We’re forgetting the most critical system in the AI loop: the human brain
The question I am asked most frequently today is no longer “which AI tools should we deploy?” but “why are our people not performing at the level our technology investment should be enabling?” The numbers tell a story that should concern every C-suite leader and CIO investing in artificial intelligence right now. According to a […]
How digital sovereignty shapes Amnesty International Spain’s tech model
Transformation of an organization is no longer measured solely in terms of productivity, automation, or the adoption of new tools. In nonprofits like Amnesty International Spain, technology has also become a matter of independence, privacy, and the ability to act autonomously. For over 14 years, the Spanish branch of the organization has operated with a clear […]
Tokenmaxxing: When AI adoption metrics go bad
Tracking AI adoption in the enterprise presents IT leaders with a metrics dilemma. While ROI should be the arbiter of AI initiative success, ensuring employees actually use the AI tools you roll out is a key step in the journey toward that ROI. So, what’s the best way to measure AI uptake without losing sight […]
Cooling down the heat: Why liquid cooling is now mission-critical for AI datacenters
As enterprise demand for AI and high-performance computing accelerates, the infrastructure supporting these workloads is generating heat at levels that conventional air cooling simply cannot manage. A new IDC InfoBrief, sponsored by Lenovo and based on a global survey of 1,230 IT decision-makers, finds that spending on AI and HPC workloads is expected to grow […]
NIS2/DORA sin fricción: del cumplimiento exigido a la resiliencia operativa real
La resiliencia tiene que ser cada vez más proactiva. No se demuestra al final de un ataque, sino al principio. Los ciberdelincuentes no necesitan mucha más munición, ya existen miles de credenciales robadas circulando por la Dark Web: lo importante es estar preparado para un ataque que, inevitablemente, va a ocurrir, y para ser capaces […]
Anthropic suggests slowing AI research until we can align it with human goals
AI could soon lead to systems capable of improving their own performance faster than humans can effectively supervise them, reviving concerns about the industry’s longstanding “alignment problem,” ensuring AI systems reliably pursue human goals, senior Anthropic researchers have warned in a new blog post titled “When AI builds itself.” Anthropic Institute lead Marina Favaro and […]
Multi-cloud doesn’t need another tool
Multi-cloud is now the operating reality of every serious enterprise. Governing it requires four disciplines – not another tool. A field-tested framework for the CIOs running it. Tata Communications Walk into almost any large enterprise today and ask the CIO how their multi-cloud is going. The answer is rarely a single sentence. It’s a list […]
Anthropic’s AI services are too expensive, says Microsoft AI head
Projection, much? Microsoft’s head of AI has accused a rival’s AI service of being too pricey, just as the introduction of usage-based pricing for GitHub Copilot begins to hit developers using its own services. “Anthropic is extremely expensive and I think many people are urgently looking for alternatives,” Mustafa Suleyman, CEO of Microsoft AI, told […]
Tech industry cut 38,242 jobs in May, worst since 2024
Technology companies announced 38,242 job cuts in the US in May 2026, the highest monthly total for the sector since August 2024, according to research by employment placement company Challenger, Gray & Christmas. So far this year the company has observed 123,653 US technology job cuts, a rise of 66 percent from the same period […]
Trust Needs Verification: X-VPN Completed Independent No-Logs Audit
Independent audit helps reinforce that X-VPN’s privacy commitments are supported by operational controls, governance, and data-handling practices. X-VPN’s independent no-logs audit was completed on February 28, 2026, and was conducted by one of the Big Four auditing firms under ISAE 3000 (Revised). Based on the procedures performed within the defined audit scope and applicable review […]
Chinese Cybercrime Group in Spotlight for Record Campaign Pace
Relying on social engineering, the hacking group engages in credential phishing, malware distribution, and fraud activities. The post Chinese Cybercrime Group in Spotlight for Record Campaign Pace appeared first on SecurityWeek.
Mirasvit Vulnerability Exploited to Execute Code on Magento Servers
A flaw in the Full Page Cache Warmer extension can be exploited without authentication via serialized PHP object payloads. The post Mirasvit Vulnerability Exploited to Execute Code on Magento Servers appeared first on SecurityWeek.
Gemini Voice Assistant Hijacked via Messaging Notifications
Attackers could have triggered dangerous actions, including controlling smart home devices via Google Home and starting Zoom video calls. The post Gemini Voice Assistant Hijacked via Messaging Notifications appeared first on SecurityWeek.
Willow Raises $7 Million for Securing Autonomous AI Agents
Willow (formerly Webrix) emerged from stealth mode with an access platform designed to secure enterprise AI agents. The post Willow Raises $7 Million for Securing Autonomous AI Agents appeared first on SecurityWeek.
Webinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to Respond
Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. The post Webinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to Respond appeared first on SecurityWeek.
Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity Risk
As AI agents, machine identities, and third-party applications multiply across enterprises, Offroad is betting autonomous security agents can restore control over an increasingly unmanageable identity landscape. The post Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity Risk appeared first on SecurityWeek.
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026
The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet. The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 appeared first on SecurityWeek.
Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals
The company detected a network intrusion in March and an investigation showed that some files were stolen during the attack. The post Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals appeared first on SecurityWeek.
Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities
Posing as recruiters on online platforms, Chinese intelligence officers target personnel with access to classified or privileged information. The post Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities appeared first on SecurityWeek.
Industry Reactions to New Trump AI Cybersecurity Executive Order: Feedback Friday
Experts commented on the EO’s voluntary nature, the balance between innovation and security, and potential implementation gaps. The post Industry Reactions to New Trump AI Cybersecurity Executive Order: Feedback Friday appeared first on SecurityWeek.
Claude Code has an MCP security problem — and your developers are already using it
Claude Code is Anthropic’s AI coding assistant — a command-line tool that developers are adopting fast. It connects to external services through Model Context Protocol, the standard that lets AI tools interact with Jira, Confluence, GitHub, databases and internal APIs. When a developer connects one of those services, Claude Code runs an OAuth flow, the […]
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, […]
AI tools becoming hot commodities on ransomware marketplaces
Sales of AI-based tools is accelerating within underground ransomware marketplaces, lowering the barrier to entry for new actors in the process. An analysis of Telegram channels, 20 dark web forums, and five underground markets by anti-ransomware platform vendor Halcyon found that AI utility posts grew to 1,486 in February 2026, up from just 38 in […]
FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins
Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff. Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming apps, and at least one operation that copies FIFA’s login page well enough to take […]
The Evil MSI Background is Back!, (Fri, Jun 5th)
A few months ago, I wrote a diary about a payload that was embedded into a JPEG picture. It was a MSI-branded background[1]. Yesterday, I spotted another one! It seems that the technic is getting more and more popular. This time, it started with a mail containing a WeTransfer link.
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. “Compromised business servers across the U.S., Europe, and Asia were quietly converted into SMTP proxies, verified for mail relay capability, and synced to a downstream consumer […]
Soap Box: Detection and response in the AI age
In this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Edward Wu, founder of Dropzone, about what AI is doing to detection, response and the SOC more generally. Dropzone makes AI agents that conduct alert investigations in your SOC, but will the SOC as we know it even exist in […]
ISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960, (Fri, Jun 5th)
Post Content
US government report slams NIST for NVD backlog
A report from the US Commerce department’s inspector general blames the National Institute of Standards and Technology (NIST) for the ever-growing backlog of vulnerabilities for inclusion in the National Vulnerability Database (NVD). But cybersecurity practitioners say that the backlog, although very real, has been building for years, and that the government is doing little to […]
26-00231.pdf
26-00231.pdf Anonymous (not verified) Thu, 06/04/2026 – 18:20 Case ID 26-00231 Forum FINRA Document Type Award Claimants Yauniel Valdes Respondents Robinhood Financial, LLC. Neutrals Diane M. Perry Hearing Site Boca Raton, FL Award Document 26-00231.pdf Documentum DocID ab2537e2 Award Date Official Thu, 06/04/2026 – 12:00 Related Content Off Claimant Representatives Yauniel Valdes Respondent Representatives Simeon […]
24-00704.pdf
24-00704.pdf Anonymous (not verified) Thu, 06/04/2026 – 18:10 Case ID 24-00704 Forum FINRA Document Type Award Claimants Andrew Waldbaum Lisa Detanna Respondents Raymond James & Associates, Inc. Neutrals Herb Schwartz Nicholas John Taldone Jay H. Feldstein Hearing Site Los Angeles, CA Award Document 24-00704.pdf Documentum DocID 2e19a750 Award Date Official Thu, 06/04/2026 – 12:00 Related […]
25-02200.pdf
25-02200.pdf Anonymous (not verified) Thu, 06/04/2026 – 18:10 Case ID 25-02200 Forum FINRA Document Type Award Claimants Michael Carrano Respondents Merrill Lynch Pierce Fenner & Smith Inc. Neutrals Kenneth R. Starr Anita Rae Shapiro Stephanie Jeannette Charny Hearing Site Portland, OR Award Document 25-02200.pdf Documentum DocID 22361f30 Award Date Official Thu, 06/04/2026 – 12:00 Related […]
26-00177.pdf
26-00177.pdf Anonymous (not verified) Thu, 06/04/2026 – 18:10 Case ID 26-00177 Forum FINRA Document Type Award Claimants Steven Childers Respondents Charles Schwab & Co., Inc. Neutrals Yana Karnaukhov Hearing Site Chicago, IL Award Document 26-00177.pdf Documentum DocID 1317dbbb Award Date Official Thu, 06/04/2026 – 12:00 Related Content Off Claimant Representatives Steven M. Childers Respondent Representatives […]
Rayfin signals Microsoft’s push to make Fabric an AI app runtime
For enterprises embracing AI-assisted development, writing code is no longer the hardest part. Operationalizing it is. Microsoft is targeting that challenge with Rayfin, a new open-source SDK and CLI unveiled at Build 2026. “Rayfin turns backend development into a code-first workflow. Developers and coding agents can define a full application backend in code, including databases, business […]
The case for keeping humans at the helm
There’s a growing chorus in our industry selling a tempting vision: a fully autonomous, AI-powered SOC that runs itself. Alerts triaged, false positives dismissed, investigations opened and closed — all without a human in the loop. For resource-constrained security teams drowning in alerts, the pitch lands hard. But as security leaders, when we hear “fully […]
Your outsourcing contract needs XLAs, not just SLAs
I’ve lost count of how many clients have called frustrated, not because their managed services provider (MSP) was missing SLAs, but because meeting every SLA still wasn’t helping employees do their jobs. Tickets close on time, uptime stays above target, and scorecards are green across the board yet employees remain frustrated by broken processes, recurring […]
What Anthropic and OpenAI IPOs spell for CIOs’ AI budgets
AI pioneers Anthropic and OpenAI both appear to be headed toward IPOs, leaving IT leaders whose organizations rely on their AI models wondering what might be in store for them. Top of mind is the possibility of higher costs for enterprise use, especially for frontier models. By offering stock for sale, the two AI innovators […]
Your AI cloud strategy isn’t about cost. It’s about gravity
I’ve spent the better part of the last eighteen months in conference rooms with CIOs working through their AI strategy. The conversations all start in the same place — model selection, vendor evaluation, agent frameworks — and they all eventually arrive at the same uncomfortable question. “Where is this actually going to run?” The question […]
AI 에이전트가 IT 인프라 지킨다…시스코, 머신 속도 보안·에이전틱옵스 비전 구체화
이날 시스코는 네트워크, 보안, 데이터, 운영을 통합하는 플랫폼인 ‘시스코 클라우드 컨트롤(Cisco Cloud Control)’을 중심으로 AI 시대 인프라 청사진을 제시했다. 아울러 AI 확산에 따른 새로운 보안 위협에 대응하고 기업의 회복탄력성을 높이기 위한 기술과 서비스도 주요 화두로 다뤘다. 시스코의 인프라·보안 그룹 수석부사장 겸 총괄 매니저 톰 길리스(Tom Gillis)는 “과거에는 인프라를 강화하고 취약점을 보완한 뒤 가능한 한 오랫동안 […]
Cybersecurity maturity is now a proof point for resilience
Cybersecurity maturity has become one of the clearest proof points for whether a company is prepared to withstand scrutiny, disruption and risk. It is no longer only a question of protection, tooling or breach prevention. It reflects how well the company understands its systems, controls access, manages risk and responds when something goes wrong. The […]
¿Cómo impactarán en los presupuestos de IA de los CIO las salidas a bolsa de Anthropic y OpenAI?
Los pioneros de la IA Anthropic y OpenAI parecen dirigirse hacia sus respectivas salidas a bolsa, lo que deja a los directivos de TI cuyas organizaciones dependen de sus modelos de IA preguntándose qué les deparará el futuro. Una de las principales preocupaciones es la posibilidad de un aumento de costes para el uso empresarial, […]
“코딩 AI 비용 폭탄 막는다” IBM 작업 쪼개 최적 모델 골라주는 ‘밥’으로 코딩 시장 정조준
기존 AI 코딩 서비스가 우수한 자체 모델을 기반으로 코딩 실력을 내세웠다면, IBM은 여러 회사의 모델을 종합적으로 가져와 ‘비용 효율’을 내세웠다. AI 코딩 및 IT 업무에 사용량 기반 과금이 보편화되면서 기업의 비용 관리 부담이 커진 상황에서, IBM의 ‘밥’은 작업 난이도에 따라 최적의 모델을 실시간으로 선택·전환해 비용을 통제한다. 또한 보안 기능을 강화해 단순한 AI 코딩 도구를 넘어 […]
Fight back faster: Why AI-powered defense is no longer optional for enterprise security
The new AI-powered threat environment has already changed in ways that security teams cannot address by working harder or adding head count. According to the Unit 42 Global Incident Response Report 2026, which draws on more than 750 major incidents, attackers can move from initial access to data exfiltration in as little as 72 minutes, four […]
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco’s PSIRT says it has not seen the flaw used in attacks yet. The PoC […]
HTTP/2’s speed abused to slow webserver performance in DoS attack
Security researchers are warning of an issue with the default HTTP/2 configuration used by major web servers which reportedly survived more than a decade of human review before showing up in Codex-assisted analysis. A flaw in the handling of the HTTP/2 protocol made a denial-of-service (DoS) attack possible on web servers including nginx, Apache HTTP […]
OpenAI responds to White House executive order on AI governance
OpenAI has proposed mandatory federal evaluations of the most capable AI models before public release while arguing that regulators should stop short of deciding whether those systems can be deployed, staking out a middle ground in the debate over how frontier AI should be governed. The company’s proposal came a day after the White House […]
Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
A security researcher found a flaw in Anthropic’s Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic’s own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto […]
Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It
Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic’s Claude Mythos model was made available to a limited set of organizations as a technical preview, it was reported that an unauthorized group claimed that it had gained access […]
ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories
It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great. Read the whole […]
China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa
A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a “rapid operational tempo” and a continually evolving malware arsenal comprising known families like ValleyRAT (aka Winos 4.0) and Atlas RAT (aka AtlasCross RAT), […]
Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs
A high severity vulnerability in Hugging Face Transformers enables attackers to compromise systems that use the popular Python library to test and run AI models. The flaw impacts library versions that continue to be actively downloaded and comes at a time when attackers are increasingly targeting the AI supply chain, including through malicious models hosted […]
Hitachi Energy RTU500
View CSAF Summary Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. If exploited, these vulnerabilities primarily impact product availability, with potential secondary impacts on confidentiality and integrity. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. The following versions of Hitachi Energy RTU500 are affected: […]
B&R PPT30 Operating System
View CSAF Summary B&R is aware of a vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploits this vulnerability could make the OPC-UA server of the product inaccessible. The following versions of B&R PPT30 Operating System are affected: PPT30 Operating System <1.8.0, 1.8.0 (CVE-2025-11482) CVSS Vendor Equipment Vulnerabilities […]
Hitachi Energy ITT600 Explorer
View CSAF Summary Hitachi Energy is aware of vulnerabilities that affect ITT600 Explorer product versions listed in this document. These vulnerabilities can be exploited to carry out Denial of Service (DoS) attack on the product. The vulnerabilities only affect Hitachi Energy Integrated Testing Tool ITT600 SA Explorer without affecting IEC 61850 system endpoints. Please refer […]
Hitachi Energy MACH HiDraw
View CSAF Summary Hitachi Energy is aware of a buffer overflow vulnerability that affects MACH HiDraw product versions listed in this document. Successful exploitation of this vulnerability could lead to a buffer overflow condition, potentially resulting in application outages (denial of service) and possible arbitrary code execution. Please refer to the Recommended Immediate Actions for […]
NAVTOR NavBox
View CSAF Summary Successful exploitation of this vulnerability could allow a local attacker to gain unauthorized access to SOAP methods, resulting in a disruption of operations. The following versions of NAVTOR NavBox are affected: NavBox 4.16.1.20 (CVE-2026-21404) CVSS Vendor Equipment Vulnerabilities v3 6.3 NAVTOR NAVTOR NavBox Use of Hard-coded Credentials Background Critical Infrastructure Sectors: Information […]
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in late August 2025. The cybercrime group behind the […]
Organizations Warned of Exploited Linux Kernel Vulnerability
An improper authentication bug allows attackers to escalate their privileges and escape containers. The post Organizations Warned of Exploited Linux Kernel Vulnerability appeared first on SecurityWeek.
IMA Diligence Services Data Breach Impacts 525,000 People
The affected individuals’ personal information was stolen from a legacy server managed by a third party. The post IMA Diligence Services Data Breach Impacts 525,000 People appeared first on SecurityWeek.
Hackers Target Global Stock Exchange in Espionage Operation
The attackers had access to a senior executive’s email account for 150 days and exfiltrated data for months. The post Hackers Target Global Stock Exchange in Espionage Operation appeared first on SecurityWeek.
Security of 100 AI Agents Tested and Ranked – What You Need to Know
The AI Risk Quadrant evaluates AI agents based on three factors: how vulnerable they are to compromise, the potential impact of a breach, and the strength of their security defenses. The post Security of 100 AI Agents Tested and Ranked – What You Need to Know appeared first on SecurityWeek.
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs
Threat actors are exploiting vulnerable Kirki and Burst Statistics deployments to elevate privileges and take over websites. The post Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs appeared first on SecurityWeek.
Coralogix Raises $200M at $1.6B Valuation to Scale AI Observability Platform
Coralogix offers a full-stack observability platform that unifies logs, metrics, traces, security, and AI observability. The post Coralogix Raises $200M at $1.6B Valuation to Scale AI Observability Platform appeared first on SecurityWeek.
VS Code Vulnerability Allows One-Click GitHub Token Theft
A researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance. The post VS Code Vulnerability Allows One-Click GitHub Token Theft appeared first on SecurityWeek.
Cisco Warns of Available PoC for Critical Unified CM Vulnerability
The high-severity flaw can be exploited remotely, without authentication, in server-side request forgery (SSRF) attacks. The post Cisco Warns of Available PoC for Critical Unified CM Vulnerability appeared first on SecurityWeek.
Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown
Law enforcement and tech companies disrupted infrastructure linked to scammers operating across Southeast Asia. The post Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown appeared first on SecurityWeek.
Operations Director position
Tactical tech operations director position job opening
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework. “The sites are well-designed and often look like legitimate project portals at a glance, sometimes referencing
Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months
Unknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec and Carbon Black’s Threat Hunter Team reported the campaign this […]
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted
Beware the ‘son of Mythos,’ security experts warn
Enterprise security teams were urged by security experts at Infosecurity Europe to brace for impact as both Anthrophic and OpenAI expand access to their frontier AI models for vulnerability discovery. Anthropic, in particular, is significantly expanding Project Glasswing, its scheme to provide select organizations with access to Claude Mythos, an AI-powered vulnerability discovery tool that many […]
Microsoft's Coreutils for Windows, (Thu, Jun 4th)
I’ve been using the GnuWin32 CoreUtils for Windows for many years now (it gives you many *nix core commands on Windows).
DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets
The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The “Disruption Week” operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by […]
ISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958, (Thu, Jun 4th)
Post Content
Hole in GitHub’s browser-based VSCode editor could lead to stolen token
A vulnerability in GitHub’s browser-based VSCode editor could lead to the theft of a developer’s token under certain circumstances, says a researcher. The issue, revealed this week in a blog by Ammar Askar, has apparently been already addressed by GitHub owner Microsoft. But it raises a questions about both DevOps security, and about the researcher’s […]
Enterprise Spotlight: Rethinking cloud strategy in the age of AI
Cloud computing has reached a crossroads. The high cost and data sensitivity of AI workloads are raising the appeal of private clouds, even as neoclouds and sovereign clouds shake up the cloud provider landscape. New cyberthreats, shifting compute requirements, and management complexity are adding to cloud complications. Download the June 2026 issue of the Enterprise […]
25-00629.pdf
25-00629.pdf Anonymous (not verified) Wed, 06/03/2026 – 19:10 Case ID 25-00629 Forum FINRA Document Type Award Claimants Christa McGillen Respondents Morgan Stanley Neutrals Amy Jill Baranoff Hearing Site New York, NY Award Document 25-00629.pdf Documentum DocID c8cc4af5 Award Date Official Wed, 06/03/2026 – 12:00 Related Content Off Claimant Representatives Tyler Reynolds Respondent Representatives Lawrence G. […]
25-02830.pdf
25-02830.pdf Anonymous (not verified) Wed, 06/03/2026 – 19:10 Case ID 25-02830 Forum FINRA Document Type Award Claimants Yatan Shih Respondents Firstrade Securities Inc. Neutrals Lawrence R. Mills Hearing Site San Francisco, CA Award Document 25-02830.pdf Documentum DocID 00c7e418 Award Date Official Wed, 06/03/2026 – 12:00 Related Content Off Claimant Representatives Yatan Shih Respondent Representatives Meredith […]
25-00364.pdf
25-00364.pdf Anonymous (not verified) Wed, 06/03/2026 – 19:10 Case ID 25-00364 Forum FINRA Document Type Award Claimants Steven Seid Respondents Touchstone Securities, Inc. Neutrals Ronald Chun Gary Kostow Anthony Knight Hearing Site San Francisco, CA Award Document 25-00364.pdf Documentum DocID f692dc4c Award Date Official Wed, 06/03/2026 – 12:00 Related Content Off Claimant Representatives Laurence M. […]
25-02191.pdf
25-02191.pdf Anonymous (not verified) Wed, 06/03/2026 – 18:50 Case ID 25-02191 Forum FINRA Document Type Award Claimants Sandra Dose Respondents Wells Fargo Clearing Services, LLC Neutrals Ilene T. Gormly Hearing Site Omaha, NE Award Document 25-02191.pdf Documentum DocID 509667a9 Award Date Official Wed, 06/03/2026 – 12:00 Related Content Off Claimant Representatives Dochtor Kennedy Respondent Representatives […]
26-00307.pdf
26-00307.pdf Anonymous (not verified) Wed, 06/03/2026 – 18:50 Case ID 26-00307 Forum FINRA Document Type Award Claimants Stifel, Nicolaus & Co., Inc. Respondents Francis Cunningham Neutrals Richard S. Zaifert Hearing Site Memphis, TN Award Document 26-00307.pdf Documentum DocID 1e77d35d Award Date Official Wed, 06/03/2026 – 12:00 Related Content Off Claimant Representatives Craig Stein Respondent Representatives […]
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini’s voice assistant on Android and made it open a victim’s connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term memory. No malicious app on the phone is […]
Has agentic AI outgrown the data organization?
Recently, I participated in an architecture review for a Voice AI initiative. The initial proposal was heavily centered on the data required to provide context for the agent. The discussion focused on retrieval mechanisms, customer history, and knowledge access patterns. But as the review progressed, the discussion quickly went beyond data. Questions emerged around identity […]
The value of vendor relationships in the AI era
Since the rapid expansion of AI tools, the balance of power between customers and vendors has shifted dramatically. Organizations are no longer as dependent on software developers, solution architects and integration specialists to build functional tools or workflows. Today, internal teams can leverage platforms such as Claude, Lovable, Perplexity and other AI-assisted development tools to […]
American Express: Democratize analytics, not data
Data democratization has been a buzz phrase for years, but Chris Gifford, chief data officer at American Express, argues that it’s much more helpful to think about democratizing analytics. Making analytics more accessible enables employees, as well as AI agents, across the business to generate insights and act upon them within a governed framework. “It’s […]
7 ways for CIOs to deliver bad news without losing trust
Insights from CIOs, consultants, and executive coaches show that effective CIOs don’t just report problems, they share information early, explain the issues clearly, and help executives decide what to do next. Here are seven ways CIOs can deliver bad news more effectively. 1. Build transparency early so bad news is never a surprise Successful CIOs […]
Who authorized the algorithm? Reckoning with ungoverned AI
Three business units. One weekend. Zero governance checkpoints. That is what a Fortune 500 CIO I advise discovered last quarter when autonomous AI agents deployed by separate teams accessed customer databases, initiated vendor negotiations and generated compliance reports without a single human sign-off. Nobody verified the context protocols connecting those agents to enterprise systems. Nobody […]
Microsoft’s Frontier Tuning aims to teach AI how enterprises work, not just context
For the past two years, enterprises have focused on feeding AI models their data — wiring them into documents, databases, and internal knowledge systems. Microsoft now says that’s only half the story. The next frontier, it argues, is teaching AI how work actually gets done. At Build 2026, Microsoft introduced Frontier Tuning, a new service […]
American Express aboga por democratizar la analítica, no los datos
La democratización de los datos ha sido una expresión de moda durante años, pero Chris Gifford, director de datos (CDO) de American Express, sostiene que es mucho más útil pensar en la democratización de la analítica. Hacer que la analítica sea más accesible permite a los empleados, así como a los agentes de IA, en […]
La experiencia de cliente no se instala: se entrena
Cada vez más compañías incorporan agentes de IA con la expectativa de ganar eficiencia y reducir costes. Pero cuando se analizan los resultados, el impacto real suele ser limitado. Muchas iniciativas no superan la fase piloto o generan experiencias irregulares que obligan al cliente a repetir gestiones o regresar al canal humano. El problema ya […]
Observabilidad colaborativa: cómo integrar una misma visión entre tecnología, servicio y negocio
En la economía digital actual, la experiencia del cliente (CX) ya se compara frente a la que ofrecen plataformas nativas digitales como Google, Netflix o Amazon. Cada interacción digital, ya sea una transferencia, una compra o una consulta desde un dispositivo móvil, se evalúa bajo ese mismo estándar de inmediatez, fluidez y simplicidad. Esto ha […]
La santísima trinidad del ‘cloud’: muchos logos, poco gobierno
Seré directa: llevamos años construyendo estrategias cloud alrededor de logos. Logos luminosos, bonitos, con sus colores corporativos perfectamente alineados en una diapositiva que alguien presentó al comité de dirección con una sonrisa de satisfacción. La santísima trinidad de los grandes proveedores cloud, los CSP de toda diapositiva que se precie. Y debajo, en letra pequeña […]
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
Cybersecurity researchers have flagged a new malspam campaign that makes use of Google’s DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT. “Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick, a legitimate Google-owned domain that many security tools are less likely […]
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore
Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and “patch everything in time” stopped working years ago. Stop betting the org on winning that race. You don’t control which bug lands. You control what it can reach once it does. That is a question about the shape of your […]
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user’s token and get it, then read email, open files, browse the calendar, and send messages as […]
KR: Tving CEO Apologizes for Unprecedented Data Leak
This is what incident response and accountability should look like in the U.S., too, but almost never does. The Chosun Daily reports: OTT platform Tving, TVING, has faced controversy over leaking members’ personal information, with its representative director personally apologizing. On the afternoon of the 3rd, Tving’s CEO Choi Joo-hee stated, “We sincerely apologize for… […]
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases. Tracked as CVE-2026-23479, the flaw was introduced in Redis 7.2.0 and remained in every stable […]
Continuing Scans for swagger.json, (Wed, Jun 3rd)
Enterprise applications often still use complex standards like SOAP for web services. The big advantage of SOAP is its tight and extensive standards, which enable interoperability across an enterprise governed by web services. The disadvantage of SOAP: First, while it is de facto usually used over HTTP, it does not leverage HTTP, leading to unnecessary […]
One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user’s GitHub token. “Just by clicking a link, it’s possible for an attacker to steal a GitHub token that can read and write to your repos, including private ones,” security researcher Ammar Askar said. […]
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-45247 Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing […]
Microsoft wants to put AI agents on a short leash
As enterprises race to adopt AI agents across software development workflows, Microsoft is rolling out new controls aimed at keeping the transformation from becoming a security headache. At its annual developer conference, Microsoft Build, the company unveiled a set of initiatives, including a brand new runtime containment offering, Microsoft Execution Container (MXC), for agentic AI […]
Oracle WebLogic Vulnerability Exploited in the Wild
The vulnerability is CVE-2024-21182 and it can be exploited without authentication to hack affected WebLogic servers. The post Oracle WebLogic Vulnerability Exploited in the Wild appeared first on SecurityWeek.
Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches
A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device. The post Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches appeared first on SecurityWeek.
The Zero-Knowledge Threat Actor and the End of Responsible Disclosure
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. The post The Zero-Knowledge Threat Actor and the End of Responsible Disclosure appeared first on SecurityWeek.
Anthropic Expanding Mythos Access to 150 New Organizations
Only approximately 50 companies have had access to Mythos until now and they have found thousands of vulnerabilities in their products. The post Anthropic Expanding Mythos Access to 150 New Organizations appeared first on SecurityWeek.
Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities
Google says the Android vulnerability CVE-2025-48595 has been exploited in limited, targeted attacks. The post Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities appeared first on SecurityWeek.
Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk
A simple development setting bypassed protections designed to prevent unauthorized Android apps from accessing Microsoft account tokens, exposing billions of installations. The post Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk appeared first on SecurityWeek.
Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis
As AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control. The post Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis appeared first on SecurityWeek.
Trump Signs Executive Order That Invites Vetting of Top AI Models for National Security Risks
The order establishes a framework for the federal government to vet the national security risks of the most advanced AI systems for up to a month before their public release. The post Trump Signs Executive Order That Invites Vetting of Top AI Models for National Security Risks appeared first on SecurityWeek.
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
Microsoft responds to backlash over its threats of legal action against researchers who publicly disclose zero-day vulnerabilities. The post Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash appeared first on SecurityWeek.
‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds
The default HTTP/2 configuration of major web servers is vulnerable to an attack chain combining a compression bomb and a Slowloris-style hold. The post ‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds appeared first on SecurityWeek.
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user’s NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool’s ms-screensketch: URI handler, the newly flagged issue resides in the search: URI handler, per Huntress. CVE-2026-33829 refers to a spoofing vulnerability […]
AI may finally unlock the cyber budgets CISOs have wanted for years
For nearly two decades, cybersecurity leaders have faced the same reality: No matter how catastrophic the latest breach, ransomware attack, or nation-state intrusion, security spending often struggled against competition with every other business priority. AI may finally be changing that equation. The rapid emergence of frontier AI systems capable of autonomous cyber operations — combined […]
Lessons from the Canvas cyberattack
Canvas cyberattack: Who, what, when, how? What and when? Over May 6 and 7, 2026, Canvas learning management system (LMS) users were served up a defaced web page in place of the expected login page. The altered web page displayed a warning by the ShinyHunters criminal hacker and extortion group advising of the Instructure compromise. […]
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. “The vulnerable behavior exists in each server’s default HTTP/2 configuration,” the company said, adding it was discovered by OpenAI Codex by chaining
Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content
Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims’ systems. The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active since January 2026 and impersonates Minecraft clients and mods to infect users. In all, 3820
Risky Business #840 -- Microsoft walks back researcher threats
On this week’s show special guest co-host Andy Boyd joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Andy is the CEO of REDLattice, which makes the Paragon “intelligence collection and reconnaissance” solution. They cover: Adversaries are tracking US troop locations with commercially available location data A new Signal phishing campaign is […]
ISC Stormcast For Wednesday, June 3rd, 2026 https://isc.sans.edu/podcastdetail/9956, (Wed, Jun 3rd)
Post Content
Anthropic grants Project Glasswing access to 150 more companies, with a focus on critical infrastructure
Anthropic on Tuesday announced that it was adding 150 more companies to its Project Glasswing AI-based vulnerability hunting initiative, with a particular focus on critical infrastructure companies including those involved in “power, water, healthcare, communications and hardware.” Analysts and security vendors agreed that the move is a positive step, noting that the more companies involved […]
Two-year old Oracle WebLogic Server vulnerability is being exploited
US federal government departments have been given until Thursday to patch a two-year old high severity vulnerability in Oracle WebLogic Server that could allow an unauthenticated attacker to access critical data. The vulnerability, CVE-2024-21182, was added Monday to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, giving federal Oracle admins a […]
Most organizations that miss 24-hour patch window report breaches
Steve Zurier reports: The Cloud Security Alliance (CSA) found that 80% of organizations that miss the 24-hour patch window report security incidents involving known vulnerabilities. CSA’s study, released June 2, also found that even pre-production controls are not stopping known flaws in the AI age as 82% of organizations lack real-time visibility into AI runtime behavior…. […]
HP Poly VoIP vulnerability sets the stage for executive voice deepfakes
HP has released patches for a critical buffer overflow vulnerability in multiple IP-enabled conference phones from its Poly Voice line. The flaw allows unauthenticated attackers to obtain root privileges on the underlying operating system, potentially enabling them to execute other attacks such as eavesdropping on conversations and recording voice data for AI-enabled impersonation attacks. The […]
기업 70% AI 모델 3개 이상 운영…오픈AI 독주 속 클로드·제미나이 존재감 확대
데이터독이 발표한 ‘2026 AI 엔지니어링 현황 보고서(State of AI Engineering 2026)’는 실제 운영 환경에서 AI를 활용하는 수천 개 조직의 데이터를 분석한 결과를 담고 있다. 보고서는 AI 시스템이 고도화될수록 운영 복잡성이 증가하는 현상에 주목했다. 기업들의 멀티모델 전략 채택도 빠르게 확산되고 있다. 현재 약 10개 기업 중 7개(69%)가 3개 이상의 AI 모델을 사용하고 있으며, 6개 이상의 모델을 […]
“GPU 공급자 넘어 전략적 파트너”…네이버클라우드-엔비디아, AI 팩토리 동맹
네이버클라우드 엔비디아와 손잡고 글로벌 AI 팩토리 구축 사업을 본격 추진한다. 양사는 인프라부터 모델과 서비스를 아우르는 풀스택 AI 역량을 기반으로 치열해진 AI 인프라 경쟁 속 리더십을 공고히 한다는 계획이다. 김유원 네이버클라우드 대표는 2일 대만에서 열린 엔비디아 클라우드 파트너 서밋(NCP Summit)을 통해 “네이버클라우드는 AI 인프라부터 서비스까지 전 영역을 아우르는 탄탄한 풀스택 기술 역량을 가지고 있기 때문에 에너지·칩·인프라·모델·애플리케이션을 포함하는 엔비디아의 AI 팩토리 플랫폼 전략에 완벽하게 부합하는 파트너”라며 협력 […]
AI killed the code review. What happens to knowledge sharing?
As long as software engineering is done in teams, we need a way for people to know how things work, why certain decisions were made and where the boundaries are. That need doesn’t go away when AI writes the code. If anything, it gets more critical. Code reviews were how most teams handled this. When […]
Cloud strategies have become more complicated than ever
With years of cloud experience, IT leaders thought they finally had firm control of their cloud strategies. And then came AI. Of course, cloud issues today extend beyond artificial intelligence. Where to place cloud workloads for maximum efficiency is one. Questions about governance, sovereignty, the growing sophistication of cyberthreats, and escalating cost concerns are also […]
Vibe coding an AI governance platform forced me to rethink governance itself
For most of my career, governance operated on the assumption that technology evolves slowly enough for oversight processes to keep pace. Policies are written. Architecture reviews happen. Security teams validate controls. Compliance mappings are documented. Audit cycles verify implementation. That model worked reasonably well for traditional enterprise systems. It breaks down quickly once AI enters […]
AI doesn’t just make mistakes. It defends them
As enterprise AI governance has been emerging as a practice, it has rested on a reassuring idea: keep a human in the loop. Let the model generate and then let the person review. If something seems off, challenge it, correct it and move on. It sounds prudent. It also increasingly looks incomplete. A new Harvard […]
Snowflake recasts its AI strategy around action, not answers, with CoWork
Snowflake is adding workflow automation, multi-agent orchestration, and persistent user context to its AI-based enterprise data query platform, Intelligence — and renaming it CoWork. It’s a sign the company wants to move beyond simply generating insights and help CIOs translate their AI investments into operational outcomes, analysts said. Snowflake is previewing a new User Skills […]
Workday launches Agent Passport to test and monitor AI agents in the enterprise
Workday is aiming to help customers to develop and deploy agentic systems without compromising corporate security or compliance, unveiling a series of AI tools at its DevCon event this week. Chief among them is Agent Passport, which validates an agent’s safety and compliance both before it is deployed, and continuously during its operation. When an […]
New Threat Intelligence: The CrowdStrike 2026 Financial Services Threat Landscape Report
The financial services industry is the fourth most-targeted sector globally, accounting for 12% of all observed activity. eCrime and nation-state adversaries spanning all motivations target these organizations due to their unique convergence of valuable assets, strategic intelligence, and geopolitical significance. The CrowdStrike 2026 Financial Services Threat Landscape Report analyzes the key trends shaping the sector […]
Snowflake’s Horizon Context aims to give AI agents a common understanding of the business
As enterprises move from AI experimentation to production deployments, one challenge is becoming increasingly apparent: AI systems are only as reliable as the business context they operate in. Snowflake is attempting to address that problem with Horizon Context, a new set of semantic and metadata-management capabilities, currently in preview, that it unveiled Tuesday at its […]
Trump revives parts of canceled AI order with cybersecurity-focused directive
US President Donald Trump signed an executive order aimed at strengthening cybersecurity defenses and establishing a voluntary framework for cooperation between the federal government and developers of advanced artificial intelligence models, reviving portions of a broader AI initiative that he abruptly shelved less than two weeks ago. The order, “Promoting Advanced Artificial Intelligence Innovation and […]
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation. Tracked as CVE-2025-48595 (CVSS score: 8.4), the security flaw has been described as a case of privilege escalation without requiring any […]
Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversal flaw in WinRAR, to launch an HTML Application payload dubbed GammaPhish, which is then […]
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The vulnerability, CVE-2024-21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access to take control of susceptible servers. It was
Data of 600,000 Gaza households exposed in World Food Programme cyberattack
Jacob Goldberg and Irwin Loy report: A cyber-attack targeting the World Food Programme has exposed sensitive personal information belonging to some 600,000 households in Gaza, the UN’s food agency has confirmed, in what may be the largest-known breach of humanitarian beneficiary data to date. WFP is investigating a “security-related incident” in which “unauthorised actors” accessed… […]
Opinion 17/2026 on the draft decision of the Dutch Supervisory Authority regarding the Processor Binding Corporate Rules of the Infor Group
Opinion 17/2026 on the draft decision of the Dutch Supervisory Authority regarding the Processor Binding Corporate Rules of the Infor Group ipayotfr Tue, 02/06/2026 – 14:59 11 May 2026 Opinion 17/2026 121.2KB English Download Members: Netherlands Topics: Binding Corporate Rules International Transfers of Data
Opinion 16/2026 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Infor Group
Opinion 16/2026 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Infor Group ipayotfr Tue, 02/06/2026 – 14:51 11 May 2026 Opinion 16/2026 119.4KB English Download Members: Netherlands Topics: Binding Corporate Rules International Transfers of Data
Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked
Jason Koebler reports: Hackers say that they used Meta’s AI support chatbot to break into a host of high-profile Instagram profiles by asking the support bot to change the email address associated with the target account. The claims coincide with a series of high-profile Instagram account takeovers, including the Barack Obama White House account, the Chief Master… […]
Infected Red Hat npm packages expose developer credentials
Developers who pulled packages from Red Hat’s @redhat-cloud-services npm namespace over the weekend got a secret-stealing worm instead. Security researchers from several cybersecurity outlets are warning of a new supply chain attack compromising over 30 Red Hat Cloud Services-related npm packages to steal credentials, authentication tokens, and other secrets from developer environments. The campaign, which […]
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2022-0492 Linux Kernel Improper Authentication Vulnerability CVE-2025-48595 Android Framework Integer Overflow Vulnerability These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) […]
CISA and Partners Urge Hardening Automatic Tank Gauge Systems
CISA and Partners Urge Hardening Automatic Tank Gauge Systems Overview The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Department of Energy (DOE), the Environmental Protection Agency (EPA), the Transportation Security Administration (TSA), the Department of Transportation (DOT), and the U.S. Department of Agriculture (USDA)—hereafter […]
AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.
AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and indiscriminate exploitation observed across the internet is now measured in hours, not days. The […]
Inside FINRA Forward: A Conversation with FINRA Board Chair Scott Curtis
Inside FINRA Forward: A Conversation with FINRA Board Chair Scott Curtis K34433 Tue, 06/02/2026 – 07:39 On this episode, tune in to a conversation from FINRA’s 2026 Annual Conference, where FINRA Board Chair Scott Curtis and FINRA President and CEO Robert Cook discussed the partnership between board governance and executive leadership, and the strategic priorities […]
Attackers exploit Palo Alto GlobalProtect flaw days after disclosure
A Palo Alto Networks vulnerability that allows attackers to establish unauthorized VPN access into corporate networks is being actively exploited in the wild, weeks after the company disclosed the flaw as a medium-severity issue and said it was unaware of any attacks. However, according to Rapid7, threat actors began exploiting the bug within days of […]
19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access
Proof-of-concept (PoC) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux systems. The post 19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access appeared first on SecurityWeek.
As the Pentagon Pushes for Battlefield AI, Some Military Leaders Urge Caution
AI’s use in the military is part of the administration’s larger push to grow the capability it sees as a unique American advantage. The post As the Pentagon Pushes for Battlefield AI, Some Military Leaders Urge Caution appeared first on SecurityWeek.
Dragos Acquires xIoT Security Firm Phosphorus
Dragos said customers will soon gain expanded asset visibility and integrated device intelligence, with automated remediation workflows and a unified platform experience to follow. The post Dragos Acquires xIoT Security Firm Phosphorus appeared first on SecurityWeek.
Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs
Organizations are advised to patch CVE-2026-41089 as soon as possible, given its severity, the potential ongoing exploitation. The post Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs appeared first on SecurityWeek.
Dutch Police Dismantle Massive 17-Million-Device Botnet
Dutch authorities seized command-and-control servers tied to a botnet of infected computers, smartphones, and tablets that was allegedly used to power a residential proxy network and facilitate cybercrime. The post Dutch Police Dismantle Massive 17-Million-Device Botnet appeared first on SecurityWeek.
WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites
The security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations. The post WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites appeared first on SecurityWeek.
Oracle’s First Monthly Patches Resolve 77 Vulnerabilities
Oracle’s monthly Critical Security Patch Update (CSPU) rollouts are meant to deliver critical fixes faster. The post Oracle’s First Monthly Patches Resolve 77 Vulnerabilities appeared first on SecurityWeek.
Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads
Dashlane’s security systems automatically locked accounts to protect them against the hacking attempts. The post Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads appeared first on SecurityWeek.
Supply Chain Attack Hits 32 Red Hat NPM Packages
Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud. The post Supply Chain Attack Hits 32 Red Hat NPM Packages appeared first on SecurityWeek.
Meta AI Hands Over High-Profile Instagram Accounts to Hackers
Exploiting a confused deputy weakness, the hackers simply asked the chatbot to link the account to a new email address. The post Meta AI Hands Over High-Profile Instagram Accounts to Hackers appeared first on SecurityWeek.
How Leading Organizations Are Turning EDR Into Operational Resilience
Most organizations now recognize that endpoint protection alone is no longer sufficient. That’s why adoption of endpoint detection and response (EDR) has accelerated rapidly in recent years. Organizations understand that modern attacks move faster, evade traditional prevention controls, and require continuous visibility into suspicious activity across the environment. But owning EDR
Attack targeting OpenAI Codex users exposes AI software supply chain risks
A malicious npm package posing as a remote user interface for OpenAI Codex exfiltrated developer authentication tokens, after attackers allegedly published code to npm that was not visible in the project’s public GitHub repository. Researchers at Aikido said the package, called codexui-android, appeared to offer legitimate functionality while collecting authentication tokens and sending them to […]
Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT
Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan’s Ministry of Finance with an open-source remote access trojan called Xeno RAT. “The campaign opens with a spear phishing delivery – a ZIP archive containing a malicious LNK file bearing a carefully crafted Pashto-language filename,”
New Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd)
For a few days, my SANS ISC mailbox is flooded with emails that delivers SVG files. An SVG (“Scalable Vector Graphic”) is a web-friendly vector file format used for graphics and icons. No URL in the body, just “an image”, that’s the perfect way to deliver some malicious content. This isn’t the first time that we […]
7 tabletop exercise mistakes that sabotage incident response
Discussion-based, low-stress simulations during which IT, legal, and other key leadership stakeholders walk through theoretical scenarios to test their preparedness for cyber incidents is a popular and highly useful tool. Yet unless tabletop training is properly handled, the results can be misleading and potentially destructive. When your organization’s incident response training consistently fails to meet […]
Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
Password manager Dashlane has disclosed that “fewer than” 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party. On May 31, 2026, the company said an “external” threat actor launched a brute-force attack against certain Dashlane user accounts with the aim of breaking two-factor […]
ISC Stormcast For Tuesday, June 2nd, 2026 https://isc.sans.edu/podcastdetail/9954, (Tue, Jun 2nd)
Post Content
Alberto Daniel Hill’s Cybermidnight Coverage of the Latin American Digital Sovereignty Crisis (March–June 2026)
Alberto Daniel Hill’s report is a must-read for anyone who wants to begin to understand what is going on in Argentina, Uruguay, and Mexico with respect to digital security. One of the many limitations of being a solo blogger is that there are entire areas of the world or sectors I basically know nothing about… […]
25-01121.pdf
25-01121.pdf Anonymous (not verified) Mon, 06/01/2026 – 20:15 Case ID 25-01121 Forum FINRA Document Type Award Claimants Jason Nelson Respondents LPL Financial LLC Neutrals Terry M Lloyd Hearing Site Salt Lake City, UT Award Document 25-01121.pdf Documentum DocID 98ea2c77 Award Date Official Mon, 06/01/2026 – 12:00 Related Content Off Claimant Representatives Jennifer Cox Respondent Representatives […]
2023077612101 Clayton K. Shum CRD 4412927 AWC ks.pdf
2023077612101 Clayton K. Shum CRD 4412927 AWC ks.pdf Anonymous (not verified) Mon, 06/01/2026 – 16:00 Case ID 2023077612101 Document Number f30a7205 Document Type AWCs (Letters of Acceptance, Waiver, and Consent) Individuals Clayton K. Shum Action Date Mon, 06/01/2026 – 12:00 Related Content Off Attachment 2023077612101 Clayton K. Shum CRD 4412927 AWC ks.pdf Individual CRD 4412927
2021071808101 Fortrend Securities, Inc. CRD 32949 AWC ks.pdf
2021071808101 Fortrend Securities, Inc. CRD 32949 AWC ks.pdf Anonymous (not verified) Mon, 06/01/2026 – 16:00 Case ID 2021071808101 Document Number 61d89663 Document Type AWCs (Letters of Acceptance, Waiver, and Consent) Action Date Mon, 06/01/2026 – 12:00 Related Content Off Attachment 2021071808101 Fortrend Securities, Inc. CRD 32949 AWC ks.pdf
Upcoming June Meeting
Upcoming June Meeting K30658 Mon, 06/01/2026 – 15:12 June 2, 2026 The FINRA Board of Governors is holding its second meeting of the year this week. Items to be considered by the Board committees include the following: The Audit and Risk Committee will: review FINRA’s 2025 Annual Financial Report as part of the Board’s role […]
25-01034.pdf
25-01034.pdf Anonymous (not verified) Mon, 06/01/2026 – 15:10 Case ID 25-01034 Forum FINRA Document Type Award Claimants Sonali Patel Respondents LPL Financial LLC Neutrals Howard N. Gorney Dennis James Malloy Mark A. Sipper Hearing Site Portland, ME Award Document 25-01034.pdf Documentum DocID 9f460b0c Award Date Official Mon, 06/01/2026 – 12:00 Related Content Off Claimant Representatives […]
세일즈포스 헤드리스 360, CRM 비용도 사용량 과금 시대로 이끄나
수년 동안 기업용 소프트웨어 벤더들은 사용자를 자사 애플리케이션 안에 머물게 하기 위해 경쟁해 왔다. 그러나 AI 에이전트와 자동화 워크플로우의 확산으로 이러한 공식이 바뀌고 있다. 세일즈포스는 이에 발맞춰 지난달 새로운 헤드리스 360(Headless 360)을 출시하며 빠르게 대응에 나섰다. 세일즈포스 경영진은 수요일 진행된 실적 발표에서 헤드리스 360을 AI 시대를 위한 중요한 아키텍처 전환이자 새로운 수익 창출 기회로 규정했다. […]
The cloud strategy I helped build didn’t survive contact with AI. Here’s what we did next
I knew the plan was in trouble when a finance partner asked me a question I couldn’t answer cleanly. “How much of this cloud spend is experimentation, and how much is now becoming the new normal?” That should not have been a hard question. We had a mature cloud strategy. We had standards. We had […]
4 recs for CIOs to stay on the human side of AI transformation
It’s been recently reported that up to 27 million corporate roles across the Global 2000 are meaningfully exposed to AI-driven elimination, displacement, or fundamental redesign over the next three years. According to the report, however, most organizations sitting on top of these exposures have no coherent plan for what they’re doing with AI, let alone […]
State of the CIO, 2026: CIOs set the course for AI ROI
Drowning in hype and under pressure from top leadership, CIOs are racing to operationalize strategic AI initiatives in an effort to demonstrate — and more importantly, deliver — measurable ROI from this equally disruptive and transformative technology. The perpetual pipeline of AI pilots and rampant experimentation are giving way to a new mandate to prioritize […]
칼럼 | GPU 사용률이 낮다고 낭비일까? 보안 AI 학습에서 핀옵스가 놓치는 함정
기업의 클라우드 운영팀은 일반적으로 사용률 데이터를 기반으로 의사결정을 내리도록 훈련받아 왔다. 가상머신(VM)이 유휴 상태라면 더 작은 규모로 조정한다. 스토리지가 과도하게 할당돼 있다면 회수한다. GPU 사용률이 낮게 나타난다면 작업을 더 작은 인스턴스로 옮긴다. 이러한 접근 방식은 현대 핀옵스(FinOps)의 핵심 원칙이다. 조직이 낭비를 줄이고 예측 정확도를 높이며 클라우드 비용을 통제하는 데 도움을 준다. 하지만 보안 AI 학습은 […]
The neocloud vendor trap: New infrastructure, same old risk
There is a governance gap at the center of enterprise AI infrastructure strategy. Most organizations cannot see it because they have not yet been forced to look. Neoclouds have moved from early-adopter experiments to mainstream enterprise deployments. The risk frameworks required to govern those deployments have not kept pace. The CIOs who close it first […]
La IA cambiará la banca “de manera radical”, según Carlos Casas, CIO global de BBVA
Para Carlos Casas, CIO global de BBVA y responsable de la tecnología, procesos, operaciones y seguridad del gigante bancario español, el momento de transformación actual propiciado por el auge de la inteligencia artificial es “estructural” y no solo impacta al ámbito tecnológico, sino a los modelos de negocio de todas las empresas de todos los […]
AI innovation moves fast. Security must help it move faster.
Organizations are using copilots, autonomous agents, and AI-driven workflows to move faster, make smarter decisions, improve productivity, and unlock new ways of working. In many industries, the winners will not simply be the companies that adopt AI, but the ones that can operationalize it quickly, confidently, and at scale. But accelerated innovation also introduces a […]
AWS Transform migration: How Clearscale compresses enterprise modernization
AWS Transform (ATX) is Amazon’s agentic AI service purpose-built to automate enterprise cloud migrations for VMware, .NET, and mainframe workloads. Clearscale operationalizes AWS Transform through the Clearview Migration Methodology, enabling organizations to modernize up to 5x faster than manual efforts and reduce execution time by up to 80%. Technical leaders live in the tension between […]
Oracle’s first monthly patch release fixes 35 flaws, including 11 rated ‘critical’
Oracle has released the first security fixes in its new monthly Critical Security Patch Update (CSPU) cycle, designed to address urgent vulnerabilities that can’t wait for the company’s quarterly patching. The initial batch addresses 35 flaws, including several for which exploit code is publicly available. In total, there are 11 flaws rated ‘critical’, 18 rated […]
Oracle’s first monthly patch release fixes 35 flaws, including 11 rated ‘critical’
Oracle has released the first security fixes in its new monthly Critical Security Patch Update (CSPU) cycle, designed to address urgent vulnerabilities that can’t wait for the company’s quarterly patching. The initial batch addresses 35 flaws, including several for which exploit code is publicly available. In total, there are 11 flaws rated ‘critical’, 18 rated […]
24-02464.pdf
24-02464.pdf Anonymous (not verified) Mon, 06/01/2026 – 13:55 Case ID 24-02464 Forum FINRA Document Type Award Claimants Galina Losch Respondents J.P. Morgan Securities, LLC Neutrals Mary Ann Etzler Hearing Site Orlando, FL Award Document 24-02464.pdf Documentum DocID 2b7ff790 Award Date Official Fri, 05/29/2026 – 12:00 Related Content Off Claimant Representatives Jennifer P. Farrar Respondent Representatives […]
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. “This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s “AI support assistant” bot into resetting account passwords. A screenshot from a video released on […]
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some “patched-ish” thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productivity, and AI lowering the bar for people who already […]
Flowise’s MCP implementation can run ghost commands
Enterprises using the lightweight, open-source Flowise platform to power self-hosted AI workloads have a new near-max severity issue to worry about. Researchers at Obsidian Security have detailed a one-click remote code execution (RCE) vulnerability affecting self-hosted Flowise deployments through its implementation of Model Context Protocol (MCP) stdio servers. The problem is essentially a sandboxing failure […]
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-21182 Oracle WebLogic Server Unspecified Vulnerability This type of vulnerability is a frequent attack vectors for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of […]
China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan
A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to Seqrite Labs, targets of the campaign include government, research, academic, technology, and financial services sectors. The activity entails distributing spear-phishing emails containing ZIP attachments
The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools
Three years ago, the practical question for an MSP building a cybersecurity practice was which “vCISO platform” to buy. The term was good shorthand for the work at the time: assessments, advisory, reporting, maybe a compliance module bolted on the side. The work has since outgrown the descriptor. A Security Growth Platform is the more […]
Recent Palo Alto Networks Vulnerability Exploited for Weeks
Hackers began exploiting CVE-2026-0257, an authentication bypass in Palo Alto Networks PAN-OS, four days after public disclosure. The post Recent Palo Alto Networks Vulnerability Exploited for Weeks appeared first on SecurityWeek.
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that’s targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for download from […]
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious administrator accounts on susceptible sites. WP Maps Pro allows site owners to embed customizable Google Maps and OpenStreetMap with markers, listings, and advanced location […]
6 critical security gaps every CISO must address
CISOs acknowledge that no organization is completely safe, but many also admit their security measures aren’t where they’d like them to be. One-third of CISOs surveyed for Proofpoint’s 2025 Voice of the CISO Report said the data within their organization is not adequately protected, and 58% said their organizations were unprepared to respond to a […]
CSO30 ASEAN & Hong Kong Awards 2026 open for nominations
The CSO30 ASEAN & Hong Kong Awards return in 2026, as an important moment to recognise the cybersecurity leaders and teams who are making resilience measurable across the region. In a landscape shaped by rapid threat evolution, board-level scrutiny and rising expectations of business continuity, these awards spotlight the people and programmes that are turning […]
ISC Stormcast For Monday, June 1st, 2026 https://isc.sans.edu/podcastdetail/9952, (Mon, Jun 1st)
Post Content
Unidentified RAT pushes NetSupport RAT, (Mon, Jun 1st)
Introduction