Iran hackers said this evening that they are assisting the Islamic Revolutionary Guard Corps with pinpointing drone targets in response to U.S. strikes conducted in retaliation for the earlier...

Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond...

Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries...

Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject...

Anthropic has begun rolling out a new model called "Fable," which is based on the same underlying model as Mythos, its most powerful AI model class. [...]

Unit 42 research examines attack scenarios targeting cloud logging services. Learn how to defend against log manipulation and defense evasion. The post Blinding the Watchmen: Abusing Cloud Logging...

Microsoft Patch Tuesday details for June 2026.

As if there weren't enough package poisonings to worry about

Fears and warnings about a roaring flood of error-riddled software have materialized. And the disease is spreading. The post Microsoft breaks Patch Tuesday record with 206 vulnerabilities appeared...

On May 25, senior research associate Kate Robertson appeared before SECD to testify on Bill C-8. The post Submission to the Standing Senate Committee on National Security, Defence and Veterans...

[...]

Adobe security advisory (AV26-570)

HPE security advisory (AV26-571)

Microsoft security advisory – June 2026 monthly rollup (AV26-569)

iBiz might not win the AI race, but analysts say it's focusing on features people may actually use

Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released....

ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances. [...]

University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network,...

Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645...

Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. [...]

Anthropic is releasing Claude Mythos 5 to trusted organizations and Claude Fable 5 to the public, a version it says can’t be used for cyberattacks.

Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and...

Claude Fable 5 offers Mythos-level performance for most tasks with safeguards on sensitive topics. Anthropic claims testing found no universal jailbreaks. Whether that actually holds up in...

With contributions from Cris Tomboc.

Ivanti security advisory (AV26-567)

Fortinet security advisory (AV26-568)

SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. [...]

Your guide to operationalizing ownership, remediation, and response with Wiz to keep pace with the AI threat landscape.

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no...

This is interesting: The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, turning each satellite into a hidden...

The cybersecurity industry devotes a lot of attention to how AI helps hackers analyze vulnerabilities more quickly and craft better malware, but a new report argues that AI’s improved...

CERT Polska has received a report about 4 vulnerabilities (CVE-2026-9279 and from CVE-2026-47899 to CVE-2026-47901) found in Logseq software.

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as...

Encrypted messaging app warns device-level checks could be repurposed for censorship

Russia has spent decades building one of the world’s most sophisticated digital surveillance systems. Now, the Kremlin is taking steps to make it faster, more automated and better integrated...

Microsoft has released the Windows 10 KB5094127 extended security update, which fixes the June 2026 Patch Tuesday vulnerabilities and adds new functionality to monitor the rollout of updated...

[Control systems] Siemens security advisory (AV26-566)

32Critical166Important0Moderate0LowMicrosoft addresses 198 CVEs in the largest Patch Tuesday release, including three zero-days.Microsoft patched 198 CVEs in its June 2026 Patch Tuesday release,...

Google paid researcher a tidy $55K bounty for its discovery

A likely North Korean threat actor has phished software developers at almost 100 organizations with fake job and code-review lures to steal cryptocurrency and credentials. According to new...

The defect marks the seventh actively exploited zero-day in Cisco SD-WANs this year, and the vendor has yet to release a patch. The post Cisco customers encounter another SD-WAN zero-day under...

An Iranian-linked hacker group called Handala claimed to have hit Israeli military targets with massive cyberattacks on Sunday, June 7 2026. The group used the Telegram messaging app to announce...

Rockwell Automation, a vendor of industrial automation and digital transformation, announced on Tuesday the launch of three enhanced... The post Rockwell launches enhanced SecureOT solutions to...

In manufacturing environments, a technical assessment of OT (operational technology) environments is the point at which managers shift... The post Why OT security remediation stalls after...

Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws and three publicly disclosed zero-day vulnerabilities. [...]

Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including five publicly disclosed zero-day vulnerabilities and one actively exploited in attacks. [...]

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these...

A network of fake websites is trapping unsuspecting users by claiming to be official download pages for free tools like Ghidra, dnSpy, ILSpy, and CrystalDiskMark. Discovered by Check Point...

The University of Oxford disclosed a new data breach last week after being informed by its third-party provider, Group GTI, that its CareerConnect career services platform had been compromised....

Microsoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]

Authorities say the breach only exposed public chat rooms, but alleged attacker claims to have accessed far more data

As cyber threats against critical infrastructure accelerate and AI (artificial intelligence) lowers the barrier for sophisticated attacks, concerns... The post Warner introduces bill to restore...

A hacker with a penchant for targeting Australian organizations is claiming to have added another victim to their growing list of data breaches. The threat actor, 2019, a prominent member of a...

The rapid expansion of AI-driven data centers is driving permanent changes to the geographical layout of critical infrastructure that serves as the backdrop of global competition and future wars....

Apache security advisory (AV26-563)

Veeam security advisory (AV26-564)

MISP security advisory (AV26-565)

Russian satellites have been identified as the cause of mysterious, seconds-long bursts of GPS interference across Europe—a rare example of human-made GPS interference coming from space. But...

Multiple vulnerabilities have been discovered in Check Point products the most severe of which could allow for authentication bypass.Check Point VPN Remote Access provides remote and mobile...

The Pentagon added a slew of Chinese companies, including Alibaba Group, Baidu Inc and carmaker BYD, to a list of entities it believes have aided the Chinese military, complicating the fragile...

SAP security advisory – June 2026 monthly rollup (AV26-562)

For the last four decades, we have allowed the information and communications technology (ICT)—software and hardware industry — to deliver flawed products under the principle: “field it fast and...

President Donald Trump on Friday signed a national security memo aimed at speeding up government use of advanced artificial intelligence across the military and intelligence community, while also...

Google Chrome security advisory (AV26-561)

Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit discovery, reverse...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing...

Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. [...]

Two years on from ransomware attack, hospitals are still trying to identify and warn patients

Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. [...]

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these...

Every organisation gets audited. The question is who does the auditing.

In this quarter, the percentage of attacked ICS computers in the manufacturing industry increased in 10 regions

DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government's encrypted messaging platform. [...]

In our post about Project Glasswing, we made the argument that the architecture around a vulnerability matters more than the speed of the patch. Here we walk through what that architecture looks...

CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin...

Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. [...]

Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw,...

When an unsolicited job offer sounds too good to be true …

Western sanctions have tied Russia's elite patronage to the defense sector. Learn why this creates a domestic imperative for Putin to pursue perpetual war