A newly published academic paper has revealed a critical vulnerability in AI-powered deep-research systems, including those underpinning commercial tools like OpenAI’s Deep Research and Google’s Gemini Deep Research, that allows a single short Reddit comment to manipulate the reports these…
North Korean Hackers Abuse Mastra npm Supply Chain to Target Developers and CI/CD Pipelines
North Korean hackers have turned a widely used developer tool into a weapon, quietly poisoning more than 140 software packages that developers across the world rely on every day. The campaign is sophisticated, stealthy, and far-reaching, raising urgent questions about…
IT Security News Hourly Summary 2026-06-22 12h : 10 posts
10 posts were published in the last hour 10:4 : Gizmodo readers hit with ClickFix malware prompts after account compromise 10:4 : Fortinet Responds to FortiBleed Campaign 10:4 : Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices 9:34…
Chinese Cyber Contractors Use Malware, Botnets, and Stolen Data to Enable State Operations
China’s cyber operations have evolved far beyond what most people imagine when they picture a state-sponsored hacker. Instead of lone government agents breaking into servers, the country now runs an intricate web of private companies, contractors, and data brokers that…
Gizmodo readers hit with ClickFix malware prompts after account compromise
Infosec buffs say Windows users could have been infected with a nasty trojan, while Mac users got off lightly This article has been indexed from www.theregister.com – Articles Read the original article: Gizmodo readers hit with ClickFix malware prompts after…
Fortinet Responds to FortiBleed Campaign
A database of over 86,000 confirmed working credentials was created during the credential-harvesting campaign. The post Fortinet Responds to FortiBleed Campaign appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Fortinet Responds to FortiBleed…
Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices
Canada’s spy service got a judge’s permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federal Court released a public version of the ruling on June 15. It is…
Top 10 Best Cybersecurity Awareness Training Platforms 2026
In the complex digital landscape of 2026, technology alone is no longer enough to protect an organization from cyber threats. The human element, often cited as the weakest link, is now recognized as a critical line of defense the human…
More Cybersecurity Firms Disclose Impact From Klue Hack
HackerOne, Huntress, Jamf, OneTrust, Recorded Future, Snyk, and Tanium are among the affected Klue customers. The post More Cybersecurity Firms Disclose Impact From Klue Hack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
UK Information Commissioner Resigns After Workplace Investigation
The UK’s data protection regulator the information commissioner has resigned after his position became “untenable” This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Information Commissioner Resigns After Workplace Investigation
Infrastructure downtime has a $50k-per-hour price tag. It’s time to turn hours into minutes.
Threats move at machine speed. Network incident response still doesn’t. What’s standing in the way? This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Infrastructure downtime has a $50k-per-hour price tag. It’s time to…
3 ways AI is transforming security operations – and where it delivers real impact
Security operations (SecOps) teams have long been exhorted to “work smarter, not harder,” but they need the right tools and processes to actually achieve that aim. This article has been indexed from Cybersecurity Dive – Latest News Read the original…
AI is transforming enterprise data risk. Here’s how security leaders are responding.
New research from 1,700 security leaders reveals 3 imperatives for securing AI adoption. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: AI is transforming enterprise data risk. Here’s how security leaders are responding.
4,300+ Outdated Routers Hijacked in Stealthy Spy Infrastructure by AryStinger malware
AryStinger hijacks outdated routers via old flaws, turning 4,300+ devices into a stealth network for reconnaissance and intrusion support. On March 12, 2026, QiAnXin’s XLab threat detection system flagged a single IP address, 107.150.106.14, spreading a Linux binary through two…
Beats Studio Buds Vulnerability Lets Attackers Within Bluetooth Range Access Microphone
Apple has revealed a significant security vulnerability affecting Beats Studio Buds, which could allow attackers within Bluetooth range to access a device’s microphone without user consent. This issue, identified as CVE-2025-20701, was addressed in Beats Firmware Update 1B211, released on…
Prinz Eugen Ransomware Uses Go-Based Encryptor to Target Fresh Files and Evade Forensics
A customer compromised by a newly observed ransomware family we attribute to the Prinz Eugen group. The encryptor is a purpose-built Go binary that departs from many first-wave samples by combining deliberate file-targeting, modern cryptography, and anti‑forensic measures traits that…
Malicious JetBrains and VS Code Extensions Steal OpenAI, Anthropic, and DeepSeek API Keys
Developers who rely on AI coding tools are now facing a serious new threat. A coordinated malware campaign has been uncovered on the JetBrains Marketplace, where at least 15 fake IDE plugins were quietly stealing AI provider API keys from…
Hackers Compromised 10,000+ GitHub Repositories to Inject Malicious Script
A large-scale malware campaign has been uncovered on GitHub after a researcher identified more than 10,000 repositories distributing Trojan-laced archives, raising concerns about abuse of the platform’s trust model and limitations in automated detection. The investigation began when the researcher…
Hackers Impersonate Node.js Installer in Google Ads to Deploy Infostealer Malware
Hackers are using fake Google Ads to push a brand-new malware loader that disguises itself as the popular Node.js installer. The campaign has been actively targeting Windows users in the United States, silently dropping a dangerous infostealer onto their machines…
23 ClawHub plugins squatting official scopes expose AI registry security gaps
Plugin registries for AI agents use npm-style scopes like @openclaw/ and @clawhub/ to signal who published a package. But on ClawHub, a registry whose plugins run with Claude, OpenClaw, and other agents, those official scopes weren’t reserved to their owners…
NCSC Urges Fortinet Customers to Tackle FortiBleed Fallout
The NCSC has released guidance for Fortinet customers impacted by the FortiBleed threat campaign This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Urges Fortinet Customers to Tackle FortiBleed Fallout
London Deputy Mayor Challenged Over Palantir Decision
London’s deputy mayor for policing and crime says ‘no apologies’ for blocking Palantir deal, as US tech firm files lawsuit This article has been indexed from Silicon UK Read the original article: London Deputy Mayor Challenged Over Palantir Decision
Chinese Cyber Operations Shift From APT Groups to Composite Responsibility Model
Chinese state-linked cyber activity has moved decisively away from the neat, single-actor narratives that dominated early attribution toward an ecosystem model in which responsibility is distributed across military units, intelligence services, private firms, and criminal-style intermediaries. Official advisories characterized some…
usbliter8 Brings Unpatchable BootROM Exploit to Apple A12 and A13 Devices
usbliter8 is an unpatchable BootROM exploit affecting A12/A13 devices, enabling code execution and extending checkm8-like risks to newer iPhones. Security researchers at Paradigm Shift published a working exploit on June 18, 2026, called usbliter8, that achieves arbitrary code execution inside…