{"articles":[{"id":2463,"guid":"https://www.bleepingcomputer.com/news/security/critical-kirki-flaw-exploited-to-hijack-wordpress-admin-accounts/","source_key":"bleeping","title":"Critical Kirki flaw exploited to hijack WordPress admin accounts","link":"https://www.bleepingcomputer.com/news/security/critical-kirki-flaw-exploited-to-hijack-wordpress-admin-accounts/","published":"2026-06-02T22:12:57.000Z","teaser":"Hackers exploit Kirki plugin flaw to hijack WordPress admin accounts.","summary":"A critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress is being exploited by hackers to take over any user account, including those belonging to administrators. This means that even administrators can be compromised, giving attackers full control over the affected WordPress site. The vulnerability allows attackers to escalate their privileges and gain access to sensitive areas of the site. WordPress users who have the Kirki plugin installed are at risk of being targeted by these attacks.","tags":["vuln","zeroday","wordpress"],"severity":"critical","actionable":true,"cves":["CVE-2026-8206"],"read_min":3,"score":133,"also_from":[],"src":"bleeping","hrs":11.93116888888889,"rm":3,"act":true,"sev":"critical","hot":true},{"id":2394,"guid":"https://www.helpnetsecurity.com/?p=372836","source_key":"helpnet","title":"Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)","link":"https://www.helpnetsecurity.com/2026/06/01/windows-netlogon-rce-exploited-cve-2026-41089/","published":"2026-06-01T14:17:39.000Z","teaser":"Windows Netlogon RCE flaw (CVE-2026-41089) exploited in the wild, allowing remote code execution.","summary":"The Centre for Cybersecurity Belgium (CCB) warned that a critical Windows Netlogon RCE flaw (CVE-2026-41089) is being actively exploited. This flaw is a stack-based buffer overflow vulnerability in Windows Netlogon, which handles authentication and security within a Windows domain environment. Attackers can exploit this by sending a specially crafted network request to a Windows server. This vulnerability affects Windows domain controllers, putting them at risk of remote code execution. It's essential for administrators to take immediate action to mitigate this vulnerability.","tags":["vuln","zeroday","breach"],"severity":"critical","actionable":true,"cves":["CVE-2026-41089"],"read_min":5,"score":133,"also_from":[],"src":"helpnet","hrs":43.85283555555556,"rm":5,"act":true,"sev":"critical","hot":true},{"id":2437,"guid":"https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-oracle-weblogic-flaw/","source_key":"bleeping","title":"CISA flags two-year-old Oracle flaw as actively exploited in attacks","link":"https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-oracle-weblogic-flaw/","published":"2026-06-02T12:40:33.000Z","teaser":"CISA flags two-year-old Oracle WebLogic Server vulnerability as actively exploited.","summary":"The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about a high-severity vulnerability in Oracle WebLogic Server. This vulnerability, which was patched in 2021, is now being actively exploited in attacks. Government agencies have been ordered to secure their systems against this vulnerability. It is likely that other organizations are also affected, especially those using outdated software. The vulnerability allows attackers to execute arbitrary code on the server, potentially leading to data theft or other malicious activities. To mitigate this risk, affected organizations should ensure they have applied the available patch and are running the latest version of Oracle WebLogic Server.","tags":["vuln"],"severity":"critical","actionable":true,"cves":["CVE-2021-44228"],"read_min":2,"score":132,"also_from":[],"src":"bleeping","hrs":21.47116888888889,"rm":2,"act":true,"sev":"critical","hot":true},{"id":2436,"guid":"https://www.helpnetsecurity.com/?p=373041","source_key":"helpnet","title":"Google fixes actively exploited Android vulnerability (CVE-2025-48595)","link":"https://www.helpnetsecurity.com/2026/06/02/android-vulnerability-exploited-cve-2025-48595/","published":"2026-06-02T12:17:26.000Z","teaser":"Google fixes high-severity Android vulnerability (CVE-2025-48595) with June 2026 security updates.","summary":"Google has released the June 2026 Android security updates, which address several vulnerabilities, including a high-severity issue in the Android Framework. CVE-2025-48595 is an integer overflow vulnerability that allows attackers to escalate privileges on a vulnerable device. This flaw is considered to be under limited, targeted exploitation. The vulnerability affects the Android Framework, a set of APIs and system services that apps interact with directly. Android users should update their devices to the latest security patch level to mitigate this vulnerability.","tags":["vuln","zeroday"],"severity":"high","actionable":true,"cves":["CVE-2025-48595"],"read_min":3,"score":121,"also_from":[],"src":"helpnet","hrs":21.856446666666667,"rm":3,"act":true,"sev":"high","hot":true},{"id":2471,"guid":"https://www.bleepingcomputer.com/news/security/vs-code-zero-day-lets-hackers-steal-github-tokens-in-one-click/","source_key":"bleeping","title":"VS Code zero-day lets hackers steal GitHub tokens in one click","link":"https://www.bleepingcomputer.com/news/security/vs-code-zero-day-lets-hackers-steal-github-tokens-in-one-click/","published":"2026-06-03T06:50:30.000Z","teaser":"VS Code zero-day lets hackers steal GitHub tokens with a single click.","summary":"A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability. This vulnerability allows attackers to steal GitHub authentication tokens by tricking users into clicking a malicious link. The exploit works by creating a fake GitHub login page that, when clicked, steals the user's authentication token. This token can then be used to access the user's GitHub account and potentially other connected services. The vulnerability affects all versions of VS Code, including the latest version. Users are advised to be cautious when clicking links, especially from unknown sources, and to keep their VS Code installation up to date. However, there is no official patch available yet.","tags":["zeroday","vuln"],"severity":"critical","actionable":true,"cves":[],"read_min":3,"score":118,"also_from":[],"src":"bleeping","hrs":3.3053355555555557,"rm":3,"act":true,"sev":"critical","hot":true},{"id":2434,"guid":"https://www.bleepingcomputer.com/news/security/google-fixes-one-actively-exploited-android-zero-day-124-flaws/","source_key":"bleeping","title":"Google fixes one actively exploited Android zero-day, 124 flaws","link":"https://www.bleepingcomputer.com/news/security/google-fixes-one-actively-exploited-android-zero-day-124-flaws/","published":"2026-06-02T11:10:15.000Z","teaser":"Google fixes 124 Android vulnerabilities, including one actively exploited zero-day.","summary":"Google has released the June 2026 Android security patches to address 124 vulnerabilities. One of these vulnerabilities is a zero-day flaw that has been actively exploited in targeted attacks. The exact details of the zero-day exploit are not publicly available. The patches are available for devices running Android 11 and later. Google has not provided information on the specific devices that are affected by the zero-day exploit. It is recommended that all Android users update their devices to the latest security patch level to ensure they have the latest security fixes.","tags":["vuln","zeroday"],"severity":"critical","actionable":true,"cves":[],"read_min":3,"score":117,"also_from":[],"src":"bleeping","hrs":22.97616888888889,"rm":3,"act":true,"sev":"critical","hot":true},{"id":2399,"guid":"https://www.cybersecuritydive.com/news/palo-alto-networks-firewall-flaw-exploitation-cisa-kev/821598/","source_key":"cybersecdive","title":"CISA adds critical Palo Alto Networks firewall flaw to KEV as company, researchers warn of exploitation","link":"https://www.cybersecuritydive.com/news/palo-alto-networks-firewall-flaw-exploitation-cisa-kev/821598/","published":"2026-06-01T14:45:33.000Z","teaser":"CISA adds critical Palo Alto Networks firewall flaw to KEV, warning of exploitation.","summary":"The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Palo Alto Networks firewalls to the Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, which poses significant risks to federal networks, has been identified as a potential entry point for attackers. Palo Alto Networks and security researchers are warning of exploitation, emphasizing the need for prompt action to mitigate this risk. The KEV catalog is a list of known vulnerabilities that have been exploited in the wild, and adding this vulnerability to the list indicates that CISA believes it is being actively exploited. Organizations using Palo Alto Networks firewalls should take immediate action to patch or update their systems to prevent potential exploitation.","tags":["vuln","zeroday"],"severity":"critical","actionable":true,"cves":[],"read_min":3,"score":117,"also_from":[],"src":"cybersecdive","hrs":43.387835555555554,"rm":3,"act":true,"sev":"critical","hot":true},{"id":2406,"guid":"https://krebsonsecurity.com/?p=73751","source_key":"krebs","title":"Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts","link":"https://krebsonsecurity.com/2026/06/hackers-used-metas-ai-support-bot-to-seize-instagram-accounts/","published":"2026-06-01T17:32:50.000Z","teaser":"Hackers used Meta's AI support bot to reset Instagram account passwords.","summary":"Hackers exploited Meta's AI support assistant bot to reset the passwords of several high-profile Instagram accounts, including the Obama White House and the Chief Master Sergeant of the U.S. Space Force. The attackers used instructions circulating on Telegram to trick the bot into resetting the passwords. The affected accounts were briefly defaced with pro-Iranian images and messages. It is unclear how the attackers obtained the necessary information to use the bot, but it is likely that they used social engineering tactics to obtain the necessary credentials. This incident highlights the importance of being cautious when interacting with AI-powered support systems and ensuring that proper security measures are in place to prevent such attacks.","tags":["breach","ai"],"severity":"medium","actionable":true,"cves":[],"read_min":3,"score":113,"also_from":[],"src":"krebs","hrs":40.59978,"rm":3,"act":true,"sev":"medium","hot":true},{"id":2407,"guid":"/node/24969","source_key":"cisa","title":"CISA Adds One Known Exploited Vulnerability to Catalog","link":"https://www.cisa.gov/news-events/alerts/2026/06/01/cisa-adds-one-known-exploited-vulnerability-catalog","published":"2026-06-01T12:00:00.000Z","teaser":"CISA adds CVE-2024-21182 to its Known Exploited Vulnerabilities Catalog.","summary":"CISA has added CVE-2024-21182, an unspecified vulnerability in Oracle WebLogic Server, to its Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability is considered a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. The KEV Catalog is maintained in accordance with Binding Operational Directive (BOD) 22-01, which aims to reduce the significant risk of known exploited vulnerabilities. No further details on the vulnerability or its exploitation are provided.","tags":["vuln"],"severity":"critical","actionable":true,"cves":["CVE-2024-21182"],"read_min":2,"score":109,"also_from":[],"src":"cisa","hrs":46.14700222222222,"rm":2,"act":true,"sev":"critical","hot":true},{"id":2429,"guid":"https://www.helpnetsecurity.com/?p=372947","source_key":"helpnet","title":"Sophos uncovers AI-powered malware lab built for EDR evasion","link":"https://www.helpnetsecurity.com/2026/06/02/ai-agents-edr-evasion-techniques/","published":"2026-06-02T10:13:37.000Z","teaser":"Threat actor built AI-powered malware lab for EDR evasion techniques.","summary":"Sophos discovered a threat actor using AI technologies to develop a malware-testing framework for evading endpoint detection and response (EDR) systems. The investigation started after an anomalous endpoint in a customer environment triggered alerts for malicious payloads from a testing directory. The framework contained Cobalt Strike profiles designed to disguise beacon traffic as legitimate network activity. This indicates a sophisticated approach to evading detection. The use of AI-powered tools suggests a high level of expertise and resources. The exact goals and motivations of the threat actor are unclear, but the development of such a framework poses a significant threat to organizations relying on EDR systems for security.","tags":["malware","apt"],"severity":"high","actionable":true,"cves":[],"read_min":5,"score":106,"also_from":[],"src":"helpnet","hrs":23.920057777777778,"rm":5,"act":true,"sev":"high","hot":true},{"id":2469,"guid":"https://www.microsoft.com/en-us/security/blog/?p=147916","source_key":"microsoft","title":"Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign","link":"https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-miasma-credential-stealing-campaign/","published":"2026-06-03T04:45:06.000Z","teaser":"A large-scale npm supply chain attack compromised over 90 versions of @redhat-cloud-services packages.","summary":"A malicious npm package campaign, dubbed Miasma, targeted Red Hat's @redhat-cloud-services packages, compromising over 90 versions. The attack silently infected CI/CD environments and developer systems, stealing credentials from GitHub, cloud platforms, and local machines. The stolen credentials were then used to republish trusted packages, spreading the malware like a worm. This campaign highlights the risks of supply chain attacks and the importance of monitoring and securing dependencies. To protect your organization, ensure you're using a secure package manager, regularly update dependencies, and monitor for suspicious activity.","tags":["supplychain","vuln"],"severity":"high","actionable":true,"cves":[],"read_min":5,"score":105,"also_from":[],"src":"microsoft","hrs":5.3953355555555556,"rm":5,"act":true,"sev":"high","hot":true},{"id":2433,"guid":"https://www.schneier.com/?p=72125","source_key":"schneier","title":"Microsoft Threatening Security Researcher","link":"https://www.schneier.com/blog/archives/2026/06/microsoft-threatening-security-researcher.html","published":"2026-06-02T11:00:42.000Z","teaser":"Microsoft threatens legal action against security researcher publishing Windows exploits.","summary":"Microsoft is at odds with an anonymous security researcher, 'Nightmare Eclipse,' who has been publishing exploits against Windows, including one that breaks BitLocker. The researcher's actions have sparked a heated debate about the role of security research and the responsibility of companies like Microsoft to disclose vulnerabilities. Microsoft has threatened legal action against the researcher, but the researcher has maintained that their work is essential to improving the security of Windows. The situation highlights the tension between the need for security research and the potential risks of publicly disclosing vulnerabilities.","tags":["vuln","apt"],"severity":"high","actionable":false,"cves":[],"read_min":5,"score":105,"also_from":[],"src":"schneier","hrs":23.135335555555557,"rm":5,"act":false,"sev":"high","hot":true},{"id":2420,"guid":"https://www.helpnetsecurity.com/?p=372957","source_key":"helpnet","title":"Red Hat npm packages compromised in new Mini Shai-Hulud malware wave","link":"https://www.helpnetsecurity.com/2026/06/02/red-hat-npm-packages-compromised-mini-shai-hulud/","published":"2026-06-02T09:38:50.000Z","teaser":"30+ Red Hat Cloud Services npm packages compromised with Mini Shai-Hulud malware.","summary":"Unknown attackers compromised 30+ Red Hat Cloud Services npm packages with malware that targets credentials stored in developers' build environments. The compromised packages were published in two GitHub source repositories on June 1, 2026. Wiz Security reported that a specific Red Hat employee GitHub account was compromised, allowing the attackers to push malicious commits. The malware can spread further by stealing credentials and using them to access other systems. Developers who use these compromised packages should rotate their credentials and review their build environments for potential security risks.","tags":["vuln","malware","supplychain"],"severity":"high","actionable":true,"cves":[],"read_min":5,"score":105,"also_from":[],"src":"helpnet","hrs":24.49978,"rm":5,"act":true,"sev":"high","hot":true},{"id":2419,"guid":"https://www.helpnetsecurity.com/?p=372678","source_key":"helpnet","title":"This AI model backdoor attack stays hidden until you customize the model","link":"https://www.helpnetsecurity.com/2026/06/02/ai-model-backdoor-attack-research/","published":"2026-06-02T04:30:56.000Z","teaser":"Researchers created an AI model backdoor attack that remains hidden until the model is customized.","summary":"A research team developed an attack called BadBone, which plants a backdoor inside a pre-trained AI model, known as a backbone model. When downstream tasks adapt the model to a specific task, they inherit the backdoor. This means that even if the model is not directly accessed, the backdoor can still be exploited. The attack stays hidden until the model is customized, making it difficult to detect. This highlights the importance of verifying the origin of pre-trained models before deploying them in production.","tags":["ai","vuln"],"severity":"high","actionable":true,"cves":[],"read_min":5,"score":105,"also_from":[],"src":"helpnet","hrs":29.631446666666665,"rm":5,"act":true,"sev":"high","hot":true},{"id":2417,"guid":"https://cyberscoop.com/?p=89242","source_key":"cyberscoop","title":"Attackers are exploiting Palo Alto Networks defect that initially flew under the radar","link":"https://cyberscoop.com/palo-alto-networks-cve-2026-0257-exploited-vulnerability/","published":"2026-06-01T22:29:42.000Z","teaser":"Attackers are exploiting a Palo Alto Networks defect.","summary":"Palo Alto Networks has confirmed that attackers are exploiting a defect in their products. The defect, which was initially considered low-risk, has been escalated to a high-severity issue due to its exploitation in the wild. The exact nature of the defect is not publicly disclosed, but it is believed to be related to a configuration issue. Palo Alto Networks has advised customers to update their software to the latest version to mitigate the risk. The company has also provided guidance on how to identify and remediate affected systems. The exploitation of this defect highlights the importance of regularly updating software and monitoring for potential security threats.","tags":["vuln"],"severity":"high","actionable":true,"cves":[],"read_min":5,"score":105,"also_from":[],"src":"cyberscoop","hrs":35.65200222222222,"rm":5,"act":true,"sev":"high","hot":true},{"id":2415,"guid":"https://www.bleepingcomputer.com/news/security/red-hat-npm-packages-compromised-to-steal-developer-credentials/","source_key":"bleeping","title":"Red Hat npm packages compromised to steal developer credentials","link":"https://www.bleepingcomputer.com/news/security/red-hat-npm-packages-compromised-to-steal-developer-credentials/","published":"2026-06-01T21:38:29.000Z","teaser":"Over 30 Red Hat npm packages compromised to steal developer credentials.","summary":"A supply-chain attack compromised more than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace. The attack distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed 'Miasma.' Developers who installed these packages may have had their credentials stolen. The affected packages were likely used in various projects, but the scope of the compromise is not yet clear. Red Hat has not provided information on how to mitigate the issue, suggesting that users may need to re-audit their dependencies and consider rotating credentials.","tags":["vuln","supplychain","malware"],"severity":"high","actionable":true,"cves":[],"read_min":5,"score":105,"also_from":[],"src":"bleeping","hrs":36.505613333333336,"rm":5,"act":true,"sev":"high","hot":true},{"id":2453,"guid":"https://www.bleepingcomputer.com/news/security/ai-built-ransomware-toolkit-automates-edr-evasion-ad-discovery/","source_key":"bleeping","title":"AI-built ransomware toolkit automates EDR evasion, AD discovery","link":"https://www.bleepingcomputer.com/news/security/ai-built-ransomware-toolkit-automates-edr-evasion-ad-discovery/","published":"2026-06-02T20:01:20.000Z","teaser":"AI-built ransomware toolkit automates EDR evasion and AD discovery.","summary":"A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. This toolkit is designed to make it easier for attackers to launch targeted ransomware attacks. The toolkit's AI capabilities allow it to adapt to different environments and evade detection by EDR solutions. The toolkit's AD discovery feature helps attackers identify and target specific systems and users within an organization's Active Directory. This makes it a more sophisticated and effective tool for ransomware attacks. Organizations should be aware of this toolkit and take steps to protect themselves, such as implementing robust EDR solutions and regularly updating their systems.","tags":["ransomware","ai"],"severity":"high","actionable":true,"cves":[],"read_min":3,"score":103,"also_from":[],"src":"bleeping","hrs":14.12478,"rm":3,"act":true,"sev":"high","hot":true},{"id":2452,"guid":"https://www.bleepingcomputer.com/news/security/over-116-000-mincraft-systems-infected-in-weedhack-malware-campaign/","source_key":"bleeping","title":"Over 116,000 Mincraft systems infected in WeedHack malware campaign","link":"https://www.bleepingcomputer.com/news/security/over-116-000-mincraft-systems-infected-in-weedhack-malware-campaign/","published":"2026-06-02T21:54:49.000Z","teaser":"Over 116,000 Minecraft systems infected in WeedHack malware campaign.","summary":"A large-scale malware campaign called WeedHack is targeting Minecraft players. The campaign has infected more than 116,000 systems since January. The malware is likely being spread through phishing or drive-by downloads, but the exact method is not specified. The affected systems are not limited to a specific region or age group, suggesting a widespread attack. Minecraft players are advised to be cautious when downloading files or clicking on links, especially from unknown sources.","tags":["malware"],"severity":"medium","actionable":true,"cves":[],"read_min":2,"score":94,"also_from":[],"src":"bleeping","hrs":12.23339111111111,"rm":2,"act":true,"sev":"medium","hot":true},{"id":2449,"guid":"https://www.bleepingcomputer.com/news/security/instagram-users-locked-out-after-meta-ai-abused-to-steal-accounts/","source_key":"bleeping","title":"Instagram users locked out after Meta AI abused to steal accounts","link":"https://www.bleepingcomputer.com/news/security/instagram-users-locked-out-after-meta-ai-abused-to-steal-accounts/","published":"2026-06-02T15:47:33.000Z","teaser":"Instagram users locked out after Meta AI abused to steal accounts","summary":"Attackers exploited Meta's AI-powered support tools to hijack multiple Instagram accounts. The attackers convinced the AI that they were the legitimate owners, allowing them to gain access to the accounts. This incident highlights the potential risks of relying on AI-powered systems for security and authentication. Meta has not disclosed the number of affected users or the extent of the breach. Users who have been locked out of their accounts should contact Meta's support directly to regain access. There is no indication that user data was compromised in this incident.","tags":["breach","ai"],"severity":"medium","actionable":true,"cves":[],"read_min":3,"score":94,"also_from":[],"src":"bleeping","hrs":18.354502222222223,"rm":3,"act":true,"sev":"medium","hot":true},{"id":2402,"guid":"https://www.schneier.com/?p=72122","source_key":"schneier","title":"Vulnerability Disclosure in the Age of AI","link":"https://www.schneier.com/blog/archives/2026/06/vulnerability-disclosure-in-the-age-of-ai.html","published":"2026-06-01T16:49:39.000Z","teaser":"AI models can now quickly identify exploitable software vulnerabilities, exposing decades of accumulated technical debt.","summary":"A new article by Melissa Hathaway argues that the rapid advancement of artificial intelligence (AI) is disrupting the balance between vulnerability discovery and remediation. AI models can now autonomously identify exploitable software vulnerabilities at an unprecedented speed and scale. This development highlights the accumulated technical debt created by the software industry's prioritization of rapid deployment over security. The article calls for urgent action to address this issue.","tags":["vuln","policy"],"severity":"medium","actionable":false,"cves":[],"read_min":5,"score":94,"also_from":[],"src":"schneier","hrs":41.31950222222222,"rm":5,"act":false,"sev":"medium","hot":true},{"id":2397,"guid":"https://research.checkpoint.com/?p=33119","source_key":"checkpoint","title":"1st June – Threat Intelligence Report","link":"https://research.checkpoint.com/2026/1st-june-threat-intelligence-report/","published":"2026-06-01T14:43:11.000Z","teaser":"Carnival Corporation confirms data breach affecting nearly 6 million people.","summary":"Carnival Corporation, a global cruise line operator, has confirmed a data breach affecting nearly 6 million people. Attackers used social engineering to compromise an employee account, potentially exposing names, contact information, and other sensitive data. The breach is a reminder of the importance of employee education and account security. Carnival Corporation has not disclosed the exact nature of the exposed information or the extent of the breach. It is recommended that affected individuals monitor their accounts and credit reports for suspicious activity.","tags":["breach"],"severity":"medium","actionable":true,"cves":[],"read_min":2,"score":94,"also_from":[],"src":"checkpoint","hrs":43.42728,"rm":2,"act":true,"sev":"medium","hot":true},{"id":2376,"guid":"https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-kb5089549-windows-security-update-install-issues/","source_key":"bleeping","title":"Microsoft fixes KB5089549 Windows security update install issues","link":"https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-kb5089549-windows-security-update-install-issues/","published":"2026-06-01T10:59:43.000Z","teaser":"Microsoft fixes installation issues with Windows 11 security update KB5089549.","summary":"Microsoft has resolved a known issue that was causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). The issue was specific to the installation of this particular update. No further details on the cause of the issue or the fix are provided. This update is a security update, so it's recommended to install it to ensure your system is up-to-date and secure. If you were experiencing issues with installing this update, you can try installing it again to see if the fix resolves the problem.","tags":["vuln","cloud"],"severity":"medium","actionable":true,"cves":[],"read_min":2,"score":94,"also_from":[],"src":"bleeping","hrs":47.15172444444445,"rm":2,"act":true,"sev":"medium","hot":true},{"id":2467,"guid":"https://www.helpnetsecurity.com/?p=372642","source_key":"helpnet","title":"What CISOs need to do about post-quantum migration in the next 24 months","link":"https://www.helpnetsecurity.com/2026/06/03/post-quantum-migration-timeline-video/","published":"2026-06-03T04:30:27.000Z","teaser":"CISOs have 2.5 years to prepare for post-quantum migration due to accelerated quantum computer timeline.","summary":"A recent Google paper has moved the expected arrival of a cryptographically relevant quantum computer from 2035 to 2029, leaving organizations with a short window to prepare. CISOs should start planning for post-quantum migration over the next 24 months. This involves assessing the current use of public key encryption and identifying areas where it is used. Organizations should also start exploring alternative encryption methods that are resistant to quantum attacks. This is a complex task that requires significant resources and expertise, but it is essential to ensure the long-term security of sensitive data. CISOs should prioritize this effort and work with their teams to develop a plan for post-quantum migration.","tags":["policy","cloud","ai"],"severity":"medium","actionable":true,"cves":[],"read_min":5,"score":93,"also_from":[],"src":"helpnet","hrs":5.639502222222222,"rm":5,"act":true,"sev":"medium","hot":true},{"id":2443,"guid":"https://www.helpnetsecurity.com/?p=373036","source_key":"helpnet","title":"64,000 accounts exposed in breach of GTA V cheat service Atlas Menu","link":"https://www.helpnetsecurity.com/2026/06/02/atlas-menu-cheat-service-data-breach/","published":"2026-06-02T13:00:21.000Z","teaser":"64,000 user accounts exposed in breach of GTA V cheat service Atlas Menu.","summary":"A data breach at Atlas Menu, a cheat service for Grand Theft Auto V and Counter-Strike 2, has exposed approximately 64,000 user accounts. The compromised data includes email addresses, usernames, IP addresses, support tickets, and passwords hashed with bcrypt. The attacker claimed to have compromised all Atlas systems and leaked the service's database through a public GitHub repository. It is unclear what motivated the breach or how the attacker gained access to the system. Users affected by the breach can check if their email address has been exposed on the Have I Been Pwned database.","tags":["breach","malware"],"severity":"medium","actionable":true,"cves":[],"read_min":3,"score":93,"also_from":[],"src":"helpnet","hrs":21.14116888888889,"rm":3,"act":true,"sev":"medium","hot":true},{"id":2428,"guid":"https://www.malwarebytes.com/blog/mobile/2026/06/fake-virus-alerts-are-invading-mobile-games","source_key":"malwarebytes","title":"Fake virus alerts are invading mobile games","link":"https://www.malwarebytes.com/blog/mobile/2026/06/fake-virus-alerts-are-invading-mobile-games","published":"2026-06-02T09:03:55.000Z","teaser":"Fake virus alerts are invading mobile games, turning in-game ads into malware traps.","summary":"Mobile gamers are being targeted by fake virus alerts and account warnings that appear in-game. These alerts are actually malware traps designed to trick users into installing malicious software. The alerts often claim that the user's device is infected or that their account has been compromised. In reality, the goal is to install malware or steal sensitive information. This type of attack is often seen in low-quality or untrusted mobile games. To avoid falling victim to these scams, users should be cautious when clicking on in-game ads and never install software from unknown sources. If you see a suspicious alert, close the game and do not interact with it.","tags":["malware","breach"],"severity":"medium","actionable":true,"cves":[],"read_min":2,"score":93,"also_from":[],"src":"malwarebytes","hrs":25.081724444444443,"rm":2,"act":true,"sev":"medium","hot":true},{"id":2395,"guid":"https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-office-apps-teams-file-access-issues/","source_key":"bleeping","title":"Microsoft investigates Office Apps, Teams file access issues","link":"https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-office-apps-teams-file-access-issues/","published":"2026-06-01T14:36:46.000Z","teaser":"Microsoft investigates issues with Teams and Office Apps file access.","summary":"Microsoft is investigating an ongoing incident affecting users of its Teams collaboration platform and free Office for the web cloud-based productivity suite. The issue prevents users from opening files. The company has not disclosed the cause or scope of the problem. It is unclear how many users are affected. Microsoft has not provided a timeline for resolving the issue. Users experiencing the problem should contact Microsoft support for assistance.","tags":["cloud"],"severity":"medium","actionable":true,"cves":[],"read_min":2,"score":93,"also_from":[],"src":"bleeping","hrs":43.53422444444445,"rm":2,"act":true,"sev":"medium","hot":true},{"id":2461,"guid":"https://www.malwarebytes.com/blog/threat-intel/2026/06/these-convincing-copyright-notices-are-designed-to-steal-google-logins","source_key":"malwarebytes","title":"These convincing copyright notices are designed to steal Google logins","link":"https://www.malwarebytes.com/blog/threat-intel/2026/06/these-convincing-copyright-notices-are-designed-to-steal-google-logins","published":"2026-06-02T18:24:07.000Z","teaser":"Scammers use fake copyright notices to steal Google logins from Chrome developers.","summary":"Scammers are targeting Chrome developers with convincing fake copyright notices designed to steal Google logins. The scammers use fake takedown requests, countdown timers, and spoofed sign-in screens to trick developers into handing over their login credentials. This is a phishing attack, where the scammers are trying to trick the developers into thinking their account is being compromised or that they need to sign in to verify their account. The scammers are using this tactic to steal Google logins, which can be used to access sensitive information and take control of the developer's account. To avoid falling victim to this scam, developers should be cautious when receiving emails or notifications that ask them to sign in or verify their account. They should also be aware of the tactics used by scammers to trick them into handing over their login credentials.","tags":["malware","breach"],"severity":"medium","actionable":true,"cves":[],"read_min":3,"score":89,"also_from":[],"src":"malwarebytes","hrs":15.745057777777777,"rm":3,"act":true,"sev":"medium","hot":true},{"id":2444,"guid":"https://therecord.media/red-hat-removes-tainted-packages-after-software-pipeline-compromise","source_key":"therecord","title":"Red Hat removes tainted packages after software pipeline compromise","link":"https://therecord.media/red-hat-removes-tainted-packages-after-software-pipeline-compromise","published":"2026-06-02T13:42:00.000Z","teaser":"Red Hat removes tainted packages after GitHub account compromise.","summary":"Red Hat has removed 32 packages from its software repository after discovering a compromised GitHub account was used to push malicious code to customers. The affected packages were downloaded approximately 117,000 times per week. The company's preliminary analysis suggests that a GitHub account was compromised, allowing attackers to push the malicious code. This incident highlights the importance of secure software development practices and the need for regular security audits. Red Hat has removed the tainted packages and is working to prevent similar incidents in the future.","tags":["vuln","supplychain"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":74,"also_from":[],"src":"therecord","hrs":20.44700222222222,"rm":2,"act":false,"sev":"medium","hot":false},{"id":2416,"guid":"https://www.bleepingcomputer.com/news/security/hackers-hijack-thousands-of-sites-for-clickfix-and-fakeupdate-attacks/","source_key":"bleeping","title":"Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks","link":"https://www.bleepingcomputer.com/news/security/hackers-hijack-thousands-of-sites-for-clickfix-and-fakeupdate-attacks/","published":"2026-06-01T22:14:19.000Z","teaser":"Hackers hijack thousands of sites for malware distribution campaigns.","summary":"A threat actor known as DriveSurge has been using compromised websites to distribute malware through ClickFix and FakeUpdate attacks. These attacks involve hijacking websites to display fake error messages or update notifications that actually install malware on visitors' devices. The compromised sites are likely to be thousands in number, but the exact figure is not specified. The malware distribution campaigns are a significant concern as they can affect a large number of users. There is no information on how to prevent or mitigate these attacks, but users are advised to be cautious when visiting websites and avoid clicking on suspicious links or pop-ups.","tags":["malware","breach"],"severity":"medium","actionable":false,"cves":[],"read_min":3,"score":74,"also_from":[],"src":"bleeping","hrs":35.90839111111111,"rm":3,"act":false,"sev":"medium","hot":false},{"id":2414,"guid":"https://www.bleepingcomputer.com/news/security/spain-arrests-doxer-leaking-sensitive-data-of-govt-employees/","source_key":"bleeping","title":"Spain arrests doxer leaking sensitive data of govt employees","link":"https://www.bleepingcomputer.com/news/security/spain-arrests-doxer-leaking-sensitive-data-of-govt-employees/","published":"2026-06-01T21:28:41.000Z","teaser":"Spanish police arrest individual leaking sensitive data of govt employees.","summary":"The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute (INCIBE). The arrested individual was identified as a doxer, someone who leaks personal data of individuals online. The leaked data included sensitive information such as personal details, addresses, and phone numbers of government employees. The investigation into the doxer's activities is ongoing, and it is unclear what motivated the individual to leak the sensitive information. The arrest is a significant step in protecting the privacy and security of government employees in Spain.","tags":["breach"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":74,"also_from":[],"src":"bleeping","hrs":36.66894666666666,"rm":2,"act":false,"sev":"medium","hot":false},{"id":2408,"guid":"https://www.bleepingcomputer.com/news/security/dashlane-password-manager-users-locked-out-by-brute-force-attacks/","source_key":"bleeping","title":"Dashlane password manager users locked out by brute force attacks","link":"https://www.bleepingcomputer.com/news/security/dashlane-password-manager-users-locked-out-by-brute-force-attacks/","published":"2026-06-01T18:17:13.000Z","teaser":"Dashlane users locked out by brute-force attacks from unknown devices.","summary":"Dashlane users have been targeted by brute-force attacks, resulting in some being locked out of their accounts. The attacks originated from distant locations and unknown devices. This suggests that the attackers may have obtained a list of usernames and passwords, which they are attempting to use to gain unauthorized access to the accounts. Dashlane has not commented on the incident, but users are advised to check their account activity and report any suspicious behavior to the company. It is unclear what actions users can take to prevent similar attacks in the future, as the attackers may have obtained the necessary information through a data breach or other means.","tags":["breach","malware"],"severity":"medium","actionable":false,"cves":[],"read_min":3,"score":74,"also_from":[],"src":"bleeping","hrs":39.860057777777776,"rm":3,"act":false,"sev":"medium","hot":false},{"id":2390,"guid":"https://www.helpnetsecurity.com/?p=372788","source_key":"helpnet","title":"Brute-force attack triggers Dashlane account lockouts","link":"https://www.helpnetsecurity.com/2026/06/01/dashlane-brute-force-attack-user-accounts/","published":"2026-06-01T13:49:34.000Z","teaser":"Dashlane users experienced account lockouts due to a brute-force attack.","summary":"Dashlane users reported receiving account suspension emails and experiencing login problems due to a brute-force attack targeting their accounts. The company acknowledged the incident on May 31 and stated that the attack triggered temporary account suspensions. Users received emails stating that their account was suspended for security reasons, as someone had attempted to register a new device and failed to enter the correct token after several tries. It is unclear how the attack was carried out or what measures Dashlane is taking to prevent similar incidents in the future. Users who experienced issues should have already received emails from Dashlane regarding the suspension of their accounts. No further action is required.","tags":["breach"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":74,"also_from":[],"src":"helpnet","hrs":44.32089111111111,"rm":2,"act":false,"sev":"medium","hot":false},{"id":2388,"guid":"https://www.helpnetsecurity.com/?p=372787","source_key":"helpnet","title":"Cato cuts vulnerability protection time to 45 minutes with agentic threat research","link":"https://www.helpnetsecurity.com/2026/06/01/cato-networks-agentic-threat-research/","published":"2026-06-01T13:14:32.000Z","teaser":"Cato Networks reduces vulnerability protection time to 45 minutes with agentic threat research.","summary":"Cato Networks has introduced a new capability that cuts the time it takes to protect against newly disclosed vulnerabilities from hours to 45 minutes. This is made possible by agentic threat research, which accelerates protection against emerging exploits. Traditional security methods rely on a slow patching cycle, where vendors develop protections, customers receive updates, and teams test them before upgrading or configuring thousands of distributed appliances. In contrast, Cato's approach enables faster protection by leveraging machine learning and automation to quickly identify and block threats. This reduction in time-to-protect can help organizations stay ahead of emerging threats and minimize the risk of exploitation.","tags":["vuln","tools"],"severity":"medium","actionable":false,"cves":[],"read_min":3,"score":74,"also_from":[],"src":"helpnet","hrs":44.90478,"rm":3,"act":false,"sev":"medium","hot":false},{"id":2480,"guid":"https://www.malwarebytes.com/blog/threat-intel/2026/06/infostealers-are-becoming-the-go-to-phishing-payload","source_key":"malwarebytes","title":"Infostealers are becoming the go-to phishing payload","link":"https://www.malwarebytes.com/blog/threat-intel/2026/06/infostealers-are-becoming-the-go-to-phishing-payload","published":"2026-06-03T08:59:47.000Z","teaser":"Cybercriminals prefer infostealers over traditional phishing due to reduced friction and scalability.","summary":"Infostealers are becoming the preferred phishing payload among cybercriminals. This shift is attributed to the reduced friction and scalability they offer compared to traditional phishing techniques. Infostealers are widely available, making it easy for attackers to obtain and use them. As a result, they are becoming the go-to choice for phishing attacks.","tags":["malware","phishing"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":73,"also_from":[],"src":"malwarebytes","hrs":1.1506133333333333,"rm":2,"act":false,"sev":"medium","hot":false},{"id":2466,"guid":"https://www.helpnetsecurity.com/?p=372595","source_key":"helpnet","title":"Known vulnerabilities behind most application security incidents","link":"https://www.helpnetsecurity.com/2026/06/03/csa-application-security-incidents/","published":"2026-06-03T04:00:18.000Z","teaser":"Eight in ten organizations suffered an app security incident due to a known vulnerability.","summary":"A survey of 902 IT and security professionals found that 80% of organizations experienced an application security incident in the past year due to a known vulnerability. This suggests a structural issue in the industry where the time between identifying a flaw and patching it in production is too long, allowing attackers to exploit it. This pattern points to a need for more efficient vulnerability management and patching processes.","tags":["vuln"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":73,"also_from":[],"src":"helpnet","hrs":6.142002222222223,"rm":2,"act":false,"sev":"medium","hot":false},{"id":2451,"guid":"https://www.cybersecuritydive.com/news/dozens-red-hat-npm-packages-supply-chain-attack/821723/","source_key":"cybersecdive","title":"Dozens of Red Hat npm packages targeted in supply- chain attack","link":"https://www.cybersecuritydive.com/news/dozens-red-hat-npm-packages-supply-chain-attack/821723/","published":"2026-06-02T15:13:15.000Z","teaser":"Dozens of Red Hat npm packages targeted in supply-chain attack.","summary":"Researchers have discovered a supply-chain attack targeting dozens of Red Hat npm packages. The attack involves a variant of the mini Shai-Hulud, a type of malware. The compromised packages were likely used to deliver the malware to users. The exact impact of the attack is not yet clear, but it is likely that users who installed the affected packages may have been exposed to the malware. Red Hat has not yet commented on the attack or provided guidance on how to mitigate it.","tags":["supplychain","malware"],"severity":"medium","actionable":false,"cves":[],"read_min":5,"score":73,"also_from":[],"src":"cybersecdive","hrs":18.92616888888889,"rm":5,"act":false,"sev":"medium","hot":false},{"id":2430,"guid":"https://www.malwarebytes.com/blog/data-breaches/2026/06/23andme-exposed-genetic-information-of-millions-lawsuit-says","source_key":"malwarebytes","title":"23andMe exposed genetic information of millions, lawsuit says","link":"https://www.malwarebytes.com/blog/data-breaches/2026/06/23andme-exposed-genetic-information-of-millions-lawsuit-says","published":"2026-06-02T09:53:19.000Z","teaser":"California lawsuit claims 23andMe exposed genetic data of nearly 7 million users.","summary":"A California lawsuit alleges that 23andMe, a genetic testing company, exposed the genetic information of nearly seven million users. The lawsuit claims that the exposure began with stolen passwords. The exact nature of the exposure and how it occurred are not specified in the article. It is unclear what specific actions users can take in response to this incident. The lawsuit is ongoing.","tags":["breach"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":73,"also_from":[],"src":"malwarebytes","hrs":24.258391111111113,"rm":2,"act":false,"sev":"medium","hot":false},{"id":2404,"guid":"https://www.bleepingcomputer.com/news/security/wordpress-malware-campaign-hides-payloads-in-steam-profiles/","source_key":"bleeping","title":"WordPress malware campaign hides payloads in Steam profiles","link":"https://www.bleepingcomputer.com/news/security/wordpress-malware-campaign-hides-payloads-in-steam-profiles/","published":"2026-06-01T17:04:16.000Z","teaser":"WordPress sites infected with malware hiding in Steam profiles.","summary":"A malware campaign has infected nearly 2,000 WordPress websites. The malware uses Steam Community profile comments to hide command-and-control (C2) data. This allows attackers to control the malware without raising suspicion. The affected websites are not specified, but it's likely that users who visit these sites may be at risk of infection. There is no information on how the malware was initially spread or how to prevent future infections. However, users are advised to keep their WordPress sites and Steam accounts secure.","tags":["malware","breach"],"severity":"medium","actionable":false,"cves":[],"read_min":3,"score":73,"also_from":[],"src":"bleeping","hrs":41.07589111111111,"rm":3,"act":false,"sev":"medium","hot":false},{"id":2401,"guid":"https://www.malwarebytes.com/blog/threat-intel/2026/06/fake-bluewallet-steals-passwords-accounts-and-crypto-from-macs","source_key":"malwarebytes","title":"Fake BlueWallet steals passwords, accounts, and crypto from Macs","link":"https://www.malwarebytes.com/blog/threat-intel/2026/06/fake-bluewallet-steals-passwords-accounts-and-crypto-from-macs","published":"2026-06-01T14:40:25.000Z","teaser":"Fake BlueWallet download steals passwords, crypto, and clipboard data from Macs.","summary":"A fake BlueWallet download has been discovered to run malware on Macs, stealing sensitive information. The malware targets passwords, crypto wallets, and clipboard data. This means that if you have cryptocurrency wallets or sensitive login credentials stored on your Mac, you may be at risk. The malware is distributed through a fake download of the popular BlueWallet app, which is used for managing cryptocurrency wallets. If you have downloaded BlueWallet recently, it's essential to check your Mac for any suspicious activity and consider reinstalling the app from a trusted source. However, there is no specific action to take at this time, as the article does not provide any information on how to remove the malware or prevent future infections.","tags":["malware"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":73,"also_from":[],"src":"malwarebytes","hrs":43.47339111111111,"rm":2,"act":false,"sev":"medium","hot":false},{"id":2393,"guid":"https://www.bleepingcomputer.com/news/security/race-against-time-why-faster-vulnerability-alerts-matter/","source_key":"bleeping","title":"Race Against Time: Why Faster Vulnerability Alerts Matter","link":"https://www.bleepingcomputer.com/news/security/race-against-time-why-faster-vulnerability-alerts-matter/","published":"2026-06-01T14:00:10.000Z","teaser":"Faster vulnerability alerts can help reduce exposure and improve response times.","summary":"Attackers are exploiting vulnerabilities before many organizations can identify and patch them. This is because the time between a vulnerability being disclosed and it being exploited is shrinking. SecAlerts emphasizes the importance of faster vulnerability alerts to help organizations stay ahead of attackers. By providing timely alerts, organizations can quickly identify and patch vulnerabilities, reducing their exposure to attacks. This can improve response times and help prevent costly breaches.","tags":["vuln","policy"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":73,"also_from":[],"src":"bleeping","hrs":44.14422444444445,"rm":2,"act":false,"sev":"medium","hot":false},{"id":2377,"guid":"https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-outage-affecting-mfa-my-sign-ins-platform/","source_key":"bleeping","title":"Microsoft confirms outage affecting MFA, My Sign-Ins platform","link":"https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-outage-affecting-mfa-my-sign-ins-platform/","published":"2026-06-01T11:40:16.000Z","teaser":"Microsoft confirms outage affecting MFA and My Sign-Ins platform setup.","summary":"Microsoft is experiencing an outage that prevents customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. The issue is ongoing, and Microsoft is working to address it. The outage does not appear to be related to a security incident, and there is no indication of any data breaches or unauthorized access. Customers are unable to set up MFA or access their sign-in history, but this does not affect the overall security of their accounts. Microsoft has not provided a timeline for when the issue will be resolved.","tags":["cloud"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":73,"also_from":[],"src":"bleeping","hrs":46.47589111111111,"rm":2,"act":false,"sev":"medium","hot":false},{"id":2424,"guid":"https://www.helpnetsecurity.com/?p=372882","source_key":"helpnet","title":"Sensitive government personnel data posted online, Spanish police arrest suspect","link":"https://www.helpnetsecurity.com/2026/06/02/spain-government-data-leak-arrest/","published":"2026-06-02T07:43:40.000Z","teaser":"Spanish police arrest suspect for leaking sensitive government personnel data online.","summary":"The Spanish National Police arrested a man in Granada for allegedly leaking personal data belonging to members of several sensitive state institutions. The suspect published the information on multiple online platforms, exposing personnel associated with organizations including the National Cybersecurity Institute (INCIBE), the National Security Council, the National Police, the Civil Guard, the State Attorney General’s Office, the Ministry of Finance, and the Tax Agency. The leaked data likely includes sensitive information such as names, addresses, and employment details. It is unclear how the suspect obtained the data or what the motive was behind the leak. The Spanish authorities are investigating the incident and the suspect is being held for questioning. The incident highlights the importance of protecting sensitive information and the need for robust security measures to prevent data breaches.","tags":["breach"],"severity":"medium","actionable":false,"cves":[],"read_min":3,"score":71,"also_from":[],"src":"helpnet","hrs":26.419224444444446,"rm":3,"act":false,"sev":"medium","hot":false},{"id":2432,"guid":"https://www.schneier.com/?p=72128","source_key":"schneier","title":"The Intersection of Encryption and AI","link":"https://www.schneier.com/blog/archives/2026/06/the-intersection-of-encryption-and-ai.html","published":"2026-06-02T11:06:25.000Z","teaser":"Bruce Schneier warns that cryptography can't secure modern networks.","summary":"Renowned technologist Bruce Schneier has been warning about the limitations of cryptography in securing modern networks since 2000. In a 2010 column, he argued that cryptography alone cannot protect against the complexities of modern networks. Schneier's point remains relevant today, as the intersection of encryption and AI raises new challenges. While encryption is essential for protecting data, it is not a silver bullet against sophisticated threats. Schneier's warning serves as a reminder that a comprehensive security approach must consider multiple layers of defense, including network architecture, user behavior, and AI-powered threat detection. There is no immediate action required for readers, but awareness of this issue is essential for developing effective security strategies.","tags":["policy","ai"],"severity":"info","actionable":false,"cves":[],"read_min":5,"score":69,"also_from":[],"src":"schneier","hrs":23.04005777777778,"rm":5,"act":false,"sev":"info","hot":false},{"id":2398,"guid":"https://www.cybersecuritydive.com/news/ai-cyberattacks-credit-ratings-sp-analysis/821599/","source_key":"cybersecdive","title":"Without strong governance, companies put credit ratings at risk in AI era","link":"https://www.cybersecuritydive.com/news/ai-cyberattacks-credit-ratings-sp-analysis/821599/","published":"2026-06-01T14:45:33.000Z","teaser":"Companies risk damaging credit ratings without strong AI governance.","summary":"A report from S&P Global highlights the importance of effective governance in the AI era. Without strong governance, companies may struggle to manage AI-related risks, potentially damaging their credit ratings. The report provides a blueprint for companies to adapt to the changing threat environment. This includes implementing robust risk management practices, ensuring transparency and accountability, and fostering a culture of innovation and experimentation. By taking these steps, companies can mitigate potential risks and maintain a strong credit rating.","tags":["policy"],"severity":"info","actionable":true,"cves":[],"read_min":3,"score":69,"also_from":[],"src":"cybersecdive","hrs":43.387835555555554,"rm":3,"act":true,"sev":"info","hot":false},{"id":2454,"guid":"https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-outage-causes-email-delays-failures/","source_key":"bleeping","title":"Microsoft Exchange Online outage causes email delays, failures","link":"https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-outage-causes-email-delays-failures/","published":"2026-06-02T17:02:40.000Z","teaser":"Microsoft Exchange Online outage causes email delays and failures for customers in North America and Germany.","summary":"Microsoft is experiencing a service issue affecting the mail flow pipeline for Exchange Online customers in North America and Germany. This has resulted in email delays and failures. The cause of the issue is not specified. Microsoft is working to address the problem. No further information is available at this time.","tags":["cloud"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":67,"also_from":[],"src":"bleeping","hrs":17.10255777777778,"rm":2,"act":false,"sev":"medium","hot":false},{"id":2462,"guid":"/node/24944","source_key":"cisa","title":"CISA and Partners Urge Hardening Automatic Tank Gauge Systems","link":"https://www.cisa.gov/resources-tools/resources/cisa-and-partners-urge-hardening-automatic-tank-gauge-systems","published":"2026-06-02T12:00:00.000Z","teaser":"CISA and partners urge hardening of Automatic Tank Gauge Systems to prevent potential cyber threats.","summary":"CISA and several government agencies have issued a joint advisory urging owners and operators of Automatic Tank Gauge (ATG) systems to harden their systems against potential cyber threats. ATG systems are used to monitor and control the level of fuel in storage tanks, and are commonly found in the oil and gas industry. The advisory notes that malicious actors may attempt to compromise ATG systems to disrupt fuel supply chains or gain unauthorized access to sensitive information. To mitigate this risk, the authoring organizations recommend implementing security measures such as network segmentation, access controls, and regular software updates. They also recommend conducting risk assessments and implementing incident response plans to quickly respond to potential security incidents.","tags":["ics"],"severity":"medium","actionable":true,"cves":[],"read_min":5,"score":64,"also_from":[],"src":"cisa","hrs":22.147002222222223,"rm":5,"act":true,"sev":"medium","hot":false},{"id":2440,"guid":"https://www.sentinelone.com/?post_type=labs&p=140313","source_key":"sentinelone","title":"LABScon25 Replay | Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine","link":"https://www.sentinelone.com/labs/labscon25-replay-gamaredon-x-turla-unveiling-a-2025-espionage-alliance-targeting-ukraine/","published":"2026-06-02T13:00:58.000Z","teaser":"Gamaredon and Turla espionage groups collaborate to target Ukraine.","summary":"ESET researchers have uncovered a rare alliance between Gamaredon and Turla, two FSB-linked espionage groups. This collaboration allowed Turla to gain access to Ukrainian targets facilitated by Gamaredon. The joint effort highlights a new level of cooperation between these groups, which typically operate independently. The exact nature and scope of their operations remain unclear, but this revelation sheds light on the evolving landscape of espionage activities.","tags":["apt"],"severity":"medium","actionable":false,"cves":[],"read_min":5,"score":59,"also_from":[],"src":"sentinelone","hrs":21.13089111111111,"rm":5,"act":false,"sev":"medium","hot":false},{"id":2438,"guid":"https://therecord.media/spain-arrests-suspected-hacker-for-publishing-data-on-sensitive-government-workers","source_key":"therecord","title":"Spain arrests suspected hacker for publishing personal data of police, prosecutors and cyber officials","link":"https://therecord.media/spain-arrests-suspected-hacker-for-publishing-data-on-sensitive-government-workers","published":"2026-06-01T23:00:00.000Z","teaser":"Spain arrests suspected hacker for publishing personal data of police, prosecutors, and cyber officials.","summary":"Spanish police arrested a suspected hacker for allegedly publishing personal data of police, prosecutors, and cyber officials. The incident was described as a large-scale disclosure of sensitive personal information. The data was posted on multiple internet platforms, posing a threat to the affected individuals and institutions. The exact details of the data breach and the platforms used are not specified.","tags":["breach"],"severity":"medium","actionable":false,"cves":[],"read_min":2,"score":54,"also_from":[],"src":"therecord","hrs":35.14700222222222,"rm":2,"act":false,"sev":"medium","hot":false},{"id":2476,"guid":"https://www.helpnetsecurity.com/?p=373161","source_key":"helpnet","title":"Microsoft Scout agent opens a new category of always-on Autopilots","link":"https://www.helpnetsecurity.com/2026/06/03/microsoft-scout-personal-agent/","published":"2026-06-03T08:28:32.000Z","teaser":"Microsoft introduces Microsoft Scout, an always-on AI assistant for Office applications.","summary":"Microsoft has introduced Microsoft Scout, a new AI assistant designed to run in the background of Office applications. Unlike traditional AI assistants, Scout is an always-on agent that continues to operate even after a user stops interacting with it. Microsoft is labeling Scout as the first entry in a new category it calls Autopilots. Autopilots are designed to perform tasks and provide assistance without requiring explicit user input. Microsoft has not provided further details on how Scout will be used or what specific tasks it will perform.","tags":["ai"],"severity":"info","actionable":false,"cves":[],"read_min":2,"score":50,"also_from":[],"src":"helpnet","hrs":1.6714466666666667,"rm":2,"act":false,"sev":"info","hot":false},{"id":2477,"guid":"https://www.helpnetsecurity.com/?p=373156","source_key":"helpnet","title":"Anthropic expands Project Glasswing to 150 organizations in more than 15 countries","link":"https://www.helpnetsecurity.com/2026/06/03/anthropic-project-glasswing-expansion/","published":"2026-06-03T08:23:13.000Z","teaser":"Anthropic expands Project Glasswing to 150 organizations across 15+ countries.","summary":"Anthropic is expanding its cybersecurity initiative, Project Glasswing, to include 150 new organizations. The program, built around the Claude Mythos Preview model, has been working with an initial group of partners, security firms, open-source maintainers, and government agencies. To join the program, organizations must meet security requirements. The expansion brings the program to organizations in over 15 countries, including sectors such as healthcare and finance. The goal of Project Glasswing is to improve cybersecurity through collaboration and knowledge sharing.","tags":["policy","tools"],"severity":"info","actionable":false,"cves":[],"read_min":2,"score":50,"also_from":[],"src":"helpnet","hrs":1.7600577777777777,"rm":2,"act":false,"sev":"info","hot":false}],"generated":"2026-06-03T10:08:49.259Z","count":50,"ioc_count":1}