New “Agentjacking” attack that hijacks AI coding agents and silently executes attacker-controlled code on developer machines using nothing more than a single injected Sentry error. The technique turns trusted AI assistants like Claude Code and Cursor into an execution layer…
FIFA World Cup 2026 Becomes Prime Target for Ticket and Employment Fraud
In 2026, the FIFA World Cup will be the world’s largest sporting event, encompassing three host nations, 16 cities, 48 national teams, and 104 matches over a span of six weeks. In addition to the tournament’s sporting significance, it…
AI Agents Actively Ignore EU Law to Achieve Goals, Study Finds
A groundbreaking study reveals that some of the world’s most popular AI models are building agents that actively resist EU regulation to accomplish their assigned tasks. The research, conducted by Dutch non-profit Aithos, exposes a critical gap between AI…
IT Security News Hourly Summary 2026-06-13 18h : 4 posts
4 posts were published in the last hour 16:3 : NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks 15:32 : Washington Pulled the Plug on Anthropic ‘s Fable 5 and Mythos 5 models. The Rest of…
NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks
By default, npm install will no longer execute scripts from dependencies, unless explicitly allowed. The post NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Washington Pulled the Plug on Anthropic ‘s Fable 5 and Mythos 5 models. The Rest of the World Is Watching.
Anthropic disputes restrictions on Mythos 5 and Fable 5, arguing the decision lacks transparency and isn’t based on clear technical evidence. On Friday June 12 at 5:21pm ET, Anthropic received a letter from the US Commerce Department, signed by Commerce…
Extradited Ukrainian Man Admits Role in Conti Ransomware Attacks
Ukrainian national Oleksii Lytvynenko has pleaded guilty in the US to wire fraud conspiracy linked to Conti ransomware, which hit more than 1,000 victims and generated at least $150 million in ransom payments. This article has been indexed from Hackread…
Gujarat Police Uncover ₹2,289 Crore Cyber Fraud in Massive Mule Account Crackdown
A major crackdown on cybercrime in India uncovered fraudulent transactions worth ₹2,289 crore. Gujarat authorities acted against 913 mule bank accounts used to route illicit funds. The operation targeted the financial infrastructure behind online scams rather than just individual…
BugHunter – Bug Bounty Toolkit Powered by Claude and Free AI Providers
A new open-source bug bounty hunting toolkit called BugHunter, built on top of Anthropic’s Claude Code and now extended to support free AI providers like Ollama and Groq, is gaining traction in the security research community for automating the full…
DarkSpectre
Hidden in Plain Sight: How the DarkSpectre Malware Campaign Weaponized Our Browsers This article has been indexed from CyberMaterial Read the original article: DarkSpectre
Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring…
Zero Trust For AI In Defense Networks
There is always a moment before the mistake. It is the meeting where someone says the model works. The dashboard looks clean. The demo lands. The room nods. People start… The post Zero Trust For AI In Defense Networks appeared…
IT Security News Hourly Summary 2026-06-13 15h : 3 posts
3 posts were published in the last hour 12:34 : Splunk Enterprise Pre-Auth RCE Chain Exposes Database With Zero Authentication 12:5 : ServiceNow Deploys Security Fix After Researcher Uncovers Activity Targeting Flaw 12:5 : Cyber Security: Six Cyber Threats to…
Splunk Enterprise Pre-Auth RCE Chain Exposes Database With Zero Authentication
A critical vulnerability chain in Splunk Enterprise has been disclosed, enabling unauthenticated attackers to achieve remote code execution (RCE) through a misconfigured PostgreSQL sidecar service. Tracked as CVE-2026-20253, the flaw has a CVSS score of 9.8 and affects Splunk Enterprise…
ServiceNow Deploys Security Fix After Researcher Uncovers Activity Targeting Flaw
Following the disclosure of a recent vulnerability in the ServiceNow platform, the company issued a security update after investigating unauthorized access paths to customer data. A number of reports indicated potential exploitation of this vulnerability quickly gained industry attention,…
Cyber Security: Six Cyber Threats to Look Out for in 2026
With industries being digitized, cybercrime is also advancing. This year, besides being opportunistic, threats have also become highly targeted, intelligent, and automated. The data comes from UK Government’s Cyber Security Breaches Survey 2025, which hints that 43% of businesses and…
The FBI built its own replica small town to simulate real-world cyberattacks
Hidden inside a building in Alabama, the FBI has created its own small town as a dedicated cyber training ground for simulating cyberattacks. This article has been indexed from Security News | TechCrunch Read the original article: The FBI built…
The FCC Wants to Kill Burner Phones
Plus: AI bug hunting fuels Microsoft’s biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more. This article has been indexed from Security Latest Read the original article: The FCC Wants to Kill Burner Phones
IT Security News Hourly Summary 2026-06-13 12h : 3 posts
3 posts were published in the last hour 10:4 : Atomic Arch: 400+ AUR Packages Backdoored with eBPF Rootkit and Credential Stealer 9:34 : U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog 9:7 : New…
Atomic Arch: 400+ AUR Packages Backdoored with eBPF Rootkit and Credential Stealer
An AUR supply chain attack compromised more than 400 Arch Linux packages from 11 June 2026, planting a Rust credential stealer and an eBPF rootkit that hides from standard inspection tools. Atomic Arch: 400+ AUR Packages Backdoored with eBPF Rootkit…
U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle PeopleSoft Enterprise PeopleTools flaw, tracked as CVE-2026-35273 (CVSS score of 9.8), to…
New Agentjacking Attack Hijacks AI Coding Agents to Execute Malicious Code
A newly disclosed Agentjacking attack class can silently weaponize AI coding agents against the very developers who rely on them, requiring no phishing, no server compromise, and no user interaction beyond a developer’s normal workflow of asking their AI assistant…
Critical Splunk Enterprise Pre-Auth RCE Chain Exposes Databases
A critical pre-authentication remote code execution (RCE) vulnerability in Splunk Enterprise has been disclosed, carrying a near-perfect CVSS score of 9.8. Tracked as CVE-2026-20253, the flaw was published by Splunk on June 10, 2026, and affects the PostgreSQL Sidecar Service introduced in Splunk…
US Government Suspends Anthropic’s Claude Fable 5 and Mythos 5 Over Security and Jailbreak Concerns
Anthropic has paused access to Claude Fable 5 and Claude Mythos 5 for all users following a directive from the US government to restrict access for foreign nati Thank you for being a Ghacks reader. The post US Government Suspends…