Jun 14 2026 Upcoming Speaking Engagements

Jun 14 2026 FBI disrupts massive AI-powered phishing service using a million URLs

Source

In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords. [...]

Jun 14 2026 Readers reply: Experts say we should use passkeys, but can a smartphone pin really be safer than a password?

Source

The long-running series in which readers answer other readers’ questions on subjects ranging from trivial flights of fancy to profound scientific and philosophical concepts This week’s question: Is ‘ripen at home’ fruit the supermarkets’ idea of a joke? I’ve been struggling to get my head around the …

Jun 14 2026 AI is code – and can't be prompted into being smarter

Source

From Java tests to Shai-Hulud, bots keep proving they'll swallow anything you feed them [...]

Jun 13 2026 Ex-school district employee jailed for hacks on former employer

Source

A former IT employee at an Iowa school district was sentenced to 21 months in prison after conducting a prolonged cyberattack against the former employer that disrupted classroom operations, deleted accounts, and caused tens of thousands of dollars in damages. [...]

Jun 13 2026 Chinese hackers hijack auth flow, spy on isolated network for a decade

Source

Chinese hackers took control of a target organization's authentication stack and maintained persistence for 10 years, with full visibility into the administrative activity. [...]

Jun 13 2026 US Gov asks Anthropic to ban 'foreign national' access to Fable, Mythos

Source

The US government has ordered Anthropic to block all foreign nationals from accessing Fable 5 and Mythos 5, forcing the company to suspend both models worldwide. Anthropic is complying but disputes the basis, calling the cited jailbreak narrow and the capability widely available elsewhere. [...]

Jun 13 2026 NanoClaw now armed with JFrog for safer packages

Source

AI agents can't be trusted, so don't give them dangerous powers [...]

Jun 12 2026 Friday Squid Blogging: Squid-Inspired Fluid Pump

Source

This fluid pump was inspired by the way squids propel themselves through the water. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. [...]

Jun 12 2026 Maine disables data breach notification portal after fake disclosures

Source

Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to prevent abuse in the future. [...]

Jun 12 2026 PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data

Source

One of the world’s most active ransomware groups exploited a critical vulnerability in Oracle’s PeopleSoft software suite and used it to target about 100 customers and extort at least one of them to pay up in exchange for not leaking stolen data, researchers said. The group, tracked …

Jun 12 2026 Fired IT worker jailed for 21 months after sabotaging old school district

Source

Iowan’s scheme undone after misplacing trust in former coworker [...]

Jun 12 2026 phpBB forum fixes auth bypass bug lurking for a decade

Source

A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. [...]

Jun 12 2026 Ukrainian national pleads guilty to role in Conti ransomware operation

Source

A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. [...]

Jun 12 2026 Over 400 Arch Linux packages compromised to push rootkit, infostealer

Source

More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. [...]

Jun 12 2026 Early Warning Signs of Supply-Chain Attacks Live in the Dark Web

Source

GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. [...]

Jun 12 2026 Novo Nordisk reports cyberattack as UK gives Wegovy pill the nod

Source

Clinical trial participant data stolen, but pharma giant says exposed records were pseudonymized [...]

Jun 12 2026 Microsoft has mostly repaired flaw in Surface hardware that allowed unprotected devices to be bricked by a single packet

Source

And it was Microsoft Copilot that unwittingly revealed the longstanding vulnerability [...]

Jun 12 2026 Google fires sueball at alleged Chinese phishers over AI-powered fraud ops

Source

Telegram-based 'Outsider Enterprise' accused of sending millions of scam texts and impersonating trusted brands [...]

Jun 12 2026 Bernie Sanders’ AI Sovereign Wealth Fund Plan

Source

Let no one accuse Bernie Sanders of ducking the big questions. Writing in the New York Times last week, the senator asked : “Will the future of humanity be determined by a handful of billionaires who have promoted and developed AI, with virtually no democratic input, who stand to become …

Jun 12 2026 Plymouth council exposes hundreds in latest local government email gaffe

Source

Authority admits mass message to home-schooling families revealed recipients' addresses, prompting ICO report and apology [...]

Jun 12 2026 UK digital ID gets brain trust to 'challenge' ministers on policy

Source

CEO of Mumsnet among the six-member team [...]

Jun 12 2026 Pharma giant Novo Nordisk discloses breach of clinical trials data

Source

Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials. [...]

Jun 12 2026 BOFH: For one ambitious security type, chaos is a ladder

Source

Mission Control sends its regards [...]

Jun 12 2026 CISA orders feds to patch actively exploited Ivanti flaw by Sunday

Source

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. [...]

Jun 12 2026 Over 73,000 French govt employees affected in Tchap messenger breach

Source

The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. [...]

Jun 11 2026 Japanese energy firm loses drive with data of 10.9 million clients

Source

Kyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. [...]

Jun 11 2026 Maine breach portal abused to publish fake data breach disclosures

Source

In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine's official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims. [...]

Jun 11 2026 Oracle mitigates PeopleSoft zero-day exploited in data theft attacks

Source

Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. [...]

Jun 11 2026 Powering the next era of Confidential AI

Source

At Google Cloud, we’re committed to providing the most advanced, secure, and private infrastructure for the most demanding AI workloads, and partnering with a broad and diverse range of organizations to help them meet their AI workload needs. We are thrilled to collaborate with Apple on its expanded …

Jun 11 2026 ShinyHunters hacked 100+ orgs by exploiting an Oracle PeopleSoft 0-day

Source

University of Nottingham is first of many, Shiny tells The Reg [...]

Jun 11 2026 Microsoft's worst 'Nightmare' unleashes BitLocker bypass 0-day

Source

Another day, another Windows exploit code [...]

Jun 11 2026 VRChat says somebody faked a breach notice with the Maine AG's office

Source

'We have no reason to believe that our data or systems have been compromised. We are in the process of contacting the Maine Attorney General's office to have this removed.' [...]

Jun 11 2026 Authorities dismantle 'AudiA6' ransomware crypto-laundering service

Source

Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. [...]

Jun 11 2026 Why AI-driven threats are exposing the limits of MSP security stacks

Source

AI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automation, and recovery are becoming essential. [...]

Jun 11 2026 Coupang hit with record $409 million data breach fine in Korea

Source

​​The Personal Information Protection Commission (PIPC), South Korea's data protection regulator, has fined e-commerce giant Coupang a record 624.6 billion won (roughly $409 million) following a massive data breach affecting more than 37 million customers [...]

Jun 11 2026 CISA tells govt agencies to patch critical exploited flaws in 3 days

Source

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies. [...]

Jun 11 2026 Enhanced License Plate Tracking

Source

The surveillance company Leonardo wants more data : A surveillance company plans to add sensors to automatic license plate readers (ALPRs) that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique identifiers of mobile phones, wearables, and other Bluetooth-enabled devices …

Jun 11 2026 Nottingham University data breach affects over 450,000 students

Source

The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. [...]

Jun 11 2026 Every employee’s password was stored in a single Excel file

Source

The CEO thought this was the best way to deal with some email issues [...]

Jun 11 2026 Max severity Ivanti Sentry vulnerability now exploited in attacks

Source

Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. [...]

Jun 11 2026 Chinese agents caught rebuilding botnets and stirring the pot on AI datacenter debate

Source

PRC eyes are watching you [...]

Jun 10 2026 Path traversal flaw in AI dev platform Langflow exploited in attacks

Source

Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. [...]

Jun 10 2026 The ‘Miasma’ worm source code briefly leaked on GitHub

Source

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]

Jun 10 2026 GitHub announces npm security changes to tackle supply-chain attacks

Source

GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the 'npm install' command. [...]

Jun 10 2026 Angry bug hunter with Microsoft beef drops new Windows 0-day

Source

Revenge is a dish best served code [...]

Jun 10 2026 Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks

Source

Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. [...]

Jun 10 2026 China-linked JDY botnet expands targeting of U.S. military networks

Source

The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reconnaissance efforts. [...]

Jun 10 2026 The 5 Best Practices for Secure Identity Verification

Source

Attackers are increasingly bypassing weak authentication through phishing, MFA fatigue, and service desk social engineering. Specops Software breaks down five best practices for stronger identity verification and access security. [...]

Jun 10 2026 Who Runs the Ransomware Group ‘The Gentlemen?’

Source

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a …