Two men admit to hacking Transport for London in summer 2024 incident that caused months of chaos, following arrests last year This article has been indexed from Silicon UK Read the original article: Two Men Plead Guilty To TfL Hack
WhatsApp Boss To Step Down After Seven Years
Will Cathcart to move to another role at Meta, with WhatsApp top spot to be taken over by Indian start-up founder Kunal Shah This article has been indexed from Silicon UK Read the original article: WhatsApp Boss To Step Down…
CodeStorm Phishing Campaign Targets M365 Tenants With Token Reuse and Replay Attacks
A multi-organization phishing campaign attributed to the CodeStorm family is actively targeting Microsoft 365 tenants with a tenant-aware AiTM (adversary-in-the-middle) phishing kit that combines rotating frontends and backend replay behavior under a stable controller path, /google.php. The human recipient rarely…
Xsolis Data Breach Affects 1.4 Million Individuals
Threat actors gained access to personal and protected health information that Xsolis received from its clients. The post Xsolis Data Breach Affects 1.4 Million Individuals appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
FortiBleed Campaign Uses FortigateSniffer to Harvest 110 Million Credentials From Fortinet Firewalls
A large-scale credential harvesting campaign called “FortiBleed” has been uncovered, revealing how threat actors are exploiting Fortinet FortiGate firewalls to capture authentication data on an unprecedented scale. Research from the SOCRadar Threat Research Unit (STRU) indicates that this operation has…
Two Scattered Spider Hackers Convicted Over Transport for London Cyber Attack
Two alleged members of the notorious Scattered Spider cybercrime collective have pleaded guilty to orchestrating a disruptive cyber attack against Transport for London (TfL). This marks a significant law enforcement victory against a group known for targeting large enterprises and…
A $1,400 experiment in AI security auditing outperformed OpenAI’s Codex Security
A research team has built a system that teaches AI agents to hunt for software bugs by writing the audit method down as plain text. The system, called EVOHUNT, keeps the underlying AI model fixed and improves only an external…
CalPhishing Campaigns Use Outlook Calendar Invites to Deliver Persistent Phishing Lures
A growing trend in which attackers weaponize Microsoft 365 collaboration features to deliver persistent phishing lures via Outlook calendar invites. By abusing Microsoft 365 Groups and Outlook calendar functionality, threat actors move malicious intent out of a single suspicious message…
OpenAI Launches Daybreak to Automate Vulnerability Patching With GPT-5.5-Cyber
OpenAI has announced Daybreak, a new cybersecurity initiative aimed at automating vulnerability patching on a large scale using its latest GPT-5.5-Cyber model. This marks a shift from merely discovering vulnerabilities to focusing on end-to-end remediation. The initiative addresses a growing…
Five Eyes spooks warn AI means infosec incidents can become ‘major operational and financial crises’
Bosses told to step up and get cybersecurity right This article has been indexed from www.theregister.com – Articles Read the original article: Five Eyes spooks warn AI means infosec incidents can become ‘major operational and financial crises’
Residential proxy SDKs are hiding in LG and Samsung smart TV apps
Smart TVs in living rooms run small apps that show fish tanks, clocks, solitaire games, and slideshows of puppies. A share of those apps can also send other people’s internet traffic out through the home connection. Spur Intelligence scanned 6,038…
29-Year-Old Squid Proxy Vulnerability Exposes Authorization Headers and API Keys
A recently disclosed vulnerability in Squid Proxy, tracked as CVE-2026-47729 and referred to as “Squidbleed,” is exposing sensitive user data, including HTTP authorization headers and API keys. This issue arises from a decades-old memory-handling flaw in Squid’s codebase, dating back…
OpenAI Releases GPT‑5.5‑Cyber With Full Automation for Vulnerability Detection and Patching
OpenAI has officially launched the full version of GPT‑5.5‑Cyber, a specialized AI model engineered for advanced vulnerability detection, patch generation, and automated remediation at machine speed. The release is part of OpenAI’s broader Daybreak initiative, which aims to democratize defensive…
Hackers Using FortigateSniffer Tool That Turns Compromised Firewalls Into Password Collectors
A financially motivated threat actor has deployed a custom Golang-based tool called FortigateSniffer across more than 430,000 FortiGate firewalls globally, silently harvesting over 110 million credentials since at least February 2026, including confirmed data exfiltration from a NATO-aligned defense contractor.…
Free, no-signup World Cup streams serve scams instead of football
Researchers at Malwarebytes identified dozens of websites claiming to offer free access to FIFA World Cup matches. Instead of streaming games, the sites directed visitors through a chain of advertising pages designed to generate revenue for their operators. Fake World…
Only 7% of companies are ready for the AI agents they deployed
Most organizations now run or pilot AI agents that operate on company data with limited human direction at each step, a share that reaches 88% in Veeam Software’s Data and AI Trust Gap report. The systems that are supposed to…
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
OpenAI on Monday said it’s releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative, the artificial intelligence (AI) company announced last month. Calling GPT‑5.5‑Cyber its “strongest model yet for finding and helping…
IT Security News Hourly Summary 2026-06-23 06h : 1 posts
1 posts were published in the last hour 3:6 : CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration., (Tue, Jun 23rd)
CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration., (Tue, Jun 23rd)
The vulnerability This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration., (Tue, Jun 23rd)
ISC Stormcast For Tuesday, June 23rd, 2026 https://isc.sans.edu/podcastdetail/9982, (Tue, Jun 23rd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, June 23rd, 2026…
IT Security News Hourly Summary 2026-06-23 03h : 2 posts
2 posts were published in the last hour 0:31 : Sniff out stale AI override advice with this open source CLI 0:6 : OpenAI: Yoo-hoo, look over here, we do that security stuff too!
Sniff out stale AI override advice with this open source CLI
Package dependencies can create vulnerabilities that are fiendishly hard to find and stamp out This article has been indexed from www.theregister.com – Articles Read the original article: Sniff out stale AI override advice with this open source CLI
OpenAI: Yoo-hoo, look over here, we do that security stuff too!
A plethora of pwn-prevention, including a ‘Patch The Planet’ pledge This article has been indexed from www.theregister.com – Articles Read the original article: OpenAI: Yoo-hoo, look over here, we do that security stuff too!
The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration
Unit 42 research details how attackers could exploit global name uniqueness in bucket hijacking to redirect cloud data streams across major CSPs. The post The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration appeared first on Unit…