Page 1 of 10 · 460 stories from the last 30 days across 19 trusted sources.
AICritical unauthenticated RCE in Splunk Enterprise (CVE-2026-20253) exploited in wild; CISA added to KEV, federal agencies must patch by June 21.
5storiesEPSS 92%Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
2storiesEPSS 87%CVE-2026-20262: Cisco Catalyst SD-WAN Manager Zero-Day Leads to Root
3storiesEPSS 1%CISA Adds One Known Exploited Vulnerability to Catalog
1storyEPSS 99%ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
1storyEPSS 90%Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs
1storyEPSS 86%"The timeline is not years, it is months,” the nations of the Five Eyes intelligence alliance said in a joint alert about the cybersecurity concerns of artificial intelligence.
lso Tuesday, the Treasury Department took action against the same Cambodian company, Huione Group, and affiliates. The post Justice Department seizes infrastructure used by cyber scam and criminal marketplace appeared first on CyberScoop.
A new macOS ClickFix campaign is using Terminal commands to silently download, mount, and launch info-stealing malware from malicious disk image (DMG) files. [...]
The Department of Justice announced the “seizure of a cloud computing account” used by subsidiaries of the Huione Group, a conglomerate severed from the U.S. financial system last year.
AIDragos launched EmberAI, an OT-native AI built on its intelligence data, to help critical infrastructure teams prioritize threats faster.
Open narrative →An executive order signed Monday aims to accelerate the government's transition to post-quantum cryptography (PQC), a new generation of encryption designed to protect data from the powerful quantum computers expected in the future.
Four flaws in Dify exposed cross-tenant data, documents and AI conversations. Two critical bugs enabled unauthenticated access and data theft. Zafran Labs researchers disclosed four vulnerabilities in Dify, the open-source AI platform used by major companies like Volvo and Mae...
AITwo Scattered Spider members pleaded guilty to the 2024 cyberattack on Transport for London, causing major disruption and £29 million in losses.
Open narrative →Attackers could abuse Dify's multi-tenant cloud service to read private chats, preview other tenants' documents, and reach internal APIs. The post Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps appeared first on SecurityWeek.
The so-called duty of care provision that was excluded would have mandated that online platforms take reasonable measures to prevent specific harms such as suicidal ideation, eating disorders and cyberbullying by changing algorithm and design features.
Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it safe. The payloa...
AITrump signed an executive order setting a 2030 deadline for federal agencies to migrate high-value assets to post-quantum cryptography, with digital signatures due by 2031.
Open narrative →A massive credential-harvesting campaign targeting FortiGate firewalls has exposed thousands of organizations to potential network compromise, and a trove of attacker tools, scripts, and credentials left inadvertently exposed on a server has given researchers an unusually deta...
AIAbdellah Belmili, 26, extradited from Algeria to the US for operating Market0Day and Spoxy, which sold stolen financial credentials and phishing kits targeting US banks, faces 30 years.
Open narrative →GitHub is moving to strengthen software supply chain security by updating "actions/checkout" to block pwn request attacks that exploit the risky use of the "pull_request_target workflow" trigger to run malicious code with the workflow's full privileges. Effective June 18, 2026...
N-able has announced the availability of Shadow AI Visibility across its Unified Endpoint Management (UEM) solutions, N‑central and N‑sight, and its Security Operations platform, Adlumin. The new capability helps organizations identify, classify, and monitor AI tool usage acro...
Attackers can now weaponize newly disclosed vulnerabilities far faster than most organizations can patch them. Picus Security explains how security teams can validate exploitability before a public exploit even exists. [...]
LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain attack earlier this month. [...]
SocGholish uses traffic distribution systems (TDSs) to provide initial access into victims' networks for cybercrime groups such as the notorious Evil Corp.
A Reddit comment that takes only a few seconds to write can end up influencing the answers generated by AI research tools. A Cornell Tech study found that a short snippet of user-generated text, sometimes as little as 13 words, was enough to affect the output of deep-research ...