Security · Top stories
DHS Investigates Cyber Breach on Homeland Security Information Network
The Department of Homeland Security is investigating a recent cyberattack on the Homeland Security Information Network (HSIN). The breach, suspected to occur between late May and early June, affected both HSIN servers and a SharePoint system, key for information sharing among government entities. The attack raises concerns over national security and vulnerabilities in government cybersecurity infrastructure.
Cisco Acknowledges Exploitation of Unified CM Vulnerability CVE-2026-20230
Cisco has confirmed active exploitation of a critical vulnerability (CVE-2026-20230) in its Unified Communications Manager (Unified CM). This flaw, found in systems with the WebDialer service enabled, allows attackers to execute server-side request forgery attacks and potentially gain root access. Cisco urges users to upgrade to patched versions immediately.
LayerX Reveals AI Browser Vulnerability Exploited by 'BioShocking' Attack
Security firm LayerX has discovered a vulnerability in AI-driven browsers, known as the 'BioShocking' attack, where browsers can be tricked into leaking user credentials. The attack uses game-like puzzle contexts to manipulate AI agents into bypassing security protocols, potentially exposing sensitive data. This discovery raises concerns about the security of AI-assisted browsing applications.
ChocoPoC Malware Targets Cybersecurity Researchers via Trojanized PoC Exploits
ChocoPoC, a Python-based remote access trojan, is being distributed through trojanized proof-of-concept (PoC) exploit repositories on GitHub. The malware targets cybersecurity researchers by installing malicious dependencies from PyPI, enabling attackers to execute commands and steal sensitive data. This highlights security risks associated with using unofficial PoCs in vulnerability research.
Password Spray Attack Targets Microsoft Azure CLI, Compromising 78 Accounts
An automated password spray attack on Microsoft's Azure CLI attempted over 81 million logins, affecting 78 accounts across 64 organizations. The attackers exploited a deprecated OAuth flow, bypassing security measures like Conditional Access policies and multi-factor authentication (MFA). This incident underscores vulnerabilities in prevalent security configurations within cloud environments.
Adobe Releases Patches for Critical ColdFusion and Campaign Classic Vulnerabilities
Adobe issued critical security updates for ColdFusion and Campaign Classic, addressing several maximum-severity vulnerabilities with CVSS scores of 10.0. These flaws could allow arbitrary code execution, impacting system security and necessitating prompt user action to apply updates.
Apple Releases iOS 26.5.2 with Over 25 Security Fixes Amid AI Threats
Apple has released iOS 26.5.2, addressing over 25 security vulnerabilities on iPhones. This update is part of Apple's ongoing efforts to counter emerging threats from AI-powered hacking attempts, illustrating a shift towards more frequent security patches.
UK's National Cyber Action Plan launch delayed due to Labour leadership crisis
The launch of the UK's National Cyber Action Plan has been postponed amid political instability following Prime Minister Keir Starmer's resignation. The plan is significant for enhancing national cybersecurity measures against state-backed and criminal hacking, but its delay raises concerns about the government's commitment to cyber defense during the leadership transition.
Bramble Launches Local-First Password Manager for Multiple Platforms
Bramble, a new password manager, enables users to store passwords locally without a central server. This local-first approach enhances security, allowing peer-to-peer syncing between devices.
Amazon Bedrock introduces tools to combat AI-generated phishing risks
Amazon Bedrock offers capabilities to detect and address AI-generated phishing, adapting to sophisticated attacks. This response is crucial as traditional phishing filters fail against today's contextually accurate threats.
ExpressVPN enhances password manager with secure sharing and passkey support
ExpressVPN has upgraded its password manager, ExpressKeys, adding features like secure sharing and passkey support. These enhancements reflect a growing demand for secure data handling across devices.
GitHub Achieves Zero Open Alerts via Secret Scanning Initiative
GitHub's Security team addressed over 20,000 secret alerts, leading to zero open vulnerabilities. This effort displays a proactive approach to vulnerability management and enhances security hygiene within the platform.
Recent Security Threats Highlight Weaknesses in AI and Email Systems
This week's security updates reveal new phishing campaigns, vulnerabilities in AI sandboxing, and flaws in Apple's email privacy service. These issues indicate pervasive weaknesses in various systems and could lead to increased risk for small businesses and users of affected services.
Advocates warn FTC of privacy risks from Musk's X amid audit termination request
Privacy advocates are urging the FTC to maintain audits of X, citing ongoing risks to user data. X has requested the termination of these audits, claiming changes under Musk have mitigated earlier privacy concerns.
Threads spam linked to large crypto scam network targeting users
A series of spam accounts on Meta's Threads app are promoting a large crypto scam network that operates over 10,000 malicious websites. This unusual tactic employs nonsensical posts and low-resolution images to evade moderation and attract attention without directly linking to scams.
Google tests webcam-based reCAPTCHA that can be bypassed with stock photos
Google is trialing a webcam-based reCAPTCHA that requires users to show hand gestures. However, testers quickly circumvented it using stock photos, highlighting potential weaknesses in its implementation.
Medtronic informs customers of ShinyHunters data breach exposure
Medtronic has notified customers about a data breach involving unauthorized access to personal data. The ShinyHunters group claimed to have accessed 9 million records containing sensitive information, prompting Medtronic to reassure customers of their devices' safety and offer credit monitoring services.
Kubota reveals month-long hacker access to employee data
Kubota North America announced that hackers accessed employee data for over a month this year. The breach exposed sensitive information such as Social Security numbers and bank details, prompting the company to enhance its security measures.
BleepingComputer to host webinar on new email security challenges
BleepingComputer will host a webinar on July 8, 2026, highlighting how traditional email defenses are inadequate against modern threats. It will focus on using behavioral AI for automated detection and response to evolving phishing and business email compromise attacks.
IDC Study Finds Mandiant Consulting Yields Significant ROI for Organizations
A recent IDC study shows organizations using Mandiant Consulting report an average annual benefit of $4.3 million, resulting in a 268% ROI over three years with a payback period of 4.1 months. This highlights Mandiant's effectiveness in bridging technical security and financial performance for large organizations.
Criminal IP Enhances OpenCTI with Contextual Cyber Threat Intelligence
Criminal IP integrates with OpenCTI to enrich IP addresses, domains, and URLs with intelligence data. This enhancement allows security teams to better investigate, correlate, and prioritize potential cyber threats.
Japanese companies report cyber breaches affecting millions of customers
Several major Japanese companies, including Aflac Japan, have reported cyber breaches that exposed personal data of millions and disrupted operations. These incidents require further investigation and highlight ongoing cybersecurity challenges faced by the industry.
AWS CIRT updates Threat Technique Catalog, focusing on container security
The AWS Customer Incident Response Team updated the Threat Technique Catalog, adding five new entries focused on container security, organization-level trust, and compute hijacking. This update provides essential insights into recent security threats, particularly around AWS Elastic Kubernetes Service, helping organizations mitigate risks in their cloud environments.
Kiro CLI simplifies AWS security investigations with AI assistance
Kiro has introduced Kiro CLI, an AI-powered tool that assists security teams in investigating AWS incidents. It streamlines the process by providing AWS CLI command suggestions and explanations, significantly reducing the time required for investigations.
AWS Releases Spring 2026 SOC Reports with 188 Services, Now in OSCAL Format
AWS has released its Spring 2026 System and Organization Controls (SOC) 1, 2, and 3 reports, covering 188 services. The SOC 1 and 2 reports are available in both PDF and OSCAL formats for the first time, enhancing automation and efficiency in compliance workflows. These reports provide AWS customers with assurance spanning April 2025 to March 2026, reflecting AWS's ongoing commitment to meeting cloud service compliance standards.
AWS Launches Continuum for Automated Security Vulnerability Management
AWS introduced Continuum for code vulnerabilities, designed to automate the security lifecycle from discovery to resolution. It aims to prioritize vulnerabilities using contextual data and machine reasoning, addressing the increasing backlog of threats facing enterprises.
AWS security maturity roadmap provides phased improvement strategy
A new maturity roadmap for AWS security operations introduces a six-phase process aimed at improving security practices. By integrating AWS Security Hub and Amazon GuardDuty, organizations can enhance their threat detection and overall security posture.
AWS Shield Advanced introduces DDoS attack flow logs for enhanced visibility
AWS Shield Advanced now includes attack flow logs that capture traffic metadata during DDoS attacks. This enables better analysis of attack traffic, showing the origins and mitigating actions taken, integrating seamlessly with existing monitoring tools.
Threat Actors Use SEO-Poisoned Sites to Deploy AsyncRAT via ScreenConnect
Cybercriminals are using the ScreenConnect remote access tool to deploy AsyncRAT through compromised installer archives on spoofed websites. The campaign targets multiple languages and has resulted in a significant security risk as it enables attackers to maintain control over compromised devices and steal sensitive data.
VEIL#DROP Malware Uses Blogger to Deliver PureLogs Info Stealer
A new malware delivery chain, named VEIL#DROP, employs social engineering and Blogger pages to deploy the PureLogs Stealer. The use of legitimate platforms enables attackers to circumvent traditional defenses and execute remote payloads silently.
GitHub Security Lab suggests six key settings for maintainers
GitHub Security Lab recommends six essential security settings for project maintainers to implement. These settings help improve security protocols, facilitate vulnerability reporting, and strengthen overall project integrity.
Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures
The Ousaban banking trojan is targeting Windows users in Spain and Portugal through phishing PDFs designed to look like corrupted files. This malware can capture sensitive information during online banking sessions, posing a significant threat to users' accounts.
2026 Cybersecurity Assessment Reveals Awareness vs. Resilience Gap
The 2026 Bitdefender Cybersecurity Assessment reveals significant discrepancies between organizations' awareness of cyber risks and their actual resilience capabilities. While there is broad acknowledgment of AI’s role in cybersecurity, many teams struggle to effectively reduce their attack surfaces and maintain visibility into AI usage, highlighting a critical sector challenge.
Microsoft Accelerates Post-Quantum Cryptography Roadmap to 2029
Microsoft is fast-tracking its quantum-safe security roadmap, aiming for post-quantum cryptography by 2029 in response to advances in quantum computing. This update could significantly impact encryption standards and security protocols across the tech industry.
AI-Generated Domains Used in Phishing Attacks via Phantom Squatting
Attackers are purchasing domains created by AI models before anyone else, leveraging misplaced trust from users. This tactic, termed 'phantom squatting' by Palo Alto Networks' Unit 42, poses significant risks as AI-generated links can mislead users into visiting malicious sites.
Amazon fined $2.25 million for mishandling identity theft complaints
Amazon has been fined $2.25 million by the FTC for failing to assist identity theft victims as required by the Fair Credit Reporting Act. The FTC alleged that Amazon did not provide information on fraudulent purchases, leading to significant difficulties for customers affected by identity theft.
Research reveals vulnerabilities in AI browsers allowing potential exploitation
New research shows that AI browsers can be manipulated into a false context, enabling malicious actions. This exposure underscores the risks of AI integration without addressing core vulnerabilities.
Microsoft Identifies Risks from Poisoned MCP Tool Descriptions for AI Agents
Microsoft research reveals that poisoned tool descriptions can enable attackers to coerce AI agents into leaking sensitive data without triggering alarms. This issue arises particularly as companies empower AI agents for more complex tasks, highlighting vulnerabilities in the Model Context Protocol (MCP).
RustDuck Botnet Targets Routers and Servers with Two-Stage Malware
The RustDuck botnet is hijacking devices like routers and cameras to execute DDoS attacks. Its significance lies in its rapid evolution and the transition from C to Rust, making analysis more difficult.
Silent Swap Crypto Clipper Targets Users via Fake Google Notes Extension
Cybersecurity researchers identified the Silent Swap crypto clipper campaign, which uses a fake 'Google Notes' extension to steal cryptocurrency. The campaign replaces wallet addresses during transactions, leading to irreversible financial losses for victims.