IT Security News Daily Summary 2026-06-24

171 posts were published in the last hour

• 21:31 : New website names and shames companies that still don’t offer passkeys to users
• 21:7 : Operation Endgame Disrupts StealC, Amadey and SocGholish Malware Networks
• 21:7 : Malicious Edge Extension Uses Chrome Native Messaging to Execute Code on Victim Systems
• 20:34 : Restrict AWS Management Console access to expected networks with sign-in resource-based policies and RCPs
• 20:7 : Your Biggest Identity Problem Isn’t Your Employees Anymore; It’s Everything Else
• 20:7 : The next phase of endpoint security starts with simplicity
• 20:6 : CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms
• 19:34 : From Prompt Testing to AI Red Teaming at Enterprise Scale
• 19:33 : Klue supply chain breach exposes Salesforce data at several security firms
• 19:6 : AI, OAuth, and Other Platform APIs in the Core
• 19:5 : Europol Disrupts StealC and Amadey Malware Infrastructure in Operation Endgame
• 19:5 : IT Security News Hourly Summary 2026-06-24 21h : 6 posts
• 18:32 : As Q-Day looms, 90% of systems are unprepared for PQC
• 18:31 : EvilTokens Hides Its Attack Flow in the Browser, Exposing Static Analysis Gaps
• 18:31 : Tata Electronics Confirms Cybersecurity Incident, Says Business Operations Remain Unaffected
• 18:31 : CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
• 18:9 : Microsoft uses AI to link two malware operations in racketeering suit
• 18:8 : When Information Becomes the Attack Surface – Understanding AI Agent Traps
• 17:34 : Authorities Disrupt Stealer Malware StealC and Amadey Infrastructure in Global Operation
• 17:34 : Hackers Exploiting Cisco Catalyst SD-WAN Manager 0-Day Flaw to Gain Root-Level Access
• 17:33 : PixelSmash flaw turns video files into attack tools
• 17:33 : Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
• 16:35 : Madison Square Garden Hack Exposes 26 Million Visitor Records
• 16:34 : Anthropic Launches Claude Tag, Bringing AI Agents Into Slack
• 16:34 : Critical Webmin Vulnerabilities Allow Attackers to Impersonate as Any User
• 16:34 : Laravel Livewire Applications Compromised to Steal Credentials Exploiting RCE Vulnerability
• 16:34 : PoC Exploit Released for Microsoft Exchange Server Elevation of Privilege Vulnerability
• 16:34 : Fake Income Tax Assessment Notice Delivers RAT-Like Malware to Windows Users
• 16:34 : Authorities Disrupt Password-Stealing Malware StealC Infrastructure in Global Operation
• 16:34 : Researchers Trick AI Browsers Into Leaking Credentials
• 16:33 : Ransomware attacks grew in 2025 as traditional data breaches fell
• 16:33 : Microsoft, Europol lead international takedown against infostealer malware
• 16:6 : Implementing Asynchronous Communication Between Microservices Using Kafka and Spring Boot
• 16:6 : Ransomware attacks grew in 2025 as traditional data breaches fell, Bitsight says
• 16:5 : IT Security News Hourly Summary 2026-06-24 18h : 21 posts
• 15:33 : New GhostShell Hacking Group Targets Ukraine’s Drone Defense Sector
• 15:33 : Experts Warn: Passwords Still Winning Despite Passwordless Push
• 15:33 : Trump Sets Post-Quantum Security Deadlines as White House Warns of Advanced Cryptographic Threats
• 15:33 : Security Training Needs Google Maps, Not Christopher Columbus
• 15:32 : AI-Powered Phishing Attacks Surge 1,380% as Criminal Platforms Render MFA Obsolete
• 15:32 : New Forescout Data Reveals Slow Progress Toward Quantum-Safe Security
• 15:32 : Governance Is Failing: Why Converged Digital Risk Is Outpacing Every Control We Have
• 15:32 : Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware
• 15:32 : US Authorities Seize Infrastructure Tied to Huione Fraud Network
• 15:32 : Law enforcement hits StealC and Amadey malware networks
• 15:32 : Europol-Led Operation Endgame Takes Down StealC and Amadey Infostealers
• 15:10 : New CISA Guide Assists Federal Agencies with Transitioning to Modernized Zero Trust Architectures
• 15:10 : Using SASE in a Modern TIC 3.0 Solution
• 15:9 : Red-Team AI Tool Vulnerabilities Let Attackers Exfiltrate API Keys and Compromise Operators’ Systems
• 15:8 : GhostShell Malware Uses mTLS Implant and Telegram Dead-Drop to Target Ukrainian Drone Operations
• 15:8 : Browser-in-the-Browser Kit Uses Fake Software Errors to Deliver Malware Installers
• 15:8 : PoC Exploit Released for libssh2 Remote Code Execution Vulnerability
• 15:7 : Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk
• 15:7 : Opendoor Shuts India Operations as AI Reshapes Offshore Work Economics
• 15:6 : Europol Dismantles AudiA6 Crypto Laundering Network Used by Ransomware Gangs
• 15:6 : FortigateSniffer Malware Harvests User Credentials From Infected Firewalls
• 14:34 : Madison Square Garden Sports – 9,796,738 breached accounts
• 14:34 : Watch out for renewal scams pretending to be Malwarebytes
• 14:33 : Algerian national accused of running cybercrime marketplaces extradited to US
• 14:8 : Cisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild
• 14:7 : Why Frontier AI makes prioritization the most important part of your CTEM program
• 14:7 : macOS Weaknesses Chained to Silently Disable Endpoint Security Agents
• 14:7 : StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them
• 14:7 : Anthropic’s Claude Tag gives AI agents independent identities
• 14:7 : Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
• 14:7 : macOS Backdoor Uses Prompt Injection to Evade AI Triage
• 14:7 : White House’s state infrastructure cybersecurity initiative stalled
• 13:35 : Fake npm Packages Impersonate PostCSS Tool to Steal Chrome Passwords
• 13:34 : ModeloRAT and Mistic Backdoor Activity Linked to Ransomware Initial Access Broker
• 13:11 : Agentic Disconnect: The Latency Crisis Facing Modern AI Architecture
• 13:10 : Invisible By Design: Making Quantum-Safe Encryption The Easy Path
• 13:10 : Android Malware Campaign Uses Fake Document Reader App with 100K Google Play Downloads
• 13:10 : AI Has Moved From Assistance to Action. Is Your Security Model Ready?
• 13:10 : Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs
• 13:9 : Third DraftKings Hacker Sentenced to 18 Months in Prison
• 13:9 : Dawn of the Apex Agentic Adversary
• 13:9 : KDDI Breach Affects Six Japanese ISPs, Exposes 14.2 Email Credentials
• 13:5 : IT Security News Hourly Summary 2026-06-24 15h : 16 posts
• 12:35 : Grafana Confirms TanStack npm Supply Chain Attack Led to GitHub Repository Cloning
• 12:35 : Hackers Exploit Unpatched SharePoint Servers to Deploy Ransomware and Custom Backdoors
• 12:34 : SuperOps and Guardz bundle IT operations and security into one product for MSPs
• 12:34 : Phishing attack on healthcare firm Xsolis impacts 1.4 million people
• 12:9 : Magecart Evolves and Attackers Weaponize Ethereum Blockchain for Digital Skimming
• 12:9 : Hackers Use Microsoft Teams-Themed Lures to Deploy Legitimate Remote Access Software
• 12:9 : London cops bring live facial recognition to West End
• 12:9 : New ‘Mistic’ RAT Opens Door to Several Ransomware Families
• 12:8 : Agentic AI Security: Wrong Context, Wrong Decisions at Machine Speed
• 12:8 : Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)
• 12:8 : Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Cyber Espionage
• 12:8 : WhatsApp phishing campaign distributes VBScript malware
• 12:8 : London Hydro customer data breach
• 12:8 : Cloudflare, browsers launch privacy token protocol
• 12:7 : Two Scattered Spider members plead guilty to £39m TfL cybera
• 12:7 : OpenClaw AI Marketplace Malicious Skills
• 11:34 : Payouts King Initial Access Broker Deploys Edgecution Malware Through Malicious Edge Extension
• 11:34 : Tata Electronics Breached: Apple & Tesla Secrets Leaked in Massive Cyberattack!
• 11:34 : Embedding Forbidden Text in Spyware to Discourage AI Analysis
• 11:8 : VPN Internals Explained: Protocols, Leaks, and What the Kill Switch Actually Does
• 11:7 : Malicious AI Agent Skill Bypasses Security Scans and Seizes Full Control of Over 26,000 Agents
• 11:7 : “Total access to all your devices.” Sextortion scammers strike again
• 11:6 : Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking
• 10:34 : PoC Released for Microsoft Exchange Server EWS InstallApp SSRF Vulnerability
• 10:34 : BeyondTrust, LastPass Impacted by Klue-Salesforce Incident
• 10:34 : LastPass customer data exposed through Klue supply chain attack
• 10:10 : Fable 5 AI Model Builds Bootable Windows Kernel in Rust in Just 38 Minutes
• 10:10 : Webmin Stored XSS Vulnerability Lets Attackers Exploit Root Users
• 10:10 : FortiBleed: The Broker Who Turned 73,000 Firewalls Into a Product Catalog
• 10:9 : U.S. CISA adds Ubiquiti UniFi OS and Lantronix EDS5000 plugin flaws to its Known Exploited Vulnerabilities catalog
• 10:9 : StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader
• 10:9 : Claude Fable 5 Wrote Windows Kernel Code in Rust in 38 Minutes
• 10:9 : Malicious AI Agent Skill Bypasses Security Scans and Seized Full Control of Over 26,000 Agents
• 10:5 : IT Security News Hourly Summary 2026-06-24 12h : 4 posts
• 9:37 : Cisco Unified Communications Manager Flaw Exposes Systems to SSRF Attacks and Root Access
• 9:36 : Google Workspace expands password reset alerts to all admins
• 9:36 : DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering
• 9:36 : AI Is Making Attacks Cheaper, Faster and More Covert, Says ReliaQuest
• 9:3 : Bajaj Auto Hit By Ransomware Attack
• 9:3 : Hackers Abuse Indian Tax Notice Lures to Deliver PE Loader and libsvcs.dll Payload
• 9:3 : One Railway Radio Outage Stopped Trains Across Germany and Nobody Knew Why
• 9:3 : Critical Cisco Unified CM and SME Flaw Enables Remote Attacker to Launch SSRF Attacks
• 9:2 : How Attackers Exploit Privileged Access and How to Lock Them Out
• 9:2 : FortiBleed Attack Hit 430,000+ FortiGate Firewalls, Stealing 110M+ Credentials
• 9:2 : GTA 6 Scam Websites Use AI-Generated Images and Fake Download Buttons to Lure Gamers
• 9:2 : UK Museums Face Cybersecurity Risks, MPs Warn
• 8:36 : Alibaba Sues Pentagon Over Military Blacklist
• 8:36 : Webinar Today: Modern Exposure Validation in the AI Era
• 8:14 : PostCSS npm Typosquat: How to Check If Your Machine Is Compromised
• 8:13 : DeepSeek Expands Staff In Coding Agent Push
• 8:13 : Chinese Developers File Apple App Store Antitrust Complaint
• 8:13 : Best Crypto Payment Solutions for E-Commerce Businesses
• 8:13 : Hackers Abuse UI Spoofing and Hidden iFrames to Push Malicious Installer Downloads
• 8:12 : DigiCert brings independent trust validation to confidential computing environments
• 8:12 : New Secure Code Warrior framework helps CISOs govern AI-driven software development
• 8:11 : Cequence introduces behavioral bot detection and biometric verification without CAPTCHAs
• 8:10 : Brinqa BYOAI lets organizations use any AI platform with trusted risk data
• 8:10 : Qodo expands platform to help teams govern AI-generated code and engineering standards
• 8:9 : Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root
• 8:9 : Feds seize scam infrastructure, Dragos unveils AI for OT security, Scattered Spider hackers plead guilty
• 7:7 : Met Police To Deploy Facial Recognition In West End
• 7:7 : Federal Probe After Tesla Crash Kills Woman Inside Brick House
• 7:6 : Hackers Exploit RAR Vulnerability to Drop Startup VBS in Ukraine UAV Malware Campaign
• 7:5 : IT Security News Hourly Summary 2026-06-24 09h : 7 posts
• 6:36 : Linux Process Name Masquerading, (Wed, Jun 24th)
• 6:36 : Samsung KNOX Kernel Flaw Exposes Galaxy Devices to Memory Corruption Attacks
• 6:35 : Where IT meets OT and railway cybersecurity gets harder
• 6:7 : Competition Court Gives Go-Ahead To £3bn Apple Claim
• 6:7 : GTA 6 Early Access Scam Uses Fake VIP Pages to Steal Cryptocurrency Payments
• 6:6 : Hackers Exploiting Cisco Unified CM Vulnerability
• 6:6 : Praxen: Open-source AI agent behavior verification
• 5:33 : Bajaj Auto Discloses Ransomware Cyberattack Impacting Company and Technology Unit
• 5:33 : Product showcase: How to evaluate AI SOC platforms and where Prophet AI leads
• 5:9 : CISA Adds Ubiquiti UniFi OS Flaws to KEV Catalog
• 5:9 : Anthropic Launches Claude Tag AI Agent for Slack to Automate Enterprise Team Workflows
• 5:9 : You have got to be KDDI-ng – Japanese telco exposes 14.2 million managed email credentials
• 5:9 : Security testing was built for a slower world
• 4:35 : CISA Warns of Ubiquiti UniFi OS Vulnerability Actively Exploited in Attacks
• 4:35 : Cybersecurity jobs available right now: June 24, 2026
• 4:34 : FortiBleed: Fortinet Says It’s Not a Bug
• 4:5 : IT Security News Hourly Summary 2026-06-24 06h : 1 posts
• 3:33 : Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official Says
• 2:6 : ISC Stormcast For Wednesday, June 24th, 2026 https://isc.sans.edu/podcastdetail/9984, (Wed, Jun 24th)
• 23:33 : New Executive Order Accelerates Post-Quantum Readiness Amid the Cryptographic Reset
• 23:6 : Samsung KNOX Kernel UAF Exposes Millions of Galaxy Devices
• 22:8 : macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
• 22:8 : OpenClaw’s Skill Marketplace and the Emerging AI Supply Chain Threat
• 22:8 : Coupang’s $409M Fine Shows the Real Cost of Weak AI Governance
• 22:8 : Tata Electronics Leak Exposes 200,000 Files, Including Apple and Tesla Documents
• 22:8 : In-Browser Data Inspection Lets Analysts Track Phishing Attack Flow Inside Browser Sessions
• 22:8 : Hackers Use GoogleErrorReport Scheduled Task for Persistence in Dropping Elephant Campaign
• 22:5 : IT Security News Hourly Summary 2026-06-24 00h : 2 posts
• 21:55 : IT Security News Daily Summary 2026-06-23