Weekly Review, 2026-06-15
Weekly Review - June 15, 2026
Covers 7 daily digests (2026-06-09 to 2026-06-15).
All summaries, analysis, and story clustering are done by an LLM. It may make mistakes and say incorrect things. Check the sources and support the actual journalists.
Top Stories
1. Nation-state actors use Anthropic models to automate cyberattack chains via prompting
5 outlets, 2026-06-12 to 2026-06-15 - severity 4/5
The United States government issued a national security directive ordering Anthropic to disable access to its Claude Fable 5 and Mythos 5 AI models for all foreign nationals due to export control and cybersecurity risks. The Department of Commerce implemented these restrictions following evidence that nation-state actors and cybercriminals were using foundational models to automate attack chains, identify vulnerabilities, and develop malicious code through "Defense Oriented Prompting" techniques. While the models were initially released to enterprise customers and security researchers via Project Glasswing, Anthropic subsequently disabled global access to both models to ensure compliance with the order, which includes restrictions on foreign-born employees. The scope of the situation involves the potential for autonomous malware operations and end-to-end cyberattacks as identified by the UK’s AI Security Institute and various threat intelligence groups. As of mid-June 2026, users attempting to access Fable 5 or Mythos 5 are redirected to default models like Claude Opus 4.8, and the industry remains under increased regulatory scrutiny following executive orders for mandatory frontier model testing.
Sources
- US Gov asks Anthropic to ban 'foreign national' access to Fable, Mythos - BleepingComputer, 2026-06-13 (quality: 18/21)
- Anthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export Controls - SecurityWeek, 2026-06-13 (quality: 18/21)
- U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals - The Hacker News, 2026-06-13 (quality: 18/21)
- Anthropic disables new models after government calls them a national security concern - CyberScoop, 2026-06-13 (quality: 19/21)
- US Cracks Down on Anthropic AI Models Amid Abuse Concerns - darkreading, 2026-06-15 (quality: 20/21)
2. ShinyHunters exploit CVE-2026-35273 in Oracle PeopleSoft to target organizations
7 outlets, 2026-06-09 to 2026-06-13 - severity 4/5
The threat group ShinyHunters exploited a critical zero-day vulnerability, identified as CVE-2026-35273, to target over 100 organizations through unauthenticated remote code execution in the Oracle PeopleSoft Environment Management Hub (EMHub). The attack campaign, which began around May 27, 2026, targeted approximately 300 PeopleSoft instances, with a heavy concentration of victims in the higher education sector. The University of Nottingham confirmed that the breach resulted in the theft of significant amounts of student and alumni data, including financial information, national insurance numbers, and personal identifiers. Following the exploitation, ShinyHunters published stolen data on its leak site and began naming specific victims to facilitate extortion. In response to the activity, Oracle released a security advisory on June 10, 2026, and the Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities catalog.
Sources
- University of Nottingham confirms cyber incident as Shiny Hunters group claims data theft - The Record from Recorded Future News, 2026-06-11 (quality: 17/21)
- Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters - SecurityWeek, 2026-06-12 (quality: 20/21)
- ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities - The Hacker News, 2026-06-11 (quality: 11/21)
- ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw - CyberScoop, 2026-06-12 (quality: 20/21)
- ShinyHunters linked to exploitation of critical flaw in Oracle PeopleSoft - Cybersecurity Dive - Latest News, 2026-06-12 (quality: 20/21)
- ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed - darkreading, 2026-06-12 (quality: 20/21)
- 8th June – Threat Intelligence Report - Check Point Research, 2026-06-08 (quality: 15/21)
3. NSO Group targets WhatsApp users with malicious phishing links campaign
6 outlets, 2026-06-09 to 2026-06-10 - severity 4/5
NSO Group engaged in social engineering and phishing campaigns targeting WhatsApp users by using malicious links to redirect individuals to external websites. This activity occurred despite a permanent injunction issued in October 2025 that barred the firm from targeting the messaging platform. Meta detected and disrupted these attempts, which included the creation of test accounts and groups used by the attackers. In response to these violations, Meta filed a federal court contempt order against NSO Group. While previous exploits involving NSO Group targeted approximately 1,400 users via zero-click vulnerabilities, the current campaign utilized 1-click phishing methods. The situation remains ongoing as legal proceedings regarding the breach of the court order continue.
Sources
- Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint - CyberScoop, 2026-06-08 (quality: 18/21)
- WhatsApp says NSO targeted users with spearfishing attacks in violation of court order - The Record from Recorded Future News, 2026-06-08 (quality: 18/21)
- WhatsApp says it disrupted new NSO spyware phishing attacks - BleepingComputer, 2026-06-08 (quality: 16/21)
- WhatsApp Catches Spyware Firm NSO Defying No-Hacking Court Order - SecurityWeek, 2026-06-08 (quality: 18/21)
- Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order - The Hacker News, 2026-06-08 (quality: 10/21)
- NSO Group Hacking WhatsApp Despite Court Order - Schneier on Security, 2026-06-10 (quality: 10/21)
4. Shai-Hulud worm targets npm and PyPI in supply-chain campaign
4 outlets, 2026-06-09 to 2026-06-13 - severity 5/5
The Miasma/Shai-Hulud supply-chain campaign utilizes an autonomous, worm-like framework to target developer environments and open-source ecosystems, specifically targeting npm and PyPI. The attack chain began with the Shai-Hulud self-replicating worm and evolved into more advanced variants like Miasma, which uses GitHub itself as command-and-control infrastructure to steal cloud credentials, GitHub tokens, and secrets from CI/CD systems and password managers. The campaign compromised 32 Red Hat npm packages via a compromised employee account and expanded to the PyPI ecosystem through the Hades attack, affecting at least 48 packages including bioinformatics tools like Dynamo and Spateo. The scope grew to include Microsoft-owned organizations, leading GitHub to disable 73 repositories across Azure, MicrosoftDocs, and Azure-Samples due to malicious content concerns. Technical mechanisms include using *-setup.pth files and obfuscated JavaScript payloads to execute during Python startup, as well as a "dead-man switch" that executes destructive commands if stolen tokens are revoked. As of the latest developments, threat actors have used compromised developer accounts to leak the Miasma source code on GitHub via a repository named "Miasma-Open-Source-Release."
Sources
- GitHub disables Microsoft repos pushing password-stealing malware - BleepingComputer, 2026-06-09 (quality: 19/21)
- Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues - The Hacker News, 2026-06-09 (quality: 20/21)
- Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories - darkreading, 2026-06-09 (quality: 10/21)
- The ‘Miasma’ worm source code briefly leaked on GitHub - BleepingComputer, 2026-06-10 (quality: 17/21)
- New Shai-Hulud attack trojanizes 19 science-focused PyPI packages - BleepingComputer, 2026-06-08 (quality: 18/21)
- Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks - SecurityWeek, 2026-06-09 (quality: 20/21)
- Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer - The Hacker News, 2026-06-09 (quality: 20/21)
5. China-based Outsider Enterprise targeted Android users via AI-generated phishing campaigns
4 outlets, 2026-06-13 to 2026-06-15 - severity 4/5
The FBI, Google, and Lumen Technologies dismantled Outsider Enterprise, a China-based phishing-as-a-service (PhaaS) network, through coordinated law enforcement actions named Operation Ghost Hook and Operation Riptide. The threat actor utilized AI platforms like Gemini to generate custom code for phishing lures, distributing these kits via SMS messages to Android users across 54 to 55 countries. This infrastructure facilitated the creation of 9,000 fake websites and over 1.59 million fraudulent URLs, resulting in an estimated $1.9 billion in financial losses and the theft of approximately 3.9 million credit cards. The takedown involved the seizure of administration servers, a Shopify storefront, a Telegram bot containing customer information, and roughly $100,000 in USDT from payment wallets. In response, the FBI redirected thousands of phishing domains to an official splash page, while Google filed a civil lawsuit and coordinated with AT&T, T-Mobile, and Verizon to block fraudulent messages.
Sources
- FBI takes down massive China-based cybercrime network that caused $1.9B in losses - CyberScoop, 2026-06-12 (quality: 20/21)
- Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing - The Hacker News, 2026-06-12 (quality: 20/21)
- FBI disrupts massive AI-powered phishing service using a million URLs - BleepingComputer, 2026-06-14 (quality: 18/21)
- FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service - SecurityWeek, 2026-06-15 (quality: 19/21)
6. CISA Implements New Vulnerability Management Framework for Federal Agencies via BOD 26-04
6 outlets, 2026-06-10 to 2026-06-12 - severity 3/5
The Cybersecurity and Infrastructure Security Agency (CISA) has implemented a new risk-based vulnerability management framework for federal agencies through the issuance of Binding Operational Directive (BOD) 26-04. Building upon the existing Known Exploited Vulnerabilities (KEV) catalog, this directive mandates specific remediation timelines based on an asset's exposure and the technical impact of a flaw. Federal agencies must now patch vulnerabilities within 72 hours if they are publicly exposed, listed in the KEV catalog, and capable of being exploited via automation or resulting in total system control. To support this transition, CISA is developing standardized data schemas for machine-level asset tagging to ensure agencies can accurately inventory externally accessible assets. The directive requires agencies to update their internal security policies, automate reporting of KEV status, and provide these updated protocols to CISA upon request.
Sources
- CISA to transform how it assesses cyber vulnerabilities and risks, Andersen says - The Record from Recorded Future News, 2026-06-09 (quality: 18/21)
- CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector - CyberScoop, 2026-06-09 (quality: 18/21)
- CISA directive orders agencies to prioritize vulnerability patching in a new way - CyberScoop, 2026-06-10 (quality: 20/21)
- CISA to require federal agencies to patch some cyber vulnerabilities within 3 days - The Record from Recorded Future News, 2026-06-10 (quality: 19/21)
- CISA Rewrites Federal Patching Requirements for AI Threat Era - darkreading, 2026-06-10 (quality: 20/21)
- CISA gives agencies new vulnerability remediation deadlines that take risk levels into account - Cybersecurity Dive - Latest News, 2026-06-10 (quality: 9/21)
- CISA tells govt agencies to patch critical exploited flaws in 3 days - BleepingComputer, 2026-06-11 (quality: 12/21)
- CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk - SecurityWeek, 2026-06-11 (quality: 19/21)
7. Former Coupang employee stole authentication key causing massive customer data breach
2 outlets, 2026-06-12 to 2026-06-13 - severity 5/5
A former Coupang employee stole an authentication signing key for an alternative system before leaving the company in late 2024, enabling a massive data breach that affected over 37 million customers. The perpetrator used the stolen key to conduct test runs in January 2025 and subsequently cycled through member ID numbers to harvest delivery information and access account edit pages approximately 35 million times between June and October 2025. This unauthorized access allowed for the collection of names, email addresses, and delivery details. Following the breach, Coupang was investigated by the Personal Information Protection Commission (PIPC) for deficiencies in safety management and for failing to notify non-member victims. The investigation also uncovered that Coupang manually deleted approximately six months of web access logs in late 2025 and faced an obstruction inquiry involving Acting CEO Harold Rogers. As of June 2026, the PIPC has imposed a fine of 624.6 billion won (approximately $409 million) on Coupang and its subsidiary, Coupang Fulfillment Services.
Sources
- Coupang hit with record $409 million data breach fine in Korea - BleepingComputer, 2026-06-11 (quality: 13/21)
- South Korea hits Coupang with record $409 million fine over data breach - The Record from Recorded Future News, 2026-06-12 (quality: 20/21)
8. Misere breached Tchap messaging platform through an account hijacking attack
2 outlets, 2026-06-09 to 2026-06-15 - severity 4/5
A threat actor known as "misere" breached the Tchap messaging platform, a secure communication tool used by the French government, through an account hijacking attack involving social engineering. The breach, which occurred around June 7, 2026, allowed the attacker to scrape approximately 640,000 to 650,000 plaintext messages and access unencrypted data from public chat rooms. The scope of the incident affected roughly 73,467 accounts—less than 9% of the platform's 825,000 users—exposing names, email addresses, professional affiliations, and metadata. Additionally, the attacker claimed to have stolen 13.5GB of documents and media files, potentially leveraging hardcoded LDAP credentials allegedly leaked via a PowerShell script. In response, France's digital affairs directorate (DINUM) identified and blocked the compromised account, while the French Cybersecurity Agency (ANSSI) and the data protection authority (CNIL) were notified of the exposure.
Sources
- French govt messaging service breached in account hijacking attack - BleepingComputer, 2026-06-09 (quality: 19/21)
- Over 73,000 French govt employees affected in Tchap messenger breach - BleepingComputer, 2026-06-12 (quality: 18/21)
- French Government Messaging Platform Breached by Mysterious ‘Misere’ Hacker - SecurityWeek, 2026-06-15 (quality: 17/21)
Under the Radar
High-severity stories that received limited coverage this period.
Gentlemen ransomware group targets internet-facing devices using worm-like malware capabilities
3 outlets, 2026-06-11 to 2026-06-12 - severity 4/5
The Gentlemen ransomware group, a ransomware-as-a-service (RaaS) operation, has claimed at least 478 victims since its inception in mid-2025. The group's administrator, identified through backend infrastructure and forum activity as Alexander Andreevich Yapaev (also known as Hastalamuerte or Zeta88), utilizes a 90/10 revenue split to attract affiliates. Originally operating as an affiliate for LockBit, Qilin, and Medusa, the group now deploys its own malware which possesses worm-like capabilities to spread through networks. The attack chain typically begins with the exploitation of internet-facing devices, such as VPNs and firewalls, to encrypt entire networks within hours using double extortion tactics. As of June 2026, the group remains highly active, having recorded more than 240 victims in the first half of the year alone.
Why it matters: The group uses worm-like malware for widespread exploitation and has a confirmed high victim count of nearly 500 organizations.
Sources
- Who Runs the Ransomware Group ‘The Gentlemen?’ - Krebs on Security, 2026-06-10 (quality: 19/21)
- The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm - The Hacker News, 2026-06-11 (quality: 12/21)
- A tale of two eras - Cisco Talos Blog, 2026-06-11 (quality: 12/21)
Volt Typhoon uses JDY botnet to scan United States military networks
2 outlets, 2026-06-11 - severity 4/5
The Volt Typhoon threat actor has expanded the JDY botnet to over 1,500 compromised SOHO and IoT devices to conduct distributed scanning and fingerprinting against United States military and associated networks. The botnet utilizes MIPS-based architectures from vendors including Cisco, Ubiquiti, DrayTek, and Fortinet to perform service discovery, banner grabbing, and flaw-focused reconnaissance, such as targeting the FortiClient EMS flaw (CVE-2026-35616). Operators manage the infrastructure via hidden Tor services and occasionally employ the Platypus reverse-shell framework, using high-speed raw SYN scanning when administrative privileges are obtained. The botnet's growth from approximately 650 bots in January 2024 to its current scale demonstrates a rapid operationalization of reconnaissance data following public vulnerability disclosures.
Why it matters: Confirmed widespread exploitation of SOHO/IoT devices by a known China-nexus APT targeting critical US military and associated networks.
Sources
- China-linked JDY botnet expands targeting of U.S. military networks - BleepingComputer, 2026-06-10 (quality: 20/21)
- China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance - The Hacker News, 2026-06-10 (quality: 12/21)
Unknown attackers exploited ServiceNow API flaw to query customer instance tables
2 outlets, 2026-06-10 - severity 4/5
Unknown attackers exploited an unauthenticated access flaw in a ServiceNow API endpoint to query customer instance tables. The vulnerability, which lacked a CVE identifier, involved a REST endpoint—specifically /api/now/related_list_edit/create—that may have been configured to allow requests without authentication. The exploitation affected a subset of customers using the Australia platform release or older releases with specific configurations, potentially exposing sensitive data such as IT support tickets, employee records, and authentication secrets. ServiceNow applied a security update on June 5, 2026, to restrict access to authenticated users only, following claims that the company had been aware of the issue internally since April 7, 2026.
Why it matters: Confirmed exploitation of a widespread platform allowed unauthenticated attackers to query sensitive customer data, including employee records and authentication secrets.
Sources
- ServiceNow discloses security incident exposing customer data - BleepingComputer, 2026-06-09 (quality: 17/21)
- ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances - The Hacker News, 2026-06-10 (quality: 15/21)
Attackers Compromised PushEngage and OptinMonster WordPress Plugins via Supply Chain Attack
1 outlet, 2026-06-15 - severity 4/5
Attackers compromised the supply chain of the PushEngage and OptinMonster WordPress plugins by tampering with their distribution scripts to plant hidden backdoors. This manipulation allowed unauthorized access to any website running the affected plugin versions by executing malicious code during the update or installation process. The attack targeted the integrity of the plugin's source files, enabling the deployment of persistent access mechanisms across compromised WordPress installations.
Why it matters: A supply chain attack involving tampered scripts in popular plugins enables widespread backdoor access and potential mass exploitation of WordPress sites.
Sources
- Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites - The Hacker News, 2026-06-15 (quality: 20/21)
All Stories by Category
Vulnerabilities & Patches
- Claude Mythos Preview identified vulnerabilities and exploited FreeBSD NFS server CVE-2026-4747 (2026-06-10, 3 outlets, severity 4/5)
- Anthropic rolls out Claude Fable 5, but it's available for a limited time - BleepingComputer
- Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards - The Hacker News
- Anthropic’s new model is Mythos on a leash - CyberScoop
- Nightmare-Eclipse Releases RoguePlanet Exploit Targeting Windows Defender Zero-Day (2026-06-11, 1 outlet, severity 4/5)
- Russian Hackers Use WinRAR CVE-2025-8088 to Target Ukrainian Organizations (2026-06-10, 1 outlet, severity 4/5)
- OpenClaw AI Agent Vulnerable to Code Execution and Data Leaks (2026-06-12, 1 outlet, severity 3/5)
- Microsoft Patch Tuesday Hits Record 206 Vulnerabilities in June (2026-06-10, 2 outlets, severity 2/5)
- Microsoft June 2026 Patch Tuesday, (Tue, Jun 9th) - SANS Internet Storm Center, InfoCON: green
- Blame AI: Patch Tuesday Hits Record 206 CVEs - darkreading
- CISOs Shift Budgets to BAS as AI Accelerates Vulnerability Weaponization (2026-06-11, 1 outlet, severity 1/5)
- Microsoft and Google Patch Critical Vulnerabilities in Weekly Security Update (2026-06-15, 1 outlet, severity 1/5)
- A week in security (June 8 – June 14) - Malwarebytes
Data Breaches
- 23andMe Data Breach Settlement Fund Receives $47 Million Approval (2026-06-13, 1 outlet, severity 4/5)
- Bankruptcy admin approves settlement fund of $47 million for 23andMe data breach victims - The Record from Recorded Future News
- Attackers access Novo Nordisk systems and copy non-public clinical trial data (2026-06-12 to 2026-06-15, 2 outlets, severity 3/5)
- Pharma giant Novo Nordisk discloses breach of clinical trials data - BleepingComputer
- Ozempic Maker Novo Nordisk Says Hackers Breached IT Systems - SecurityWeek
- Kyushu Electric Power loses data of 10.9 million customers (2026-06-12, 1 outlet, severity 3/5)
- Japanese energy firm loses drive with data of 10.9 million clients - BleepingComputer
- VRChat Data Breach Exposes Information of 2.4 Million Users (2026-06-11, 1 outlet, severity 3/5)
- Data of 2.4 million VRChat users stolen - Malwarebytes
- Argentina Squad Sheet Leak Exposes Lionel Messi’s Passport Details (2026-06-13, 1 outlet, severity 2/5)
- Milestone Reached: Author Tracks 1,000 Data Breaches in Weekly Update (2026-06-10, 1 outlet, severity 1/5)
- Weekly Update 507 - Troy Hunt
Ransomware
- Handala Cyber Group Claims Responsibility for California Water Service Hack (2026-06-12, 1 outlet, severity 4/5)
- Iranian Cyber Group Handala Claims Cal Water Hack - SecurityWeek
- Evanston Township High School hit by disruptive ransomware attack (2026-06-11, 1 outlet, severity 3/5)
- Why schools remain one of cybercriminals’ favourite targets - GRAHAM CLULEY
- Mackay Sugar cyberattack halts Farleigh and Racecourse mill operations (2026-06-11, 1 outlet, severity 3/5)
- Cyberattack shuts down major Australian sugar mills, disrupting harvest - The Record from Recorded Future News
- Silent Ransom Group Targets US Law Firms With Extortion Attacks (2026-06-09, 1 outlet, severity 3/5)
Supply Chain Attacks
- Threat actors compromised Arch User Repository packages to distribute Linux infostealer (2026-06-13, 2 outlets, severity 3/5)
- Over 400 Arch Linux packages compromised to push rootkit, infostealer - BleepingComputer
- Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit - The Hacker News
- SoFi Hong Kong confirms data breach via third-party vendor (2026-06-09, 1 outlet, severity 3/5)
- SoFi confirms third-party data breach at Hong Kong subsidiary - BleepingComputer
Nation-State / APT
- Velvet Ant targets critical infrastructure via Operation Highland cyberespionage campaign (2026-06-13 to 2026-06-14, 2 outlets, severity 4/5)
- China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade - The Hacker News
- Chinese hackers hijack auth flow, spy on isolated network for a decade - BleepingComputer
- Void Blizzard targeted US companies through the Void Blizzard espionage campaign (2026-06-12, 2 outlets, severity 4/5)
- Russian national charged in connection with Void Blizzard espionage campaign - CyberScoop
- Hacker linked to Void Blizzard faces charges over cyberespionage campaign - The Record from Recorded Future News
- China and North Korean Hackers Target Asia-Pacific Crypto Assets (2026-06-11, 1 outlet, severity 4/5)
- UK scales back telecom defenses against Salt Typhoon hackers (2026-06-10, 1 outlet, severity 4/5)
- UK weakens proposed telecoms defenses against Chinese hackers after industry pushback - The Record from Recorded Future News
- CrowdStrike Report: China-Linked Hackers Target IT Sector Using AI (2026-06-10, 1 outlet, severity 4/5)
- IT sector faces growing threats from IP-hungry China, AI-enabled cybercriminals - Cybersecurity Dive - Latest News
- OpenAI Detects Chinese Influence Campaign Using ChatGPT for Data Centers (2026-06-11, 1 outlet, severity 3/5)
- OceanLotus Uses SPECTRALVIPER in FireAnt Attacks Against Vietnam Investors (2026-06-11, 1 outlet, severity 3/5)
- OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack - The Hacker News
Malware & Botnets
- Storm-3075 uses ChatGPT and Claude branding to deploy Vidar Stealer (2026-06-09, 1 outlet, severity 4/5)
- AI brands as bait: How threat actors are using the AI hype in social engineering - Threat intelligence | Microsoft Security Blog
- Vidar and Lumma Malware Infect Millions of Devices Globally (2026-06-11, 1 outlet, severity 4/5)
- NFCShare Android malware uses fake GitHub updates to steal data (2026-06-09, 1 outlet, severity 3/5)
- NFCShare Android malware spreads via fake banking app updates on GitHub - BleepingComputer
- SiribClone uses SafeLoveStealer malware to spy on Russian soldiers (2026-06-10, 1 outlet, severity 3/5)
- Hackers pose as women seeking romance to spy on Russian soldiers - The Record from Recorded Future News
- 152 Chrome Wallpaper Extensions Linked to Adware and Traffic Fraud (2026-06-15, 1 outlet, severity 3/5)
- OnyxC2 Stealer Offers Advanced Data Theft for $250 Monthly Subscription (2026-06-12, 1 outlet, severity 3/5)
- Vidar Infostealer Spreads via Fake Spotify Premium Social Media Ads (2026-06-11, 1 outlet, severity 3/5)
- University of Toronto Researchers Develop Self-Rewriting AI Worm (2026-06-11, 1 outlet, severity 3/5)
- MSI Background Malware Uses Modified Base64 to Hide Executables (2026-06-15, 1 outlet, severity 2/5)
- Evil MSI Background: BASE64 Statistical Analysis, (Mon, Jun 15th) - SANS Internet Storm Center, InfoCON: green
Phishing & Social Engineering
- GhostWriter targets Polish officials' Gmail accounts via phishing campaign (2026-06-15, 1 outlet, severity 4/5)
- Belarus-linked hackers target Gmail accounts of Polish public figures and their families - The Record from Recorded Future News
- Attackers use AI-driven methodologies to accelerate phishing campaigns in financial services (2026-06-11 to 2026-06-13, 2 outlets, severity 3/5)
- AI Risk Worries Insurers and Businesses Alike - darkreading
- Agentic AI surges in financial sector even as many firms fail to manage security risks - Cybersecurity Dive - Latest News
- Zscaler Report: Phishing Volume Drops 20% as Financial Risks Rise (2026-06-12, 1 outlet, severity 3/5)
- Phishing Attack Volume Down 20%, But Risk Still Rising - darkreading
- Cloaked Ursa Uses Microsoft Teams for IT Support Impersonation Attacks (2026-06-09, 1 outlet, severity 3/5)
- Lloyds Bank Reports £66 Million Lost to Meta-Related Scams (2026-06-10, 1 outlet, severity 3/5)
- Scammers love Meta, according to Lloyds Bank - Malwarebytes
- Outtake Report: AI-Driven Impersonation Attacks Target Over Half of Organizations (2026-06-09, 1 outlet, severity 3/5)
- Companies aren’t prepared for how AI is accelerating impersonation attacks - Cybersecurity Dive - Latest News
- FBI Reports $900 Million Lost to AI-Powered Scams in America (2026-06-09, 1 outlet, severity 3/5)
- Fake FACEIT Verification Pages Stealing Steam Accounts via Browser Attacks (2026-06-12, 1 outlet, severity 3/5)
- Claude Code Patch, Worm Code Leak, and AI Agent Phishing (2026-06-12, 1 outlet, severity 3/5)
- Sniper Dz uses fake Facebook offers to scam MENA users (2026-06-15, 1 outlet, severity 2/5)
- AI Phishing Surges, Overwhelming SOC Analysts With Massive Alert Volume (2026-06-09, 1 outlet, severity 2/5)
Cloud & Infrastructure Security
- Vibe Coding Rise Creates Major Security Gaps in Production Systems (2026-06-09, 1 outlet, severity 3/5)
- Everybody Is Vibe Coding But Nobody Told the Security Team - SecurityWeek
- AWS and Google Cloud Logging Exploited for Defense Evasion (2026-06-10, 1 outlet, severity 3/5)
- CSP and X-Frame-Options Usage Trends Among Top 1M Domains (2026-06-10, 1 outlet, severity 2/5)
- How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th) - SANS Internet Storm Center, InfoCON: green
- Fragmented Security Tool Workflows Create Critical Network Vulnerabilities (2026-06-09, 1 outlet, severity 2/5)
- The Hidden Security Risk in Modern Networks: The Work Between Tools - The Hacker News
- Cloudflare WAF integrates threat intelligence to identify CRAVENFLEA attack patterns (2026-06-09, 2 outlets, severity 1/5)
- Turning Cloudflare’s threat indicators into real-time WAF rules - The Cloudflare Blog
- Crowdsourced AI += Knostic - VirusTotal Blog
- Aryon Security Secures $29 Million for Cloud Misconfiguration Prevention (2026-06-10, 1 outlet, severity 1/5)
- Aryon Security Raises $29 Million in Series A Funding - SecurityWeek
- Wazuh Cloud Simplifies Security Operations With Managed SIEM/XDR Services (2026-06-09, 1 outlet, severity 1/5)
- Reducing security operations complexity with Wazuh Cloud - BleepingComputer
Identity & Access Management
- Cyber Av3ngers Attack Highlights Risks of Insecure Password Onboarding (2026-06-15, 1 outlet, severity 4/5)
- The Onboarding Password Mistake That Creates Unnecessary Risk - The Hacker News
- Five Best Practices to Strengthen Identity Verification and Security (2026-06-11, 1 outlet, severity 3/5)
- The 5 Best Practices for Secure Identity Verification - BleepingComputer
- Apple Intelligence Feature Automatically Updates Compromised Passwords in iOS 27 (2026-06-09, 1 outlet, severity 1/5)
- New Apple feature automatically changes your compromised passwords - BleepingComputer
AI & Machine Learning Security
- Agentjacking Attack Exploits AI Coding Agents via Malicious Error Reports (2026-06-12, 1 outlet, severity 4/5)
- Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code - The Hacker News
- OpenClaw AI Agent Leaks User Data During Phishing Simulations (2026-06-10, 1 outlet, severity 3/5)
- OpenClaw AI agent found falling for phishing attacks, spills user data - BleepingComputer
- OpenClaw Analysis Reveals Widespread Skill Deception in AI Agent Registry (2026-06-11, 1 outlet, severity 3/5)
- Malwarebytes Report: 88% Struggle to Identify AI-Generated Online Content (2026-06-10, 1 outlet, severity 3/5)
- 88% of people struggle to tell what’s real online - Malwarebytes
- Claude Mythos AI Threatens Bug Bounty Triage with Low-Quality Reports (2026-06-09, 1 outlet, severity 2/5)
- Will AI Kill the Bug Bounty Industry? - SecurityWeek
- QuietSystems Founder Urges Verifying AI Processes Over Output Review (2026-06-15, 1 outlet, severity 2/5)
- Don’t Trust. Verify. - Corporate Compliance Insights
- AI SOC Model Needed to Combat AI-Driven Security Threats (2026-06-12, 1 outlet, severity 2/5)
- Rethinking MDR as Attackers and Defenders Embrace AI - The Hacker News
- Meta’s NameTag code sparks facial recognition privacy fears for glasses (2026-06-10, 1 outlet, severity 2/5)
- AI Identity Sprawl Creates New Security Vulnerabilities for Organizations (2026-06-11, 1 outlet, severity 2/5)
- Companies are failing to keep up with AI’s identity sprawl, creating entry points for hackers - Cybersecurity Dive - Latest News
- AI Could Eliminate Bullshit Jobs in Audit and Risk Management (2026-06-15, 1 outlet, severity 1/5)
- Is My Job Bullshit? Why AI Might Actually Have the Answer - Corporate Compliance Insights
- Securing AI Production: 12 Essential Strategies for Security Teams (2026-06-10, 1 outlet, severity 1/5)
- AI-Driven Threats Outpace Fragmented MSP Security Stacks (2026-06-12, 1 outlet, severity 1/5)
- Why AI-driven threats are exposing the limits of MSP security stacks - BleepingComputer
- A Security Secures $37M for AI-Driven Offensive Security Platform (2026-06-09, 1 outlet, severity 1/5)
- Juan Andrés Guerrero-Saade Proposes AI-Human Ecology for Cybersecurity Evolution (2026-06-12, 1 outlet, severity 1/5)
- LABScon25 Replay | Keynote: Steps to an Ecology of Cyber - SentinelLabs - We are hunters, reversers, exploit developers, and tinkerers shedding light on the world of malware, exploits, APTs, and cybercrime across all platforms.
- Enterprises Boost Security Training Budgets for AI and Critical Risks (2026-06-12, 1 outlet, severity 1/5)
- Enterprises report increasing budgets for security training in AI and other critical topics - Cybersecurity Dive - Latest News
Legal & Law Enforcement
- Law enforcement dismantles AudiA6 laundering service used by ransomware actors (2026-06-12, 2 outlets, severity 4/5)
- Authorities dismantle 'AudiA6' ransomware crypto-laundering service - BleepingComputer
- Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs - The Hacker News
- FBI Seizes 13 Chinese Websites Targeting US Government Workers (2026-06-11, 1 outlet, severity 4/5)
- Conti member Lytvynenko pleads guilty to conspiracy involving ransomware operations (2026-06-13 to 2026-06-15, 3 outlets, severity 3/5)
- US, France, and Italy Seize CFAKE and SOCFAKE Deepfake Sites (2026-06-13, 1 outlet, severity 3/5)
- Ezekiel Dean Potter Jailed for Hacking Saydel Community School District (2026-06-14, 1 outlet, severity 3/5)
- Ex-school district employee jailed for hacks on former employer - BleepingComputer
- Google faces liability for defamatory Google AI Overview claims (2026-06-12, 1 outlet, severity 3/5)
- Google can be liable for false AI Overviews, court rules - Malwarebytes
- Unknown actor submits fraudulent breach disclosures to Maine Attorney General Office (2026-06-12 to 2026-06-15, 2 outlets, severity 2/5)
- Maine breach portal abused to publish fake data breach disclosures - BleepingComputer
- Maine disables data breach notification portal after fake disclosures - BleepingComputer
- Maine Disables Data Breach Portal Due to Fake Submissions - SecurityWeek
- Met Police and Apple Partner to Combat iPhone Theft (2026-06-13, 1 outlet, severity 2/5)
- Stolen iPhones could soon be worth a lot less to thieves - Malwarebytes
- Segal McCambridge Shares Mid-Year California Wage Classification Compliance Checklist (2026-06-09, 1 outlet, severity 1/5)
- A Mid-Year Compliance Checklist for CA Wage Classification Risk - Corporate Compliance Insights
Policy & Regulation
- FISA Section 702 faces expiration amid Congressional legislative deadlock (2026-06-13, 1 outlet, severity 4/5)
- Major US surveillance program poised to lapse after legislative deadlock - The Record from Recorded Future News
- UK Orders Big Tech to Block Child Nudity Within Months (2026-06-09, 1 outlet, severity 3/5)
- UK gives big tech 3 months to create device controls to block nude images of kids - The Record from Recorded Future News
- Russia Updates SORM Regulations to Expand Digital Citizen Surveillance (2026-06-09, 1 outlet, severity 3/5)
- Russia upgrades rules for its digital spy system to better track citizens online - The Record from Recorded Future News
- Apple and Google Must Block Nude Images by September (2026-06-11, 1 outlet, severity 3/5)
- Natalia Taft Warns of Regulatory Gaps in TradFi, DeFi, and AI (2026-06-12, 1 outlet, severity 3/5)
- The Convergence of TradFi, DeFi & AI - Corporate Compliance Insights
- FCC Proposes New ID Requirements to End Burner Phones (2026-06-15, 1 outlet, severity 3/5)
- The FCC Wants to Eliminate Burner Phones - Schneier on Security
- CyberCorps Faces Budget Uncertainty Amid New AI Curriculum Integration (2026-06-12, 1 outlet, severity 2/5)
- Meta to Use Off-Site Business Data for AI Personalization (2026-06-10, 1 outlet, severity 2/5)
- Meta to Use Off-Site Business Data for Feed and AI Personalization - The Hacker News
- New York State Bans Most Employers From Using Credit History (2026-06-09, 1 outlet, severity 2/5)
- New York State Bans Most Employers From Using Credit History in Employment Decisions - Corporate Compliance Insights
- Cyber Insurance Underwriters Increase Scrutiny on Policyholders and Claims (2026-06-09, 1 outlet, severity 2/5)
- Cyber insurance policyholders facing heavier scrutiny in underwriting, claims - Cybersecurity Dive - Latest News
- Geneva Convention Extension Seeks New Limits on Cyberwarfare During Ceasefires (2026-06-09, 1 outlet, severity 2/5)
- Iran Signed a Ceasefire — Its Hackers Didn't - darkreading
- Senate Defense Policy Roadmap Omits Cyber Force Inclusion (2026-06-12, 1 outlet, severity 2/5)
- Cyber Force not included in Senate defense policy roadmap - The Record from Recorded Future News
- Effective OT Network Segmentation Requires Diligent Operator Oversight (2026-06-12, 1 outlet, severity 2/5)
- RTO Mandates Pose Legal and Financial Risks for Major Employers (2026-06-10, 1 outlet, severity 1/5)
- Navigating Legal & Practical Risks of RTO Mandates - Corporate Compliance Insights
- GRC Leaders Must Quantify Security Risk During M&A Due Diligence (2026-06-12, 1 outlet, severity 1/5)
- Deal Scrutiny is Changing the Role of GRC Leaders - Corporate Compliance Insights
- K2 Integrity Acquires RiskFront AI to Boost Compliance Automation (2026-06-12, 1 outlet, severity 1/5)
- K2 Integrity Acquires AI Compliance Automation Provider RiskFront AI - Corporate Compliance Insights
- Drata, Hummingbird, and Wolters Kluwer Launch New AI-Driven GRC Tools (2026-06-12, 1 outlet, severity 1/5)
- GRC News Roundup: Drata, AMLYZE, LSEG Risk Intelligence, Speeki & More - Corporate Compliance Insights
- Sarah Hadden and Kristy Grant-Hart Celebrate New Compliance Anniversary Edition (2026-06-11, 1 outlet, severity 1/5)
- [FULL VIDEO]: Wildly Effective, 10 Years Later - Corporate Compliance Insights
- Tom Fox and Matt Kelly Discuss Enterprise Risk Management Compliance (2026-06-11, 1 outlet, severity 1/5)
- Compliance Lives - Corporate Compliance Insights
Other Cybersecurity
- Grumant Vessel Tracking Reveals Grain Smuggling Route to Libya (2026-06-12, 1 outlet, severity 3/5)
- Matryoshka disinformation campaign fails to stop Armenia’s Civil Contract victory (2026-06-09, 1 outlet, severity 3/5)
- Armenia’s pro-Europe party wins election despite Russia-linked disinformation - The Record from Recorded Future News
- SOC Alert Fatigue and Analyst Burnout Threaten Cybersecurity Efficiency (2026-06-12, 1 outlet, severity 3/5)
- Alert Fatigue Is Becoming a Security Threat of Its Own - SecurityWeek
- MS-ISAC Faces Instability Following Loss of Federal Funding and Members (2026-06-15, 1 outlet, severity 3/5)
- MS-ISAC enters uncertain new era after losing federal funding and thousands of members - Cybersecurity Dive - Latest News
- GPS Satellites Used to Broadcast Military Encryption Keys, Study Finds (2026-06-10, 1 outlet, severity 3/5)
- GPS As a Key Distribution Platform - Schneier on Security
- Leonardo’s SignalTrace tracks Bluetooth signals via license plate readers. (2026-06-11, 1 outlet, severity 3/5)
- Enhanced License Plate Tracking - Schneier on Security
- British High School Students Sent Home After Cyberattack (2026-06-12, 1 outlet, severity 3/5)
- British high school sends students home following cyberattack - The Record from Recorded Future News
- FROST Attack Uses SSD Timing to Track User Web Activity (2026-06-09, 1 outlet, severity 2/5)
- macOS Tahoe 26 App.MenuItem Artifact Reveals User Digital Intent (2026-06-13, 1 outlet, severity 2/5)
- Only 39% of Businesses Meet Recovery Targets After Major Disruptions (2026-06-12, 1 outlet, severity 2/5)
- Only 39% of Businesses Meet Recovery Targets After Major Disruption - Corporate Compliance Insights
- 2026 FIFA World Cup Faces Massive Cyberattack and Hacktivist Threats (2026-06-12, 1 outlet, severity 2/5)
- FIFA World Cup expected to face extensive criminal, hacktivist cyber threats - Cybersecurity Dive - Latest News
- Bernie Sanders’ AI Sovereign Wealth Fund Proposal Faces Criticism (2026-06-12, 1 outlet, severity 1/5)
- Bernie Sanders’ AI Sovereign Wealth Fund Plan - Schneier on Security
- Chris Inglis Warns Cyber Attacks Threaten Essential Public Services (2026-06-10, 1 outlet, severity 1/5)
- Krishna Nacha Appointed New CEO of Integreon (2026-06-12, 1 outlet, severity 1/5)
- Integreon Names Krishna Nacha CEO - Corporate Compliance Insights
- Akamai, Cisco, and Cyera Lead May Cybersecurity M&A Surge (2026-06-09, 1 outlet, severity 1/5)
- Cybersecurity M&A Roundup: 26 Deals Announced in May 2026 - SecurityWeek
- Casepoint Appoints Paul Colangelo as New Chief Executive Officer (2026-06-12, 1 outlet, severity 1/5)
- Legal Discovery Software Provider Casepoint Names New CEO - Corporate Compliance Insights
- Cyera Hits $12 Billion Valuation Following $600 Million Funding Round (2026-06-11, 1 outlet, severity 1/5)
- Cyera Raises $600 Million at $12 Billion Valuation - SecurityWeek
- Global Speaking Tour Scheduled for June and July 2026 (2026-06-15, 1 outlet, severity 1/5)
- Upcoming Speaking Engagements - Schneier on Security
- ISC Stormcast June 12, 2026: Daily Security and Training Updates (2026-06-12, 1 outlet, severity 1/5)
- ISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970, (Fri, Jun 12th) - SANS Internet Storm Center, InfoCON: green
- ISC Stormcast Delivers Daily Cybersecurity Threat Intelligence Updates (2026-06-11, 1 outlet, severity 1/5)
- ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th) - SANS Internet Storm Center, InfoCON: green
- ISC Stormcast June 15, 2026: Daily Cybersecurity Update with Didier Stevens (2026-06-15, 1 outlet, severity 1/5)
- ISC Stormcast For Monday, June 15th, 2026 https://isc.sans.edu/podcastdetail/9972, (Mon, Jun 15th) - SANS Internet Storm Center, InfoCON: green
- Finding Aesthetic Non-Stateful Light Switches Is Difficult in Australia (2026-06-15, 1 outlet, severity 1/5)
- Weekly Update 508 - Troy Hunt
- Squid-Inspired Design Revolutionizes New Fluid Pump Technology (2026-06-13, 1 outlet, severity 1/5)
- Friday Squid Blogging: Squid-Inspired Fluid Pump - Schneier on Security
- 2026 Cybersecurity Stars Awards Winners Announced Across 95 Categories (2026-06-12, 1 outlet, severity 1/5)
- Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories - The Hacker News
- SANS Institute Releases June 10th ISC Stormcast Podcast Update (2026-06-10, 1 outlet, severity 1/5)
- ISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966, (Wed, Jun 10th) - SANS Internet Storm Center, InfoCON: green
- ISC Stormcast Podcast Features Daily Security Updates from Xavier Mertens (2026-06-09, 1 outlet, severity 1/5)
- ISC Stormcast For Tuesday, June 9th, 2026 https://isc.sans.edu/podcastdetail/9964, (Tue, Jun 9th) - SANS Internet Storm Center, InfoCON: green
Reported Data Breaches
Breaches reported via Have I Been Pwned this period.