Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations. “These accounts promoted fake offers, including free mobile internet packages,…
Feds ban Fable, Maine portal disabled, ShinyHunters exploits Oracle
Feds require Anthropic to ban ‘foreign national’ access to Fable, Mythos Maine disables data breach notification portal after fake disclosures ShinyHunters extorts universities through exploiting an unpatched Oracle flaw Get the show notes here: Huge thanks to our sponsor, ThreatLocker…
South Korea Fines Coupang Record £300m Over Data Breach
Data protection authority imposes maximum fine on e-commerce giant after breach exposes personal data of two-thirds of country’s population This article has been indexed from Silicon UK Read the original article: South Korea Fines Coupang Record £300m Over Data Breach
IT Security News Hourly Summary 2026-06-15 09h : 9 posts
9 posts were published in the last hour 6:34 : Waymo ‘Siren’ Continues To Wake Up East London Residents 6:34 : Russia-Aligned Hackers Exploit Old WinRAR Vulnerability to Target Ukrainian Organizations 6:34 : Berkadia – 305,216 breached accounts 6:34 :…
Waymo ‘Siren’ Continues To Wake Up East London Residents
Car from Google sister company continues to get stuck in dead-end road in Spitalfields, a month after firm took action to fix issue This article has been indexed from Silicon UK Read the original article: Waymo ‘Siren’ Continues To Wake…
Russia-Aligned Hackers Exploit Old WinRAR Vulnerability to Target Ukrainian Organizations
CVE-2025-8088, a WinRAR path traversal vulnerability patched in July 2025, remains a potent initial access vector for multiple intrusion sets targeting Ukraine. Analysis of attacks through April 2026 shows at least two distinct campaigns exploiting this vulnerability: a compiled-stealer chain…
Berkadia – 305,216 breached accounts
In March 2026, the commercial real estate finance company Berkadia was the target of a ShinyHunters “pay or leak” extortion campaign. The group subsequently published data they alleged was taken from Berkadia’s Salesforce instance, including over 300k unique email addresses…
Onspring CISO on where automated GRC systems fall short
In this interview with Help Net Security, Nichole Windholz, CISO at Onspring, talks about the limits of automated GRC systems and continuous control monitoring. She explains why color-coded dashboards can hide nuance, how teams can check the data feeding their…
Palantir Threatens Lawsuit Over Met Police Contract
Palantir says decision to sue Mayor of London’s Office due to suspicion £50m deal barred due to ‘values’ This article has been indexed from Silicon UK Read the original article: Palantir Threatens Lawsuit Over Met Police Contract
Critical Wazuh Flaw Enables Threat Actors to Alter Alerts and Remove Logs
A critical security flaw in Wazuh Manager could allow unauthenticated threat actors to tamper with alerts, delete forensic evidence, and execute arbitrary OpenSearch operations by exploiting an input validation weakness in the platform’s new inventory synchronization pipeline. Tracked under GitHub…
APT37 Hackers Use NarwhalRAT Malware With MS-Themed Phishing and Dead-Drop C2
APT37 is using NarwhalRAT in a tightly engineered intrusion chain that starts with Microsoft-themed spear-phishing, pivots through malicious LNK files and PowerShell, and ends with a Python-based backdoor with dead-drop C2 via pCloud. The campaign is notable for its layered…
Dutch Authorities Dismantle Massive Botnet Network Linked to 17 Million Compromised Devices
Dutch authorities have shut down what is believed to be one of the largest botnet operations ever uncovered, disrupting a cybercrime network that compromised more than 17 million internet-connected devices globally. The affected devices reportedly included computers, smartphones, tablets,…
Open-source CI/CD abuse detector guards against stolen credential attacks
CI/CD Abuse Detector is an open-source project that uses a large language model to flag suspicious changes to continuous integration and continuous deployment pipelines, workflows, and automation configurations. The repository contains drop-in templates for GitHub Actions, GitLab CI, and Azure…
Threat Actor Malware Platform Exposed Through Unlocked PHP Installer Page
A misconfigured PHP-based malware distribution platform has been exposed after a security researcher inadvertently gained administrative access via an unlocked installation page, highlighting critical operational security failures in the active threat actor’s infrastructure. The incident, documented on June 11, 2026,…
A hardware neural network backdoor that hides in plain sight
Deep learning systems on phones, cars, and other edge devices increasingly run on custom silicon. Specialized chips such as FPGAs and ASICs give these systems the speed and low power consumption that edge applications need. Many of these chips come…
Anthropic Models Blocked, FBI Takes Down $1.9B Phishing Network, Critical Splunk Flaw, and more
The U.S. government orders Anthropic to shut down foreign access to its Fable 5 and Mythos 5 AI models after the Pentagon labels the company a supply-chain risk. David Shipley examines what may be behind the decision and what it…
Maine Shuts Down Breach Reporting Portal Following Fake VRChat and Discord Submissions
The Office of the Maine Attorney General has temporarily taken its public data breach reporting portal offline following the discovery of fraudulent submissions falsely claiming security incidents at VRChat and Discord. The incident, disclosed in an official statement on June…
Proving what a military AI model will do is the real problem
Defense contractors build AI systems that task drones automatically and propose kill-chains to support soldiers. Several of these contractors have partnered with frontier AI companies to put advanced models into military tools. Anduril works with OpenAI, Palantir works with Microsoft,…
Senior engineers are spending their week cleaning up AI-generated code
At most U.S. technology companies, machines now write the bulk of the code that ships each week. The engineer’s job has shifted toward reviewing what the AI produces, and that review gives the code high marks. Leaders rate AI-generated code…
Infinite Campus – 137,123 breached accounts
In March 2026, the student information system Infinite Campus was targeted in a ShinyHunters “pay or leak” extortion campaign. The group subsequently published data they alleged was taken from Infinite Campus, containing 137k unique email addresses along with names, phone…
ISC Stormcast For Monday, June 15th, 2026 https://isc.sans.edu/podcastdetail/9972, (Mon, Jun 15th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, June 15th, 2026…
IT Security News Hourly Summary 2026-06-15 00h : 2 posts
2 posts were published in the last hour 21:58 : IT Security News Weekly Summary 24 21:55 : IT Security News Daily Summary 2026-06-14
IT Security News Weekly Summary 24
210 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-06-14 19:5 : IT Security News Hourly Summary 2026-06-14 21h : 2 posts 18:10 : Hackers Hide New Argamal Malware Inside Working Hentai Games 18:10…
IT Security News Daily Summary 2026-06-14
26 posts were published in the last hour 19:5 : IT Security News Hourly Summary 2026-06-14 21h : 2 posts 18:10 : Hackers Hide New Argamal Malware Inside Working Hentai Games 18:10 : Securing Canada’s Digital Future: Why PBMM Matters…