Cyber security news June 2026

This posting is here to collect cyber security news in June 2026.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

147 Comments

  1. Tomi Engdahl says:

    https://cybersecuritynews.com/linux-kernel-improper-authentication-vulnerability/

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel vulnerability, tracked as CVE-2022-0492, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. Linux& Unix

    The issue, categorized as improper authentication, affects Linux systems using the cgroups v1 release_agent feature and may allow attackers to achieve privilege escalation.

    CVE-2022-0492 stems from insufficient validation and authentication controls within the Linux kernel’s control groups (cgroups) mechanism.

    Reply
  2. Tomi Engdahl says:

    Vain 22 sekuntia aikaa: kun hyökkäykset nopeutuvat, puolustuksen on muututtava
    Tekoäly on muuttanut tietoturvaa nopeammin ja perusteellisemmin kuin moni vielä ymmärtää. Google Cloud Next -tapahtumassa kävi selväksi, ettei perinteinen, ihmisvetoinen malli pysy enää hyökkäysten vauhdissa. DNA:n Kaapro Kanto kertoo, miten puolustuksen on muututtava nyt – ja mitä yritysten pitäisi tehdä seuraavaksi.
    https://www.dna.fi/yrityksille/blogi/-/blogs/vain-22-sekuntia-aikaa-kun-hyokkaykset-nopeutuvat-puolustuksen-on-muututtava

    Reply
  3. Tomi Engdahl says:

    Supply Chain Security
    NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

    By default, npm install will no longer execute scripts from dependencies, unless explicitly allowed.

    https://www.securityweek.com/npm-12-will-change-script-execution-behavior-to-prevent-supply-chain-attacks/

    Reply
  4. Tomi Engdahl says:

    Artificial Intelligence
    Industry Reactions to Claude Fable 5: Feedback Friday

    Industry professionals comment on various aspects of Fable 5, including dual-use capabilities, safeguards, and tiered access.
    https://www.securityweek.com/industry-reactions-to-claude-fable-5-feedback-friday/

    Reply
  5. Tomi Engdahl says:

    ICS/OT
    Iranian Cyber Group Handala Claims Cal Water Hack

    The hackers published 5GB of data, including customer personal information and credentials for the RTKBase platform.

    https://www.securityweek.com/iranian-cyber-group-handala-claims-cal-water-hack/

    Reply
  6. Tomi Engdahl says:

    The Guardian:
    Sources: UK plans to announce an “Australia plus” under-16 social media ban, including restrictions on chats with strangers on gaming apps and under-18 curfews

    Starmer to announce ‘Australia plus’ ban on social media for under-16s

    Sources say hardline measures will also prevent young users from being able to talk to strangers on gaming apps

    https://www.theguardian.com/uk-news/2026/jun/14/starmer-to-announce-australia-plus-ban-on-social-media-for-under-16s

    Reply
  7. Tomi Engdahl says:

    Andrew Osborn / Reuters:
    Since Russia ratcheted up control over the internet this year, some Russians are turning to solutions like using multiple phones and VPNs to evade restrictions

    https://www.reuters.com/world/europe/two-phones-an-app-how-russians-skirt-putins-digital-iron-curtain-2026-06-13/

    Reply
  8. Tomi Engdahl says:

    https://www.idrive.com/idrive/signup/c2c_landing

    Safeguard Your Cloud Applications data

    Microsoft Office 365
    Google Workspace
    Salesforce
    Backup for Dropbox
    Box

    Reply
  9. Tomi Engdahl says:

    UK PM Keir Starmer says the UK will ban social media for under-16s and restrict gaming and livestreaming platforms, aiming for regulation by the end of 2026 — British Prime Minister Keir Starmer said on Monday he would ban social media sites for under-16s and impose restrictions on gaming …

    Britain announces sweeping social media ban for under-16s
    https://www.reuters.com/business/media-telecom/britain-expected-set-out-under-16s-social-media-restrictions-2026-06-14/

    Reply
  10. Tomi Engdahl says:

    Platforms including Instagram, TikTok, Snapchat and Facebook are set to be banned for under-16s

    Full list of social media platforms included in Starmer’s under-16s ban
    Platforms such as Instagram, TikTok, Snapchat and Facebook are set to be banned
    https://www.independent.co.uk/news/uk/home-news/social-media-ban-uk-full-list-apps-whatsapp-snapchat-youtube-b2995731.html?fbclid=IwdGRjcAScv_djbGNrBJy_3GV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHgvGrCSTt0BixncCmwGc4yhhSA4jRFOKtaRzajAYxB7xDMgUxG4KjXqDDWwM_aem_myQAL23cOSiZNodFKULUYg

    Social media platforms will be blocked for children under the age of 16 in a historic move from Sir Keir Starmer, as he said a “total ban is the right choice”.

    The prime minister announced the restriction in a Downing Street press conference on Monday morning as he warned social media was impacting children’s happiness and mental health.

    The social media platforms to be affected include:

    Facebook
    Instagram
    X
    Snapchat
    TikTok
    YouTube

    Messaging services like WhatsApp and Signal are not set to be included in the ban.

    Restrictions will also be enforced on gaming sites which will include world-leading blocks on harmful functions such as livestreaming and stranger communication with children under-16

    AI “romantic companion” chatbots, which are designed to simulate sexual relationships or roleplay with users, will also enforce a minimum age of 18.

    The prime minister said he was confident the ban would be effective but acknowledged some children would find their way around it. The measure is expected to come into force by early next year.

    The government is also looking at potential overnight curfews and breaks in infinite scrolling for under-18s.

    Sir Keir, a father-of-two, said: “This is not something I do lightly, and I will not present it as cost-free, as if social media has brought no benefits to young people, because clearly that is wrong.

    “But government is always about choices, and it’s clear to me that a full ban is the right choice.

    I ask the question now: Do we truly believe that social media creates a happy environment for our children?

    “Do we truly believe that it’s a place where they can feel safe? I don’t think I even need to answer those questions, do I?

    “Every parent can see it with their own eyes. Social media is making children unhappy.”

    There has been resistance from the Trump administration to action against social media sites, which are largely based in the US.

    many countries around the world were “grappling” with the issue of children’s safety online.

    Reply
  11. Tomi Engdahl says:

    Jokainen laite voi olla seuraava kohde – tutkijat puhuvat uudenlaisesta kyberuhasta – Muropaketti.com https://share.google/SJlMpfVWdPCBHwowE

    Tutkijat ovat luoneet avoimen lähdekoodin kielimallilla toimivan tekoälyagentin, joka käyttäytyy kuin ”mato”, eli itsenäisesti toimiva, tietoturva-aukkoja hyödyntävä ja itsestään monistuva haittaohjelma.

    Vielä vertaisarvioimattomassa ennakkotutkimuksessa osoitetaan, kuinka itseään monistava tekoälyagentti voi vallata tietoverkon lähes olemattomin kustannuksin. Asiasta uutisoi Gizmodo.

    Tutkijoiden mukaan kyseessä on ”perustavanlaatuisesti uusi uhka: mato, joka luo kohteelleen räätälöityjä hyökkäysstrategioita jokaisessa kohtaamassaan järjestelmässä”.

    Tutkimuksessa tekoälyagentti toimi matona eristetyssä testiverkossa, joka koostui Linux-, Windows- ja IoT-laitteista. Verkossa oli yleisiä yritysverkkojen haavoittuvuuksia, kuten uudelleenkäytettyjä salasanoja. Agentti perustui nimeämättömään avoimen lähdekoodin suureen kielimalliin.

    Perinteisestä tietokoneviruksesta poiketen mato ei tarvitse käyttäjältä toimia, kuten haittaohjelman sisältävän tiedoston avaamista levitäkseen, vaan se hyödyntää tietoturva-aukkoja ja kopioi itseään uusiin laitteisiin.

    Se pystyy tunnistamaan kunkin laitteen yksilöllisiä tietoturva-aukkoja ja muuttamaan toimintatapaansa niiden perusteella.

    Tutkijoiden mukaan mato hyödyntää myös tartuttamiensa laitteiden laskentatehoa. Tämä korostuu erityisesti aikana, jolloin yhä useammat älypuhelimet ja kannettavat tietokoneet suunnitellaan suorittamaan suuria kielimalleja paikallisesti.

    ”Jokainen internetiin yhdistetty laite on mahdollinen kohde – ellei sen sisältämän datan vuoksi, niin ainakin seuraavan hyökkäyksen laukaisualustana”, tutkijat kirjoittavat blogissaan.

    Reply
  12. Tomi Engdahl says:

    AI Agents Enable Adaptive Computer Worms
    In our pursuit of new knowledge to enhance the security of artificial intelligence, we uncovered a cybersecurity threat with implications across society.
    https://cleverhans.io/worm.html

    ‘A Fundamentally New Threat’: Researchers Develop New AI-Powered Worm That Might Be Unstoppable
    A team of cybersecurity experts have shown how a self-replicating AI agent can take over a computer network at almost no cost.
    https://gizmodo.com/a-fundamentally-new-threat-researchers-develop-new-ai-powered-worm-that-might-be-unstoppable-2000766975

    Reply
  13. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/19061-linuxista-loeytyi-19-vuotta-vanha-aukko

    Linux-ytimestä on löytynyt 19 vuotta vanha haavoittuvuus, jonka avulla perusoikeuksilla varustettu paikallinen käyttäjä voi saada järjestelmässä root-oikeudet. CIFSwitchiksi nimetty haavoittuvuus koskee Linuxin CIFS/SMB-asiakaspuolta ja siihen liittyvää cifs-utils-apuohjelmistoa.

    Haavoittuvuudelle on annettu tunniste CVE-2026-46243. Se ei ole verkon yli suoraan hyödynnettävä SMB-palvelinaukko, vaan paikallinen käyttöoikeuksien korotus. Riskissä ovat etenkin järjestelmät, joissa käyttäjillä on paikallinen pääsy, käytössä on cifs-utils ja järjestelmä sallii hyökkäysketjun vaatimat nimiavaruudet.

    Reply
  14. Tomi Engdahl says:

    Hackers claim they stole Novo Nordisk’s drug and AI secrets
    “Among the categories of data FulcrumSec says it obtained are source code, proprietary drug information covering both marketed and pipeline compounds, clinical trial records, data on employees, doctors, and patients, details tied to manufacturing operations, and internal AI model files.”

    https://qz.com/novo-nordisk-hack-fulcrumsec-extortion-data-theft-061726

    Reply
  15. Tomi Engdahl says:

    Attacking UPS Network Cards to Take Down Data Centers → https://claroty.com/team82/research/attacking-ups-network-cards-to-take-down-data-centers

    #welcometothepartypalgif #2600net #irc #secnews

    Reply
  16. Tomi Engdahl says:

    AMD silently removes memory encryption from consumer Ryzen CPUs, leaving users unaware that they may be vulnerable — security feature vanishes after newer AGESA firmware, AMD engineers go radio silent when pressed about the change → https://www.tomshardware.com/pc-components/cpus/amd-silently-removes-memory-encryption-from-consumer-ryzen-cpus-leaving-users-unaware-that-they-may-be-vulnerable-security-feature-vanishes-after-newer-agesa-firmware-amd-engineers-go-radio-silent-when-pressed-about-the-change

    #2600net #irc #secnews #encryption #memory

    Reply
  17. Tomi Engdahl says:

    Jos puhelimesi tekee tämän, pysähdy heti – ”Todellinen vaaran merkki”
    https://www.is.fi/digitoday/tietoturva/art-2000012089011.html

    Reply
  18. Tomi Engdahl says:

    ⚠️ Some Apple chips now have a flaw no software update can remove.

    Researchers released usbliter8, a SecureROM exploit for A12 and A13 chips that enables code execution via USB in DFU mode.

    Read details here: https://thehackernews.com/2026/06/unpatchable-usbliter8-exploit-breaks.html

    Reply
  19. Tomi Engdahl says:

    “Companies are getting hacked every single day.” https://trib.al/iiLxWpa

    Reply
  20. Tomi Engdahl says:

    MSG scanned 26M faces. Then its own data leaked.

    Hackers called ShinyHunters published 45GB of stolen files.

    The data exposed facial recognition logs and private attendee profiles.

    MSG had used this system to scan visitors for years.

    If you attended an event there, your faceprint may be inside.

    A federal lawsuit now accuses MSG of failing to protect this data.

    Read more on TNW: https://thenextweb.com/news/shinyhunters-madison-square-garden-45gb-data-leak-facial-recognition

    Reply
  21. Tomi Engdahl says:

    Mariana Catacci / CNN:
    Brazil takes its National Civil Defense warning platform offline after suspected hackers send an unauthorized alert to mobile phones in several states

    Hackers suspected to be behind unauthorized alert sent to cell phones across Brazil
    https://edition.cnn.com/2026/06/20/americas/brazil-hackers-unauthorized-alert-latam

    São Paulo, BrazilCNN Brasil —

    An unauthorized alert bearing a mysterious message that was sent to cell phones in several states across Brazil on Saturday morning is suspected to be the work of hackers, the Brazilian government said.

    Devices lit up with the word “misantropi4,” an alphanumeric spelling of the Portuguese word “misantropia,” which in English translates to “misanthropy.” The final letter “a” was substituted with a number ‘4’ – a practice often used by hackers and termed “leetspeak.”

    The alert – categorized as “extreme” – was initially received in the southern state of Paraná, but a second warning was triggered a few minutes later for cell phones in the major cities of São Paulo and Rio de Janeiro.

    The emergency text system is similar to the US’ Wireless Emergency Alerts (WEA), better known to most Americans as AMBER alerts, which allows officials to broadcast short emergency text messages directly to mobile devices within specific geographic area, regardless of phone number or network.

    Brazilian authorities said that the National Civil Defense’s warning platform was taken offline after being targeted by a likely hacker attack, and the government is working to restore the tool once all security conditions are reestablished.

    The statement also said that the Cellbroadcast tool, which is used to send severe and extreme alerts, is managed by Anatel (National Telecommunications Agency) and has been temporarily disabled. The São Paulo Civil Defense said it has contacted Anatel and other institutions involved in the system’s operation to investigate the origin of the message.

    Reply
  22. Tomi Engdahl says:

    “The sabotage seems intentional, as Reliance has ignored multiple reports,” he wrote. Read more: https://cnews.link/durov-meta-telegram-sabotage-1/

    Reply
  23. Tomi Engdahl says:

    https://git.cuvoodoo.info/kingkevin/board/src/branch/hdmi_firewall/README.md

    The HDMI firewall prevents devices from hacking HDMI equipment, and vice-versa.
    HDMI is mainly used to transfer audio and video, but also offers a number of additional features (e.g. HPD, CEC, HEAC, MHL). This increases the attack surface, and since the security of their implement in embedded devices is far from ideal, an attacker could exploit them and inject malicious code. Now your unsuspicious video equipment is compromised and threatens your IT/network security. And your monitor could then in turn hack back any other device connected to it.
    For example, let’s imagine you invite an external guest for a presentation inside your company. You offer to connect to a video-projector so he can show his slides. This is the perfect opportunity for the guest to hack the video-projector. Next time an employee connects to this projector, his laptop is hacked back. And voila, the innocent guest managed to infiltrate your company network, and can exfiltrate confidential information.
    The HDMI firewall blocks all additional interfaces, and only allows audio and video data transfer. It is based on the research of Pierre-Michel Ricordel and José Lopes Esteves from ANSSI/SDE/ST/LSF presented at the IT security conference SSTIC 2021.

    #2600net #irc #secnews #hardware #hacking #cybersecurity #hdmi #firewall

    Reply
  24. Tomi Engdahl says:

    Applen A12- ja A13-piireistä löytyi aukko, jota ei voi korjata
    https://etn.fi/index.php/13-news/19088-applen-a12-ja-a13-piireistae-loeytyi-aukko-jota-ei-voi-korjata

    Tietoturvatutkijat ovat julkaisseet uuden usbliter8-nimisen haavoittuvuuden, joka kohdistuu Applen A12- ja A13-sukupolvien järjestelmäpiireihin. Kyse ei ole iOS:n tavallisesta ohjelmistovirheestä, vaan piirin käynnistysvaiheen SecureROM-koodiin ja USB-ohjaimeen liittyvästä laitteistotason ongelmasta.

    Paradigm Shiftin tutkijoiden mukaan haavoittuvuus mahdollistaa koodin ajamisen hyvin varhaisessa käynnistysvaiheessa, ennen kuin varsinainen käyttöjärjestelmä käynnistyy. Tämä tekee löydöstä teknisesti merkittävän, sillä BootROM- ja SecureROM-tason virheitä ei voi paikata jälkikäteen samalla tavalla kuin käyttöjärjestelmän haavoittuvuuksia.

    Hyökkäys perustuu Applen käyttämän Synopsysin DWC2-USB-ohjaimen toimintaan. Tutkijoiden mukaan ohjain käsittelee USB:n Setup-paketteja tavalla, joka tietyissä olosuhteissa johtaa muistialueen alivuotoon. Kun laite on DFU-palautustilassa ja siihen on fyysinen USB-yhteys, virhettä voidaan käyttää muistialueiden ylikirjoittamiseen ja lopulta käynnistysketjun hallinnan murtamiseen.

    Käytännössä tämä tarkoittaa, että hyökkääjä voi saada laitteen suorittamaan omaa koodiaan ennen Applen normaalien allekirjoitus- ja eheystarkistusten valmistumista. Tutkijat osoittivat, että tällä voidaan esimerkiksi käynnistää muokattuja iBoot-kuvia ilman tavanomaisia allekirjoitustarkistuksia.

    Haavoittuvuus koskee A12- ja A13-piirejä sekä Apple Watchien S4- ja S5-piirejä. A12X- ja A12Z-piirien tekninen tuki olisi tutkijoiden mukaan mahdollinen, mutta sitä ei ole toteutettu julkaistussa versiossa. A11-sukupolvessa sama hyökkäys ei toimi, koska USB-ajuri palauttaa DMA-osoitteen jokaisen paketin jälkeen. A14- ja uudemmissa piireissä ongelma näyttää puolestaan jäävän hyödyntämättä, koska SecureROM määrittää DART-muistinsuojauksen oikein.

    Reply
  25. Tomi Engdahl says:

    Lily Hay Newman / Wired:
    OpenAI unveils an updated GPT-5.5-Cyber model, launches the Patch the Planet initiative in partnership with Trail of Bits to fix open source bugs, and more — Amid concerns about AI models’ cybersecurity capabilities, OpenAI revealed an improved version of GPT-5.5-Cyber and its “Patch the Planet”

    OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos
    Amid concerns about AI models’ cybersecurity capabilities, OpenAI revealed an improved version of GPT-5.5-Cyber and its “Patch the Planet” initiative to fix open-source software bugs.
    https://www.wired.com/story/openai-launches-full-scale-effort-to-patch-open-source-bugs-as-it-takes-on-anthropics-mythos/

    Reply
  26. Tomi Engdahl says:

    Canada’s spy service got a court order to remotely clean #malware-infected devices.

    CSIS used its threat reduction powers to neutralize two foreign-run botnets operating through Canadian servers, SOHO routers, cameras, TVs, and other IoT gear.

    The ruling stayed secret for more than 2 years.

    Read
    https://thehackernews.com/2026/06/canadas-spy-agency-used-first-of-its.html

    Reply
  27. Tomi Engdahl says:

    Exploitation requires no user interaction and affects desktops, servers, and IoT devices. More here https://cnews.link/critical-ffmpeg-vulnerability-enables-complete-compromise/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*