IT Security News Daily Summary 2026-06-23

161 posts were published in the last hour

• 21:7 : FFmpeg PixelSmash Vulnerability Enables Remote Code Execution
• 20:32 : FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
• 20:10 : Architectural Collapse: How Extension Poisoning, Node Vulnerabilities, and Infrastructure Fog Enabled the GitHub Repository Breach
• 20:10 : Klue says hackers stole credential from 2022 that led to customer data breaches
• 20:9 : Innovator Spotlight: NAKIVO
• 19:37 : Internet Society Foundation Opens Global Call for Common Good Cyber Fund to Strengthen Cybersecurity
• 19:37 : Colonial Pipeline: 2021 Hindsight and 2026 Insights
• 19:35 : Dialog Claims It Was Hacked. A Misconfigured Website Left Its Members Exposed
• 19:10 : Phantom APIs Are Eating Your Attack Surface, and Most Security Teams Are Still Looking the Other Way
• 19:10 : CISA Adds Four Known Exploited Vulnerabilities to Catalog
• 19:9 : Siemens Products using OpenSSL
• 19:9 : Hubbell Aclara Metrum Cellular Web Interface
• 19:9 : Claude Down – A Major Outage Affects Most of the Models
• 19:8 : AWS Warns Outbound Traffic Blind Spots Can Enable Cloud Data Exfiltration
• 19:8 : Bajaj Auto Confirms Systems Affected by Ransomware Attack
• 19:8 : Your SOC Has Too Many IOCs: How to Cut Feed Noise, Prioritize What Matters, and Improve Response
• 19:8 : Anthropic Launches Claude Tag – AI Teammate Now Lives Inside Slack
• 19:7 : Dragos Unveils AI for OT Security
• 19:7 : What the Fortibleed campaign means for organizations running FortiGate firewalls
• 19:5 : IT Security News Hourly Summary 2026-06-23 21h : 8 posts
• 18:41 : LastPass Confirms Customer Data Breach After Klue OAuth Token Theft
• 18:41 : 2026-06-22: SHub Stealer infection (macOS)
• 18:41 : Securing AI Agent Behavior with Amazon Bedrock AgentCore and CheckPoint AI Security
• 18:40 : DifyTap: Four Bugs Put over 1 million AI Apps at Risk
• 18:40 : Cybersecurity Outsourcing. Beyond Cost
• 18:40 : Inside the dark web: Stolen identities for 95¢, malware, and scams-for-hire
• 18:39 : Mythos discovers ‘Squidbleed,’ a memory leak that’s gone undetected since Clinton era
• 18:37 : WhatsApp Malware Campaign Targets Global Users Through Fake Financial Documents and Remote Access Tools
• 17:50 : The Rise of AI-Powered Academic Fraud: Beyond Traditional Plagiarism
• 17:41 : OTC Glucose Monitors Make Wellness Tracking More Personal — and More Complicated
• 17:32 : ABB Freelance Security Lock
• 17:31 : Impact of Linux Kernel vulnerabilities on B&R products
• 17:30 : Siemens SIPROTEC 5 Using DIGSI5 Protocol
• 17:28 : Siemens WinCC Certificate Manager
• 17:28 : Password manager maker LastPass says hackers stole customer support case data during Klue breach
• 17:28 : Built to Last: What Stonehenge Teaches us About IT Architecture & Cyber Resilience
• 17:27 : Cybersecurity Training in the Age of AI
• 17:27 : Intro to STIG Tools
• 17:17 : Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps
• 17:11 : Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration
• 17:10 : Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
• 17:6 : How to Set Up a Secure Home Network
• 17:5 : The Rise of AI-Powered Academic Fraud: Beyond Traditional Plagiarism
• 17:5 : ‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking
• 17:4 : The Breach Was Never at the Door
• 17:4 : Scattered Spider Hackers Plead Guilty on Day 1 of Trial
• 17:3 : Password manager maker LastPass says hackers stole customer support case data during Klue breach
• 17:3 : Built to Last: What Stonehenge Teaches us About IT Architecture & Cyber Resilience
• 16:45 : Crypto Heist Uses Fake Reputation Campaign to Spread Malware
• 16:42 : LA Schools Superintendent Resigns Amid FBI Probe
• 16:41 : CVE Lite CLI adds override auditing for JS deps
• 16:37 : Trump sets new deadlines for agencies and contractors to adopt post-quantum cryptography
• 15:47 : SonicWall CVE-2024-40766 Proves Patching Is Not Remediation
• 15:47 : From Langflow to Monero: Inside CVE-2026-33017 Cryptominer
• 15:47 : Dropping Elephant Hackers Use China-Themed Loader Chain to Deploy In-Memory RAT
• 15:47 : Five Eyes Agencies Warn AI Is Accelerating Cyber Threats and Zero-Day Exploitation
• 15:46 : LastPass Customer Data Exposed in Klue Supply Chain Attack Using Stolen OAuth Tokens
• 15:46 : Cordyceps Supply chain Vulnerability Impacting Code Repositories at thousands of Organizations
• 15:46 : Data Governance Checklist for AI-Driven Systems
• 15:46 : OpenAI’s Daybreak: AI-Powered Cyber Revolution Just Got Real!
• 15:45 : Nearly Half of Apps Across LG and Samsung TV’S are Selling Your IP Address
• 15:45 : Five-Eye Agencies Call for “Whole-of-Organization and Whole-of-Society Response” to Stop Cyber Threats
• 15:45 : DifyTap Flaws Allow Attackers to Wiretap AI Data Across Tenants – 1M+ Apps Impacted
• 15:45 : LastPass Customer Data Exposed in Klue Supply Chain Attack
• 15:44 : 8-Year-Old Samsung KNOX Vulnerability Exposes Galaxy Devices to Kernel Attacks
• 15:44 : Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks
• 15:44 : Using Reddit to manipulate AI search results is surprisingly easy
• 15:44 : Dragos unveils OT-native AI to help critical infrastructure teams prioritize threats faster
• 15:44 : New N-able feature gives IT teams visibility into AI usage across endpoints and networks
• 15:35 : GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
• 15:34 : Trump Issues Executive Order to Fast-Track Post-Quantum Migration
• 15:27 : Lookalike npm Package Hides a Multi-Stage Windows RAT
• 15:26 : Amazon Prime Day malicious domains surge
• 15:21 : OpenAI releases GPT-5.5-Cyber and Patch the Planet
• 14:0 : AI Reconnaissance: The Missing Layer in Chatbot Security
• 13:57 : DifyTap Flaws Expose AI Data Across Tenants on Platform Powering 1M+ Apps
• 13:45 : Inside The Rising Cyber Risk To Insurers: Why Insurance Companies Are Now Prime Targets
• 13:43 : Meta pauses controversial employee-tracking program after security review
• 13:40 : CISO Conversations: Carl Froggett – Combining CISO and CIO at Deep Instinct
• 13:33 : GTA 6 Scams Emerge as Pre-Orders Open
• 12:15 : Supply Chain Compromise: Nintendo Vendor Breach Exposes Internal Data
• 12:14 : New CryptoBandits Malware Uses USB Drives and Tor to Steal Crypto
• 12:7 : FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances
• 11:33 : The Evolution of iGaming Fraud: What Security Teams Should Expect in 2027
• 11:33 : AWS Urges Organizations to Turn Outbound Blind Spots Into Monitored Checkpoints
• 11:33 : Anthropic’s Fable 5 Model Jailbroken Within Days
• 11:32 : On-Premises API Security on Kubernetes: What It Actually Looks Like in Practice
• 11:32 : 15 Best Linux Network Monitoring Tools in 2026
• 11:32 : Scattered Spider Hackers Who Breached London Transport Network Plead Guilty
• 11:32 : Hackers Abuse Compromised M365 Accounts to Scale CodeStorm Phishing Operations
• 11:31 : OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery
• 11:7 : Tata Electronics Data Breach Exposes 200,000+ Files Linked to Apple and Tesla, Hackers Claim
• 11:7 : Xsolis Data Breach Impacts 1.4 Million People
• 11:7 : 1-15 June 2026 Cyber Attacks Timeline
• 11:7 : Hackers steal passport and driver’s license data of 3 million Texans
• 11:7 : Russian Initial Access Broker Behind FortiBleed Campaign
• 11:6 : GTA 6 early access offers are taking gamers’ crypto
• 10:32 : 2 Scattered Spider-Linked Hackers Plead Guilty Over £39M TfL Cyberattack
• 10:31 : Microsoft Uncovers Parallel Threat Activity From Two Cyberattackers in Single Intrusion
• 10:31 : Two Scattered Spider hackers plead guilty over Transport for London cyberattack
• 10:5 : Critical FFmpeg Vulnerability Allows Attackers to Weaponize Media Files
• 10:5 : Critical libssh2 Vulnerability Allows Attackers to Execute Remote Code Via Malicious SSH packets
• 10:5 : New Phishing Attack Abuses Outlook and Microsoft 365 Groups Features to Attack Users
• 10:5 : IT Security News Hourly Summary 2026-06-23 12h : 13 posts
• 10:5 : Tata Electronics Data Breach Exposes Confidential Apple and Tesla Documents
• 10:4 : Researcher Earns $148,337 for Google Cloud Production RCE Vulnerability
• 10:4 : GTA 6 early access is nothing but a scam
• 9:32 : Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT
• 9:32 : Canadian Electricity Provider London Hydro Discloses Data Breach
• 9:32 : Mavenir turns NOC knowledge into automation for autonomous networks
• 9:31 : Hack The Box adds crisis simulations and SOC training to strengthen cyber readiness
• 9:31 : Omada Identity Sovereign targets Europe’s growing digital sovereignty demands
• 9:31 : Scattered Spider Teens Convicted of TfL Cyber-Attack
• 9:5 : California Lawsuit Claims AI Inflated Petrol Prices
• 9:5 : SK Hynix Tops Samsung Market Value Amid Memory Boom
• 9:5 : Critical libssh2 Vulnerability Lets Remote Attackers Execute Code via Crafted SSH Packets
• 9:5 : ShapedPlugin Supply Chain Attack Backdoors Pro Plugin Updates
• 9:4 : Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration
• 9:4 : F5 launches AI Security Platform to uncover and secure shadow AI
• 9:4 : OpenAI wants AI to fix vulnerabilities, not just find them
• 9:4 : Five Eyes Group Issues Urgent Call to Tackle Frontier AI Threats
• 8:32 : Critical FFmpeg Vulnerability Lets Hackers Execute Remote Code via Malicious Media Files
• 8:32 : Cybercriminals Abuse TDS Infrastructure to Bypass Firewalls and Hide Malicious Destinations
• 8:32 : ISA VDA 6.0.3 (part 3) — Information Security Sheet: Human Resources, Physical Security, Identity and Access Management
• 8:31 : Phishing hides in routine Microsoft 365 workflows
• 8:31 : Meta Pauses Employee Mouse-Tracking AI Training Program After Internal Data Exposure
• 8:4 : UK Information Commissioner Resigns After Workplace Probe
• 8:4 : Apple Supplier Plans HK Listing To Fund Robotics Expansion
• 8:4 : Squidbleed: 29-Year-Old Squid Bug Leaks User Credentials
• 7:32 : Plans Filed For Second Major Northumberland Data Centre
• 7:31 : FlutterShell Malware Uses C2-Delivered JavaScript Payloads to Evade Sandbox Detection
• 7:31 : OpenAI takes on Mythos, Klue hits security shops, Five Eyes has eyes on AI
• 7:5 : IT Security News Hourly Summary 2026-06-23 09h : 5 posts
• 7:2 : WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool
• 6:32 : Two Men Plead Guilty To TfL Hack
• 6:32 : WhatsApp Boss To Step Down After Seven Years
• 6:32 : CodeStorm Phishing Campaign Targets M365 Tenants With Token Reuse and Replay Attacks
• 6:31 : Xsolis Data Breach Affects 1.4 Million Individuals
• 6:2 : FortiBleed Campaign Uses FortigateSniffer to Harvest 110 Million Credentials From Fortinet Firewalls
• 6:2 : Two Scattered Spider Hackers Convicted Over Transport for London Cyber Attack
• 6:2 : A $1,400 experiment in AI security auditing outperformed OpenAI’s Codex Security
• 5:31 : CalPhishing Campaigns Use Outlook Calendar Invites to Deliver Persistent Phishing Lures
• 5:31 : OpenAI Launches Daybreak to Automate Vulnerability Patching With GPT-5.5-Cyber
• 5:31 : Five Eyes spooks warn AI means infosec incidents can become ‘major operational and financial crises’
• 5:31 : Residential proxy SDKs are hiding in LG and Samsung smart TV apps
• 5:2 : 29-Year-Old Squid Proxy Vulnerability Exposes Authorization Headers and API Keys
• 5:2 : OpenAI Releases GPT‑5.5‑Cyber With Full Automation for Vulnerability Detection and Patching
• 5:2 : Hackers Using FortigateSniffer Tool That Turns Compromised Firewalls Into Password Collectors
• 5:2 : Free, no-signup World Cup streams serve scams instead of football
• 4:32 : Only 7% of companies are ready for the AI agents they deployed
• 4:31 : OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
• 4:5 : IT Security News Hourly Summary 2026-06-23 06h : 1 posts
• 3:6 : CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration., (Tue, Jun 23rd)
• 2:2 : ISC Stormcast For Tuesday, June 23rd, 2026 https://isc.sans.edu/podcastdetail/9982, (Tue, Jun 23rd)
• 1:5 : IT Security News Hourly Summary 2026-06-23 03h : 2 posts
• 0:31 : Sniff out stale AI override advice with this open source CLI
• 0:6 : OpenAI: Yoo-hoo, look over here, we do that security stuff too!
• 22:10 : The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration
• 22:10 : Cloudflare teams up with big browsers to help websites tell welcome from unwelcome visitors
• 22:5 : IT Security News Hourly Summary 2026-06-23 00h : 9 posts
• 21:55 : IT Security News Daily Summary 2026-06-22