Polish law enforcement authorities have arrested four suspected members of an organized cybercrime group accused of orchestrating intricate SIM-swapping attacks that allegedly enabled the theft of millions of dollars in cryptocurrency from victims. The coordinated operation was led by…
CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management (PDM) and Product Lifecycle Management (PLM) software to its Known Exploited Vulnerabilities…
New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
A flaw in the Linux kernel’s traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed “pedit COW,” is an out-of-bounds write in the packet-editing action (act_pedit) that corrupts shared page-cache memory. A public, working exploit appeared…
Reasonable Reliance: The Test Duty-Holders Are Quietly Being Held To
After a serious incident, investigations usually begin with documentation, but they rarely end there. Certificates are reviewed, maintenance records examined, and procedures traced carefully. Competence, compliance, and responsibility are all… The post Reasonable Reliance: The Test Duty-Holders Are Quietly Being…
macOS Flaw Allowed Standard Users to Disable CrowdStrike and Kandji Security Tools
A macOS XPC flaw let regular users disable CrowdStrike and Kandji tools, exposing security gaps that vendors patched after XM Cyber reported the security issue. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More…
Water and Wastewater Systems Become Strategic Targets for Russia, China, and Iran
Water and wastewater systems have become strategic gray‑zone targets for Russia, China, and Iran, driven by chronic underinvestment and weak operational‑technology (OT) defenses that make these utilities easy to probe and exploit. Internet‑facing human‑machine interfaces (HMIs), exposed programmable logic controllers…
Govern privileged workload boundaries with Red Hat OpenShift, Ansible Automation Platform, and Identity Management
Platform engineering, security architecture, and operations teams are being asked to support 2 realities at once: modern application platforms such as Red Hat OpenShift, and long-lived Red Hat Enterprise Linux (RHEL) fleets that still run critical automation. These parallel systems…
Nebulock Raises $25 Million for AI-Native Contextual Security
The cybersecurity startup provides threat hunting, proactive detection, and behavioral security analytics. The post Nebulock Raises $25 Million for AI-Native Contextual Security appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Nebulock Raises $25…
The Growing Call for a CISO Code of Ethics
CISOs today are no longer measured solely by the effectiveness of an organization’s cyber defenses. With the increase of cyber threats, the acceleration of offensive capabilities with artificial intelligence, and increasing regulatory scrutiny, the role of enterprise-wide risk management, strategic…
IT Security News Hourly Summary 2026-06-26 15h : 9 posts
9 posts were published in the last hour 12:32 : Activist Phone Hacked With Cellebrite After Russia Contract Cancellation 12:32 : Static security has run out of road. The case for Dynamic Defense 12:32 : Nikkei Warns of Japan’s Ground…
Activist Phone Hacked With Cellebrite After Russia Contract Cancellation
Russian authorities used Cellebrite tools to unlock an activist’s iPhone and analyze private data despite canceled support, raising abuse concerns. On May 31, 2021, Russian security services pulled opposition activist Andrey Pivovarov off a flight at St. Petersburg airport and…
Static security has run out of road. The case for Dynamic Defense
AI has flipped the economics of cybersecurity in the attacker’s favor. For most of the last decade, defenders held the cost advantage, buying down their risk with a stack of largely static controls. That advantage is gone, and winning it…
Nikkei Warns of Japan’s Ground Self-Defense Force Used USB Drives Infected with a China-linked Malware
A serious cybersecurity breach has come to light in Japan, where the country’s Ground Self-Defense Force (JGSDF) unknowingly used malware-infected USB drives on computers connected to classified military networks. The incident lasted for nearly a year before anyone noticed. What…
Hackers Leveraged Shopify Oder-Tracking App Shop to Push Fake Invoices
Hackers are no longer waiting in your inbox. A newly identified scam technique places fake invoices directly inside shopping app order histories, making them feel more credible than a typical phishing email. Researchers have observed fraudulent receipts appearing inside the…
Miasma campaign poisons 20-plus npm packages, hunts for developer secrets
Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers This article has been indexed from www.theregister.com – Articles Read the original article: Miasma campaign poisons 20-plus npm packages, hunts for developer secrets
Proof’s x401 establishes an open protocol for AI agent identity and authorization
Proof has launched x401, an open, issuer-neutral protocol that lets any website or API ask for and verify the identity behind agents. With x401, a service can ask for the proof it requires: verified identity, age, membership, organizational affiliation, signing…
Guardian Agents: The Next Layer of Identity Governance
AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built to govern human access wasn’t designed for autonomous actors, and the gap between what enterprises are…
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant. Tracked as CVE-2026-43503 (CVSS 8.8), it lets a local user corrupt…
AWS unveils agent security, data access tools
The updates reflect Anthropic’s Mythos model and the speed at which vulnerabilities can be surfaced. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: AWS unveils agent security, data access tools
China-Linked Malware Found in Counterfeit USB Drives Used on Japan Defense Force Classified Networks
Japan’s defense infrastructure has faced scrutiny following an investigation that revealed members of the Japan Self-Defense Forces (JSDF) used counterfeit USB drives embedded with malware linked to China on systems handling classified information. According to findings reported by Nikkei, these…
Critical open-source projects get a new security framework
Open source software projects are getting a new framework for handling security vulnerabilities as AI shortens the time between flaw discovery and exploitation. The Linux Foundation has launched Akrites, an industry initiative that brings together technology companies, financial institutions, security…
FOSSBilling Flaw Lets Admin Attackers Abuse DI Container for SQL Access and RCE
A critical server-side template injection (SSTI) vulnerability in FOSSBilling, tracked as CVE-2026-28496, is exposing instances to potential full database compromise and remote code execution (RCE), with early signs of active exploitation appearing shortly after public disclosure. This flaw is documented…
U.S. CISA adds Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited…
One Million Passports Leaked Online
A database of almost a million passports from around the world was leaked online. Note what happened. A high-value credential—a passport—was used in an ancillary low-value authentication system: ID verification for cannabis dispensaries. And it’s the low-value system that got…