This posting is here to collect cyber security news in June 2026.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in June 2026.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
47 Comments
Tomi Engdahl says:
Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads
Dashlane’s security systems automatically locked accounts to protect them against the hacking attempts.
https://www.securityweek.com/dashlane-brute-force-attack-leads-to-limited-encrypted-vault-downloads/
Tomi Engdahl says:
Trump Signs Executive Order That Invites Vetting of Top AI Models for National Security Risks
The order establishes a framework for the federal government to vet the national security risks of the most advanced AI systems for up to a month before their public release.
https://www.securityweek.com/trump-signs-executive-order-that-invites-vetting-of-top-ai-models-for-national-security-risks/
President Donald Trump signed an executive order on oversight of artificial intelligence Tuesday, less than two weeks after postponing a White House ceremony over his concerns that a similar policy could dull America’s technological edge.
The order establishes a framework for the federal government to vet the national security risks of the most advanced AI systems for up to a month before their public release. Participation by AI developers would be voluntary, the order says.
“Advanced AI capabilities make our Nation stronger, but also introduce new national security considerations that require coordinated action across executive departments and agencies,” the order says.
Tomi Engdahl says:
Vulnerabilities
19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access
Proof-of-concept (PoC) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux systems.
https://www.securityweek.com/19-year-old-linux-kernel-vulnerability-exposes-systems-to-root-access/
Tomi Engdahl says:
Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs
Organizations are advised to patch CVE-2026-41089 as soon as possible, given its severity, the potential ongoing exploitation.
https://www.securityweek.com/critical-windows-netlogon-vulnerability-in-attackers-crosshairs/
Tomi Engdahl says:
Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis
As AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control.
https://www.securityweek.com/two-new-reports-offer-competing-explanations-for-cybersecuritys-growing-crisis/
Two reports offer differing viewpoints. One suggests a failure of tools to provide what security teams really need. The other suggests the tools exist but are not properly managed.
The industrialization of cybercrime threatens to overwhelm cyber defense. It’s a process that started before the arrival of ChatGPT, was supercharged by the age of AI, and is now typified as the post-Mythos era. It’s a time when defenders must improve their performance or cede the battleground to the adversary. Applications are the battlefield. The speed, scale and sophistication of AI-assisted attacks is difficult to contain.
“AI is not just creating more vulnerabilities. It is exposing the fact that companies cannot fix known vulnerabilities fast enough,” explains Daniel Shechter, CEO and co-founder at Miggo Security. “For years, security programs have been measured by how well they find risk before software goes live. Frontier AI like Mythos changes the question. If attackers can move from disclosure to exploit in hours, boards and CISOs need to understand how long the business remains exposed, and what can be done to mitigate quickly and efficiently.”
The Cloud Security Alliance (CSA) State of Modern Application and AI Security report (PDF), commissioned by Miggo and published on June 2, 2026, confirms and explains this new reality. CSA surveyed more than 900 cybersecurity leaders and found that vulnerabilities in this post-Mythos era are evading the pre-production phase while 82% of organizations lack effective runtime visibility.
“The real challenge begins once applications are in production, where security teams must rapidly determine which exposures are truly exploitable, prioritize the risks that matter most, and respond before attackers can take advantage,” suggests Daniel Shechter, CEO and co-founder at Miggo Security.
Most breaches are driven by known vulnerabilities. Eighty percent of the companies surveyed have suffered at least one incident involving a known vulnerability in the last year. If it is known, it is almost certainly patchable; but in the post-Mythos era there are too many patches to handle. The biggest problem is knowing which of those vulnerabilities are exploitable and most urgently need patching.
Two reports offer differing viewpoints. One suggests a failure of tools to provide what security teams really need. The other suggests the tools exist but are not properly managed.
The industrialization of cybercrime threatens to overwhelm cyber defense. It’s a process that started before the arrival of ChatGPT, was supercharged by the age of AI, and is now typified as the post-Mythos era. It’s a time when defenders must improve their performance or cede the battleground to the adversary. Applications are the battlefield. The speed, scale and sophistication of AI-assisted attacks is difficult to contain.
“AI is not just creating more vulnerabilities. It is exposing the fact that companies cannot fix known vulnerabilities fast enough,” explains Daniel Shechter, CEO and co-founder at Miggo Security. “For years, security programs have been measured by how well they find risk before software goes live. Frontier AI like Mythos changes the question. If attackers can move from disclosure to exploit in hours, boards and CISOs need to understand how long the business remains exposed, and what can be done to mitigate quickly and efficiently.”
The Cloud Security Alliance (CSA) State of Modern Application and AI Security report (PDF), commissioned by Miggo and published on June 2, 2026, confirms and explains this new reality. CSA surveyed more than 900 cybersecurity leaders and found that vulnerabilities in this post-Mythos era are evading the pre-production phase while 82% of organizations lack effective runtime visibility.
“The real challenge begins once applications are in production, where security teams must rapidly determine which exposures are truly exploitable, prioritize the risks that matter most, and respond before attackers can take advantage,” suggests Daniel Shechter, CEO and co-founder at Miggo Security.
Most breaches are driven by known vulnerabilities. Eighty percent of the companies surveyed have suffered at least one incident involving a known vulnerability in the last year. If it is known, it is almost certainly patchable; but in the post-Mythos era there are too many patches to handle. The biggest problem is knowing which of those vulnerabilities are exploitable and most urgently need patching.
Advertisement. Scroll to continue reading.
Imitation Protection
Only 9% remediate critical vulnerabilities within 24 hours; with74% take one to seven days. Patch time is important: Organizations taking four or more days had a 97% incident rate. Those taking three or less had a 67% rate. The implication is that patch rates must be increased and exploitable vulnerabilities better understood – and preferably both.
It gets more complicated, and urgent, in runtime, which is described as the breach battlefield. Most organizations only know what happened after reconstructing the event after the horse has bolted. Most (73%) would adopt virtual patching if they had better confidence in minimal false positives; but only 17% configure WAFs for automatic blocking, with 56% citing a lack of application context as the reason.
A separate FireMon Insights report, also published June 2, 2026, suggests that concern over the automated use of firewalls as a security barrier is unsurprising but at least partially due to a lack of human oversight. FireMon discusses firewalls in general, but the same principles will apply to WAFs.
“Technologies like Mythos are shining a bright light on a reality security teams can no longer ignore: any connected system is vulnerable,” says Jody Brazil, CEO at FireMon. “As AI accelerates the speed and scale of attacks, firewalls, segmentation, and policy governance become more important than ever. Our Insights data shows most organizations still lack the operational control needed to consistently manage policy across hybrid environments. That is why network segmentation, microsegmentation, and continuous policy governance are becoming foundational to reducing attack surface and limiting blast radius.”
It concludes that manual policy management is inefficient and allows risk across the attack surface to continue to expand rapidly, primarily due to an environment in which high severity policy failures persist over extended periods of time, and are exacerbated by unused and redundant rules.
FireMon suggests a failure in human management rather than firewall capability. For example, 45% of firewall rules lack an owner or documentation, 17% are redundant or shadowed, and 69% are unused.
“Firewall complexity is no longer just an operational problem. It is a control problem,” adds Brazil. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”
Tomi Engdahl says:
Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk
A simple development setting bypassed protections designed to prevent unauthorized Android apps from accessing Microsoft account tokens, exposing billions of installations.
https://www.securityweek.com/exclusive-how-one-line-of-code-put-billions-of-microsoft-android-app-downloads-at-risk/
Six Microsoft 365 Android apps contain an identical flaw that could risk billions of downloads being compromised.
The findings, shared exclusively with SecurityWeek ahead of the expected public release of the research on Tuesday, were uncovered by Enclave, an AI-powered exploitable bug hunter. It is nothing more than a single debug flag being left in the production code of Word, PowerPoint, Excel, Microsoft 365 Copilot, Microsoft Loop and OneNote for Android. Someone left debug mode enabled in production: – set IsDebugMode(true). This was enabled across all six apps, but was not enabled in other Microsoft (MS) apps such as Teams. These were not affected by any consequent potential exploitation attempt.
The effect of such debug flags varies. Sometimes the purpose is simply to affect logging or to test output. “This one changed the behavior around account access token sharing,” explains Enclave reporting its findings. “With debug mode enabled, the protection that should have blocked untrusted apps from receiving tokens was skipped.”
Tomi Engdahl says:
Supply Chain Security
Supply Chain Attack Hits 32 Red Hat NPM Packages
Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud.
https://www.securityweek.com/supply-chain-attack-hits-32-red-hat-npm-packages/
Tomi Engdahl says:
19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access
Proof-of-concept (PoC) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux systems.
https://www.securityweek.com/19-year-old-linux-kernel-vulnerability-exposes-systems-to-root-access/
A vulnerability that lurked in the Linux kernel for 19 years allows low-privileged users to obtain root-level privileges on numerous distributions.
Dubbed CIFSwitch, the issue impacts the Linux kernel’s CIFS subsystem and the cifs-utils userspace helper it uses for handling authentication. CIFS handles parts of the SMB network filesystem protocol, such as mounting shares, read/write actions, and SMB communication to the server.
When authenticating a mount, the subsystem sends a request_key call for a cifs.spnego key. The request checks the key in userspace and calls cifs.upcall as root to parse the key description, which contains fields such as UID, PID, credential cache, and namespace.
According to SpaceX security engineer Asim Viladi Oglu Manizada, the kernel does not check the origin of the request and the key description, which allows an attacker to call the request_key function directly and can supply their own key description fields, bypassing CIFS origin.
Because cifs.upcall is called as root, the helper switches into the namespaces of the PID supplied in the modified key description, providing the attacker with root access.
Furthermore, during the operation, before privileges are dropped, the helper also performs account lookup, which goes through Name Service Switch (NSS) and enables the loading of NSS modules.
Certain Linux Mint, CentOS, Rocky Linux, Kali Linux, AlmaLinux, and SLES SAP distributions that have cifs-utils installed by default are vulnerable. According to the researcher, some distros are vulnerable only if cifs-utils was manually installed.
Many Ubuntu, Fedora, CentOS, Rocky Linux, AlmaLinux, Oracle Linux, openSUSE, and SLES distros block the execution path by default, while Amazon Linux 2 KVM and Kali Linux 2019.4/2020.4 are not affected.
Major Linux distributions rolled out fixes for the security defect earlier this month.
Tomi Engdahl says:
Artificial Intelligence
Anthropic Expanding Mythos Access to 150 New Organizations
Only approximately 50 companies have had access to Mythos until now and they have found thousands of vulnerabilities in their products
https://www.securityweek.com/anthropic-expanding-mythos-access-to-150-new-organizations/
Tomi Engdahl says:
Artificial Intelligence
Raising the Cybersecurity Stakes: Ante up for the Agentic Era
CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale.
https://www.securityweek.com/raising-the-cybersecurity-stakes-ante-up-for-the-agentic-era/
Organizations are making a big bet on AI, but if their plans don’t include a cybersecurity strategy, then they are gambling with their future.
Over the past few years, GenAI platforms have matured from pattern-matching large language models (LLMs) to tool-calling agents. Many enterprises now report that the majority of their code is written by AI. However, threat actors have also upped the ante – agentic attacks shape offense faster than human defenses can respond.
In the last decade, the fundamental questions of cybersecurity have evolved. When CISOs asked, “What do I have?”, the industry provided context on assets. When they asked, “What is important?”, the industry provided prioritization. When they asked, “How do I fix it?”, the industry provided remediation.
Now, virtually every cybersecurity solution has implemented conversational AI that can make recommendations, but manual remediation cannot keep pace with AI-powered cyberattacks.
The agentic era is forcing manual remediation processes to evolve rapidly. CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale.
AI has changed the game in both the scope of the attack surface and the scale of agentic attacks. This attack surface (and the control plane) spans assets, identity, and decision context. Enterprise AI agents and AI-generated code are both sources of risk.
In February 2026, OpenClaw, an agentic assistant, became so popular that its creator was recruited to join OpenAI. Although early adopters of OpenClaw may pose a shadow AI risk in enterprise environments, they also serve as a proof of concept for the agentic enterprise.
But the agentic enterprise is a security nightmare. Connecting AI to everything creates a flat network that runs counter to the principles of network segmentation and isolation that the security industry has advocated for decades.
One risk is that AI agents have the ability to execute tasks and make decisions autonomously, but they lack the discernment to avoid harming themselves or their enterprise.
Many parents have scolded their children by asking, “If everyone jumped off a bridge, would you?” There are numerous examples of AI-induced outages and data leaks that demonstrate AI would jump off a bridge. Therefore, organizations must implement guardrails.
Another risk is that threat actors are targeting AI. Model poisoning can manipulate training data to corrupt the foundational logic of AI models. Evasion of logic attacks bypasses defensive decision-making algorithms. Autonomous systems create blind spots that humans might miss. AI-powered cyberattacks continuously learn from their failed attempts to improve future attacks.
It has been estimated that within the next few years, the ratio of humans to agents will increase to 1:100 (or more). That means the typical large enterprise with 10,000 employees will be contending with a million or more agents – the size of a major metropolitan city.
Organizations should think of managing the agentic enterprise like a major metropolitan city, implementing infrastructure, establishing proactive policies, and governing it with controls.
The Agentic Detection Gap
As bad actors reshape the threat landscape with agentic cyberattacks, the defensive paradigm has yet to adapt. In Armis’ 2026 State of Cyberwarfare Report (PDF), 43% of respondents reported that their organization still detects and responds to significant cyberattacks as they happen or after they have already occurred.
The cybersecurity industry optimizes for detection, but threat actors optimize for avoidance, which means security teams have to focus on finding threats after ingress. Alerts don’t change outcomes – knowing about a breach doesn’t prevent it.
The speed of adaptation on both offense and defense determines whether a cyberattack will succeed, but currently, the odds favor attackers. It used to take threat actors a week to create exploits when vulnerabilities were disclosed (and even then, patch management struggled to keep pace). Threat actors can now create exploits in minutes by weaponizing agentic coding platforms.
The irony is that many of the cybersecurity solutions that were developed to address the challenges of legacy technology have now become legacy cybersecurity solutions as well. Cybercriminals have outscaled static rules, periodic assessments, alert generation, and human-in-the-loop processes.
Organizations have been reluctant to adopt machine automation, but they can no longer afford to delay. At a minimum, cybersecurity requires dynamic threat hunting, continuous monitoring, and proactive exposure management. These are the table stakes today, but what about tomorrow?
The New Paradigm: From Human vs Human to AI vs. AI
It should be readily apparent that AI is driving the new paradigm of offense and defense. Speed, scale, and autonomy are redefining the competitive advantage between threat actors and defenders.
Pragmatically, cybersecurity teams must adapt to this paradigm in a few ways. First, they must move from reactive detection to preemptive protection. Organizations can stop attacks before they happen by operationalizing alert generation into prioritized exposure management.
Cybersecurity must also follow the AI paradigm shift from disconnected tools and ad hoc manual processes to unified, comprehensive platforms and autonomous action. Here are three principles that can help catalyze that shift.
When it comes to making big bets, they say the house always wins. Defenders actually do have an advantage over attackers: they know what matters most to their business. Agentic cyberattacks create an asymmetrical advantage in attack speed, but defenders can even the odds by adopting agentic cybersecurity.
Tomi Engdahl says:
Artificial Intelligence
Meta AI Hands Over High-Profile Instagram Accounts to Hackers
Exploiting a confused deputy weakness, the hackers simply asked the chatbot to link the account to a new email address.
https://www.securityweek.com/meta-ai-hands-over-high-profile-instagram-accounts-to-hackers/
Threat actors compromised multiple high-profile Instagram accounts last week by simply asking Meta’s AI-powered account recovery assistant to hand them over.
The attackers exploited a logic flaw in the AI assistant, a classic ‘confused deputy’ issue, to have their own email addresses linked to the targeted accounts and take them over.
Confused deputy weaknesses have been known to security researchers for decades and involve tricking a deputy that has elevated privileges into performing specific actions on the attacker’s behalf.
In this case, the Meta AI assistant had API access to account management systems, being deployed to help users re-link email addresses, reset passwords, and verify they are the owners of specific accounts.
Due to the logic flaw, hackers were able to simply ask the chatbot to link a targeted account to a new email address, under the pretense that they had been hacked or that they had lost access to the previously linked email address.
To bypass Meta’s fraud detection protections, they used VPNs to appear as if they were in the target’s geographic location.
Tomi Engdahl says:
https://www.securityweek.com/supply-chain-attack-hits-32-red-hat-npm-packages/
Tomi Engdahl says:
https://www.securityweek.com/dutch-police-dismantle-massive-17-million-device-botnet/
Tomi Engdahl says:
Security agencies from the “Five Eyes” alliance which includes the United States and Britain issued a warning about Chinese spies aggressively using online job platforms to recruit people with access to sensitive information. https://cnn.it/4fWMjiT
#2600net #irc #secnews #huntinghackers
Tomi Engdahl says:
https://www.the-independent.com/news/world/americas/crime/ai-scams-americans-lost-millions-b2984788.html?fbclid=IwdGRjcASRh5RjbGNrBJGHamV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHiGpuX6zqbVWtpfjjOu0iTGMCXhT217gQg38zMqFAAoOBKDPW870s0qf-fpj_aem_DPHi5RwkPGEoE2aQArYikw
Tomi Engdahl says:
https://www.facebook.com/share/p/1BGQN1dFuR/
”Ihmisvetoinen tietoturva on kuollut”, toteaa DNA:n yritysliiketoiminnan kyberturvallisuuden ja digitaalisten alustojen johtaja Kaapro Kanto.
Hyökkäysten vauhti on kasvanut siihen pisteeseen, ettei perinteisellä mallilla enää pärjää. Kun hyökkäyksiä tehdään tekoälyavusteisesti, puolustuksen on seurattava perässä. DNA:n vastaus tilanteeseen on tekoälyvetoinen tietoturvakeskus DNA SOC.
Lue lisää Kaapron ajatuksia artikkelista!
https://www.dna.fi/yrityksille/blogi/-/blogs/vain-22-sekuntia-aikaa-kun-hyokkaykset-nopeutuvat-puolustuksen-on-muututtava?utm_source=facebook&utm_medium=social&utm_content=KAN-artikkeli-vain-22-sekuntia-aikaa-kun-hyokkaykset-nopeutuvat-puolustuksen-on-muututtava&utm_campaign=P_KAN_26-23-27_artikkelikampanja&fbclid=IwdGRjcASTmp5leHRuA2FlbQEwAGFkaWQBqzQn4HeOHHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHg9uOYeO8XxvgPGZuIntygsdIeNsMKjBZXpQHDU3LMV0ahrQCtZZ785oyMp6_aem_BLNm5N2EI-hVd5rxv3CnDA&utm_id=120247159887960556&utm_term=120247159887950556
Tomi Engdahl says:
“Despite the billions of reasons not to, Meta seems to have created the capacity to turn their customers into a distributed surveillance machine.” https://trib.al/yh5hnRj
Tomi Engdahl says:
Credential-stealing malware in dozens of Microsoft open-source software packages was discovered. Learn more: https://cnews.link/hackers-hijack-microsoft-developer-login/
https://cybernews.com/security/hackers-hijack-microsoft-developer-login/?utm_source=cn_facebook&utm_medium=social&utm_campaign=cybernews&utm_content=post&source=cn_facebook&medium=social&campaign=cybernews&content=post&fbclid=IwVERDUASVxCdleHRuA2FlbQIxMABzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR42CtTOvcnDPGiEMkICbkQtWvV3KRqjO_wp3boDqtfzhTQB8Nxsz7SPMtj7MA_aem_rltsSSfhBJvsAfxdoLfdaA
Security researchers have discovered credential-stealing malware in dozens of Microsoft open-source software packages.
On June 5th, GitHub disabled 73 Microsoft repositories across 4 of its GitHub organizations: Azure, Azure-Samples, Microsoft, and MicrosoftDocs. They all went down in a 105-second automated sweep.
According to security researchers, these were cryptographically verified packages, making them appear legitimate and trustworthy. Instead, they were infected with malicious code designed to collect passwords, authentication tokens, API keys, and other login credentials stored on developers’ computers as soon as they opened certain AI-assisted coding tools.
In response, GitHub said that it had disabled the packages “due to a violation of GitHub’s terms of service.” It wasn’t until Monday that Microsoft stated that packages were infected with credential-stealing malware.
The malware used in the attack was dubbed “Miasma” and is described as a self-replicating worm designed to harvest login credentials from developer environments. Once collected, these credentials could potentially be used to compromise source code repositories and cloud infrastructure.
The discovery comes weeks after another security incident involving Microsoft-related software packages. In May, the Python Package Index (PyPI), a repository of software for the Python programming language, temporarily halted the admission of new users and projects after an influx of malware on the platform.
The malware campaign was connected to a threat group called TeamPCP. The gang, also known as PCPcat, DeadCatx3, ShellForce, and CipherForce, emerged in late 2025 and is known for targeting software tools and services that developers and organizations trust to steal login credentials. Stolen credentials can be used for data theft, extortion, ransomware deployment, cryptocurrency mining, or sold to other criminals.
Tomi Engdahl says:
Microsoft was hacked for the second time in a short period. They had to lock down ~70 GitHub repositories that were serving up malware to AI users.
Source: https://s.ufdmedia.com/wwq0qs
Tomi Engdahl says:
Raphael Satter / Reuters:
CISA shortens the deadline for US agencies to fix the most critical vulnerabilities in their networks to three days, citing hackers’ use of AI — The U.S. cyber defense agency said on Wednesday that government officials now have three days to deal with the most serious categories …
https://www.reuters.com/legal/litigation/us-shortens-cyber-fix-window-three-days-ai-threats-rise-2026-06-10/
Tomi Engdahl says:
A.J. Vicens / Reuters:
The FBI seizes 13 domains allegedly tied to fake consulting firms that sought information from US government and military employees for suspected Chinese agents — Federal authorities announced on Wednesday the seizure of 13 internet domains tied to what the U.S. Justice Department called …
https://www.reuters.com/legal/litigation/us-seizes-13-website-domains-tied-alleged-chinese-intelligence-collection-2026-06-10/
Tomi Engdahl says:
The Keyword:
Google introduces DiffusionGemma, an experimental 26B-parameter open model that uses text diffusion for faster text generation compared to autoregressive models — Our newest open experimental model delivers up to 4x faster inference on dedicated GPUs and opens the door to exploring speed-critical, interactive local workflows.
DiffusionGemma: 4x faster text generation
https://blog.google/innovation-and-ai/technology/developers-tools/diffusion-gemma-faster-text-generation/
Our newest open experimental model delivers up to 4x faster inference on dedicated GPUs and opens the door to exploring speed-critical, interactive local workflows.
Tomi Engdahl says:
Maria Cheng / Reuters:
Canada introduces the Safe Social Media Act, a bill that would ban social media for children under 16 and establish safety standards for AI chatbots — The Canadian government introduced a new digital safety bill on Wednesday that would ban social media for children under 16 with exemptions …
https://www.reuters.com/legal/litigation/canada-introduces-legislation-ban-social-media-children-under-16-2026-06-10/
Tomi Engdahl says:
Sam Sabin / Axios:
OpenAI says it has banned China-linked accounts that used ChatGPT to draft social media influence campaigns targeting US debates over tariffs and data centers — OpenAI has banned China-linked accounts that used ChatGPT to draft social media influence campaigns targeting U.S. debates …
China-linked operatives used ChatGPT to influence data centers debate: OpenAI
https://www.axios.com/2026/06/10/openai-china-ai-data-center-tariffs-chatgpt
Tomi Engdahl says:
Financial Times:NEW
FSB-orchestrated internet outages in Russia, intermittent but indiscriminate, have made one of the world’s most online nations resort to cash and paper maps — Shutdowns have made one of the world’s most online nations resort to cash, paper maps and pet cams.
https://www.ft.com/content/da121259-3823-4109-bf7f-f7ff21d3118f?sharetype=blocked
Tomi Engdahl says:
Kansainvälisen hakkeriryhmän jäsen jäi nalkkiin Suomessa – Näin KRP kommentoi
19-vuotiaan miehen epäillään murtautuneen yritysten tietojärjestelmiin sekä vaatineen varastetuista tiedoista miljoonien dollarien lunnaita.
https://www.iltalehti.fi/kotimaa/a/993f212b-ee08-4466-81bf-240b7d30fb12
Tomi Engdahl says:
https://etn.fi/index.php/13-news/19046-kiristyshaittaohjelmat-rajussa-kasvussa
Tomi Engdahl says:
Infostealers Turn Millions of Devices Into Credential Theft Machines
As attackers increasingly favor stolen credentials over exploits, infostealers have become a primary source of access for ransomware and other cybercrime operations.
https://www.securityweek.com/infostealers-turn-millions-of-devices-into-credential-theft-machines/
Tomi Engdahl says:
Vulnerabilities
OpenSSL Patches High-Severity Vulnerability Found With AI
A total of 18 vulnerabilities have been patched in the latest OpenSSL releases, including many that were potentially discovered by AI
https://www.securityweek.com/openssl-patches-high-severity-vulnerability-found-with-ai/
The latest OpenSSL releases patch 18 vulnerabilities, including a high-severity issue that could allow remote code execution.
The high-severity vulnerability, tracked as CVE-2026-45447, is a heap user-after-free bug in a function used for PKCS#7 (Public-Key Cryptography Standard #7) verification.
Discovered by a Calif researcher in collaboration with Claude AI and Anthropic Research, the bug can be triggered using a specially crafted PKCS#7 or S/MIME signed message during PKCS#7 signature verification.
“When processing a PKCS#7 or S/MIME signed message, if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in a use-after-free condition,” OpenSSL developers explained.
Exploitation of the vulnerability can result in heap corruption, process crashes, and possibly in remote code execution.
The moderate-severity flaws patched in OpenSSL can be exploited to decrypt encrypted communications, forge arbitrary ciphertexts, launch DoS attacks, bypass integrity validation, and execute arbitrary code.
High-severity vulnerabilities in OpenSSL are rare these days.
Tomi Engdahl says:
https://www.securityweek.com/microsoft-patches-200-vulnerabilities/
Tomi Engdahl says:
https://www.securityweek.com/meta-says-20000-instagram-accounts-hacked-via-ai-tool-abuse/
Tomi Engdahl says:
Artificial Intelligence
Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation
Public LLM models with safeguards turned off can also build working exploits, increasing patch gap risks.
https://www.securityweek.com/claude-mythos-turns-n-days-into-n-hours-with-rapid-exploit-creation/
Anthropic says its Claude Mythos Preview model can build working exploits targeting known vulnerabilities within hours, or even minutes.
Announced in early April and promoted as the most capable AI frontier model, Mythos right from the start raised fears regarding its ability to supercharge attacks.
In April and May, Anthropic touted its ability to find vulnerabilities, including 271 Firefox flaws and thousands of severe security defects across over 1,000 open source software (OSS) projects.
Now, the company says its most advanced model can also weaponize these discoveries, demonstrating that the surge in AI use in cyberattacks increases the threats faced by organizations in the patch gap.
Put to the test, Claude Mythos Preview delivered 16 working exploits targeting Firefox and Windows within hours.
Anthropic’s public models were also tested, with safeguards off. While they did not rise to Mythos’s level, they too delivered working exploits, proving that LLMs significantly increase the threat posed by N-days that have not been exploited in attacks before.
Tomi Engdahl says:
Application Security
After AI Reaches Production: 12 Ways Security Teams Can Take Control
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
https://www.securityweek.com/after-ai-reaches-production-12-ways-security-teams-can-take-control/
Tomi Engdahl says:
Artificial Intelligence
Everybody Is Vibe Coding But Nobody Told the Security Team
AI-driven development is not something organizations can or should block. But it must be governed.
https://www.securityweek.com/everybody-is-vibe-coding-but-nobody-told-the-security-team/
In February 2025, Andrej Karpathy coined the term “vibe coding” to describe a new way of building software: rapid, AI-assisted development where users ‘fully give in to the vibes, embrace exponentials, and forget that the code even exists’.”
Fast forward to 2026, and Anthropic CEO now predicts that 90% of code will be written by AI in 3-6 months. According to one survey, 84% of developers globally are using or planning to use AI coding tools in their workflow, up from 76% in 2024. Of those, 51% of professional developers use AI tools daily.
The marketing manager, the operations lead, the finance team — all of them are building working applications, connecting them to production systems, and deploying them. Mostly without involving IT, and often never involving security.
Security Challenges With Vibe Coding Apps
Recent research from Veracode shows 45% of AI-generated code contains OWASP Top 10 vulnerabilities. AI models have improved dramatically at generating code that compiles and runs – but the security of that code is not always sound. The reason is straightforward: AI optimizes for functionality, not security.
Researchers at RedAccess recently analyzed thousands of vibe-coded applications built on Lovable, Replit, Base44, and Netlify. They found more than 5,000 with virtually no security or authentication. Around 40% exposed sensitive data — medical information, financial records, corporate strategy documents, detailed customer conversation logs.
Among verified exposures: a shipping company app detailing vessel port arrivals; an internal health company application listing active UK clinical trials. Many of these applications are indexed by Google. As relayed in the report– no exploitation was required; this was research on exposed applications with public URLs.
This lack of security control extends to the AI agents themselves, whether assisting a professional developer or a non-developer. A software company, PocketOS, reported that its Cursor AI coding agent deleted its entire production database and “all volume-level backups” in nine seconds. Replit’s AI agent deleted 1,206 executive records and 1,196 company records while under explicit code-freeze instructions — then admitted: “Yes. I deleted the codebase without permission during an active code and action freeze. This was a catastrophic error in judgment.” It then told the user a rollback would not work. That turned out to be false.
A New Shadow AI Problem
For two years, the security industry has discussed shadow AI as a behavior problem — employees pasting sensitive data into ChatGPT on personal accounts. That problem is bounded: the exposure lives in the inference layer, and there are tools that are focused on detecting it.
Vibe coding brings a different shadow AI problem. The employee is not sending data somewhere. They are building something — a live application connected to your CRM, your database, your ticketing system — and deploying it publicly. Your security stack – with insights distributed across multiple data silos – was never designed to find it.
Organizations running mature secure web gateways, CASB, or DNS logging can detect employee access to vibe-coding platforms. But detecting access is not the same as inventorying what was deployed, what data it holds, or whether it requires authentication. For example – while a CASB can detect that an employee accessed Replit, it cannot inventory what was deployed, what data it holds, or if it requires a login. These apps live in the “visibility gap” between network security and AppSec, often because they are deployed directly to third-party platforms and bypass the organization’s traditional CI/CD pipelines or cloud environments that AppSec tools are designed to monitor.
What Should Security Leaders Do?
Similar to the initial reaction with shadow IT, the instinct is to prohibit vibe coding tools. That instinct is wrong. AI-driven development is not something organizations can or should block. But it must be governed. The question is what governance actually means in practice when the tools move faster than any policy framework.
Tomi Engdahl says:
Artificial Intelligence
Raising the Cybersecurity Stakes: Ante up for the Agentic Era
CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale.
https://www.securityweek.com/raising-the-cybersecurity-stakes-ante-up-for-the-agentic-era/
Organizations are making a big bet on AI, but if their plans don’t include a cybersecurity strategy, then they are gambling with their future.
Over the past few years, GenAI platforms have matured from pattern-matching large language models (LLMs) to tool-calling agents. Many enterprises now report that the majority of their code is written by AI. However, threat actors have also upped the ante – agentic attacks shape offense faster than human defenses can respond.
In the last decade, the fundamental questions of cybersecurity have evolved. When CISOs asked, “What do I have?”, the industry provided context on assets. When they asked, “What is important?”, the industry provided prioritization. When they asked, “How do I fix it?”, the industry provided remediation.
Now, virtually every cybersecurity solution has implemented conversational AI that can make recommendations, but manual remediation cannot keep pace with AI-powered cyberattacks.
The agentic era is forcing manual remediation processes to evolve rapidly. CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale.
AI Is the New Perimeter
AI has changed the game in both the scope of the attack surface and the scale of agentic attacks. This attack surface (and the control plane) spans assets, identity, and decision context. Enterprise AI agents and AI-generated code are both sources of risk.
In February 2026, OpenClaw, an agentic assistant, became so popular that its creator was recruited to join OpenAI. Although early adopters of OpenClaw may pose a shadow AI risk in enterprise environments, they also serve as a proof of concept for the agentic enterprise.
But the agentic enterprise is a security nightmare. Connecting AI to everything creates a flat network that runs counter to the principles of network segmentation and isolation that the security industry has advocated for decades.
One risk is that AI agents have the ability to execute tasks and make decisions autonomously, but they lack the discernment to avoid harming themselves or their enterprise.
Many parents have scolded their children by asking, “If everyone jumped off a bridge, would you?” There are numerous examples of AI-induced outages and data leaks that demonstrate AI would jump off a bridge. Therefore, organizations must implement guardrails.
Another risk is that threat actors are targeting AI. Model poisoning can manipulate training data to corrupt the foundational logic of AI models. Evasion of logic attacks bypasses defensive decision-making algorithms. Autonomous systems create blind spots that humans might miss. AI-powered cyberattacks continuously learn from their failed attempts to improve future attacks.
It has been estimated that within the next few years, the ratio of humans to agents will increase to 1:100 (or more). That means the typical large enterprise with 10,000 employees will be contending with a million or more agents – the size of a major metropolitan city.
Organizations should think of managing the agentic enterprise like a major metropolitan city, implementing infrastructure, establishing proactive policies, and governing it with controls.
The Agentic Detection Gap
As bad actors reshape the threat landscape with agentic cyberattacks, the defensive paradigm has yet to adapt. In Armis’ 2026 State of Cyberwarfare Report (PDF), 43% of respondents reported that their organization still detects and responds to significant cyberattacks as they happen or after they have already occurred.
Tomi Engdahl says:
https://www.uniladtech.com/news/ai/anthropic-releases-claude-mythos-public-risks-056101-20260610?utm_content=tech&utm_medium=Social&utm_source=facebook#Echobox=1781105123
Tomi Engdahl says:
Having A Cry
Palantir, World’s Weepiest Eye of Sauron, Sues Mayor of London After Losing a Contract
“The Met only fully engaged with one potential supplier: Palantir.”
https://futurism.com/future-society/palantir-eye-sauron-sues-mayor-london?fbclid=IwdGRjcASXzC5jbGNrBJfL-WV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHkkj6et26e2KOYpnIyEW1CzTdg-A8CC4AQU1YR1gi4QroQd8JzcYaKr9kz8R_aem_86pjoBR94YB5IB1JqsU-5A
Palantir, the multi-billion dollar AI surveillance company, has been dealt a major blow after London mayor Sadiq Khan blocked a contract with the city’s Metropolitan police force.
Named after the seeing stone used by the villain Sauron, the physical embodiment of a cosmic evil in JRR Tolkien’s “Lord of the Rings” books, Palantir the company is not backing down. According to the Guardian, the surveillance-tech giant has now signaled its intent to sue Khan over his decision to block the contract.
Tomi Engdahl says:
Lorenzo Franceschi-Bicchierai / TechCrunch:
Oracle warns customers of a critical PeopleSoft flaw after ShinyHunters claimed breaches of 100+ organizations using PeopleSoft; Oracle has not issued a patch
Oracle warns of security bug that hackers abused to breach 100+ companies
https://techcrunch.com/2026/06/11/oracle-warns-of-security-bug-that-hackers-abused-to-breach-100-companies/
Oracle warned its corporate customers that there is a critical-rated vulnerability in its PeopleSoft software, which is used by large companies to manage payroll and human resources, a day after a cybercrime group took credit for abusing the flaw as part of a mass-hacking campaign.
The company published the security advisory on Thursday after the hacking group ShinyHunters claimed to have breached more than 100 organizations that use PeopleSoft servers.
Tomi Engdahl says:
Alert Fatigue Is Becoming a Security Threat of Its Own
https://www.securityweek.com/alert-fatigue-is-becoming-a-security-threat-of-its-own/
As alert volumes outpace human capacity, organizations are turning to AI, automation, and deeper context to separate real threats from the noise.
Alert fatigue and its related effects on SOC efficiency are self-evident problems. Less obvious and more complex are the cause, effect and possible solutions to these problems.
SOC analysts are inundated with a huge and continuous volume of alerts generated by security tools. Each alert is often meaningless absent correlation with other alerts. But finding relationships is time-consuming, and even if found, might be irrelevant to business security. Much of the alert volume is simply noise, but attempting correlation to find true positive alerts (signals) from the huge number of false positives (noise) is difficult, boring, and often pointless.
The reasons are numerous:
Absence of automated prioritization. Security tools are great at detecting alert signals but poor at prioritizing them. Alerts sometimes arrive with a score. “A tool might say, ‘I found a threat. The score is 32 out of 100’,” comments Obbe Knoop, founder and CEO at Lanxit. “What does that mean? What does a score of 100 out of 100 actually mean? Why give it a score of 32? Without context it is meaningless.”
Absence of alert context. Alerts suffer from a paucity if not complete lack of context. An alert might suggest the presence of a vulnerability and appear to be urgent; but full context might indicate that this device in that location has no outgoing connectivity and zero relevance to business continuity. It can be noted and queued behind more genuinely urgent alerts. It all depends on having accurate and full context to understand relevance.
Jeff Reed, CTO at SentinelOne, summarizes: “Alert fatigue isn’t necessarily the volume of alerts, but rather the relevance of the alerts.”
Criminal use of AI is increasing the pace, sophistication, and stealth of attacks. “Attackers are increasingly using AI to scale their operations – analyzing stolen data faster, generating more convincing phishing campaigns and automating parts of the intrusion process,” adds Reed. The result is continuous growth in the volume of alerts.
Defensive use of AI simultaneously increases the attack surface that bad actors can target. “AI systems themselves are also becoming part of the attack surface, introducing new risks around model manipulation, data exposure and misuse – and yet more alerts,” explains Reed.
“In short,” he adds, “human analysts simply cannot triage and investigate every signal at the pace modern environments produce them.”
Effects
Burnout is not an illness. It is not something that can be cured; it can only be prevented or alleviated. One solution is indeed to change jobs – but then the company loses a highly specialized skill. It is easier to prevent burnout than to alleviate it. This would involve the simultaneous benefit of reducing or preventing alert fatigue.
Alert fatigue isn’t caused by occasional long hours and stress – it is caused by continuous long hours and continuous stress with no escape. If it isn’t prevented, the effect on the analyst could begin with a few missed false negatives and grow into a full business compromise.
For the analyst, it could start with subconscious, but overly aggressive filtering merely designed to keep up with the volume of fresh alerts. Within this filtering, too many alerts may be assumed to be false positives. Many will be but some may not, and true positive signals may be filtered out as noise.
Solutions
There are two obvious approaches to prevent alert fatigue: reduce the number of alerts by formal filtering to improve the signal to noise ratio, or improve the speed and efficiency of triaging through AI-assisted automation. The problem with the former is the potential to throw out true positives with the noise bathwater; while the problem with the latter is that AI is not yet foolproof.
Ariel Parnes, former colonel at IDF 8200 Cyber Unit, and current co-founder and COO at Mitiga, believes the solution to alert fatigue is to increase rather than decrease the alerts, but to more clearly surface and correlate associated alerts for the analysts.
The goal is to reconstruct every action, log, and signal into a unified attack sequence, so analysts aren’t triaging individual events but reading a complete, decoded story of attacker behavior.
“AI-native automation,” he suggests, “can turn alert floods into clear priorities: automating triage and accelerating investigations so the SOC leads every response rather than chasing it.”
“Organizations are moving toward more operationalized models that combine automation, correlation, and continuous monitoring to reduce noise, improve prioritization, and give analysts the space to work both sides of that equation.”
Reed agrees. “Repetitive tasks such as log analysis, enrichment and early-stage investigation can be handled automatically, allowing analysts to focus on understanding attacker behavior and making strategic decisions. When machines handle the heavy data processing,” he adds, “security teams gain the clarity and time they need to respond effectively.”
His solution is to use artificial intelligence to provide automation. “AI is becoming essential for analyzing large volumes of telemetry, correlating signals across multiple environments and identifying the small number of events that actually represent real risk. Rather than presenting analysts with thousands of disconnected alerts, AI can group related activity, add context and prioritize incidents based on likely impact.”
Michael Brown, Field CISO at Presidio, adds, “Analysts should not be working on any raw alerts, only correlated incidents. This enables much faster investigations and remediations while reducing staff burnout and attrition.”
The question is, ‘How should this be done?’ Not all AI systems are created equal. AI only knows what it knows. It doesn’t know what it hasn’t learned – but it may still fabricate a wrong response.
Merlin Gillespie, CTO of Cybanetix, offers one approach. He suggests that using known IoCs as the primary indication of compromise is no longer sufficient. “Over the past few years, attacks have become more subtle. Threat actors now obtain access via stolen credentials and maintain persistence using ‘living off the land’ techniques, which makes detection far more difficult.”
So, agreeing with Parnes, he suggests, “This means we need to collect more alerts, not less, to catch and connect those small signs. Capturing more alerts and adopting a paranoid posture means those attacks can be spotted earlier, but it does of course increase the likelihood of alert fatigue and analyst burnout. It’s for this reason we need to let technology do the heavy lifting.”
The technology he recommends is a combination of machine learning (ML) and large language models (LLMs). “Together, they can be used to carry out 90% of alert triage and investigation. ML can analyze vast sets of data and identify patterns, anomalies and potential breaches. Over time, ML can even make inferences to anticipate attacks and improve detection,” he says.
“LLMs, on the other hand, can explain alerts, investigation findings, and provide case summaries, speeding up investigations and producing intelligible outputs.”
But he also warns there are still problems with AI. “The subjective nature means it is also prone to variance. During a recent experiment, we found an agent not only misinterpreted the threat but produced a fictitious killchain. This illustrates,” he says, “that AI doesn’t yet have the maturity needed.”
The key seems to be context. Everybody accepts that alert context is necessary for accurate correlation and prioritization, but there is little definition over what constitutes and what provides the necessary context.
Valenzuela links it to divergence from normal. “Effective noise reduction requires… understanding which assets are truly at risk and establishing what normal and abnormal look like in their specific environment,” he explains.
“Simply adding more tools without that context tends to increase complexity and volume rather than improve outcomes, creating what many describe as an ‘all noise, no signal’ problem.”
The priority, he adds, “Is to improve signal quality by enriching alerts with context and continuously adapting detection logic to reflect a changing environment, rather than relying on static rules.”
Rob Demain, CEO of e2e-assure, suggests that context can be understood by the analyst after AI has removed the humdrum layer of analysis. “AI removes the repetitive layer of work that consumes so much of an analyst’s day. The result is faster, more consistent first-response times, and a team whose energy is directed where it matters most: understanding context, refining threat intelligence, and making nuanced judgement calls that no automated system can replicate.”
Gillespie believes that context can be surfaced by the LLM part of a dual ML and gen-AI solution. Reed agrees. “AI can group related activity, add context and prioritize incidents based on likely impact.”
Toby Lewis, global head of threat analysis at Darktrace, also concurs. He accepts that extracting context from the noise is humanly difficult. “Building a tech stack that can combine these feeds without a huge amount of human legwork seems like a near impossible task but it’s one that AI makes vastly more plausible. Its ability to combine, correlate and analyze data in real-time creates that single picture.”
Brown provides a more complete description. “Mature SOCs auto-enrich their raw alert data so that analysts start their investigations with the context already assembled. This enrichment might include asset inventory data, asset criticality level, identity privileges, device ownership and physical location, historical behavior analytics, network traffic context, and much more.”
He explains, “Correlation and contextualization is what allows analysts to look at attack chains and not just alerts. Signals from different sources (endpoints, cloud logs, IAM system, network device telemetry, etc.) are linked to create an incident narrative and help analysts understand the bigger picture much faster.”
Full context can help locate the true positive alert within the noise. It can highlight what must be actioned immediately, and what may be queued for later action.
Knoop explains the importance of this context. “You could get an alert indicating a vulnerability on a machine. The vulnerability is scored at 100 out of 100 and is very urgent, so it needs immediate attention. The analyst panics.”
But, adds Knoop, “If you look at the full context, you might find the machine is in a lab somewhere, and isn’t connected to any business information. So, if something does happen to it, the revenue impact – the operational impact – on the business might be zero. But current tool sets don’t reason across context and everything else that’s happening.”
While artificial intelligence is a powerful new tool, it can also be a dangerous tool. AI only knows what it knows. If it doesn’t know the correct answer, it might hallucinate an inaccurate answer to fill the gap. Users of AI, which in our case are overworked and stressed SOC analysts, may not recognize the hallucination.
“AI is used to sift alerts,” warns Knoop, “and is separately used to automate responses. But it does so without full context, and without full context, wrong decisions leading to wrong actions can be made.”
His opinion is that context is vital to understanding and correctly responding to alerts, but that the current approach to context is generally too limited. To get full insight into whether the alert is important or just noise, context needs to be built through knowing everything about the business
This reasoning layer must understand the business in its entirety. So, for equipment, it uses the company’s CMDB. It doesn’t simply know each device, it knows what information is handled by that device, which other devices are connected to it and the potential blast radius of an incident affecting that device.
This new reasoning layer also understands the company’s business sector; it understands what an attacker might be seeking; it understands through threat intelligence what current threats are targeting that sector. It has the potential to understand everything about the company – for example, which departments might be understaffed, and even potential attack areas that are not visible to the current security system.
“It’s a system that can reason in context between all the signals that are currently available – a new layer in security that sits on top of all the current security solutions. It takes input from those security solutions, the signals, and reasons between them,” explains Knoop.
“So, very simply, an alert is generated by a security tool. The reasoning layer picks up that alert and says, ‘Okay, this is an alert about this machine.’ It pulls the information about that machine from the CMDB, from the customer’s asset database. It compares it with the device information, then compares it with the business context. What industry is the customer in? Is it in the financial industry? Is it a manufacturer of cars? Is it a chemical manufacturer? So, what kind of threats have I seen in the world?”
Armed with all the information about the alert and full device and business context, the reasoning layer reasons across everything and provides a natural language response to the analyst. It doesn’t simply give a score; it suggests what action needs to be taken.
“It might respond, ‘this thing in your environment is a threat,” continues Knoop. “’The device has no access to anything else. Monitor it and patch it in the next cycle.’ Or it might respond, ‘This is a threat. You should act now, because it will have financial impact to your business.’”
Knoop’s reasoning layer for finding the signal in the noise and what action should be taken is a work in progress. It is currently a beta in test at various sites.
Tomi Engdahl says:
Government
CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk
The new BOD 26-04 requires agencies to review and update vulnerability management policies with a focus on KEV catalog entries.
https://www.securityweek.com/cisa-directs-federal-agencies-to-prioritize-security-patches-based-on-risk/
Tomi Engdahl says:
https://www.securityweek.com/splunk-palo-alto-networks-patch-severe-vulnerabilities/
Tomi Engdahl says:
ICS/OT
Siemens Says Desigo CC Files Flagged as Malware by Security Engines
A PowerShell script included in patch files appears to be triggering false positives by multiple security engines.
https://www.securityweek.com/siemens-says-desigo-cc-files-flagged-as-malware-by-security-engines/
Tomi Engdahl says:
https://www.securityweek.com/new-windows-zero-day-exploit-rogueplanet-released/
Tomi Engdahl says:
Caught Off Guard: Securing AI After It Hits Production
As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode.
https://www.securityweek.com/caught-off-guard-securing-ai-after-it-hits-production/
Tomi Engdahl says:
A new exploit unlocks BitLocker-encrypted Windows drives.
No password. No cracking.
It’s called GreatXML. Drop two XML files on the recovery partition, reboot into Windows Recovery, and a shell spawns with full access to the drive.
The bug ties to Windows Defender Offline Scan.
Details here: https://thehackernews.com/2026/06/new-greatxml-exploit-bypasses-windows.html
Tomi Engdahl says:
Attackers hijacked 400+ Arch #Linux AUR packages by taking over abandoned projects and changing their build scripts.
The payload stole developer secrets, targeted tokens and SSH keys, and could hide with an eBPF rootkit if it ran as root.
If you used AUR after June 11, check
https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html
Tomi Engdahl says:
Iran-Linked Handala Breached a California Water Utility. It Could Have Done Worse, and It Knows That.
https://securityaffairs.com/193565/uncategorized/iran-linked-handala-breached-a-california-water-utility-it-could-have-done-worse-and-it-knows-that.html?fbclid=IwdGRjcASbGwVjbGNrBJsaxGV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHsbOiROeMqsBgqLPkuiBLyVUfJeZVVKAIAgLZxQoxkdOLayzXpnWoUUTTNbu_aem_kRG2heWUjIW8Q0k-Jfl2Mg
Pro-Iran group Handala breached Cal Water via an exposed GPS tool, reaching billing data for 2M customers. 5GB leaked.
On June 11, 2026, the Iran-linked threat group Handala posted a claim on its blog that it had compromised California Water Service, known as Cal Water, and published a 5GB proof-of-concept data dump to back it up.
California Water Service is one of the largest investor-owned water utilities in the United States. It is a subsidiary of California Water Service Group and provides drinking water and wastewater services to residential, commercial, and industrial customers. The company serves hundreds of thousands of customer connections across numerous communities in California, as well as smaller operations in other states through affiliated utilities.
The group said the intrusion was retaliation for recent US actions in Iran, and claimed it had the ability to disrupt water access but chose not to. For now.
Cybersecurity firm Dataminr’s analysis of the published dump identified two separate systems that Handala reached. The first is a customer billing database containing names, service addresses, phone numbers, account numbers, and payment histories across multiple Cal Water districts. The second is an internal RTKBase deployment, an open-source GNSS base station platform used by field crews to receive centimeter-accurate GPS corrections when mapping and maintaining water infrastructure.
Cal Water used RTKBase, an open-source GNSS base station application often deployed on lightweight hardware like a Raspberry Pi. Its web-based management interface was accessible via standard HTTP port 10000 across multiple district mountpoints.
For this reasing it is easy to find, easy to access, useful as a stepping stone.
Dataminr researchers recommend rotating all exposed credentials immediately, taking RTKBase instances offline for audit, and reviewing network segmentation between the GPS infrastructure network and the billing environment. Those two systems should never have been able to reach each other.
The OT question is the one that should be keeping water utility security teams awake. No disruption to water treatment processes, SCADA systems, or chemical dosing has been confirmed in this incident.