Authorities have dismantled a major cryptocurrency laundering infrastructure known as “AudiA6,” disrupting a critical financial backbone used by ransomware gangs and cybercriminal networks to legitimize illicit proceeds. The coordinated international operation, supported by Europol and Eurojust, targeted a service believed…
Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs
Authorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, said the dismantling of AudiA6 cut off a “key financial pipeline used to wash hundreds of millions…
Fortinet patches FortiSandbox, GitHub disables npm scripts, Nottingham University breach
Fortinet patches a new critical FortiSandbox flaw GitHub to disable npm install scripts by default to stop supply chain attacks Nottingham University announces data breach Get the show notes here: https://cisoseries.com/cybersecurity-news-fortinet-patches-fortisandbox-github-disables-npm-scripts-nottingham-university-breach/ Thanks to our episode sponsor, Doppel Social engineering attacks…
Check Point VPN Authentication Bypass (CVE-2026-50751): Client-Controlled IKEv1 Auth Flipped by Ransomware Affiliate
A CVSS 9.3 flaw in Check Point Remote Access VPN let unauthenticated attackers bypass certificate validation by supplying a crafted IKEv1 VendorID payload — exploited for 32 days before a patch, with one confirmed Qilin ransomware post-compromise chain. Check Point…
France Says Israeli Firm Interfered In Scottish Elections
Israel’s BlackCore carried out digital interference operations in Scotland, New York City, France, says disinformation detection agency This article has been indexed from Silicon UK Read the original article: France Says Israeli Firm Interfered In Scottish Elections
Researcher Uses AI to Hack Google, Earns $500,000 Bug Bounty
Researcher Arvin Shivram has earned $500,000 in bug bounties from Google’s Vulnerability Reward Program (VRP) by deploying an AI-powered fuzzing framework against Google’s internal API infrastructure, uncovering critical access-control flaws across multiple high-impact services in under 3 months. The research began after Shivram was…
Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters
Oracle has mitigated CVE-2026-35273, but it has not publicly confirmed the vulnerability’s in-the-wild exploitation. The post Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
IT Security News Hourly Summary 2026-06-12 09h : 8 posts
8 posts were published in the last hour 6:32 : BYD Plans Flash-Charger Roll-Out Across Europe 6:32 : How to use NIST and ISO frameworks to govern AI agents 6:32 : Comcast Business SecurityEdge Preferred strengthens security for small businesses…
BYD Plans Flash-Charger Roll-Out Across Europe
BYD investing nearly €2bn to build network of charging stations across Europe that can charge car in 5 minutes, including 600 in UK This article has been indexed from Silicon UK Read the original article: BYD Plans Flash-Charger Roll-Out Across…
How to use NIST and ISO frameworks to govern AI agents
Security leaders no longer need convincing that AI agents introduce risk. What’s missing is how to govern them once they move into production and begin operating autonomously across enterprise environments. AI agents already read sensitive documents, invoke internal APIs, trigger…
Comcast Business SecurityEdge Preferred strengthens security for small businesses
Comcast Business announced SecurityEdge Preferred, its most advanced network-native cybersecurity solution for small businesses. Because SecurityEdge Preferred is built directly into the Comcast Business network, security can be activated in minutes without deploying additional hardware, managing multiple vendors, or maintaining…
Oracle Shares Slide As It Raises More Money
Oracle reports stronger-than-expected revenues, but investors show discontent over rising data centre capital costs This article has been indexed from Silicon UK Read the original article: Oracle Shares Slide As It Raises More Money
CISA Orders Federal Agencies to Patch Critical Vulnerabilities Within 3 Days
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive, BOD 26-04, mandating that federal civilian agencies remediate critical vulnerabilities within as little as 3 days, significantly tightening patching timelines in response to escalating cyber threats…
Fake Windows and Office Activation Videos Spread Infostealers on TikTok and Instagram
Short-form video platforms such as TikTok and Instagram Reels have become an increasingly effective vector for distributing infostealers, as threat actors leverage polished tutorial-style clips to trick Windows users into running malicious code. Attackers create accounts with Windows-like naming and…
The assembly line behind 1.5 million malicious domains
Attackers registered roughly 1.5 million malicious domains during the first five months of 2026. The registration patterns resemble industrial output. Most of the domains were created by attackers, put to use within weeks, and concentrated among a small set of…
ZeroFox releases AI Analytics to bring answers directly to security teams
ZeroFox launched ZeroFox AI Analytics, a new platform capability that gives security teams real-time visibility into the signals, patterns, and trends shaping their external threat landscape. ZeroFox AI Analytics gives security teams the ability to move beyond static reports and…
Oracle PeopleSoft Zero-Day RCE Vulnerability Exploited by ShinyHunters
A newly disclosed zero-day vulnerability in Oracle PeopleSoft is being actively exploited by the ShinyHunters threat group, according to a joint investigation by Mandiant and Google Threat Intelligence Group (GTIG). Tracked as CVE-2026-35273 with a critical CVSS score of 9.8,…
Solana FakeFix Campaign Plants Malicious npm, PyPI Packages to Steal Dev Secrets
Recent disclosure of the “Solana FakeFix” campaign exposes a coordinated supply-chain attack that abused package registries to steal developer secrets. The campaign comprises 16 malicious npm packages and 4 PyPI packages (25 packages in total when combined with related activity)…
AI sovereignty makes data centers strategic targets for cyber operations
Data centers built for frontier AI draw hundreds of megawatts of electricity and large volumes of cooling water from fixed locations with known addresses. Each one concentrates tens of thousands of graphics processors, liquid cooling systems, and high-density power equipment…
What makes or breaks cyber-readiness for SMBs
A company that’s expecting a cyberattack but hasn’t actively prepared for it risks making the hardest decisions at the worst possible moment This article has been indexed from WeLiveSecurity Read the original article: What makes or breaks cyber-readiness for SMBs
OceanLotus: From external espionage to domestic targeting
A shift in operational pattern of the infamous Vietnam-aligned APT group This article has been indexed from WeLiveSecurity Read the original article: OceanLotus: From external espionage to domestic targeting
Product showcase: Avast One turns scam screenshots into actionable security advice
Avast One Free combines privacy, security, identity monitoring, and performance tools in a single platform. The app is available for Windows, macOS, Android, and iOS. Checking the device for security and privacy issues After installing it from the App Store,…
Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters
Mandiant and Google Threat Intelligence Group (GTIG) have issued a critical warning after identifying an active compromise-and-extortion campaign targeting Oracle PeopleSoft infrastructure, attributed to the notorious threat actor UNC6240, also known as ShinyHunters. The campaign exploited CVE-2026-35273, a critical unauthenticated…
Microsoft Teams for Android Vulnerability Allows Attackers to Disclose Sensitive Data
Microsoft has disclosed a significant security vulnerability in Microsoft Teams for Android that could allow an authenticated attacker to expose sensitive information over a network. The flaw, tracked as CVE-2026-42835, was officially released on June 9, 2026, and has been…