Information security
Information security

fromSilicon Canals

2 hours ago

A Google Cloud developer woke up to a $17,000 bill from API calls he never made, and the part that actually matters is what it reveals about how cloud platforms define their own security standards - Silicon Canals

Security and governance must be built into AI and data platforms from the start, not added afterward, as real incidents show ongoing API key and billing risks.

3 hours ago

Information security

Anthropic Releases New Claude Sandbox, Security Guidance Plugin

Perplexity Bumblebee Shakes Loose Hidden Threats on Dev Desktops - DevOps.com

Bumblebee is a read-only scanner that checks developer Linux and macOS machines for known vulnerable packages, extensions, and AI tool configurations using a curated threat catalog.

fromwww.techzine.eu

Information security

Fortinet strengthens partnership with Nvidia

Anthropic to release Mythos-class models to the public

Mythos bug-finding AI remains restricted while stronger safeguards are developed, with expansion to government partners planned before general release.

fromInfoQ

Information security

Microsoft Introduces MDASH for Large-Scale AI Vulnerability Research

fromSilicon Canals

2 hours ago

A Google Cloud developer woke up to a $17,000 bill from API calls he never made, and the part that actually matters is what it reveals about how cloud platforms define their own security standards - Silicon Canals

Security and governance must be built into AI and data platforms from the start, not added afterward, as real incidents show ongoing API key and billing risks.

3 hours ago

Anthropic Releases New Claude Sandbox, Security Guidance Plugin

Claude AI adds a self-hosted sandbox for managed agents and a security guidance plugin that scans code edits and commits for vulnerabilities.

Perplexity Bumblebee Shakes Loose Hidden Threats on Dev Desktops - DevOps.com

Bumblebee is a read-only scanner that checks developer Linux and macOS machines for known vulnerable packages, extensions, and AI tool configurations using a curated threat catalog.

fromwww.techzine.eu

Fortinet strengthens partnership with Nvidia

FortiAIGate integrates with Nvidia AI infrastructure to provide runtime, zero-trust security for AI workloads, monitoring agents and LLM traffic with minimal latency.

Anthropic to release Mythos-class models to the public

Mythos bug-finding AI remains restricted while stronger safeguards are developed, with expansion to government partners planned before general release.

fromInfoQ

Microsoft Introduces MDASH for Large-Scale AI Vulnerability Research

MDASH is a multi-agent, model-agnostic AI system that automates large-scale vulnerability discovery, validation, and proof generation across Microsoft codebases.

Vulnerability in open-source component puts AI platforms at risk

CVE-2026-48710 in Starlette enables HTTP Host header manipulation to bypass access controls, risking internal server exposure and credential access for AI agents.

Microsoft is tightening restrictions on the use of unsafe code in C#

Unsafe in C# will become an explicit, propagating contract requiring unsafe operations to be contained in unsafe blocks and declared at method boundaries.

17 hours ago

Microsoft wants safer C# without turning it into Rust

C# 16 will redefine unsafe so it propagates requires-unsafe to callers, improving memory safety while keeping automatic memory management.

Microsoft is tightening restrictions on the use of unsafe code in C#

Unsafe in C# will become an explicit, propagating contract requiring unsafe operations to be contained in unsafe blocks and declared at method boundaries.

17 hours ago

Microsoft wants safer C# without turning it into Rust

C# 16 will redefine unsafe so it propagates requires-unsafe to callers, improving memory safety while keeping automatic memory management.

more#c

fromComputerWeekly.com

The Gentlemen emerging as key ransomware player | Computer Weekly

The Gentlemen ransomware gang is rapidly evolving into a RaaS operation using advanced encryption and affiliate proxy malware to scale extortion attacks across platforms.

FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data

Silent Ransom Group impersonates IT support to gain remote access, exfiltrate data, and extort victims after phishing and social engineering attacks.

'First VPN' Cybercrime Service Disrupted, Administrator Arrested

Law enforcement disrupted First VPN, a cybercrime service used for ransomware and intrusions, dismantling servers, arresting an alleged administrator, and notifying 506 users.

FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data

Silent Ransom Group impersonates IT support to gain remote access, exfiltrate data, and extort victims after phishing and social engineering attacks.

'First VPN' Cybercrime Service Disrupted, Administrator Arrested

Law enforcement disrupted First VPN, a cybercrime service used for ransomware and intrusions, dismantling servers, arresting an alleged administrator, and notifying 506 users.

CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day

CVE-2026-48172 in LiteSpeed cPanel user-end plugin is actively exploited and enables root-level script execution; patch to 2.4.5+ or remove plugin immediately.

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

LiteSpeed LiteSpeed User-End cPanel Plugin CVE-2026-48172 enables arbitrary root script execution and is actively exploited; upgrade or uninstall to remediate.

3 hours ago

CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day

CVE-2026-48172 in LiteSpeed cPanel user-end plugin is actively exploited and enables root-level script execution; patch to 2.4.5+ or remove plugin immediately.

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

LiteSpeed LiteSpeed User-End cPanel Plugin CVE-2026-48172 enables arbitrary root script execution and is actively exploited; upgrade or uninstall to remediate.

more#cve-2026-48172

27 minutes ago

Windows Server 2016 fails to find domain controller

When the hostname is 15 characters long, DCLocator calls (for example, using nltest /dsgetdc:<domain> /pdc) will return ERROR_INVALID_PARAMETER, preventing applications and administrative tools from locating a domain controller.

Information security

8 hours ago

Microsoft previews automatic device isolation in Defender for Endpoint

Automatic device isolation in Defender for Endpoint can rapidly cut off attacks, but must be carefully tuned to prevent attackers from disabling accounts.

fromwww.bbc.com

9 hours ago

Champion ethical hacker warns AI tools like Mythos could put her out of business

Valentina Palmiotti, better known as Chompie, was the most successful individual at the annual Pwn2Own hacking competition in Berlin. She told BBC News that, for now, AI tools were helping her to win “bug bounties” - money given to hackers who spot vulnerabilities in online systems before they can be exploited by cyber-criminals. But she said systems like Mythos were so powerful that even champion hackers like her would soon struggle to compete with them.

Information security

MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

Push-based MFA can be bypassed when attackers repeatedly trigger prompts and socially engineer approval, gaining access without stealing the second factor.

CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

Patch critical vulnerabilities in internet-exposed systems within 12 hours when feasible to reduce AI-enabled cyber exploitation speed and autonomy.

14 hours ago

Information security

Millions of AI agents imperiled by critical vulnerability in open source package

Information security

Ghost hackers: the cybersecurity mystery that nobody has solved | TechCrunch

Information security

Iranian hackers blamed for breach of Los Angeles transit system that took weeks to recover | TechCrunch

Information security

The AI Era Is Creating a Bug Hunting Arms Race

fromTNW | Anthropic

Information security

Anthropic's Claude Mythos found 10,000 critical vulnerabilities in one month. The patches can't keep up.

23 hours ago

CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

Patch critical vulnerabilities in internet-exposed systems within 12 hours when feasible to reduce AI-enabled cyber exploitation speed and autonomy.

14 hours ago

Millions of AI agents imperiled by critical vulnerability in open source package

BadHost in Starlette enables trivial HTTP Host header injection to bypass path-based authorization, exposing AI tooling servers and stored third-party credentials.

Ghost hackers: the cybersecurity mystery that nobody has solved | TechCrunch

Shadow Brokers leaked alleged NSA hacking tools and vanished, leaving many motives and culprits unknown despite later arrests of other hacking groups.

Information security

Iranian hackers blamed for breach of Los Angeles transit system that took weeks to recover | TechCrunch

The AI Era Is Creating a Bug Hunting Arms Race

Criminal actors dominate most security incidents, while AI-driven bug reports are reshaping vulnerability reward programs and mailing lists through quality and volume changes.

fromTNW | Anthropic

Anthropic's Claude Mythos found 10,000 critical vulnerabilities in one month. The patches can't keep up.

Project Glasswing found 10,000+ high-severity vulnerability candidates in critical software, but only 97 were patched, showing remediation lags discovery by orders of magnitude.

Does your business need a software bill of materials?

SBOMs provide an inventory of software components to quickly identify exposure and patch vulnerabilities across complex software supply chains.

fromthehackernews.com

21 hours ago

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

A SharePoint remote code execution flaw (CVE-2026-45659) can be triggered by authenticated attackers with Site Member permissions and requires no elevated privileges.

20 hours ago

AppOmni's Marlin AI Brings Autonomous Investigation to SaaS Security

SaaS security depends mainly on app configuration, and standard controls and tools often fail because SaaS runs on providers’ infrastructure and is used differently by each customer.

Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning

Nimbus Manticore used AI-assisted MiniFast backdoor and updated tradecraft, including AppDomain hijacking and SEO poisoning, targeting aviation and software organizations across multiple regions.

23 hours ago

FAQ: What you need to know about expiring Windows Secure Boot certificates

Secure Boot certificates issued in 2011 are expiring starting June, requiring Windows devices to install newer Microsoft certificates to maintain trusted boot security.

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

Hard-coded ASP.NET machine keys enabled unauthenticated ViewState deserialization, allowing zero-day exploitation to deploy Godzilla web shells and Cobalt Strike Beacon.

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

A KnowledgeDeliver ASP.NET zero-day enabled ViewState deserialization using hardcoded machineKey values, leading to web shells, Godzilla malware, and Cobalt Strike backdoors.

#supply-chain-attacks

fromnews.bitcoin.com

Trapdoor Malware: The Massive Supply Chain Attack Targeting Crypto Developers

Trapdoor supply-chain malware infected 34 crypto-related developer packages across npm, PyPI, and Crates.io to steal wallets, keys, and secrets, including via AI tool manipulation.

Megalodon chums the waters in 5.5K+ GitHub repo poisonings

Megalodon injected CI/CD credential-stealing malware into thousands of GitHub repositories, enabling attackers to steal cloud keys, tokens, and secrets and impersonate developers.

GitHub investigates attack via malicious VS Code extension

A malicious VS Code extension likely enabled unauthorized access to GitHub internal repositories, with no confirmed customer data compromise yet.

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

Unauthorized access to Grafana Labs GitHub repositories resulted from a TanStack supply chain attack, leading to token compromise, code theft, and mitigations without customer production impact.

fromnews.bitcoin.com

Trapdoor Malware: The Massive Supply Chain Attack Targeting Crypto Developers

Trapdoor supply-chain malware infected 34 crypto-related developer packages across npm, PyPI, and Crates.io to steal wallets, keys, and secrets, including via AI tool manipulation.

Megalodon chums the waters in 5.5K+ GitHub repo poisonings

Megalodon injected CI/CD credential-stealing malware into thousands of GitHub repositories, enabling attackers to steal cloud keys, tokens, and secrets and impersonate developers.

GitHub investigates attack via malicious VS Code extension

A malicious VS Code extension likely enabled unauthorized access to GitHub internal repositories, with no confirmed customer data compromise yet.

more#supply-chain-attacks

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

Unauthorized access to Grafana Labs GitHub repositories resulted from a TanStack supply chain attack, leading to token compromise, code theft, and mitigations without customer production impact.

20 hours ago

Iranian APT Targets Aviation, Software Companies With Updated Tools

Nimbus Manticore updated phishing and payload execution methods, using AppDomain hijacking and new backdoors to target aviation and software organizations.

fromwww.ynetnews.com

5 years ago

State comptroller: Israel unprepared for major cyberattack as ministries lag on defenses

Emergency agencies were not properly prepared for cyberattack scenarios, and key cybersecurity guidelines were not distributed, contributing to major security incidents and persistent technological gaps.

fromNextgov.com

12 hours ago

Why compliance alone doesn't make federal networks secure

Zero Trust compliance mandates are increasing, but incomplete implementation—especially across IT and OT—creates exploitable gaps that adversaries use for lateral movement.

#ai-vulnerability-discovery

Anthropic Expands Claude's Enterprise Security Governance With 28 New Integrations

Claude Enterprise now integrates with 28 security and compliance platforms via a Compliance API for governed monitoring and policy enforcement in corporate IT environments.

Anthropic's Mythos finds 10,000 critical software flaws

Claude Mythos Preview and partners identified 10,000+ high- or critical-severity vulnerabilities in critical software within one month.

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Project Glasswing using Claude Mythos Preview identified 10,000+ high/critical vulnerabilities, yielding 1,726 true positives and 97 upstream patches.

Anthropic's Mythos finds 10,000 critical software flaws

Claude Mythos Preview and partners identified 10,000+ high- or critical-severity vulnerabilities in critical software within one month.

more#ai-vulnerability-discovery

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Project Glasswing using Claude Mythos Preview identified 10,000+ high/critical vulnerabilities, yielding 1,726 true positives and 97 upstream patches.

17 hours ago

MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries

MuddyWater used signed binaries for DLL side-loading, credential theft via ChromElevator, and Node.js-driven PowerShell discovery across nine countries in early 2026.

#software-supply-chain-attacks

fromthenextweb.com

23 hours ago

Iran-linked hackers reached LA Metro's rail-yard control display in March, Israeli firm finds

Iranian-linked infrastructure was used in a March cyberattack that disrupted parts of LACMTA systems, with data traced to exposed files and prior Iranian campaigns.

Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

A poisoned VS Code extension led to GitHub repository exfiltration, showing evolving software supply chain threats and smarter phishing and botnet activity.

Information security

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Information security

A hacker group is poisoning open source code at an unprecedented scale

TeamPCP has carried out frequent software supply chain attacks by corrupting legitimate tools, including a GitHub breach via a poisoned VSCode extension, compromising thousands of repositories.

Information security

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

Hackers used a poisoned VSCode extension to compromise thousands of GitHub repositories, spreading malware through open source tools and extorting victims.

Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

A poisoned VS Code extension led to GitHub repository exfiltration, showing evolving software supply chain threats and smarter phishing and botnet activity.

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

A supply-chain attack compromised multiple Laravel-Lang PHP packages to auto-execute a host-fingerprinting backdoor and download cross-platform credential-stealing payloads.

A hacker group is poisoning open source code at an unprecedented scale

TeamPCP has carried out frequent software supply chain attacks by corrupting legitimate tools, including a GitHub breach via a poisoned VSCode extension, compromising thousands of repositories.

more#software-supply-chain-attacks

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

Hackers used a poisoned VSCode extension to compromise thousands of GitHub repositories, spreading malware through open source tools and extorting victims.

fromTNW | Data-Security

Why businesses still get password management wrong | TNW Deals

Compromised passwords remain a leading breach entry point because enterprise credential storage, sharing, rotation, and governance are often broken.

Over 5,500 GitHub Repositories Infected in 'Megalodon' Supply Chain Attack

Megalodon used GitHub Actions workflow injection via automated commits to steal CI and cloud secrets from thousands of repositories.

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

A critical Ghost CMS SQL injection flaw enables unauthenticated attackers to steal admin API keys and inject malicious JavaScript for ClickFix poisoning.

Ghost CMS Vulnerability Exploited to Hack Over 700 Websites

CVE-2026-26980 SQL injection in Ghost has been exploited at scale to steal Admin API keys and inject malicious JavaScript into unpatched sites.

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

A critical Ghost CMS SQL injection flaw enables unauthenticated attackers to steal admin API keys and inject malicious JavaScript for ClickFix poisoning.

Ghost CMS Vulnerability Exploited to Hack Over 700 Websites

CVE-2026-26980 SQL injection in Ghost has been exploited at scale to steal Admin API keys and inject malicious JavaScript into unpatched sites.

Laravel-Lang Packages Poisoned for Malware Delivery

Malicious Composer package tags were published for Laravel-Lang libraries, pointing to commits in a malicious fork and delivering credential-stealing malware.

fromSecuritymagazine

Weaponizing SBOMs: A Practical Guide for Security Practitioners

SBOMs provide precise visibility into software components, enabling faster vulnerability response, reduced attack surface, and more effective incident response and threat hunting.

fromFuturism

Riot Games Denies Using Anti-Cheat Software That Bricks Hackers' Computers

Vanguard targets DMA cheats without damaging hardware or disabling devices, but a PR post was misread as remote bricking.

fromFuturism

Hackers Find That Inaudible Sounds Hidden in Podcasts or Random Videos Can Hijack Your AI Voice Chatbot

Inaudible adversarial audio can be hidden in everyday media to trick voice AI into leaking or misusing personal data.

fromThe Verge

Hackers are learning to exploit chatbot 'personalities'

Jailbreaks can bypass AI safety by prompting systems to ignore rules, enabling harmful outputs like malware, meth recipes, and bomb-making guides.

'Underminr' Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

Underminr abuses shared CDN routing and TLS/Host mismatches to conceal malicious connections to hidden domains behind trusted front domains.

Dirty Frag, Copy Fail, Fragnesia: The start of a worrisome Linux security trend

AI-accelerated discovery and disclosure of Linux privilege-escalation bugs is increasing, with page-cache abuse enabling rapid, widely shared vulnerabilities across distros.

fromEngadget

Anthropic says Mythos has already found more than 10,000 vulnerabilities - Engadget

AI model Claude Mythos Preview finds thousands of vulnerabilities quickly, enabling Project Glasswing to accelerate bug discovery and patching while safeguards delay public release.

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

CISA added CVE-2026-9082, a Drupal Core SQL injection flaw, to KEV due to active exploitation evidence, urging rapid patching across supported versions.

FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale

Stolen Microsoft OAuth tokens from phishing kits can bypass MFA and grant attackers access to email and Teams accounts without credentials.

Information security

FBI warns of Kali Oauth stealers

Kali365 phishing uses a trusted cloud document email and a Microsoft code to grant attacker access to victims’ Microsoft accounts.

FBI warns Kali365 phishing kit is stealing Microsoft OAuth tokens at scale

Stolen Microsoft OAuth tokens from phishing kits can bypass MFA and grant attackers access to email and Teams accounts without credentials.

FBI warns of Kali Oauth stealers

Kali365 phishing uses a trusted cloud document email and a Microsoft code to grant attacker access to victims’ Microsoft accounts.

Modernizing DevOps Security With Intelligent KYC Enforcement Layers - DevOps.com

DevOps security failures stem mainly from identity weaknesses, so continuous identity validation must be built into automated delivery pipelines.

In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking

Iranian hackers allegedly breached gas station tank gauge systems by exploiting unprotected internet-connected devices, altering display readings without changing fuel volumes.

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Megalodon used forged CI workflow commits to exfiltrate CI secrets, cloud credentials, tokens, keys, and configuration data from thousands of GitHub repositories within hours.

fromTechRepublic

Microsoft Warns: Windows Zero-Day 'YellowKey' Can Bypass BitLocker

Microsoft released a temporary mitigation for YellowKey, a Windows zero-day that can bypass BitLocker via WinRE, while a permanent fix is pending.

Minor edits to AI skills can make agents go rogue

AI agent skills can be weaponized through text-based prompt injection, expanding attack surfaces beyond code via online skill registries and loaded instructions.

Microsoft Open-Sources RAMPART and Clarity to Bring Agent Safety Into the Dev Workflow - DevOps.com

AI agents now perform real actions across systems, requiring continuous safety engineering beyond one-time checks.

Minor edits to AI skills can make agents go rogue

AI agent skills can be weaponized through text-based prompt injection, expanding attack surfaces beyond code via online skill registries and loaded instructions.

Microsoft Open-Sources RAMPART and Clarity to Bring Agent Safety Into the Dev Workflow - DevOps.com

AI agents now perform real actions across systems, requiring continuous safety engineering beyond one-time checks.

more#ai-agents

#cisco-secure-workload

Information security

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Cisco Secure Workload vulnerability can be exploited via API call

A critical unauthenticated flaw in Cisco Secure Workload internal REST APIs grants full Site Admin privileges, enabling cross-tenant data access and configuration changes.

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

A maximum-severity flaw in Cisco Secure Workload allows unauthenticated remote attackers to access sensitive data and change configurations across tenant boundaries.

more#cisco-secure-workload

Cisco Secure Workload vulnerability can be exploited via API call

A critical unauthenticated flaw in Cisco Secure Workload internal REST APIs grants full Site Admin privileges, enabling cross-tenant data access and configuration changes.

Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure

Drupal detects active exploitation attempts for CVE-2026-9082, a PostgreSQL-backed SQL injection flaw, and warns that attackers may quickly escalate from probing to impact.

fromSecuritymagazine

Why CISA Accepting KEV Nominations Is So Important

CISA will accept standardized public nominations for KEV catalog entries to improve early discovery, responsible communication, and rapid mitigation of exploited vulnerabilities.

Zscaler acquires AI security firm Symmetry Systems

Zscaler acquires Symmetry Systems to add access graph technology that maps AI agent and application access, permissions used, and data flows for stronger Zero Trust security.

TrendAI Patches Apex One Zero-Day Exploited in the Wild

CVE-2026-34926 is a patched Apex One directory traversal flaw exploited in the wild, requiring admin access and affecting on-premises deployments.

Cisco used AI to write security incident reports, with mixed results

Large language models can draft incident reports faster but can produce inaccuracies, hallucinations, and cross-contaminated content without careful prompting and controls.

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

Ghostwriter targets Ukrainian government organizations using Prometheus-themed phishing lures, delivering JavaScript that writes encrypted payloads, collects system data, and runs Cobalt Strike.

fromnews.bitcoin.com

Polymarket Suffers $700K Breach After Internal Admin Wallet is Compromised

Polymarket lost about $700K in POL after an internal private key compromise, but user funds and market resolution functions remain safe while keys are moved to KMS.

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The impact is severe: successful exploitation not only compromises the Langflow instance but also exposes all sensitive access tokens and API keys stored within the workspace. This can trigger a cascading compromise across all integrated downstream services in cloud and SaaS environments.

Information security

Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective

Windows kernel driver vulnerabilities can remain reachable from user mode even without the original hardware, enabling exploitability evaluation for hardware-gated code.

A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets

“We have reached an inflection point for cybercrime conspiracies,” Tom Kellermann, TrendAI's VP of AI security and threat research, told The Register, adding that “bandcampro's conspiracy underscores the sophistication of the Russian cybercriminal community and how weaponized jailbroken LLMs are manipulated to orchestrate a systemic cybercrime campaign.”

Information security

fromSecuritymagazine

Strategies, Expert Insights from the 2026 Verizon DBIR

Software vulnerabilities became the leading access method, mobile attacks rose, and generative AI is accelerating exploitation and expanding breach patterns.

When Identity is the Attack Path

Identity-based credentials and permissions act as an internal attack highway, enabling lateral movement and access to critical workloads after a foothold.

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

Attacks increasingly use trusted systems and normal workflows, with AI enabling faster, harder-to-detect intrusion tooling and tunneling into internal networks.

fromTechRepublic

New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most

Vulnerability exploitation, AI-enabled attacks, third-party risk, and ransomware are driving breaches, while human error remains a major factor.

Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw

Unauthenticated crafted API requests can grant Site Admin privileges, enabling cross-tenant data access and configuration changes in Cisco Secure Workload.

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility

Velocity without visibility creates a supply chain cybersecurity crisis as exploitation outpaces patching and only a small subset of CVEs is truly exploitable.

Google's Surge in Chrome Vulnerability Discoveries Likely Driven by AI

Chrome vulnerability counts reported by Google surged from single digits to 100 within weeks, likely aided by AI-driven testing and remediation automation.

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft Defender privilege escalation and denial-of-service vulnerabilities are actively exploited, and fixes are available via updated Defender Antimalware Platform versions and definition updates.

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

Microsoft released patches for two Microsoft Defender vulnerabilities exploited in the wild, adding them to CISA’s KEV list with a June 3 patch deadline.

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

Microsoft released patches for two Microsoft Defender vulnerabilities exploited in the wild, adding them to CISA’s KEV list with a June 3 patch deadline.

more#microsoft-defender

Microsoft storms RAMPART, adds Clarity to agentic AI safety

RAMPART and another open-source tool help teams test, measure, and mitigate risks in agentic AI through automated red-teaming in CI/CD pipelines.

fromTechRepublic

Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs

Fox Tempest abused Azure Artifact Signing to generate fraudulent code-signing certificates, enabling malware and ransomware to appear trusted and evade defenses.

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

Showboat is a modular Linux post-exploitation malware used against a Middle East telecom provider, providing remote shell, file transfer, and SOCKS5 proxy capabilities.