4 posts were published in the last hour 6:34 : China-Linked JDY Botnet Hijacks 1,500+ IoT Devices for Rapid Exploits 6:34 : GitLab Patches Multiple Vulnerabilities Allowing Account Takeover 6:34 : Hackers Exploit AWS CloudTrail and Google Cloud Logging to…
China-Linked JDY Botnet Hijacks 1,500+ IoT Devices for Rapid Exploits
A significant resurgence of the JDY botnet, a covert reconnaissance network tied to China-nexus threat activity. Once a component of the larger KV-botnet ecosystem, JDY has expanded to more than 1,500 compromised small office/home office (SOHO) and Internet of Things…
GitLab Patches Multiple Vulnerabilities Allowing Account Takeover
GitLab has released security updates for GitLab CE/EE and EE that patch multiple vulnerabilities, including several high‑impact flaws that could lead to account takeover, data exposure, and denial of service if left unpatched. Administrators are strongly advised to upgrade to…
Hackers Exploit AWS CloudTrail and Google Cloud Logging to Hide Attacks and Steal Logs
Threat actors increasingly abuse Amazon Web Services (AWS) CloudTrail and Google Cloud Logging to evade detection, poison or exfiltrate logs, and in some cases maintain long-term visibility into victim environments. The techniques are simple in concept, powerful in effect, and…
Threat actors are recruiting the people who hold cloud logins
Companies keep most of their data and applications in cloud platforms that anyone can reach with the right login. That setup turns each employee holding those credentials into a security variable, and members of the cybercrime underground have built methods…
PoC Exploit Released for Linux Kernel Guest-to-Host Escape Vulnerability
A proof-of-concept (PoC) exploit has been publicly released for a critical Linux kernel vulnerability, tracked as CVE-2026-46316, enabling guest-to-host escape in KVM/arm64 environments. The flaw, dubbed “ITScape” by security researcher Hyunwoo Kim (V4bel), affects the Kernel-based Virtual Machine (KVM) subsystem…
Making the cloud prove it followed your privacy wishes
Making companies that store personal data in cloud key-value databases handle deletion requests by running the operation and confirming the job is complete. The people making those requests and the regulators overseeing them have had limited means to confirm the…
Ivanti Command Injection Flaw Exploited After PoC Code Release
Ivanti Sentry is facing active exploitation attempts following the public release of proof-of-concept (PoC) code targeting a critical OS command injection vulnerability tracked as CVE-2026-10520. The flaw, along with a second critical issue (CVE-2026-10523), was disclosed by Ivanti on June…
Prompt injection still drives most agentic AI security failures in production
A backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model gateway for CrewAI, DSPy, Microsoft GraphRAG, and dozens of other AI agent frameworks. Anyone…
Anthropic’s Claude Fable 5 AI Model Jailbroken for Stack Exploit Creation
Anthropic’s latest AI release, Claude Fable 5, is facing scrutiny after claims emerged that researchers have successfully jailbroken the model to generate sensitive and potentially harmful outputs, including guidance relevant to exploit development and illicit activities. The development raises fresh…
Ivanti Endpoint Manager Mobile Vulnerability Enables Remote Code Execution Attacks
A high-severity vulnerability, CVE-2026-6973, in Ivanti Endpoint Manager Mobile (EPMM) could allow authenticated attackers to achieve remote code execution by injecting malicious Apache configuration directives. The flaw, assigned a CVSS score of 7.2, is classified as a configuration control vulnerability…
X Square Robot open sources its robot-free data collection framework
Companies building robots for physical work spend large amounts of time and money operating machines by hand to gather training examples. Each session with a physical robot produces a small number of demonstrations per day, which slows the growth of…
SMB cyber-readiness: What makes or breaks it
A company that’s expecting a cyberattack but hasn’t actively prepared for it risks making the hardest decisions at the worst possible moment This article has been indexed from WeLiveSecurity Read the original article: SMB cyber-readiness: What makes or breaks it
Organizations can’t see much of their mobile AI activity
Organizations have limited visibility into AI activity on mobile devices despite security leaders expressing confidence in their AI governance, according to Lookout’s “Solving for the Mobile AI Blind Spot: Executive Confidence Meets Technical Reality” report. Mobile AI visibility gaps Enterprises…
IT Security News Hourly Summary 2026-06-11 06h : 1 posts
1 posts were published in the last hour 4:4 : Anthropic’s Claude Fable 5 Jailbroken to Generate Stack Exploits
Anthropic’s Claude Fable 5 Jailbroken to Generate Stack Exploits
Anthropic launched Claude Fable 5 on June 9, 2026, as the first publicly available model in its new Mythos class, its most capable AI to date, excelling in software engineering, knowledge work, and vision benchmarks. Researcher “Pliny the Liberator” defeats…
ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, June 11th, 2026…
IT Security News Hourly Summary 2026-06-11 03h : 1 posts
1 posts were published in the last hour 1:4 : GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026
GenAI Is Both Hunter and Hunted at Pwn2Own Berlin 2026
This year’s Pwn2Own competition in Berlin revealed just how much of the AI stack remains exposed — and the gap between what these tools promise and what they can withstand point to the fragile security foundations underneath. This article has…
Chinese agents caught rebuilding botnets and stirring the pot on AI datacenter debate
PRC eyes are watching you This article has been indexed from www.theregister.com – Articles Read the original article: Chinese agents caught rebuilding botnets and stirring the pot on AI datacenter debate
University of Nottingham – 454,635 breached accounts
In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters “pay or leak” extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along…
Cybercriminals claim breach of Oracle PeopleSoft servers at 100-plus organizations
The ShinyHunters hacking gang claims to have compromised the Oracle PeopleSoft servers of more than 100 organizations, including many universities. This article has been indexed from Security News | TechCrunch Read the original article: Cybercriminals claim breach of Oracle PeopleSoft…
IT Security News Hourly Summary 2026-06-11 00h : 1 posts
1 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-06-10
IT Security News Daily Summary 2026-06-10
158 posts were published in the last hour 21:4 : FBI Seizes China-Linked Fake Consulting Sites Targeting US Clearance Holders 21:4 : CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats…