Plus, SpaceX makes Cursor deal, and AI struggles to replace stenographers.

Read more →

Attackers have been spotted exploiting three vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) in FortiSandbox, a platform that other Fortinet security products depend on for threat verdicts to enforce blocking decisions and trigger automated responses. The warning came on Monday from threat intelligence company Defused, which said that the exploit for one of the flaws is vibecoded, and…

Read more →

New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and data extortion group Vice Society.

Read more →

Hot on the heels of its massive, out-of-this-world IPO and valuation, SpaceX now intends to buy the Cursor AI coding agent.

Read more →

ETD earned the AAA award in the May 2026 SE Labs Advanced Email Security Evaluation, achieving a 94% Total Accuracy Rating across all tested threat categories.

Read more →

Las Vegas, USA / Nevada, 16th June 2026, CyberNewswire

Read more →

Beyond the flashy new upgrades, iOS 27 has several lesser-known changes that also work on older iPhones.

Read more →

Opening a new social media account in the UK will soon mean proving you’re over 16 with an ID upload or a facial age scan, under a government ban on under-16s taking effect in spring 2027. Security experts warn the age checks are easy to circumvent and create new data-breach risks. […]

Read more →

China-linked SprySOCKS backdoor gains stealthy Windows variants and 30-plus C2 commands

Read more →

Prime Day is earlier this year, so I’ve rounded up some of the best early laptop deals live now, including the latest MacBooks and gaming laptops.

Read more →

The DragonForce ransomware group used a custom malware called Backdoor.Turn to hide command-and-control traffic inside Microsoft Teams relay infrastructure during an intrusion at a U.S. services company, according to Symantec. DragonForce is a ransomware-as-a-service operation that has been active since 2023. The group provides affiliates with ransomware tools and supporting services in exchange for a…

Read more →

Three FortiSandbox flaws, including one patched last week, are being actively exploited, highlighting the shrinking window for defenders. Cybersecurity firm Defused Cyber confirmed it’s seen active exploitation of three vulnerabilities in Fortinet FortiSandbox within a 24-hour window. Two of them had patches sitting available since April. The third got fixed last week, which, apparently, wasn’t…

Read more →

GhostTree uses recursive NTFS junctions to generate vast numbers of valid Windows file paths. Varonis explains how the technique could cause Microsoft Defender folder scans to never complete, leaving malware undetected. […]

Read more →

TekStream has announced the launch of TekStream Proactive Cyber Defense, a new expert-operated security service powered by Cosmos, the company’s cyber defense intelligence platform. The launch comes as organizations face a rapidly changing threat landscape shaped by AI-accelerated attacks, autonomous adversary capabilities, growing operational complexity, and increasingly fragmented security environments. Recent developments in autonomous offensive…

Read more →

The U.S. Federal Trade Commission (FTC) warned that Americans lost $3.5 billion to imposter scams in 2025, with reported losses nearly tripling since 2020. […]

Read more →

  We are pleased to welcome the newest organizations that have joined as Associate Participating Organizations of the PCI Security Standards Council (PCI SSC). These organizations play a crucial role in supporting the evolution of the PCI security standards and programs and promoting the implementation of PCI security standards worldwide to protect payment data. We…

Read more →

Rokarolla Android trojan steals banking logins and spies on victims while blocking fraud alerts

Read more →

Security researchers at Zimperium’s zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends SMS, rewrites the clipboard to redirect crypto payments, and switches off Google Play

Read more →

In this post, I will talk about the best SendGrid alternatives for Developers in 2026. SendGrid has been the developer’s default choice for years, but complaints like deliverability issues on shared IP pools and PHP SDK that ships the entire platform keep surfacing among engineering teams. This guide compares four providers worth considering if you…

Read more →

Attorney Mark Meckler, who has spent more than two decades working in internet advertising law, recently shared his insights on how big tech is using your data. His observations highlight a growing concern within both the privacy and cybersecurity communities: most consumers unknowingly contribute massive amounts of data that ultimately fuel artificial intelligence (AI) systems…

Read more →

New York, United States of America, 16th June 2026, CyberNewswire

Read more →

SAP security is getting a round-the-clock upgrade as Pathlock and NTT DATA Business Solutions join forces to tackle growing cyber risks. On Tuesday, Pathlock announced a global strategic partnership with NTT DATA Business Solutions to deliver managed SAP cybersecurity services to enterprise customers worldwide. Partnership adds managed SAP cybersecurity services The alliance brings together Pathlock’s…

Read more →

Zimperium researchers discover a new mobile Trojan that hijacks clipboards, blocks bank calls, and takes complete control of Android devices.

Read more →

Teleport has announced the debut of two foundational capabilities of its Agentic Identity Framework in the public beta of Beams: LLM Proxy and Delegated Identity. These capabilities address a critical gap in how organizations deploy AI agents: the lack of identity, access control, and auditability at the two most consequential points in an agentic workflow—what…

Read more →

Radware has announced AI Xploit Shield, a new service that provides organizations with protection for their applications and APIs from exploitation of newly discovered vulnerabilities. As emerging frontier AI models like Mythos from Anthropic accelerate vulnerability discovery, organizations face a growing challenge: the volume of newly discovered vulnerabilities is accelerating while the window between vulnerability…

Read more →

ISSA study finds most security professionals feel challenged by colleagues’ involvement in cyber

Read more →

Google is warning of a cyber espionage campaign linked to a China-nexus threat actor, UNC6508, that kept close tabs on valuable US and Canadian research environments for over a year. The campaign abused REDCap, a widely adopted platform for collecting and managing research data. Attackers, now disrupted, intercepted REDCap’s upgrade process to inject persistence malware.…

Read more →

Command and control traffic exploited a Teams visitor token to make malicious activity look legitimate to defenders

Read more →

Read more →

The growing list includes 26 CISO and CSOs, 21 CEOs, and experts from companies including Google, Sophos and NVIDIA.

Read more →

Athena is a new an industry coalition to fix the vulnerabilities frontier AI models find before attackers can exploit them

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an actively exploited vulnerability (CVE-2026-54420) in the LiteSpeed cPanel user-end plugin. […]

Read more →

Thanks to Uncle Sam, anyone trying to find nonconsensual intimate deepfakes on CFake.com and SOCFake.com will be disappointed. The US Departments of Justice (DOJ) and Homeland Security has seized the two domain names under the TAKE IT DOWN Act. The TAKE IT DOWN Act, signed in May 2025, is the first US federal statute criminalizing…

Read more →

Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours. CVE-2026-39813 (CVSS score: 9.1) refers to a path traversal vulnerability in FortiSandbox JRPC API that…

Read more →

DragonForce ransomware used a custom malware named ‘Backdoor.Turn’ to hide command-and-control traffic inside Microsoft Teams relay infrastructure. […]

Read more →

Scammers behind cryptocurrency investment schemes are dispatching couriers to pick up cash from victims in person, the FBI warns. According to the agency, scammers usually approach victims through social media, text messages, or fake investment personas, luring them into cryptocurrency schemes that use fraudulent trading platforms and fabricated returns to encourage additional deposits. When financial…

Read more →

Audible’s Prime Day deal is now live – and you’ll be glad you tried it. Here’s what to know.

Read more →

Cisco has released fixes for a vulnerability in its Catalyst SD-WAN Manager software after becoming aware of limited exploitation of the flaw, which could allow an authenticated attacker to create or overwrite files that may later be used to gain root privileges. The vulnerability, tracked as CVE-2026–20262, affects the web interface of Cisco Catalyst SD-WAN…

Read more →

Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. “The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS,” ESET said in a report shared with The Hacker News. “Both come with a hard-coded C&C [command-and-control] configuration and support communication over TCP, UDP,

Read more →

Anthropic’s apparent inability to identify which of its users are foreign nationals has led to some collateral damage from a US export ban on its most powerful AI models — but there is a way around it, at least for some. On Friday, the US government ordered Anthropic to suspend access to Fable and Mythos,…

Read more →

Smartphone exposure haunts the stock despite diversifying into cars and data centers.

Read more →

Software supply chain visibility is becoming part of product security work as the EU Cyber Resilience Act (CRA) moves toward application in December 2027. ENISA’s SBOM Adoption State of Play 2026 shows organizations preparing for CRA obligations through SBOM tooling, automation, and changes to software development practices. Level of SBOM adoption based on organisation size…

Read more →

Attackers are now exploiting several critical vulnerabilities in Fortinet’s FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. […]

Read more →

Zero trust is 15 years old, and like many teenagers, it can feel misunderstood and underappreciated. The concept of zero trust was first defined by John Kindervag, a Forrester analyst at the time, as a strategy to replace the outmoded perimeter security model with a “never trust, always verify” approach. But going from principle to…

Read more →

Windows variants for the SprySOCKS Linux malware have been used in attacks targeting government organizations in at least four countries. […]

Read more →

Cyberattacks against hospitality, travel, and recreation organizations rose 24% year over year, reaching an average of 2,291 incidents per organization each week in May 2026, according to Check Point. (Source: Check Point) “The sector has more than doubled its attack volume since May 2023,” researchers noted, reporting a cumulative increase of 122% over three years.…

Read more →

The FBI claims couriers are being used to circumvent bank transfers in crypto investment schemes

Read more →

The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT. “The attack email contained a message impersonating an MS account security alert,” the Genians Security Center (GSC) said. “It was designed to create concern over possible

Read more →

China’s UNC6508 hid in North American medical research networks for 2 years, stealing credentials and forwarding emails to Gmail Google’s Threat Intelligence Group published a report this week on UNC6508, a China-linked cyberespionage group that breached North American medical and military research organizations and stayed hidden for more than two years. The earliest confirmed intrusion…

Read more →

Mobile devices across Australia may soon receive a test alert as part of the Australian Government’s new emergency messaging system.

Read more →

Hot AI companies can’t stop talking about forward-deployed engineers (FDEs), which are now very much in vogue.  FDEs, in case you haven’t heard, are hired by companies looking (hoping?) to successfully deploy AI tools and services. It’s one of the hotter professions in a world still trying to understand the impact of AI on careers.…

Read more →

Digital healthcare company iRhythm Holdings has disclosed a data breach after hackers stole patients’ personal and health information stored on third-party-hosted business applications. […]

Read more →

Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0. “A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated,…

Read more →

In this interview with Help Net Security, Oscar Andersson, CTO at Oplane, explains why most scanning tools fail. They cry wolf, flagging threats that cannot run in real code. The argument centers on reachability. A finding counts only when someone walks the path to impact on a working build. He shows how a chain of…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026. The vulnerability in question is CVE-2026-54420 (CVSS score: 8.5), which has been described as a case…

Read more →

Across large enterprises, a single question keeps surfacing when teams want to put customer data to work. Can this record be used for a given purpose, and does the consent behind it still hold? The data sits in warehouses and customer databases, and the ability to answer that question often lags behind. That delay carries…

Read more →

NEC Australia and Exabeam today announced the expansion of their strategic partnership to help organisations across Australia strengthen security operations and reduce insider…

Read more →