Apple has patched a year-old Bluetooth vulnerability that could have let nearby attackers listen through Beats Studio Buds’ microphone. This article has been indexed from Malwarebytes Read the original article: Apple patches Beats Studio Buds flaw that could turn earbuds…
Nintendo Confirms Third-Party Survey Data Breach, Says Customer Information Remains Secure
Nintendo of America has acknowledged that employee survey data was exposed through a security incident involving TinyPulse, a third-party platform used for internal feedback and engagement surveys. The company emphasized that its own systems were not compromised and that…
Forget Data Leakage: Shadow AI’s Real Threat Is Access Control
The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive data into public AI tools. Security teams responded with usage policies, domain blocks, and data loss prevention rules. That response made sense at the time.…
Anthropic’s Fable and the State of AI
On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from accessing it. Unable to differentiate between Americans…
Britain’s privacy watchdog quits after ‘poor judgment’ admission
John Edwards says his position had become ‘untenable’ following investigation into conduct including inappropriate attempts at humor This article has been indexed from www.theregister.com – Articles Read the original article: Britain’s privacy watchdog quits after ‘poor judgment’ admission
CryptoBandits Malware Doubles as a Backdoor, Abuses Tor
CryptoBandits uses a local SOCKS5 proxy for traffic routing, blending data theft with remote code execution. The post CryptoBandits Malware Doubles as a Backdoor, Abuses Tor appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
UEFI DBX Update Guidance Targets Vulnerable Vendor-Signed Boot Applications
A recently disclosed vulnerability inc, which affects UEFI applications signed by multiple vendors, has prompted urgent recommendations to update the UEFI Forbidden Signature Database (DBX). This issue, tracked as VU#457458 and published by CERT/CC on June 18, 2026, reveals a…
Rights groups brand Home Office’s AI age guesser for asylum-seekers as biased and inaccurate
Campaigners say tech is unable to reliably distinguish between kids and adults at the boundary where use is planned This article has been indexed from www.theregister.com – Articles Read the original article: Rights groups brand Home Office’s AI age guesser…
124M Passwords Exposed as Infostealer Malware Hits Millions of Devices
Have I Been Pwned has added 124 million passwords and 56 million email addresses from infostealer logs tied to infected devices. The post 124M Passwords Exposed as Infostealer Malware Hits Millions of Devices appeared first on TechRepublic. This article has…
24B Records Exposed in Massive Leak of Emails, Passwords, and Login Data
Cybernews researchers found an exposed database with 24 billion credential records, raising fresh risks from password reuse and credential stuffing. The post 24B Records Exposed in Massive Leak of Emails, Passwords, and Login Data appeared first on TechRepublic. This article…
U.S. CISA adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog and urges agencies to fix it by Sunday
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Splunk Enterprise flaw, tracked as CVE-2026-20253 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV)…
FortiBleed: 86,000 Fortinet Device Credentials Compromised
The large-scale credential theft campaign hit roughly half of the internet-accessible Fortinet firewalls and VPNs. The post FortiBleed: 86,000 Fortinet Device Credentials Compromised appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: FortiBleed: 86,000…
Forget traffic lights, Google’s reCAPTCHA may ask for hand gestures
Google has introduced hand gesture verification for reCAPTCHA, a new method for verifying that a user is human. Google’s reCAPTCHA is part of Google Cloud Fraud Defense, a fraud and abuse prevention platform for bot, account, and transaction protection. It…
Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)
CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal civilian agencies to apply mitigations by June 21, 2026. In-the-wild exploitation has also been confirmed by the vendor…
AWS Unveils ‘Continuum,’ an AI-Powered Vulnerability Management Platform
Working with frontier AI models, this new platform aims to help discovering, prioritizing, validating and remediating code vulnerabilities This article has been indexed from www.infosecurity-magazine.com Read the original article: AWS Unveils ‘Continuum,’ an AI-Powered Vulnerability Management Platform
Operation Endgame Disrupts Malware Network Linked to Major Ransomware Gang
SocGholish malware has been removed from 15,000 sites associated with Evil Corp hackers This article has been indexed from www.infosecurity-magazine.com Read the original article: Operation Endgame Disrupts Malware Network Linked to Major Ransomware Gang
FIFA World Cup 2026: Hackers Target Football Fans With Fake Tickets Sites
Cybersecurity experts warn that active hacking networks are using fake hotel bookings, cloned websites, and live chat features to scam FIFA World Cup 2026 fans. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More…
Mastodon 4.6 adds profile Collections and two-factor controls
People who run accounts on the open source social network Mastodon can now group profiles together and share those groups across the web. The 4.6 release centers on a feature called Collections, along with reworked profiles, email newsletters, server administration…
IT Security News Hourly Summary 2026-06-19 12h : 9 posts
9 posts were published in the last hour 9:34 : SmartApeSG Hackers Abuse Okendo Reviews Widget in E-Commerce Supply Chain Attack 9:34 : China-Linked Showboat Malware Uses Linux Persistence to Target Telecom Companies 9:34 : Cybersecurity Firms Impacted by Klue…
SmartApeSG Hackers Abuse Okendo Reviews Widget in E-Commerce Supply Chain Attack
A supply-chain style compromise in the Okendo Reviews widget that enabled the SmartApeSG threat actor to deliver staged JavaScript loaders across a wide e-commerce surface. Okendo’s client-facing review widget is deployed by more than 18,000 brands and commonly appears on…
China-Linked Showboat Malware Uses Linux Persistence to Target Telecom Companies
A sophisticated China-linked malware framework has been quietly targeting telecom companies across the Middle East for nearly four years. Showboat is a Linux-based tool that stayed completely hidden from antivirus systems until April 2026, raising serious concerns about the security…
Cybersecurity Firms Impacted by Klue Supply Chain Attack
The hackers exfiltrated data from Salesforce instances of Klue customers, such as Huntress and Recorded Future. The post Cybersecurity Firms Impacted by Klue Supply Chain Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Accenture to buy Dragos, runZero, and NetRise in $4.2 billion cybersecurity deal
Accenture is expanding its position with the acquisition of a majority stake in Dragos and all of runZero and NetRise to deliver end-to-end operational technology (OT) security for the critical infrastructure and industrial operations underpinning power grids, pipelines, manufacturing, distribution…
Google sets timeline for Android developer verification enforcement
Android’s developer verification protections will take effect on September 30, 2026, starting with users in Brazil, Indonesia, Singapore, and Thailand. Developers distributing apps through participating stores in those markets must complete the verification process by the deadline. Google Play, HONOR…