FOE
The Hacker News
ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: It’s more of a direct deposit
FOE
The Register (Security)
Google told researcher 'Nice catch!' Then denied bug bounty for flaw it still hasn't fixed
FOE
EPIC
EPIC Endorses Federal Bills Barring Worker Surveillance, Automated Workplace Decisions
FOE
The Hacker News
Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
FOE
Bleeping Computer
Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks
FOE
The Hacker News
INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
FOE
Bleeping Computer
5 reasons Microsoft 365 backup isn’t enough for business data protection
FOE
The Hacker News
DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic
FOE
Bleeping Computer
Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp
FRIEND
SecurityWeek
Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push
FRIEND
Dark Reading
Get Out of Security Debt by Tackling the Exposure Problem
FOE
Bleeping Computer
ShapedPlugin update flow hacked to infect WordPress sites
FOE
SecurityWeek
No Exploits Required
FOE
CSO Online
Attackers abuse Google Ads, GitLab, and Claude to deliver malware
FOE
Bleeping Computer
Apple fixes Beats Studio Buds flaw that let hackers spy on conversations
FOE
Bleeping Computer
Telegram admits it couldn't police exam-leak channels, India tells court
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: It works for everything
FOE
CISA Alerts
CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
AzeoTech DAQFactory
FOE
CISA Alerts
AVer PTC cameras
FOE
CISA Alerts
Mitsubishi Electric MELSEC iQ-F Series
FOE
CISA Alerts
Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT
FOE
CISA Alerts
Mitsubishi Electric Co.'s MELSEC iQ-F Series FX5-ENET/IP Ethernet Module
FOE
CISA Alerts
Schneider Electric EasyLogic T150 and Saitel DP
FOE
CISA Alerts
Rockwell Automation FactoryTalk Historian Site Edition
FOE
CISA Alerts
Schneider Electric Easergy, EcoStruxture, PowerLogic, and Saitel Products
FOE
The Hacker News
Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network
FRIEND
SecurityWeek
Dream Raises $260 Million at $3 Billion Valuation
FOE
Bleeping Computer
F5 issues out-of-band patches for critical NGINX vulnerabilities
FOE
CSO Online
FortiBleed campaign exposes 75,000 Fortinet firewalls worldwide
FOE
Schneier on Security
Embedding Forbidden Text in Spyware to Discourage AI Analysis
FOE
The Hacker News
The Scripts on Your Checkout Page Are Now a PCI DSS Problem
FOE
SecurityWeek
Atlassian, Splunk Patch Critical Vulnerabilities
FRIEND
CSO Online
New CISO appointments 2026
FOE
SecurityWeek
Rokarolla Banking Trojan Targets 200 Applications
FOE
SecurityWeek
Critical Command Execution Vulnerability Patched in Cisco ISE
FRIEND
Bleeping Computer
Microsoft fixes Windows Server 2016 security update failures
FOE
The Intercept (Privacy)
Israel Asked Facebook to Censor Iran War Content, Internal Documents Show
FOE
SecurityWeek
F5 Patches Critical, High-Severity NGINX Vulnerabilities
FRIEND
CSO Online
5 new security operations roles the AI-SOC will create
FOE
CSO Online
Cybersecurity was built for predictable systems. AI changes the rules
FRIEND
SecurityWeek
SailPoint to Acquire Entro in Reported $200 Million Deal
FOE
SecurityWeek
Kodak Admits Data Breach After ShinyHunters Hack Claims
FOE
The Register (Security)
Major US carrier stored credit card info in the clear, employee learned on first day
FRIEND
OWASP Blog
Aikido and OWASP bring agentic Code Audit to the global AppSec community
FOE
The Register (Security)
Welcome to your new telco job – here's sudo access to a database with full customer info stored in the clear
FRIEND
Dark Reading
EU Gets a Head Start in Developing 6G Network Security
FOE
Risky Business News
Srsly Risky Biz: Anthropic Lacks Emotional Intelligence
FOE
The Intercept (Privacy)
Senate Democrats Aren’t Happy About Trump’s Spy Law Ultimatum
FOE
The Register (Security)
Cyber offenses now account for around a third of all crime across Asia and South Pacific
FOE
SANS Internet Storm Center
The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th)
FOE
EPIC
Vermont Governor Signs Data Privacy Bill
FOE
Bleeping Computer
Leak confirms OpenAI is testing a ChatGPT for Science subscription
FOE
CISA KEV
CVE-2026-20253: Splunk Enterprise Missing Authentication for Critical Function Vulnerability
FOE
EFF Deeplinks
The Free and Open Web Is Under Attack at the IETF
FOE
Bleeping Computer
Google to use UK and EU user IP addresses for ad personalization
FOE
EFF Deeplinks
The NO FAKES Act Could Silence Satire, Commentary, And News
FOE
Ars Technica (Security)
Massive breach spills credentials for thousands of sensitive networks
FOE
Dark Reading
INC Ransomware Thrives by Mastering the Basics
FOE
The Hacker News
Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments
FOE
Ars Technica (Security)
"Dangerous" AI models are coming no matter what
FOE
The Hacker News
Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development
FOE
The Register (Security)
Massive password-stealing attack hits 75k Fortinet firewalls
FOE
SANS Internet Storm Center
The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary], (Wed, Jun 17th)
FOE
The Hacker News
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
FOE
The Intercept (Privacy)
Trump’s Spaghetti-Against-the-Wall Indictment Against ICE Protesters — and How to Fight It
FOE
Bleeping Computer
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
FRIEND
The Register (Security)
Digital sovereignty needs an operating model
FRIEND
CSO Online
Estonia plans government IDs giving AI agents rights and responsibilities
FOE
The Intercept (Privacy)
How Did the Feds Get Into Anti-ICE Activists’ Signal Messages?
FOE
SecurityWeek
Webinar Today: How Modern Breaches Bypass MFA and Evade Detection
FOE
Bleeping Computer
Why Account Takeovers Are Rising and How to Stop Them
FOE
The Register (Security)
Cisco adds another SD-WAN box to max-severity bug advisory
FRIEND
EPIC
EPIC Testifies in Support of NYC Surveillance Pricing Ban
FRIEND
The Register (Security)
Homebrew 6.0 released with new security mechanism, Linux sandbox and more
FOE
Bleeping Computer
India's Telegram ban hit the UAE too. Here's how to get around it
FRIEND
Black Hills Information Security
Everyone’s Selling AI That Kills Pentesting. We Built One That Doesn’t.
FRIEND
SecurityWeek
1Password Acquires Apono in Reported $250M-$300M Deal
FOE
Privacy International
World Food Programme expand Palantir partnership
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: It’s all relative
FRIEND
SecurityWeek
Tenet Security Emerges From Stealth With $6 Million Seed Funding
FRIEND
The Hacker News
Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization
FOE
Bleeping Computer
Microsoft confirms Office apps launch issues after June updates
FOE
CSO Online
Google’s Vertex AI SDK could allow RCE through bucket squatting
FOE
SecurityWeek
Rockwell Automation Patches Vulnerabilities in ICS Controllers and Software
FOE
Dark Reading
Sweeping Credential-Harvesting Heist Compromises +30K Fortinet Devices
FOE
Ars Technica (Security)
Windows and Linux users: The deadline to update Secure Boot keys is near
FOE
Schneier on Security
AI Use by the US Government
FOE
The Register (Security)
Helpdesk scammers are making house calls to make their lies feel more real
FOE
SecurityWeek
Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack
FOE
The Hacker News
The Top 10 Attack Surface Exposures in 2026
FOE
The Intercept (Privacy)
Are Jeffies and Schumer Getting Ready to Greenlight Domestic Spy Power for Trump?
FOE
Bleeping Computer
CISA orders feds to patch max severity Joomla plugin flaw by Friday
FOE
SecurityWeek
Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day
FOE
The Hacker News
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats
FOE
Privacy International
Time to address the human rights implications of AI in the military domain
FOE
SecurityWeek
Oracle’s Second Monthly Security Updates Deliver 245 Patches
FRIEND
CSO Online
5 AI risk management frameworks for shoring up key gaps
FOE
CSO Online
What 22,000 breaches teach us about incident preparedness
FOE
Bleeping Computer
Microsoft working on Defender patch for RoguePlanet zero-day
FOE
SecurityWeek
Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities
FOE
Dark Reading
UK Social Media Ban for Minors Has Privacy Experts Worried
FOE
The Hacker News
144 Mastra npm Packages Compromised via Hijacked Contributor Account
FOE
SecurityWeek
Joomla, LiteSpeed Vulnerabilities Exploited in Attacks
FOE
Bleeping Computer
Kodak confirms data breach claimed by ShinyHunters extortion gang
FOE
SecurityWeek
3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs
FOE
The Hacker News
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
FOE
Risky Business News
Risky Bulletin: China arrests members of Silver Fox cybercrime group
FOE
CSO Online
Microsoft says you don’t need another email security tool; experts say, not so fast
FOE
The Register (Security)
Cyberattack sees crops kept in the ground
FOE
Sophos News
AI in the underground: Curiosity, claims, and concerns
FOE
Dark Reading
Security Community Slams US Ban on Exporting Mythos, Fable
FOE
Dark Reading
Fileless Phantom Stealer Targets Browser Credentials
FOE
Bleeping Computer
Malicious JetBrains Marketplace plugins steal AI API keys from developers
FOE
The Register (Security)
Python dev saved from disaster by intuition... and AI
FRIEND
The Register (Security)
Python dev saved from disaster by intuition...and AI
FOE
Bleeping Computer
New Rokarolla Android malware targets 217 banking, crypto apps
FOE
Dark Reading
SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection
FOE
The Hacker News
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
FRIEND
EFF Deeplinks
Onward, Friends
FOE
Bleeping Computer
Steam Workshop abused to spread malware via Wallpaper Engine app
FOE
The Register (Security)
Three critical Fortinet sandbox bugs splattered by unknown attackers
FOE
The Hacker News
ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
FOE
Dark Reading
Rokarolla Android Trojan Levels Up to Full Device Control, Persistence
FRIEND
EPIC
Straight Arrow News: Missouri targets baby monitor company over China ties
FOE
Dark Reading
'Lorem Ipsum' Malware Pivots to ClickFix Delivery
FOE
SecurityWeek
iRhythm Confirms Data Stolen in Hack
FRIEND
Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: Not enough commas
FOE
The Register (Security)
Crooks found a new way to collaborate using Teams – by hiding command-and-control traffic
FOE
Bleeping Computer
UK to require ID or face scan before you can make social media accounts
FRIEND
SecurityWeek
Hacker Conversations: Isira Adithya, the Evolution of an Ethical Hacker
FOE
Bleeping Computer
GhostTree Attack Abused Recursive Windows Junctions to Hide Malware
FOE
Bleeping Computer
FTC warns of record $3.5 billion losses to imposter scams in 2025
FRIEND
SecurityWeek
Magnitude Emerges From Stealth Mode With $10 Million in Funding
FOE
SecurityWeek
AI and Cybersecurity – Everything You Wanted to Know, But Were Afraid to Ask
FOE
The Hacker News
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
FRIEND
SecurityWeek
Endpoint Security Startup Ent Emerges From Stealth With $100 Million Seed Round
FOE
SecurityWeek
Cybercrime Group Claims Novo Nordisk Hack
FRIEND
SecurityWeek
Can CISOs Trust Their Applications? TrustCloud Wants to Replace the Questionnaire
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Certainly someone will know
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
Rockwell Automation RSLinx
FOE
CISA Alerts
Rockwell Automation FactoryTalk Analytics PavilionX
FOE
CISA Alerts
Rockwell Automation Logix 5370 & 5570 Controllers Vulnerable To Denial of Service Via CIP
FOE
CISA Alerts
Rockwell Automation FLEX I/O EtherNet/IP Adapters
FOE
CISA Alerts
Rockwell Automation CompactLogix
FOE
SecurityWeek
Cal Water Investigating Iranian Hackers’ Claims
FOE
CSO Online
China-linked hackers target US, Canada research using legacy REDCap exploits
FOE
The Register (Security)
Cardiac monitor maker's security skips a beat as data thieves go for the jugular
FRIEND
SecurityWeek
White House Issues Memo to Bolster NSS Cybersecurity
FOE
The Hacker News
Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive
FOE
Ars Technica (Security)
Critical Copilot vulnerability allowed hackers to seal 2FA code from users
FOE
Schneier on Security
Flock Cameras Are Being Used for Stalking
FOE
SecurityWeek
Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages
FOE
Bleeping Computer
CISA warns of another cPanel plugin flaw exploited in attacks
FOE
The Hacker News
Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week
FOE
SecurityWeek
Cybersecurity Executives Urge the Trump Administration to Ease Restrictions on Anthropic AI Models
FOE
Bleeping Computer
Ransomware gang abuses Microsoft Teams relays to hide malicious traffic
FOE
CSO Online
Cisco patches SD-WAN flaw amid evidence of active exploitation
FOE
The Hacker News
China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth
FRIEND
SecurityWeek
Tech Coalition ‘Athena’ Targets OSS Vulnerabilities Ahead of Disclosure
FOE
Bleeping Computer
Critical Fortinet FortiSandbox flaws now exploited in attacks
FOE
Bleeping Computer
Windows version of SprySOCKS Linux malware used to attack govt orgs
FOE
CSO Online
Zero trust isn’t broken. Most companies just do it wrong.
FOE
The Hacker News
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
FOE
SANS Internet Storm Center
From a VHDX File to a Remcos RAT, (Tue, Jun 16th)
FOE
Bleeping Computer
iRhythm discloses data breach, says hackers stole patient info
FOE
SecurityWeek
Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks
FOE
The Hacker News
Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw
FOE
The Hacker News
CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
FOE
CISA KEV
CVE-2026-48907: Widget Factory Joomla Content Editor Improper Access Control Vulnerability
FRIEND
Sophos News
A needle in a stack of needles: Hunting infostealers with AI
FRIEND
EFF Deeplinks
EFFecting Change: LGBTQ+ Solidarity Against the Tide of Surveillance
FOE
Bleeping Computer
DOJ seizes CFAKE, SOCFAKE deepfake nude sites under TAKE IT DOWN Act
FOE
The Register (Security)
Cisco SD-WAN make-me-root bug under attack
FOE
The Register (Security)
Feds freaked over Fable 5 after simple 'fix this code' prompt, not jailbreak, says researcher
FOE
Bleeping Computer
SimpleHelp bug lets hackers create rogue remote support accounts
FOE
The Hacker News
Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
FOE
The Hacker News
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
FOE
Dark Reading
HTTP/2 Bomb Attacks Put Telcos, Healthcare Orgs at Risk
FOE
Dark Reading
Copilot 'SearchLeak' Attack Allows 1-Click Data Theft
FOE
Ars Technica (Security)
Users cry foul after AMD stripped memory crypto from its consumer CPUs
FOE
The Register (Security)
Council of Europe hacked in ShinyHunters' PeopleSoft heist
FOE
Bleeping Computer
OptinMonster WordPress plugin hacked in CDN supply-chain attack
FOE
Bleeping Computer
Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks
FOE
Dark Reading
China-Nexus Actor Spy on US Researchers Undetected for a Year
FOE
The Register (Security)
Feds snooze as US datacenter law set to lapse with no replacement in site
FOE
Dark Reading
Most CISOs Report Pressure to Bury Bad Security News
FOE
The Hacker News
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
FOE
Bleeping Computer
Council of Europe investigates ShinyHunters data breach claims
FOE
EPIC
Votebeat: Trump’s moves to erect voting hurdles face race against the clock
FRIEND
BrightTALK InfoSec
10 Common Sense Solutions to App Sec Challenges -- AI Not Required
FOE
The Register (Security)
Microsoft site throwing warnings after someone forgot to renew cert
FOE
Bleeping Computer
FBI: Fraudsters use couriers to steal money in crypto scams
FOE
SecurityWeek
Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer
FOE
The Hacker News
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
FRIEND
Dark Reading
The Beginning of the End of Social Engineering
FOE
SecurityWeek
Chinese Hackers Target Medical, Military, and AI Research in North America
FOE
Bleeping Computer
Vibe coders are gonna vibe code: How CISOs are tackling code sprawl
FOE
The Register (Security)
PRC-linked spies hid inside medical and military networks for more than a year, snooping through Gmail and stealing data
FOE
Bleeping Computer
Chinese hackers breach REDCap servers, steal medical research
FOE
The Hacker News
⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
FOE
The Register (Security)
Arch Linux locks down AUR signups amid wave of malicious commits
FOE
Bleeping Computer
New attack turned Microsoft 365 Copilot into 1-click data theft tool
FRIEND
SecurityWeek
NewCore Emerges From Stealth Mode With $66 Million in Funding
FOE
CSO Online
Langflow RCE under active attack months after a patch was shipped
FOE
Bleeping Computer
Infinite Campus data breach affects 137,000 school staff accounts
FOE
Dark Reading
US Cracks Down on Anthropic AI Models Amid Abuse Concerns
FRIEND
Bleeping Computer
Webinar: How behavioral AI stops phishing and account takeovers
FOE
CSO Online
Attackers can turn AI agent guardrails into denial-of-service weapons
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: This won’t take a second
FOE
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE
SecurityWeek
Ukrainian Man Pleads Guilty in US to Conti Ransomware Charges
FOE
The Hacker News
The Onboarding Password Mistake That Creates Unnecessary Risk
FOE
SecurityWeek
Ozempic Maker Novo Nordisk Says Hackers Breached IT Systems
FOE
SecurityWeek
French Government Messaging Platform Breached by Mysterious ‘Misere’ Hacker
FOE
The Hacker News
152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic
FOE
Schneier on Security
The FCC Wants to Eliminate Burner Phones
FOE
SecurityWeek
ShinyHunters Claims Council of Europe Hack
FOE
CSO Online
Governing the ghost workforce
FOE
The Hacker News
Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites
FOE
SecurityWeek
FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service
FOE
CSO Online
5 runtime signals for catching a compromised AI agent
FOE
CSO Online
Sovereign cloud won’t fix your AI risk. Identity governance will
FOE
SecurityWeek
Maine Disables Data Breach Portal Due to Fake Submissions
FOE
SANS Internet Storm Center
Evil MSI Background: BASE64 Statistical Analysis, (Mon, Jun 15th)
FOE
The Hacker News
Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts
FOE
The Hacker News
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
FOE
Risky Business News
Risky Bulletin: Arch Linux supply chain attack spreads to 1,900+ AUR packages
FOE
CISA KEV
CVE-2026-54420: LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
FOE
CISA KEV
CVE-2026-20262: Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability
FRIEND
Schneier on Security
Upcoming Speaking Engagements
FOE
Bleeping Computer
FBI disrupts massive AI-powered phishing service using a million URLs
FOE
The Intercept (Privacy)
Civil Records for Hundreds of Thousands of Lebanese Could Be Wiped Out By Israel’s Total War
FOE
The Register (Security)
AI is code – and can't be prompted into being smarter
FOE
Bleeping Computer
Ex-school district employee jailed for hacks on former employer
FRIEND
SecurityWeek
NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks
FOE
Bleeping Computer
Chinese hackers hijack auth flow, spy on isolated network for a decade
FOE
The Hacker News
Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
FOE
Bleeping Computer
US Gov asks Anthropic to ban 'foreign national' access to Fable, Mythos
FOE
SecurityWeek
Anthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export Controls
FOE
The Hacker News
U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals
FOE
EFF Deeplinks
Victory! 702 has Expired!
FRIEND
The Register (Security)
NanoClaw now armed with JFrog for safer packages
FOE
CSO Online
GreatXML zero-day BitLocker bypass doesn’t seem to work, yet
FRIEND
Schneier on Security
Friday Squid Blogging: Squid-Inspired Fluid Pump
FOE
Dark Reading
ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed
FOE
Bleeping Computer
Maine disables data breach notification portal after fake disclosures
FOE
The Hacker News
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
FOE
Ars Technica (Security)
PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data
FOE
The Hacker News
400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer
FOE
The Hacker News
Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing
FOE
The Register (Security)
Fired IT worker jailed for 21 months after sabotaging old school district
FOE
Bleeping Computer
phpBB forum fixes auth bypass bug lurking for a decade
FOE
The Hacker News
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
FOE
EPIC
Council of the EU Must Prevent GDPR Changes From Eroding Privacy Rights, EPIC, Coalition Urge
FOE
Bleeping Computer
Ukrainian national pleads guilty to role in Conti ransomware operation
FOE
The Intercept (Privacy)
ICE Should Show It Hasn’t Been “Infiltrated by Violent Extremists,” Senator Urges
FOE
Bleeping Computer
Over 400 Arch Linux packages compromised to push rootkit, infostealer
FOE
SecurityWeek
In Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine
FOE
CSO Online
Warrantless wiretaps cut off for a week following US Congress vote
FOE
CSO Online
French government’s secure messaging system breached
FRIEND
EPIC
EPIC Supports Delaware Bill to Expand State’s Privacy Law
FOE
Bleeping Computer
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
FOE
The Register (Security)
Novo Nordisk reports cyberattack as UK gives Wegovy pill the nod
FOE
The Register (Security)
Microsoft has mostly repaired flaw in Surface hardware that allowed unprotected devices to be bricked by a single packet
FOE
The Register (Security)
Microsoft has mostly repaired a flaw in Surface hardware that allowed unprotected devices to be bricked by a single packet
FRIEND
Dark Reading
Claude Fable 5 Doesn't Change the Mythos Security Story
FOE
SecurityWeek
Industry Reactions to Claude Fable 5: Feedback Friday
FOE
The Register (Security)
Google fires sueball at alleged Chinese phishers over AI-powered fraud ops
FOE
The Hacker News
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Bob is always in there
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FRIEND
Bleeping Computer
Microsoft fixes Windows update failures linked to WUSA installer
FOE
SecurityWeek
Iranian Cyber Group Handala Claims Cal Water Hack
FOE
Schneier on Security
Bernie Sanders’ AI Sovereign Wealth Fund Plan
FOE
The Hacker News
Rethinking MDR as Attackers and Defenders Embrace AI
FOE
The Register (Security)
Plymouth council exposes hundreds in latest local government email gaffe
FRIEND
The Register (Security)
UK digital ID gets brain trust to 'challenge' ministers on policy
FOE
Bleeping Computer
Pharma giant Novo Nordisk discloses breach of clinical trials data
FOE
CSO Online
Prompt injection breaks today’s AI agents, study warns
FOE
The Hacker News
LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution
FOE
SecurityWeek
Ivanti Sentry Exploitation Attempts Hitting Honeypots
FOE
SecurityWeek
Chrome 149 Update Patches 28 Vulnerabilities
FRIEND
The Register (Security)
BOFH: For one ambitious security type, chaos is a ladder
FOE
CSO Online
Oracle PeopleSoft zero‑day fuels ShinyHunters extortion spree
FOE
CSO Online
AI is exposing the biggest weakness in cybersecurity: We never built a health model. Until now!
FOE
The Hacker News
INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator
FOE
SecurityWeek
Anthropic Disputes Fable 5 AI Jailbreak
FOE
Bleeping Computer
CISA orders feds to patch actively exploited Ivanti flaw by Sunday
FOE
CSO Online
‘Harvest now, decipher later’: The quantum threat few are preparing for
FOE
Bleeping Computer
Over 73,000 French govt employees affected in Tchap messenger breach
FOE
SecurityWeek
Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters
FOE
The Hacker News
Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs
FOE
Risky Business News
Risky Bulletin: In the age of AI, CISA changes federal patching rules
FOE
CISA KEV
CVE-2026-35273: Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability
FOE
Bleeping Computer
Japanese energy firm loses drive with data of 10.9 million clients
FOE
Bleeping Computer
Maine breach portal abused to publish fake data breach disclosures
FOE
The Hacker News
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
FOE
EPIC
EPIC Urges Democrats Who Voted to Reauthorize Unreformed FISA Section 702 to Reconsider
FOE
Dark Reading
Phishing Attack Volume Down 20%, but Risk Still Rising
FOE
EFF Deeplinks
Yes to California's Bill to Ban Surveillance Pricing
FOE
The Intercept (Privacy)
Hakeem Jeffries Finally Finds a Spine: Dem Leaders Rallied Against Extending Domestic Spy Law
FOE
Bleeping Computer
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks
FOE
The Register (Security)
ShinyHunters claims it hacked 100 orgs by exploiting an Oracle PeopleSoft 0-day
FOE
Dark Reading
Max-Severity Ivanti Flaw Exploited 24 Hours After Disclosure
FOE
EPIC
FISA Section 702 Almost Certain to Expire After House Votes Against Extension, EPIC Continues to Urge Reforms
FOE
The Register (Security)
Microsoft's worst 'Nightmare' unleashes BitLocker bypass 0-day
FOE
The Hacker News
New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets
FOE
The Hacker News
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
FOE
EFF Deeplinks
‘News’ Site Keeps Hallucinating EFF Staffers
FOE
The Hacker News
The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
FOE
The Register (Security)
2.4M+ VRChat users’ data accessed following cloud breach
FOE
Bleeping Computer
Authorities dismantle 'AudiA6' ransomware crypto-laundering service
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: You can’t miss it
FRIEND
Dark Reading
Segmentation Works for OT If Operators Are Paying Attention
FRIEND
EPIC
EPIC Testifies in Support of New Jersey Kids Code Act
FOE
Bleeping Computer
Why AI-driven threats are exposing the limits of MSP security stacks
FOE
SecurityWeek
Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks
FOE
SecurityWeek
Alert Fatigue Is Becoming a Security Threat of Its Own
FRIEND
The Hacker News
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
FOE
The Hacker News
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories
FOE
CSO Online
ServiceNow fixes API issue after reports of suspicious tenant activity
FRIEND
SecurityWeek
CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk
FOE
SecurityWeek
OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month
FOE
Bleeping Computer
Coupang hit with record $409 million data breach fine in Korea
FOE
Bleeping Computer
CISA tells govt agencies to patch critical exploited flaws in 3 days
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
Brickcom Cameras
FOE
CISA Alerts
Yarbo Android/iOS Mobile Application and Cloud Infrastructure
FOE
CISA Alerts
Naxclow IoT Platform
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: It’s not going anywhere
FOE
SecurityWeek
Hackers Exploit Langflow Vulnerability for Remote Code Execution
FOE
SecurityWeek
Siemens Says Desigo CC Files Flagged as Malware by Security Engines
FOE
The Hacker News
AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.
FRIEND
EFF Deeplinks
LGBT Q&A: We’re Back With Season 2!
FOE
SecurityWeek
FBI Seizes 13 Websites That Officials Say Were Used by China to Target and Recruit US Workers
FOE
Schneier on Security
Enhanced License Plate Tracking
FOE
SecurityWeek
Splunk, Palo Alto Networks Patch Severe Vulnerabilities
FRIEND
CSO Online
What SRE teams need before they trust AI agents
FOE
CSO Online
China-linked recon botnet outpaces enterprise defenses
FOE
SecurityWeek
‘GreatXML’ Zero-Day Exploit Bypasses BitLocker
FOE
The Hacker News
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
FOE
CSO Online
Aged-domain acquisition: The tradecraft phishing operators are using to bypass your mail filter’s reputation score
FOE
CSO Online
Frontier AI models offer sneak peak of seismic cyber shifts ahead
FOE
Bleeping Computer
Microsoft fixes BitLocker recovery bug on Windows Server 2025
FOE
SecurityWeek
University of Nottingham Confirms Breach After Hackers Leak Data
FOE
Bleeping Computer
Nottingham University data breach affects over 450,000 students
FOE
The Register (Security)
Every employee’s password was stored in a single Excel file
FOE
SecurityWeek
Microsoft Patches Exploited Exchange Server Vulnerability
FRIEND
Risky Business News
Srsly Risky Biz: Europe Wants To Wean Itself Off US Tech
FRIEND
The Hacker News
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
FOE
Bleeping Computer
Max severity Ivanti Sentry vulnerability now exploited in attacks
FRIEND
CSO Online
GitHub finally pulls the plug on automatic install script execution for npm
FOE
Dark Reading
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success
FOE
The Register (Security)
Chinese agents caught rebuilding botnets and stirring the pot on AI datacenter debate
FOE
Sophos News
June Patch Tuesday smashes past 500-CVE mark
FRIEND
Sophos News
Sophos recognized for endpoint leadership in SE Labs Awards 2026
FOE
CISA KEV
CVE-2026-10520: Ivanti Sentry OS Command Injection Vulnerability
FOE
Sophos News
Bug bounties in the Mythos era
FOE
EFF Deeplinks
Congress Just Rushed Through a Disastrous Copyright Office Overhaul
FOE
Bleeping Computer
Path traversal flaw in AI dev platform Langflow exploited in attacks
FOE
Dark Reading
CISA Rewrites Federal Patching Requirements for AI Threat Era
FOE
EPIC
Pulte’s ODNI Appointment Shows Urgency of Reforming FISA, EPIC and Coalition Warn
FOE
Bleeping Computer
The ‘Miasma’ worm source code briefly leaked on GitHub
FRIEND
CSO Online
CISA tells agencies to patch smarter, not harder — foreshadowing broader industry practice
FOE
CSO Online
Ivanti patches critical Sentry flaws that lead to full device takeover
FOE
Dark Reading
Bug Bounty Research Triggers ServiceNow Security Alert
FOE
The Intercept (Privacy)
Momentum Builds to Rein In Domestic Spying Law — Whether or Not Bill Pulte Survives as Intel Chief
FRIEND
Bleeping Computer
GitHub announces npm security changes to tackle supply-chain attacks
FOE
Dark Reading
AI Risk Worries Insurers and Businesses Alike
FOE
EFF Deeplinks
The 702 Ultimatum: Warrant Requirement or Bust
FOE
The Register (Security)
Angry bug hunter with Microsoft beef drops new Windows 0-day
FOE
Bleeping Computer
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks
FRIEND
EFF Deeplinks
Enshittification Merch That Actually Fights Enshittification
FOE
EFF Deeplinks
🔊 Mass Surveillance for… Loud Music? | EFFector 38.11
FOE
Dark Reading
Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet
FOE
The Hacker News
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
FOE
The Hacker News
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
FOE
The Hacker News
Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
FOE
Bleeping Computer
China-linked JDY botnet expands targeting of U.S. military networks
FOE
CSO Online
June Patch Tuesday marks a ‘new normal’ with over 200 CVEs, 32 rated ‘critical’
FOE
The Hacker News
CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
FOE
Bleeping Computer
The 5 Best Practices for Secure Identity Verification
FOE
Krebs on Security
Who Runs the Ransomware Group ‘The Gentlemen?’
FRIEND
BrightTALK InfoSec
Beyond Backup: Engineering Production-Ready Recovery in the Ransomware Era
FOE
SecurityWeek
Infostealers Turn Millions of Devices Into Credential Theft Machines
FOE
Black Hills Information Security
The Art of the Badge: A Hard Truth About Physical Security
FRIEND
SecurityWeek
Cyera Raises $600 Million at $12 Billion Valuation
FOE
Bleeping Computer
Microsoft patches Exchange Server zero-day exploited in attacks
FRIEND
The Register (Security)
GitHub pulls pin on npm's auto-run scripts
FRIEND
SecurityWeek
Aryon Security Raises $29 Million in Series A Funding
FOE
SecurityWeek
Critical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers
FOE
CSO Online
Microsoft feud escalates as researcher drops new Windows zero-day
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: It looks good, anyway
FRIEND
SecurityWeek
CISO Forum Webinar Today: 2026 Mid-Year Review
FOE
SecurityWeek
New Windows Zero-Day Exploit ‘RoguePlanet’ Released
FOE
Bleeping Computer
Microsoft: Some Windows PCs fail to install latest monthly updates
FOE
Schneier on Security
NSO Group Hacking WhatsApp Despite Court Order
FOE
The Register (Security)
Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9
FRIEND
SecurityWeek
After AI Reaches Production: 12 Ways Security Teams Can Take Control
FOE
CSO Online
Autonomous AI agents duped into leaking sensitive data in phishing test
FRIEND
The Hacker News
Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar
FOE
Bleeping Computer
Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
FOE
SecurityWeek
ServiceNow Patches Vulnerability Exploited Against Some Customers
FRIEND
The Hacker News
Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs
FRIEND
CSO Online
AI red teaming comes of age
FOE
SecurityWeek
Critical Vulnerabilities Patched in Fortinet, Ivanti Products
FRIEND
SANS Internet Storm Center
How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)
FOE
Risky Business News
Risky Bulletin: Meta says NSO violated court order with new campaign targeting WhatsApp
FRIEND
SecurityWeek
ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact
FOE
The Hacker News
Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards
FOE
The Hacker News
ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances
FOE
SecurityWeek
No Patch Planned for Exploited Arista EOS Vulnerability
FOE
Bleeping Computer
Ivanti: Max severity Sentry flaw allows code execution as root
FOE
The Hacker News
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
FOE
The Hacker News
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
FOE
CSO Online
UK move to filter photos and messages triggers encryption worries for CISOs
FOE
CSO Online
Enterprises know AI-generated code is vulnerable; they’re shipping it anyway
FOE
Bleeping Computer
Anthropic rolls out Claude Fable 5, but it's available for a limited time
FOE
Bleeping Computer
Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges
FOE
The Register (Security)
AI is making Patch Tuesday (kinda) fun again
FOE
Krebs on Security
A Record-Breaking Patch Tuesday for June 2026
FOE
Dark Reading
The Invisible Battlefield: How Cyber War Is Reshaping Everyday Life
FOE
Dark Reading
Blame AI: Patch Tuesday Hits Record 206 CVEs
FOE
Bleeping Computer
ServiceNow discloses security incident exposing customer data
FOE
Bleeping Computer
OpenClaw AI agent found falling for phishing attacks, spills user data
FOE
EFF Deeplinks
Tell Congress: Just Say No to NO FAKES
FOE
Ars Technica (Security)
Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed
FOE
Dark Reading
Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address
FOE
EPIC
White House Publishes National Security Presidential Memorandum, Removing Guardrails on AI
FRIEND
CSO Online
Anthropic releases Mythos-class Fable 5 model with safeguards for cyber risks
FOE
Bleeping Computer
SAP fixes critical flaws in NetWeaver and Commerce Cloud
FOE
Dark Reading
Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories
FOE
SecurityWeek
Microsoft Patches 200 Vulnerabilities
FRIEND
Bleeping Computer
Microsoft releases Windows 10 KB5094127 extended security update
FOE
SecurityWeek
Adobe Patches 123 Vulnerabilities
FOE
The Register (Security)
Miasma worms its way onto GitHub as attack kit goes open source
FOE
Bleeping Computer
Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flaws
FOE
Bleeping Computer
Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws
FRIEND
EPIC
FTC Finalizes Settlement with Illuminate Education, Heeding EPIC’s Call to Strengthen Data Minimization Requirements
FRIEND
SANS Internet Storm Center
Microsoft June 2026 Patch Tuesday, (Tue, Jun 9th)
FRIEND
Bleeping Computer
Windows 11 KB5094126 & KB5093998 cumulative updates released
FOE
EPIC
The Spirit of DOGE Is Alive and Well in the House’s So-Called Fraud Prevention Bills
FOE
The Hacker News
Meta to Use Off-Site Business Data for Feed and AI Personalization
FRIEND
SecurityWeek
Anthropic Launches Claude Fable 5: Mythos-Class AI With Cybersecurity Guardrails
FOE
SecurityWeek
OpenSSL Patches High-Severity Vulnerability Found With AI
FOE
The Hacker News
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
FOE
The Hacker News
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
FOE
Bleeping Computer
XBOW tests Anthropic's Mythos Preview for offensive security
FRIEND
The Register (Security)
Apple’s iOS 27 goes all agentic on compromised passwords, promises to change them with one tap
FOE
Bleeping Computer
GitHub disables Microsoft repos pushing password-stealing malware
FOE
Dark Reading
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
FOE
Ars Technica (Security)
High-severity vulnerability in Linux caused by a single errant character
FOE
Schneier on Security
GPS As a Key Distribution Platform
FOE
SecurityWeek
Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation
FRIEND
Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: We could use another vowel
FOE
Bleeping Computer
New Veeam vulnerability exposes backup servers to RCE attacks
FRIEND
SecurityWeek
New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications
FOE
The Register (Security)
Signal says UK plan to scan devices for nude images 'endangers us all'
FOE
The Hacker News
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
FOE
SecurityWeek
SAP Patches Critical NetWeaver, Commerce Vulnerabilities
FOE
The Register (Security)
Chrome's zero-day Whac-A-Mole continues with fifth exploited bug of the year
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: This one is my favorite
FOE
CISA Alerts
CISA Adds Three Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
Schneider Electric Modicon Network Managed Switches
FOE
CISA Alerts
Siemens KACO Blueplanet Inverters
FOE
CISA Alerts
Schneider Electric EcoStruxure Panel Server
FOE
CSO Online
Check Point warns of ransomware-linked attacks exploiting outdated VPN protocol
FOE
The Hacker News
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
FOE
The Hacker News
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
FOE
SecurityWeek
Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks
FOE
The Hacker News
The Hidden Security Risk in Modern Networks: The Work Between Tools
FOE
The Register (Security)
France probes compromise of gov messaging platform after account hijack
FOE
CSO Online
Security shifts to the human layer as AI scams surge
FOE
Privacy International
Bad Vibes: AI coding tools and privacy issues
FOE
SecurityWeek
Will AI Kill the Bug Bounty Industry?
FOE
Bleeping Computer
French govt messaging service breached in account hijacking attack
FOE
The Hacker News
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
FOE
SecurityWeek
Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks
FOE
The Register (Security)
Qilin NHS breach tally grows as Essex trust confirms stolen records
FOE
The Hacker News
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
FOE
CSO Online
AI worm prototype shows attackers don’t need Mythos to take over your network
FOE
Bleeping Computer
CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day
FRIEND
OWASP Blog
OWASP Dependency-Track 5.0 Is Now Generally Available
FOE
Bleeping Computer
Google patches new Chrome zero-day flaw exploited in the wild
FOE
The Hacker News
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
FOE
SecurityWeek
Google Patches 5th Chrome Zero-Day Exploited in 2026
FOE
CSO Online
Meet Hades: The malware that lies to AI security agents
FOE
CSO Online
OpenAI’s Lockdown Mode is trying to solve the problem that it created
FRIEND
Sophos News
Sophos Workspace Protection update
FOE
CISA KEV
CVE-2026-20245: Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability
FOE
CISA KEV
CVE-2026-7473: Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability
FOE
CISA KEV
CVE-2026-11645: Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
FOE
EFF Deeplinks
VICTORY: Meta Strips Facial Recognition Code From Smart Glasses App After Public Outcry
FOE
EFF Deeplinks
How and Why to Fight Back Against Social Media Bans
FOE
The Register (Security)
Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto
FOE
Bleeping Computer
NFCShare Android malware spreads via fake banking app updates on GitHub
FOE
Dark Reading
AI Slop Will Kill Cybersecurity Storytelling If We Let It
FOE
Bleeping Computer
SoFi confirms third-party data breach at Hong Kong subsidiary
FOE
CSO Online
Attackers exploiting unpatched Cisco SD-WAN flaw
FRIEND
Bleeping Computer
New Apple feature automatically changes your compromised passwords
FOE
Dark Reading
Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks
FOE
Bleeping Computer
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages
FOE
Dark Reading
Check Point VPN Flaw Exploited Since Early May
FOE
The Hacker News
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
FRIEND
EFF Deeplinks
Cheers to the Winners of EFF’s 18th Annual Cyberlaw Trivia Night!
FOE
Dark Reading
Iran Signed a Ceasefire — Its Hackers Didn't
FOE
Bleeping Computer
WhatsApp says it disrupted new NSO spyware phishing attacks
FOE
Ars Technica (Security)
For the 2nd time in weeks, Microsoft packages laced with credential stealer
FOE
The Intercept (Privacy)
Congress Is Trying to Permanently Integrate U.S. and Israeli Defense Tech
FOE
SecurityWeek
A Security Raises $37 Million for Autonomous Offensive Security Platform
FOE
The Register (Security)
Ransomware crims got a month-long head start on Check Point VPN 0-day that now has a fix
FOE
The Hacker News
Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)
FOE
Schneier on Security
Critical Zcash Vulnerability Found and Fixed
FOE
Bleeping Computer
Gogs patches critical zero-day enabling remote code execution
FOE
Dark Reading
'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud
FOE
Bleeping Computer
Critical UniFi OS bug lets hackers gain root without authentication
FOE
The Register (Security)
Ransomware sends Illinois high school on an early summer vacation
FOE
SecurityWeek
Everybody Is Vibe Coding But Nobody Told the Security Team
FOE
The Hacker News
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
FRIEND
Bleeping Computer
Reducing security operations complexity with Wazuh Cloud
FOE
The Register (Security)
GitHub nukes 70+ Microsoft repos, breaks CI/CD pipelines, following suspected worm infections
FOE
SecurityWeek
WhatsApp Catches Spyware Firm NSO Defying No-Hacking Court Order
FOE
The Hacker News
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
FOE
Bleeping Computer
Check Point links VPN zero-day attacks to Qilin ransomware gang
FOE
The Hacker News
AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload
FRIEND
SecurityWeek
Cybersecurity M&A Roundup: 26 Deals Announced in May 2026
FOE
CSO Online
Protocol Buffers schemas expose remote code execution risk
FOE
SecurityWeek
Everest Forms Vulnerability Exploited to Hack WordPress Sites
FOE
The Register (Security)
NSO Group back in Meta's crosshairs after alleged WhatsApp targeting
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Can you hear me now
FOE
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE
The Hacker News
The Hardest Fork
FOE
SecurityWeek
174,000 Impacted by Lansing Community College Data Breach
FOE
Bleeping Computer
Oxford University discloses data breach after careers platform hack
FOE
Schneier on Security
Anthropic’s Project Glasswing Update
FOE
SecurityWeek
Silent Ransom Group Uses DNS Fast Flux in Attacks
FOE
The Hacker News
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
FOE
CSO Online
Why most enterprise security teams would fail a military readiness test
FRIEND
CSO Online
15 tough cybersecurity questions every CISO must answer
FRIEND
SecurityWeek
OpenAI Rolling Out ChatGPT Account Security Controls
FOE
SecurityWeek
Anthropic Urges Industry Coordination to Allow for a ‘Pause’ in AI Development if Risks Grow
FOE
SecurityWeek
SolarWinds Serv-U Vulnerability Exploited in the Wild
FOE
The Hacker News
UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
FRIEND
CSO Online
Ukraine’s foreign minister offer recipe for improved resilience
FOE
SecurityWeek
Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse
FRIEND
The Hacker News
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
FOE
Bleeping Computer
Over 20,000 Instagram accounts stolen in Meta AI support hack
FOE
Risky Business News
Risky Bulletin: RubyGems adds dependency cooldowns to counter supply chain attacks
FOE
CISA KEV
CVE-2026-50751: Check Point Security Gateway Improper Authentication Vulnerability
FOE
CISA KEV
CVE-2026-42271: BerriAI LiteLLM Command Injection Vulnerability
FRIEND
Bleeping Computer
Hands on with Intelligent Terminal, an AI-powered Windows Terminal
FOE
Bleeping Computer
C0XMO botnet spreads via DD-WRT router flaw, kills rival malware
FOE
Bleeping Computer
Silent Ransom Group targets law firms with fake IT support calls
FRIEND
SecurityWeek
Emphere Raises $2.1 Million for AI-Powered Vulnerability Remediation
FOE
Bleeping Computer
Critical Everest Forms Pro flaw exploited to take over WordPress sites
FRIEND
The Hacker News
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
FRIEND
SecurityWeek
Opal Security Raises $23 Million for AI-Native Identity Governance
FOE
The Intercept (Privacy)
Anthropic Says We Must Stop Authoritarian AI. But What About Its Authoritarian Investors?
FOE
The Hacker News
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
FOE
The Hacker News
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
FOE
The Hacker News
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
FOE
The Register (Security)
Oxford Uni student data pwned yet again - this time via career platform breach
FOE
The Hacker News
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
FOE
The Hacker News
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available
FOE
Bleeping Computer
Suspicious Polyfill login prompts pop up on Toshiba, Muji websites
FOE
The Register (Security)
If you don't fall for these extortionists' calls, they'll show up with USB sticks
FOE
Ars Technica (Security)
How a USB-connected speaker can infect a PC without ever being touched
FOE
EFF Deeplinks
Internet Age-Gates Are a Growing Global Threat
FOE
Bleeping Computer
CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
FOE
Dark Reading
Exposed Fuel Tank Gauges Under Attack in the US
FOE
Bleeping Computer
Chinese APT deploys new malware to keep access to hacked networks
FOE
The Hacker News
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
FOE
Bleeping Computer
Dark web Nemesis Market vendor gets 26 years for selling drugs
FOE
The Register (Security)
Yet another Cisco SD-WAN 0-day under attack, and no patch in sight
FOE
CSO Online
Microsoft identifies seven new ways AI agents can be hacked
FRIEND
CSO Online
Patching fast and slow: Ruby devs delay to defend against supply chain attack
FRIEND
EFF Deeplinks
LGBT Q&A Season 1 Recap: Staying Safer Online
FRIEND
SecurityWeek
OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds
FOE
The Hacker News
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
FOE
Bleeping Computer
Over 900 US gas station tank gauge systems exposed to attacks
FOE
Dark Reading
Adaptive, Agentic AI Worms Loom as Next Enterprise Threat
FOE
Bleeping Computer
What 2026 DBIR Confirms: Attacks Are Living in the Browser
FOE
Schneier on Security
AI Worm
FOE
SecurityWeek
In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA
FOE
The Register (Security)
World Food Programme breach exposes data of 600k vulnerable Gazan families
FRIEND
Dark Reading
Trump AI Order Seeks Voluntary Frontier Model Testing
FOE
The Hacker News
New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
FOE
CSO Online
Malware could drain your fuel tank as well as your bank account
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: My storage is like a summer day
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
SecurityWeek
Hackers Leak DentaQuest Information Impacting 2.6 Million
FOE
The Hacker News
Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver
FOE
SecurityWeek
Chrome 149 Patches 429 Vulnerabilities
FRIEND
SecurityWeek
Industry Reactions to New Trump AI Cybersecurity Executive Order: Feedback Friday
FOE
The Register (Security)
Council in UK's City of York outs hundreds of disabled residents with a single email blunder
FOE
CSO Online
Claude Code has an MCP security problem — and your developers are already using it
FOE
SecurityWeek
Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities
FOE
The Hacker News
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
FOE
SecurityWeek
Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals
FOE
CSO Online
AI tools becoming hot commodities on ransomware marketplaces
FOE
The Hacker News
FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins
FOE
SANS Internet Storm Center
The Evil MSI Background is Back!, (Fri, Jun 5th)
FOE
Bleeping Computer
Cisco warns of unpatched SD-WAN zero-day exploited in attacks
FOE
SecurityWeek
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026
FOE
The Hacker News
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
FOE
Risky Business News
Risky Bulletin: The EU debuts digital sovereignty plan
FOE
CSO Online
US government report slams NIST for NVD backlog
FOE
CISA KEV
CVE-2026-28318: SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
FOE
EPIC
Connecticut Is Second State to Enact Surveillance Pricing Ban
FOE
EFF Deeplinks
California’s AB 412 Still Demands Developers Do The Impossible
FOE
The Register (Security)
Pink is the latest goon squad to use fake helpdesk calls to steal creds
FOE
Dark Reading
Rust-Written IronWorm Hits NPM Supply Chain
FOE
Bleeping Computer
Hola Browser for Windows compromised to deliver cryptominer
FOE
Dark Reading
China's TA4922 Expands Cybercrime Attacks Globally
FOE
EFF Deeplinks
Pulte Appointment Underscores Need to Reform Section 702 Spying
FRIEND
Professor Messer
Professor Messer’s CompTIA A+ 220-1202 Study Group – June 2026
FOE
Dark Reading
4 Critical Threats Where Attackers Have the Advantage
FRIEND
EPIC
PRESS RELEASE: Massachusetts House Stands Up for Privacy Rights, Passes Massachusetts Consumer Data Privacy Act
FRIEND
EPIC
PRESS RELEASE: Massachusetts House Stands Up for Privacy Rights, Passes Massachusetts Consumer Data Privacy Act
FOE
EFF Deeplinks
EFF Testifies to Congress on Protecting Americans’ Rights from Government AI
FOE
Bleeping Computer
Credit card theft campaign abuses Stripe to host stolen payment info
FOE
EFF Deeplinks
Move Fast, Surveil Things
FOE
Ars Technica (Security)
Dashlane explains how attackers managed to download encrypted password vaults
FOE
The Register (Security)
OpenAI's agent chained decade-old DoS attacks to crash web servers in seconds
FOE
Bleeping Computer
DentaQuest data breach exposed info of 2.6 million accounts
FOE
EPIC
New York Becomes Third State to Pass Surveillance Pricing Ban
FOE
The Hacker News
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
FOE
CSO Online
HTTP/2’s speed abused to slow webserver performance in DoS attack
FOE
Bleeping Computer
UN food agency discloses breach affecting 600,000 Gaza households
FRIEND
CSO Online
OpenAI responds to White House executive order on AI governance
FOE
Bleeping Computer
New IronWorm malware hits 36 packages in npm supply-chain attack
FOE
The Hacker News
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
FRIEND
The Hacker News
Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It
FRIEND
SecurityWeek
Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity Risk
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: That was the wrong pen
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: That was the wrong pen
FRIEND
SecurityWeek
Webinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to Respond
FRIEND
EPIC
Colorado Governor Vetoes Surveillance Pricing Bill
FRIEND
SecurityWeek
Willow Raises $7 Million for Securing Autonomous AI Agents
FRIEND
Dark Reading
Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs
FOE
Bleeping Computer
Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook
FOE
The Hacker News
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories
FOE
Bleeping Computer
Microsoft blames unexpected Windows driver updates on caching issue
FOE
SecurityWeek
Gemini Voice Assistant Hijacked via Messaging Notifications
FOE
Bleeping Computer
Police dismantles fake ID marketplace used by migrant smugglers
FOE
The Hacker News
China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa
FOE
SecurityWeek
Mirasvit Vulnerability Exploited to Execute Code on Magento Servers
FOE
CSO Online
Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: The more the better
FOE
CISA Alerts
NAVTOR NavBox
FOE
CISA Alerts
Hitachi Energy MACH HiDraw
FOE
CISA Alerts
B&R PPT30 Operating System
FOE
CISA Alerts
Hitachi Energy ITT600 Explorer
FOE
CISA Alerts
Hitachi Energy RTU500
FOE
The Register (Security)
Five Eyes: Watch out for odd LinkedIn connection requests, China's back on the hunt for state secrets
FOE
Sophos News
You do surprise me.exe: An unexpected executable in Hola Browser
FOE
SecurityWeek
Chinese Cybercrime Group in Spotlight for Record Campaign Pace
FOE
The Hacker News
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
FOE
The Register (Security)
Duo who sold car crash victims' data must repay £118k
FOE
Bleeping Computer
Cisco warns of critical Unified CM flaw with PoC exploit code
FOE
Schneier on Security
Hacking Meta’s AI Chatbot
FRIEND
SecurityWeek
Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown
FOE
The Hacker News
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
FOE
The Hacker News
Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months
FOE
SecurityWeek
Cisco Warns of Available PoC for Critical Unified CM Vulnerability
FOE
SecurityWeek
VS Code Vulnerability Allows One-Click GitHub Token Theft
FOE
Risky Business News
Srsly Risky Biz: NATO's Cyber Approach Needs Change
FOE
The Hacker News
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
FOE
The Register (Security)
Nobody needs Mythos or 0-days to build a chaos-causing computer worm – free open source models work just fine
FOE
CSO Online
Beware the ‘son of Mythos,’ security experts warn
FRIEND
SANS Internet Storm Center
Microsoft's Coreutils for Windows, (Thu, Jun 4th)
FOE
The Hacker News
DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets
FOE
The Register (Security)
All the passwords were stored in Active Directory description fields
FOE
Dark Reading
Pakistan Spies on Afghan Finance Ministry With Xeno RAT
FOE
CSO Online
Hole in GitHub’s browser-based VSCode editor could lead to stolen token
FOE
CSO Online
Enterprise Spotlight: Rethinking cloud strategy in the age of AI
FOE
Sophos News
You do surprise me.exe: An unexpected executable in Hola Browser
FOE
The Register (Security)
Commvault says it's time to rethink resiliency as AI crooks leave victims in a 'dark, dead' state
FOE
Bleeping Computer
Chinese hackers use new Atlas RAT malware in European cyberattacks
FOE
Dark Reading
Attackers Use AI to Automate EDR Evasion Testing
FOE
EPIC
PRESS RELEASE: EPIC Deputy Director Tells Congress the SECURE Data Act is a Disaster for Americans
FRIEND
The Register (Security)
Bend the beam like Beckham to defeat anti-jamming tech
FOE
EPIC
PRESS RELEASE: EPIC Deputy Director Tells Congress the SECURE Data Act is a Disaster for Americans
FOE
Bleeping Computer
The U.S. sanctions Nobitex crypto exchange used by ransomware
FOE
Bleeping Computer
CISA warns of cyberattacks targeting fuel tank monitoring systems
FOE
Ars Technica (Security)
Dashlane issues opaque advisory warning 20 encrypted vaults were stolen
FOE
Dark Reading
Tropical Blend: Cyber & Politics Ramp Up Across Latin America
FOE
The Hacker News
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
FOE
Dark Reading
Cyber Insurance Rates Are Dropping, but Exclusions Widen
FOE
Bleeping Computer
New 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute
FOE
Dark Reading
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover
FRIEND
SecurityWeek
Coralogix Raises $200M at $1.6B Valuation to Scale AI Observability Platform
FOE
The Hacker News
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
FOE
Bleeping Computer
CISA warns of active attacks exploiting Android, Linux bugs
FOE
The Hacker News
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
FOE
The Register (Security)
Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures
FOE
Bleeping Computer
What 345 Days of Untested Exposure Looks Like at a Bank
FOE
The Hacker News
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
FOE
SANS Internet Storm Center
Continuing Scans for swagger.json, (Wed, Jun 3rd)
FOE
SecurityWeek
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs
FOE
SecurityWeek
Security of 100 AI Agents Tested and Ranked – What You Need to Know
FOE
The Hacker News
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
FOE
SecurityWeek
Hackers Target Global Stock Exchange in Espionage Operation
FOE
SecurityWeek
IMA Diligence Services Data Breach Impacts 525,000 People
FOE
Dark Reading
Malicious Notifications Could Trick Google Gemini Users
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: It’s a different world now
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FRIEND
Black Hills Information Security
Auditing GitLab: The CI/CD Kill Chain
FRIEND
The Hacker News
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
FOE
SecurityWeek
Organizations Warned of Exploited Linux Kernel Vulnerability
FOE
Bleeping Computer
Acer working to patch max severity zero-days in Wave 7 routers
FRIEND
CSO Online
Microsoft wants to put AI agents on a short leash
FRIEND
The Hacker News
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore
FRIEND
Schneier on Security
AI Used to Decrypt Medieval Ciphers
FRIEND
The Register (Security)
UK banks offered access to OpenAI’s GPT-5.5 amid exclusion from Anthropic’s Glasswing expansion
FOE
SecurityWeek
‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds
FOE
The Hacker News
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
FOE
Bleeping Computer
Police dismantles 9 crime groups in illegal streaming crackdown
FOE
Dark Reading
Global Stock Exchange Hit by Monthslong Email Campaign
FOE
CSO Online
AI may finally unlock the cyber budgets CISOs have wanted for years
FOE
SecurityWeek
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
FRIEND
Bleeping Computer
Google adds Android protection against AI deepfake scam calls
FOE
CSO Online
Lessons from the Canvas cyberattack
FOE
The Hacker News
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
FOE
Bleeping Computer
VS Code zero-day lets hackers steal GitHub tokens in one click
FOE
The Hacker News
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content
FOE
Risky Business News
Risky Bulletin: A tenth of all new domains last year were malicious
FRIEND
CSO Online
Anthropic grants Project Glasswing access to 150 more companies, with a focus on critical infrastructure
FOE
CISA KEV
CVE-2026-45247: Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability
FRIEND
Professor Messer
Professor Messer’s 220-1201 CompTIA A+ Study Group – June 2026
FOE
CSO Online
Two-year old Oracle WebLogic Server vulnerability is being exploited
FOE
Bleeping Computer
OpenAI upgrades GPT-5.5, as it plans to retire legacy ChatGPT models
FOE
Bleeping Computer
Critical Kirki flaw exploited to hijack WordPress admin accounts
FOE
The Register (Security)
'Dumbass' criminal breaks the 'first rule of ransomware club'
FOE
Bleeping Computer
Over 116,000 Minecraft systems infected in WeedHack malware campaign
FOE
Bleeping Computer
Over 116,000 Mincraft systems infected in WeedHack malware campaign
FRIEND
Dark Reading
Zoom CISO: AI as Security Enabler, Not Role-Replacer
FOE
Dark Reading
FBI-Flagged Phishing Kit Kali365 Expands Its Reach
FOE
CSO Online
HP Poly VoIP vulnerability sets the stage for executive voice deepfakes
FOE
Dark Reading
DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks
FOE
SecurityWeek
Trump Signs Executive Order That Invites Vetting of Top AI Models for National Security Risks
FOE
Bleeping Computer
AI-built ransomware toolkit automates EDR evasion, AD discovery
FOE
Dark Reading
China Uses Dual-Method Cyberattack on Czech Orgs
FOE
Dark Reading
Securing AI Agents Before They Go Rogue Is Next to Impossible
FRIEND
CSO Online
Trump revives parts of canceled AI order with cybersecurity-focused directive
FOE
The Hacker News
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
FRIEND
The Register (Security)
Cisco sings Mythos' praises - but doesn't say how many bugs the model uncovered
FOE
The Hacker News
Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
FOE
The Hacker News
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
FRIEND
BrightTALK InfoSec
Pre-recording- Yesenia Yser
FOE
Bleeping Computer
Microsoft Exchange Online outage causes email delays, failures
FOE
EFF Deeplinks
We're Fighting Mass Surveillance Tech—and Winning
FOE
SecurityWeek
Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis
FOE
The Intercept (Privacy)
The Pentagon Is Running an AI Propaganda Mill Targeting Latin America
FRIEND
BrightTALK InfoSec
Disaster Recovery Strategies: One Company, Many Technical Environments
FOE
Bleeping Computer
Instagram users locked out after Meta AI abused to steal accounts
FRIEND
Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: Hand me the extinguisher
FOE
SecurityWeek
Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk
FOE
The Register (Security)
Russian spy agency says foreign spies turned officials' smartphones into surveillance devices
FOE
SecurityWeek
Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities
FOE
Bleeping Computer
Why the browser is now the front line for AI security
FRIEND
SecurityWeek
Anthropic Expanding Mythos Access to 150 New Organizations
FOE
EPIC
EPIC Comments on UK ICO Draft Guidance on Automated Decision-Making
FOE
Bleeping Computer
CISA flags two-year-old Oracle flaw as actively exploited in attacks
FRIEND
The Register (Security)
Microsoft reaches for olive branch after public dustup with 0-day researcher
FOE
SecurityWeek
The Zero-Knowledge Threat Actor and the End of Responsible Disclosure
FOE
SecurityWeek
Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches
FOE
CSO Online
Infected Red Hat npm packages expose developer credentials
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: This spreadsheet is very pastel
FOE
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
CISA and Partners Urge Hardening Automatic Tank Gauge Systems
FRIEND
Dark Reading
Beyond Assume-Breach: How AI-Native Security Will Reshape Enterprise Defense
FOE
The Hacker News
AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.
FOE
The Register (Security)
Claude celebrates Anthropic's stock market float with blockbuster ... outage
FOE
SecurityWeek
Oracle WebLogic Vulnerability Exploited in the Wild
FOE
CSO Online
Attackers exploit Palo Alto GlobalProtect flaw days after disclosure
FOE
Bleeping Computer
Google fixes one actively exploited Android zero-day, 124 flaws
FOE
Schneier on Security
The Intersection of Encryption and AI
FOE
Schneier on Security
Microsoft Threatening Security Researcher
FOE
SecurityWeek
Meta AI Hands Over High-Profile Instagram Accounts to Hackers
FOE
The Register (Security)
Northern Ireland cops issue PSA after official phone number spoofed by scammers
FRIEND
The Hacker News
How Leading Organizations Are Turning EDR Into Operational Resilience
FOE
CSO Online
Attack targeting OpenAI Codex users exposes AI software supply chain risks
FOE
SecurityWeek
Supply Chain Attack Hits 32 Red Hat NPM Packages
FOE
The Hacker News
Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT
FOE
SecurityWeek
Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads
FOE
SANS Internet Storm Center
New Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd)
FOE
SecurityWeek
Oracle’s First Monthly Patches Resolve 77 Vulnerabilities
FRIEND
CSO Online
7 tabletop exercise mistakes that sabotage incident response
FOE
The Hacker News
Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
FOE
CISA KEV
CVE-2025-48595: Android Framework Integer Overflow Vulnerability
FOE
CISA KEV
CVE-2022-0492: Linux Kernel Improper Authentication Vulnerability
FOE
Sophos News
Pointing a Cursor at evading detection
FOE
Bleeping Computer
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
FOE
The Register (Security)
Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week
FOE
Bleeping Computer
Red Hat npm packages compromised to steal developer credentials
FOE
Bleeping Computer
Spain arrests doxer leaking sensitive data of govt employees
FRIEND
Dark Reading
Anthropic to Open Mythos AI to EU's ENISA
FOE
Ars Technica (Security)
Hackers duped Meta AI support chatbot to steal celebrity Instagram accounts
FOE
Ars Technica (Security)
Dozens of Red Hat packages backdoored through its offical NPM channel
FOE
The Register (Security)
Election interlopers register 5K+ domains, hope to catch some voting phish
FOE
Dark Reading
Microsoft's Zero-Day Legal Threats Spark Backlash
FOE
SecurityWeek
WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites
FOE
Bleeping Computer
Dashlane password manager users locked out by brute force attacks
FOE
CSO Online
Oracle’s first monthly patch release fixes 35 flaws, including 11 rated ‘critical’
FRIEND
SecurityWeek
Dutch Police Dismantle Massive 17-Million-Device Botnet
FRIEND
EPIC
Illinois passes Children’s Social Media Safety Act
FOE
The Hacker News
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
FOE
Krebs on Security
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
FOE
Bleeping Computer
WordPress malware campaign hides payloads in Steam profiles
FOE
Sophos News
Pointing a Cursor at evading detection
FOE
Schneier on Security
Vulnerability Disclosure in the Age of AI
FOE
SecurityWeek
Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs
FOE
Bleeping Computer
Microsoft investigates Office Apps, Teams file access issues
FOE
Dark Reading
Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit
FOE
The Intercept (Privacy)
Cops Are Spying on People Who Criticize AI Data Centers Online
FRIEND
EFF Deeplinks
Welcome New EFF Executive Director Nicole Ozer
FOE
The Register (Security)
GTA cheat service Atlas Menu hacked as attacker alleges screenshot spying
FOE
Bleeping Computer
Race Against Time: Why Faster Vulnerability Alerts Matter
FOE
The Hacker News
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
FRIEND
SecurityWeek
Dragos Acquires xIoT Security Firm Phosphorus
FOE
Bleeping Computer
Critical Windows Netlogon RCE flaw now exploited in attacks
FOE
The Register (Security)
Palo Alto VPN bug graduates from advisory to active exploitation
FRIEND
Bleeping Computer
Webinar tomorrow: From alert to resolution in network incident response
FOE
CSO Online
Flowise’s MCP implementation can run ghost commands
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: It works on almost anything
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
The Hacker News
China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan
FOE
SecurityWeek
As the Pentagon Pushes for Battlefield AI, Some Military Leaders Urge Caution
FOE
Bleeping Computer
Microsoft fixes outage affecting MFA setup, MySignIn service
FOE
Bleeping Computer
Microsoft confirms outage affecting MFA, My Sign-Ins platform
FRIEND
The Hacker News
The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools
FOE
SecurityWeek
19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access
FOE
The Register (Security)
Password manager Dashlane suspends customer accounts amid brute-force attacks
FRIEND
Bleeping Computer
Microsoft fixes KB5089549 Windows security update install issues
FOE
The Register (Security)
Putin sends submarines to survey Britain's subsea cables. UK deploys Royal Navy, mobilizes parliamentary draftsmen
FOE
SecurityWeek
Recent Palo Alto Networks Vulnerability Exploited for Weeks
FOE
The Hacker News
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
FOE
The Hacker News
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
FOE
CSO Online
6 critical security gaps every CISO must address
FOE
Risky Business News
Risky Bulletin: Russia greatly expands SORM surveillance requirements
FRIEND
CSO Online
Press Release: CSO30 ASEAN & Hong Kong Awards 2026 open for nominations
FOE
SANS Internet Storm Center
Unidentified RAT pushes NetSupport RAT, (Mon, Jun 1st)
FOE
CISA KEV
CVE-2024-21182: Oracle WebLogic Server Unspecified Vulnerability