Security ยท Top stories
Study Reveals 282 iOS AI Apps Expose API Keys and Access Tokens
A study found that 282 of 444 tested iOS AI chatbot apps leaked API keys through network traffic, enabling unauthorized access. This exposes developers to financial risks and highlights security vulnerabilities amidst the growing reliance on AI applications.
Cyber Risks Identified Ahead of FIFA World Cup 2026
A recent report reveals significant cyber threats targeting the FIFA World Cup 2026, including email spoofing risks and a surge in fake sportsbook apps. With many partners lacking sufficient protections, this exposes critical vulnerabilities within the event's supply chain, posing a major risk to financial transactions.
Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer
An exploit of the critical authentication bypass vulnerability CVE-2026-48558 in SimpleHelp has allowed attackers to deploy TaskWeaver and Djinn Stealer malware. This intrusion showcases the importance of securing remote monitoring software, as compromised systems can lead to severe data theft.
GitHub Advisory Database Hits Record Vulnerability Reports Amid Increased Complexity
In May 2026, the GitHub Advisory Database published a record 1,560 reviewed advisories, indicating a significant rise in vulnerability reporting. This surge is prompting longer review times but maintains quality as advisories are still human-validated.
Malicious Chrome Extension Logged User Searches Under Perplexity Name
Microsoft discovered a malicious Chrome extension pretending to be Perplexity that intercepted user searches and address bar input. This extension logged every search query and typed character before redirecting users to legitimate search engines, posing a significant data privacy risk.
Apple Releases Security Updates for 30+ iOS, macOS, Safari Vulnerabilities
Apple released security updates for iOS, macOS, and Safari fixing over 30 vulnerabilities, including four WebKit flaws uncovered using AI tools. This marks a proactive approach from Apple in response to potential AI-enhanced exploitation techniques.
Over 236,000 DCloud Sites Linked to Cryptocurrency Scams and Phishing
Infoblox reports that over 236,000 websites employing DCloud Uni-App templates are involved in scams. These include cryptocurrency exchanges, phishing networks, and wallet drainers, raising significant security concerns.
Urgency Grows for Quantum-Resistant Cryptography Amid Quantum Threats
Organizations must adapt to post-quantum cryptography as public-key systems will be vulnerable to quantum computers. With cryptographically relevant quantum computers potentially available within 15 years, industries face pressures to upgrade security protocols before major deadlines set by agencies like the NSA and NIST.
Gamaredon Intensifies Cyber Attacks on Ukraine with New Malware Techniques
Gamaredon, a Russian APT group, has expanded its cyber attacks against Ukraine with new malware and tactics throughout 2025. The group has conducted 35 spear-phishing campaigns aimed at Ukrainian governmental and military institutions, focusing on exfiltrating sensitive data that could serve Russian interests in the ongoing conflict.
Flock cameras expand beyond license plate tracking in the U.S.
Flock Security's surveillance cameras, primarily known for tracking license plates, are increasingly used for broader monitoring, raising privacy concerns. With over 100,000 units installed, these cameras pose significant implications for public surveillance and law enforcement practices.
Ukraine and FBI Uncover Russian Intelligence Messaging Credential Theft Campaign
The Security Service of Ukraine, in collaboration with the FBI, revealed a Russian intelligence operation targeting messaging accounts of officials and civilians. The attackers used fake support messages to coax victims into revealing sensitive credentials.
New SharkLoader Malware Used to Deploy Cobalt Strike in Global Cyberattacks
Kaspersky reports a new malware called SharkLoader is being used to deploy Cobalt Strike in cyber attack campaigns. Targeting various sectors in multiple countries, the campaign reveals a significant and global threat landscape potentially linked to a Chinese-speaking threat actor.
Chinese APT CL-STA-1062 Uses TinyRCT Backdoor in Southeast Asia Cyber Campaign
A Chinese-speaking APT known as CL-STA-1062 has been linked to a new backdoor, TinyRCT, targeting government and critical infrastructure in Southeast Asia. This development highlights a sustained threat environment for state entities in the region.
Amazon Q Developer Flaw Allows Code Execution via Malicious Repos
A high-severity flaw in Amazon Q Developer permitted malicious repositories to execute code and steal developer credentials. The issue stemmed from the way Amazon's AI coding assistant handled Model Context Protocol servers, which has now been patched by Amazon.
Guardian Agents Raise Challenges for Identity Governance in Enterprises
The emergence of AI agents in enterprise environments has exposed significant gaps in identity governance systems. These agents inherit permissions from human identities, potentially leading to over-privileged access and security risks across systems.
Microsoft Alerts on Phishing Campaign Targeting Hotels with Node.js Implant
Microsoft identified a phishing campaign targeting hotels across Europe and Asia that leverages ZIP files containing a Node.js implant. The campaign uses specialized email tactics to bypass security measures and exploit hotel operational themes, highlighting a significant security concern in the hospitality sector.
Russia Used Cellebrite Tools on Activist's iPhone Post-Sales Cutoff
Russian authorities accessed the iPhone of detained activist Andrey Pivovarov using Cellebrite's forensic tools in June 2021, despite the company's pledge to cease sales to Russia. This incident raises serious ethical concerns regarding the use of forensic technology in political prosecutions and reflects ongoing state repression efforts against opposition figures.
Google Reveals Details on Turla's STOCKSTAY Backdoor Targeting Ukraine
Google's Threat Intelligence Group announced the discovery of the STOCKSTAY backdoor, attributed to the Russian cyber espionage group Turla. This malware has been used to target Ukrainian government and military organizations, showcasing an evolution in Turla's cyber capabilities and tactics since its development traceable to late 2022.
Cloudflare Develops Privacy Protocol, curl Bug Discovered, Critical Hoppscotch Vulnerability
Cloudflare, alongside major web browsers, introduced a protocol using Private Access Control Tokens to enhance web privacy. AISLE reported six vulnerabilities in curl, the oldest dating back to 2001, while a critical security flaw in Hoppscotch allows unauthenticated attackers to compromise API instances.
New Rust-based Gaslight Malware Targets macOS with AI Disruption Techniques
A new macOS malware, codenamed Gaslight, uses prompt injection techniques to evade AI analysis. Linked to North Korean threat actors, the malware embeds fabricated system-failure messages to disrupt AI-assisted triage efforts.
DoJ Seizes Huione Cloud Account Linked to Cryptocurrency Fraud
The U.S. Department of Justice has seized a Huione Group cloud account used for money laundering linked to various cyber scams. This action, which follows new sanctions against related entities, aimed to disrupt significant financial networks facilitating fraudulent activities connected to cryptocurrency.
AWS Security Agent enhances features with threat modeling and code review updates
AWS Security Agent, part of AWS Continuum, now includes threat modeling, advanced code reviews, and support for multiple code repositories. These updates aim to enhance application security throughout the development lifecycle by offering context-aware analysis and vulnerability remediation.
Challenges of Identity Lifecycle Management for AI Agents
Identity lifecycle management systems, designed for human employees, struggle to accommodate AI agents. This gap presents governance issues as enterprises increasingly integrate autonomous agents, necessitating updates to existing frameworks.
Richard Bejtlich Advocates for NDR in Modern Security Operations
Richard Bejtlich highlights the growing need for Network Detection and Response (NDR) in cybersecurity. His guide emphasizes moving beyond traditional alerts to prioritize actionable evidence in detecting and mitigating threats.
Guide on Detecting and Preventing Subdomain Takeovers
This article outlines how to identify and prevent subdomain takeovers, a tactic where threat actors exploit dangling DNS records. It stresses the importance of managing DNS configurations to mitigate risks associated with this security vulnerability.