I detected an interesting phishing email this morning. It targets a major Belgian bank: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address, (Fri, Jun 19th)
AI-Powered Public Surveillance and Biometric Data Collection Expand Government Monitoring
Governments are expanding their digital reach in ways unimaginable just a decade ago. A growing wave of AI-powered surveillance, biometric data collection, and commercial spyware is reshaping how states monitor citizens and visitors. The scale of this shift is drawing…
Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC
WideField will accelerate Agentic SOC capabilities by expanding the lens on threat investigation to include identity, credentials, sessions, and blast radius. The post Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC appeared first on SecurityWeek. This article has…
BlackFog brings shadow AI visibility to macOS endpoints with ADX Vision
BlackFog has announced the general availability of ADX Vision for macOS, extending its shadow AI detection, governance, and prevention platform to Apple endpoints. With this release, enterprises can now apply a single, consistent AI data-loss policy across Windows and macOS…
Police clean WordPress sites, Klue OAuth breach, Warner’s CISA warnings
Police clean ups SocGholish-infected sites tied to Evil Corp Klue OAuth breach linked to Icarus Salesforce data theft attacks Warner warns of CISA cuts, staffing gaps in letter to acting chief Get the show notes here: https://cisoseries.com/cybersecurity-news-police-clean-wordpress-sites-klue-oauth-breach-warners-cisa-warnings/ Huge thanks to…
The ASLR Caveat on NGINX’s Critical HTTP/3 Flaw Changes Nothing About Urgency
CVE-2026-42530, the NGINX HTTP/3 vulnerability rated CVSS 9.2, is collecting dismissals because exploitation requires ASLR to be disabled or bypassed. Here is why that framing is wrong and why patching cannot wait. The ASLR Caveat on NGINX’s Critical HTTP/3 Flaw…
EU Set To Place Azure, AWS In DMA Crosshairs
European Commission reportedly find Microsoft’s Azure, Amazon Web Services probably meet DMA gatekeeper threshold This article has been indexed from Silicon UK Read the original article: EU Set To Place Azure, AWS In DMA Crosshairs
Early Manus Backers Funding Re-Acquisition From Meta
Early backers of start-up including HSG, ZhenFund, Tencent, reportedly preparing buyback for same $2bn originally paid This article has been indexed from Silicon UK Read the original article: Early Manus Backers Funding Re-Acquisition From Meta
Showboat Malware Uses Pastebin-Hosted C Code to Enable Linux Process Hiding
A previously undocumented, modular Linux post‑exploitation framework that demonstrates sophisticated stealth techniques most notably fetching and compiling C code hosted on Pastebin to hide processes at runtime. Active since mid‑2022 and aimed at AMD x86‑64 Linux hosts, Showboat remained undetected…
15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown
Law enforcement and private partners took down 106 SocGholish C&C servers and domains as part of Operation Endgame. The post 15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone
Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization…
The OpenSSL Library AI Policy
The OpenSSL Library has adopted an AI policy. To summarize: Anyone who uses AI to provide a non-trivial portion of their contributions to the OpenSSL Library must: Sign an updated Contributor License Agreement (CLA) that includes the AI clauses. Declare…
IT Security News Hourly Summary 2026-06-19 09h : 4 posts
4 posts were published in the last hour 6:6 : DeepSeek Hits $59bn Valuation In First Funding Round 6:6 : New Crypto Clipper Uses Windows Script Host and ActiveXObject for Remote Code Execution 6:6 : 24 Billion Stolen Credentials Exposed…
DeepSeek Hits $59bn Valuation In First Funding Round
Chinese AI start-up reportedly concludes first funding round, raising more than $7bn in deal that gives founder high degree of control This article has been indexed from Silicon UK Read the original article: DeepSeek Hits $59bn Valuation In First Funding…
New Crypto Clipper Uses Windows Script Host and ActiveXObject for Remote Code Execution
A novel Windows-based cryptocurrency clipper that has been active since February 2026 and leverages Windows Script Host (WScript) and ActiveXObject calls to achieve remote code execution and persistent, high-frequency data theft. The campaign stands out because it avoids traditional installers…
24 Billion Stolen Credentials Exposed in Massive Data Leak
24 Billion Records Left Open Online: Passwords, Emails, and Everything Else Exposed database with 24 Billion records revealed stolen credentials from infostealers, Telegram channels, and breach collections, risking account takeovers. Cybernews researchers found an exposed Elasticsearch cluster on June 12th…
Your browser tab could become encrypted storage for someone else’s files
Decentralized storage networks already hand pieces of people’s data to strangers’ machines. The lasting question across these networks is whether the machine holding the data can read it. A research paper by Gregory Magarshak, a professor at IENYC, describes a…
iPhone BootROM Vulnerability Opens Door to Full Apple SoC Trust Chain Compromise
A recently disclosed iPhone BootROM vulnerability, dubbed “usbliter8,” highlights a significant flaw in Apple’s SecureROM implementation. This vulnerability allows attackers to compromise the entire trust chain of the Application Processor (AP) on affected devices. Research published by Paradigm Shift on…
Hackers Exploit Klue Integration to Steal Salesforce CRM Data Using OAuth Tokens
Hackers are actively exploiting a compromised Klue Battlecards integration to extract sensitive Salesforce CRM data by abusing OAuth tokens, according to new research published by ReliaQuest on June 17, 2026. This campaign highlights a growing trend in which attackers use…
Companies are discarding the logs they need to catch a breach
Many large enterprises discard most of the log data their systems generate, and they do it on purpose to keep costs down. A Dynatrace survey of 450 senior IT leaders at large enterprises found that half of organizations drop or…
Authorities Seize 106 Servers and 101 Domains in Major SocGholish Malware Takedown
International law enforcement agencies have successfully seized 106 servers and 101 domains as part of a coordinated global effort against the SocGholish malware infrastructure, marking a major milestone in Operation Endgame. Announced on June 18, 2026, from The Hague, this…
State Digital Surveillance Puts Foreign Travelers and Businesses at Risk Across 31 Countries
A new state-surveillance assessment finds that foreign travelers and business staff face high or very high digital risk in 31 countries, where governments increasingly use telecom interception, spyware, AI-enabled monitoring, and data aggregation with little meaningful oversight. The concern is…
SpaceX wants to build AI data centers in space. Will it work?
The race to build data centers in space is gaining momentum as AI drives unprecedented demand for computing power. Orbital facilities could tap into abundant solar energy and avoid many of the environmental challenges faced on Earth. Yet space remains…
Asia-Pacific scam networks generate nearly $40 billion a year
Cybercrime is taking a larger share of criminal activity in Asia and the Pacific. More than half of surveyed jurisdictions reported that cybercrime accounts for over 30% of all crimes recorded nationally, according to INTERPOL’s 2025/2026 Asia and South Pacific…