Plugin registries for AI agents use npm-style scopes like @openclaw/ and @clawhub/ to signal who published a package. But on ClawHub, a registry whose plugins run with Claude, OpenClaw, and other agents, those official scopes weren’t reserved to their owners…
NCSC Urges Fortinet Customers to Tackle FortiBleed Fallout
The NCSC has released guidance for Fortinet customers impacted by the FortiBleed threat campaign This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Urges Fortinet Customers to Tackle FortiBleed Fallout
London Deputy Mayor Challenged Over Palantir Decision
London’s deputy mayor for policing and crime says ‘no apologies’ for blocking Palantir deal, as US tech firm files lawsuit This article has been indexed from Silicon UK Read the original article: London Deputy Mayor Challenged Over Palantir Decision
Chinese Cyber Operations Shift From APT Groups to Composite Responsibility Model
Chinese state-linked cyber activity has moved decisively away from the neat, single-actor narratives that dominated early attribution toward an ecosystem model in which responsibility is distributed across military units, intelligence services, private firms, and criminal-style intermediaries. Official advisories characterized some…
usbliter8 Brings Unpatchable BootROM Exploit to Apple A12 and A13 Devices
usbliter8 is an unpatchable BootROM exploit affecting A12/A13 devices, enabling code execution and extending checkm8-like risks to newer iPhones. Security researchers at Paradigm Shift published a working exploit on June 18, 2026, called usbliter8, that achieves arbitrary code execution inside…
Modem vs Router: what’s the difference
Have you ever wondered what the box your internet provider gave you actually does, or why there seems to be two of them? Understanding the… The post Modem vs Router: what’s the difference appeared first on Panda Security Mediacenter. This…
Guernsey 5G Roll-Out Begins As First Sites Activated
Jersey Telecom switches on first two 5G sites with coverage across island set to roll out in phases over next four months This article has been indexed from Silicon UK Read the original article: Guernsey 5G Roll-Out Begins As First…
A week in security (June 15 – June 21)
A list of topics we covered in the week of June 15 to June 21 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (June 15 – June 21)
AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network
A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up in. QiAnXin’s XLab calls it AryStinger and counts at least 4,300 infected routers, a total it says…
Brazil phone alert hack, Prinz Eugen ransomware, Congress deepfake bill
Hackers suspected in Brazil cell phone alert Prinz Eugen ransomware prioritizes recent files for encryption Congress presents bill to protect people from AI-generated deepfakes Get the show notes here: https://cisoseries.com/cybersecurity-news-brazil-phone-alert-hack-prinz-eugen-ransomware-congress-deepfake-bill/ Huge thanks to our episode sponsor, Guardsquare Mobile app security…
IT Security News Hourly Summary 2026-06-22 09h : 12 posts
12 posts were published in the last hour 7:2 : pgAdmin 4 Released with Patches for Seven Vulnerabilities and Feature Enhancements 7:2 : Sapphire Sleet Hijacks npm Maintainer Account to Publish Poisoned Mastra Packages 7:2 : GitHub Actions Checkout Adds…
pgAdmin 4 Released with Patches for Seven Vulnerabilities and Feature Enhancements
pgAdmin 4 version 9.16 has been released by the pgAdmin Development Team, introducing significant security improvements along with feature enhancements and bug fixes. This update addresses seven vulnerabilities, tracked as CVE-2026-12044 through CVE-2026-12050, and includes 64 bug fixes and various…
Sapphire Sleet Hijacks npm Maintainer Account to Publish Poisoned Mastra Packages
A widespread npm supply‑chain compromise to Sapphire Sleet, a North Korean state actor, after the takeover of an npm maintainer account enabled the mass publication of poisoned Mastra packages that silently delivered a multi‑stage implant. The campaign, disclosed June 19,…
GitHub Actions Checkout Adds Protection Against Malicious pull_request_target Workflows
GitHub has implemented a major security enhancement in its Actions ecosystem with the release of actions/checkout v7, which aims to address a long-standing class of vulnerabilities known as “pwn requests.” This update was announced on June 18, 2026, and introduces…
Anthropic’s Mythos AI Model Reportedly Breached NSA Classified Systems in Hours
Anthropic’s flagship Mythos AI model reportedly infiltrated nearly all of the National Security Agency (NSA) ‘s classified systems within a few hours during an authorized red-team evaluation on June 11. This incident now seems to be the main reason for…
Cook Says Apple Plans Price Hikes
Outgoing Apple chief executive Tim Cook says price increases ‘unavoidable’ due to ‘unsustainable’ surge in memory costs This article has been indexed from Silicon UK Read the original article: Cook Says Apple Plans Price Hikes
Norfolk Parish Council Probes Adult-Themed Hack
Old Catton Parish Council investigates how portions of its website were replaced with Indonesian-language gambling adverts This article has been indexed from Silicon UK Read the original article: Norfolk Parish Council Probes Adult-Themed Hack
OXLOADER Uses MBA Obfuscation and Control-Flow Flattening to Bypass Static Detection
A previously undocumented Windows loader, tracked as OXLOADER, that combines sophisticated obfuscation and unconventional staging to evade static detection and sandbox analysis while delivering the new CASTLESTEALER infostealer via malvertising. The campaign leveraged malicious Google Ads impersonating Node.js and API…
Who pays when you gate cyber-capable AI models?
In this interview with Help Net Security, Jaya Baloo, COO & CISO at Aisle, examines the debate over restricting access to cyber-capable AI models. She lays out the strongest argument for gating these tools, then explains where it breaks down…
INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific
A new report from INTERPOL has revealed a “dramatic increase” in cybercrime in Asia and the South Pacific, fueled by rapid digitalization, internet penetration, new technologies, organized criminal networks, and a disparity in cybersecurity maturity. According to INTERPOL’s 2025/2026 Asia…
Massive GitHub Attack Injects Malware into 10,000 Compromised Repositories
A large-scale malware distribution campaign utilizing GitHub repositories has been uncovered. This coordinated effort weaponized over 10,000 repositories to deliver Trojanized payloads. The activity was first identified on June 18, 2026, and highlights significant gaps in automated detection and monitoring…
Texas Parks & Wildlife Data Breach Affects 3 Million Individuals
Hackers stole personal information after breaching the systems of a third-party license vendor serving TPWD. The post Texas Parks & Wildlife Data Breach Affects 3 Million Individuals appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Agent Beacon: Open-source telemetry layer for AI agents
AI coding agents such as Claude Code, Codex CLI, Cursor, and Claude Cowork run on developer laptops, CI jobs, cloud environments, where they edit files, run commands, and call outside tools. Beacon, an open-source project from Asymptote Labs, configures telemetry…
GlassWorm Uses Blockchain-Based C2 and Invisible Unicode to Steal Developer Secrets
A trio of coordinated campaigns a JetBrains fake AI assistant campaign, the GlassWorm self‑propagating worm, and the compromised Nx Console Visual Studio Code extension made clear that IDE plugin ecosystems are now a primary attack surface for AI credential theft.…