Tech & Science
AI Vulnerability Chaining Overwhelms Open Source Disclosure Channels
GENEVA (June 8, 2026) — The global open source software ecosystem is facing a critical bottleneck as AI-driven vulnerability chaining outpaces existing coordinated disclosure systems, prompting indust...
China-Nexus Group VerdantBamboo Deploys New Malware on Linux Systems
BEIJING — A China-nexus cyber espionage group known as VerdantBamboo has deployed a new variant of the BRICKSTORM backdoor alongside two other malware families on Linux appliances, including Synology ...
Hackers Hijack Over 20,000 Instagram Accounts via Meta AI Support Flaw
UNAUTHORIZED THIRD PARTIES HAVE HIJACKED MORE THAN 20,000 INSTAGRAM ACCOUNTS AFTER EXPLOITING A VULNERABILITY IN META'S AI-POWERED HIGH TOUCH SUPPORT SYSTEM. THE ATTACKERS RESET PASSWORDS WITHOUT REQU...
Microsoft Launches AI-Integrated 'Intelligent Terminal' for Developers
REDMOND, Wash. (AP) — Microsoft has released an open-source fork of its Windows Terminal application, introducing a new AI-powered tool designed to assist developers directly within their command-line...
OpenAI Introduces 'Lockdown Mode' for ChatGPT to Curb Data Exfiltration Risks
SAN FRANCISCO (June 6, 2026) — OpenAI has deployed a new security feature for ChatGPT, dubbed "Lockdown Mode," designed to restrict the artificial intelligence model's ability to make outbound network...
Researcher reveals Bright Data iOS SDK turns consumer devices into AI web-scraping nodes
LONDON (June 6, 2026) — A security researcher has reverse-engineered software embedded in consumer applications by Bright Data, revealing a mechanism that converts smart TVs and mobile phones into exi...
Autonomous AI Agent Uncovers 21 Zero-Day Flaws in FFmpeg as Chrome Sets Patch Record
SAN FRANCISCO — An autonomous artificial intelligence agent developed by security startup depthfirst identified 21 previously unknown vulnerabilities in the widely used FFmpeg multimedia framework, ma...
Toshiba and Muji Websites Compromised by Malicious CDN Scripts
TOKYO (AP) — Japanese electronics giant Toshiba and lifestyle retailer Muji faced a cybersecurity breach on Wednesday after malicious scripts embedded in a third-party content delivery network began g...
CISA Warns of Active Exploitation of SolarWinds Serv-U Flaw
WASHINGTON — Cybersecurity officials issued an urgent alert Thursday warning that hackers are actively exploiting a recently patched high-severity vulnerability in SolarWinds Serv-U software to crash ...
Chinese Espionage Group Deploys New Malware in U.S. Microsoft 365 Campaign
WASHINGTON — A Chinese state-sponsored espionage group known as UNC5221 has deployed new malware variants to maintain persistent access to compromised Microsoft 365 environments and other networks acr...
Asin Spyware Campaign Targets Arabic-Speaking Journalists via Fake News Sites
BEIRUT (AP) — A sophisticated Android spyware campaign known as Asin has been identified targeting journalists and open-source intelligence researchers across Arabic-speaking regions. The operation, w...
Most Security Operations Centers Report Limited Value from AI Adoption
LONDON (Reuters) - Only 10% of global Security Operations Centers report excellent value from artificial intelligence adoption, a 2026 survey by SOC-CMM reveals, as fragmented tools and weak governanc...
DentaQuest Data Breach Exposes 2.6 Million Accounts, ShinyHunters Claims Responsibility
NEW YORK — A major data breach at DentaQuest, a dental benefits administrator owned by Sun Life, has exposed the sensitive personal information of approximately 2.6 million accounts, the company confi...
Threat Actors Exploit Critical Vulnerability in Everest Forms Pro Plugin
LONDON, June 5 (AP) — Cybersecurity researchers have identified active exploitation of a critical remote code execution vulnerability in the Everest Forms Pro WordPress plugin, allowing threat actors ...
Cisco Issues Alert for SD-WAN Zero-Day Exploited in 2026
SAN FRANCISCO — Cisco Systems issued an urgent advisory on Wednesday warning customers that a critical zero-day vulnerability in its SD-WAN software is being actively exploited in the wild. The vulne...
Malware Infects 36 npm Packages in Supply-Chain Attack
LONDON (AP) — A sophisticated supply-chain attack has compromised 36 packages on the Node Package Manager (npm), distributing malware designed to steal credentials and cryptocurrency wallet files. Th...
Hola Browser Windows Version Compromised in Supply Chain Attack
JERUSALEM — The Windows version of the Hola Browser was compromised in a supply chain attack that delivered an undeclared executable identified as a cryptocurrency miner, security researchers confirme...
Brave Software Launches Paid 'Brave Origin' Browser Stripping Crypto and AI Features
SAN FRANCISCO — Brave Software announced on Wednesday the public release of Brave Origin, a paid, minimalist version of its web browser that removes cryptocurrency, artificial intelligence, and other ...
WFP Gaza Self-Registration App Breached, Exposing Beneficiary Data
GENEVA (AP) — The United Nations World Food Programme confirmed Wednesday that its self-registration application for Palestine was breached, resulting in unauthorized access to personal data of aid be...
Hacking Tutorial by 'Hercules' Emerges on Underground Forums
LONDON (AP) — A threat actor operating under the pseudonym 'Hercules' has published a comprehensive tutorial on underground forums, instructing novice hackers on how to scan, exploit, and monetize vul...
Microsoft Fixes Windows Update Glitch That Bypassed Corporate Policies
Microsoft has resolved a technical issue that caused Windows devices to install driver updates without user or administrator consent, even when corporate policies were configured to block automatic up...
Cisco Warns of Critical Vulnerability in Unified Communications Manager
SAN JOSE, Calif. — Cisco issued a security advisory on Wednesday warning that proof-of-concept code exists for a critical vulnerability affecting its Unified Communications Manager and Unified Communi...
Cisco Issues Critical Patch for Unified Communications Manager Root Privilege Flaw
SAN JOSE, Calif. — Cisco Systems Inc. released emergency security updates on Wednesday to address a critical vulnerability in its Unified Communications Manager software that allows remote attackers t...
SANS Internet Storm Center Releases Weekly Security Update Covering New Threats and Tools
JACKSONVILLE, Fla. — The SANS Internet Storm Center released a weekly security update Wednesday detailing emerging reconnaissance tactics, new mobile security features, and improved vulnerability disc...
U.S. Agencies Warn of Cyberattacks Targeting Fuel Storage Systems
WASHINGTON (June 3, 2026) — The Cybersecurity and Infrastructure Security Agency, alongside the FBI, the National Security Agency, and the Department of Energy, issued a joint alert Tuesday warning of...
New HTTP/2 Bomb Attack Exposes Critical Vulnerability in Major Web Servers
SAN FRANCISCO — A newly discovered denial-of-service attack dubbed the HTTP/2 Bomb can crash major web servers within seconds by exploiting a flaw in the HTTP/2 protocol's header compression mechanism...
Security Researchers Identify Prompt Injection Flaw in Google Gemini Voice Assistant
JUN 3, 2026 — A critical security vulnerability in Google Gemini's voice assistant has been identified by the SafeBreach security research team, allowing attackers to execute unauthorized commands thr...
CISA Warns of Active Exploits in Linux and Android Systems
WASHINGTON — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a critical alert on Tuesday warning federal agencies and critical infrastructure operators of active cyberattacks e...
One-Click Attack in Visual Studio Code Exposes GitHub OAuth Tokens
A critical vulnerability in Microsoft Visual Studio Code allows attackers to steal full GitHub OAuth tokens through a one-click attack, researchers disclosed Wednesday. The flaw exploits a message-pas...
Orchid Security Launches Identity Visibility Platform to Address Enterprise Gaps
Orchid Security introduced the Identity Visibility and Intelligence Platform (IVIP) model on June 3, 2026, to address fragmented enterprise identity activity that occurs outside centralized identity a...