Tag: intelligence
-
Threat Actor Malware Platform Exposed Through Unlocked PHP Installer Page
A misconfigured PHP-based malware distribution platform has been exposed after a security researcher inadvertently gained administrative access via an unlocked installation page, highlighting critical operational security failures in the active threat actor’s infrastructure. The incident, documented on June 11, 2026, began with routine threat intelligence monitoring on X (formerly Twitter), where a suspicious software download…
-
Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface Management
Torrance, United States / California, June 11th, 2026, CyberNewswire Criminal IP by AI SPERA, a cyber threat intelligence platform delivering decision-ready intelligence and attack surface visibility to security teams worldwide, participated in Infosecurity Europe 2026 at ExCeL London this week, marking the company’s second consecutive appearance at Europe’s leading cybersecurity event. Alongside live demonstrations of…
-
Anthropic Blocks Fable 5 and Mythos 5 Following U.S. National Security Directive
Anthropic has disabled all access to its Fable 5 and Mythos 5 artificial intelligence models following a sudden export-control directive from the United States government. Issued at 5:21 PM ET on June 13, 2026, the directive cited pressing national security concerns and strictly prohibited any foreign national from accessing the models. This restriction extends beyond…
-
U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals
Anthropic said on Friday it will “abruptly disable” its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether inside or outside the U.S., citing national security concerns.The AI company said it received an…
-
ISMG Editors: Anthropic Unleashes Claude Mythos 5
Also: Identity as the New Control Plane, Healthcare’s AI Governance Challenge. In this week’s panel, four ISMG editors discussed Anthropic’s ambitious release of the Mythos and Fable 5 models, how cybersecurity teams are strengthening identity in complex cloud environments and the healthcare industry’s efforts to govern artificial intelligence responsibly. First seen on govinfosecurity.com Jump to…
-
Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing
Google on Friday said it’s pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans.The network is said to be behind the development and management of a phishing-as-a-service (PhaaS) software kit called Outsider, per the tech giant.”The operation weaponized Gemini…
-
Policy as Code: From Documents to Machine Intelligence
Policy as Code Turns Static Compliance Documents Into Enforceable, Auditable Policy For decades, policies, standards and procedures have anchored security and compliance governance. But static documents can no longer keep pace with dynamic regulations and frontier technology. Policy as Code transforms them into machine-readable, enforceable, continuously verifiable rules that drive real business decisions. First seen…
-
Major US surveillance program poised to lapse after legislative deadlock
It is the first lapse of the spy program, known as Section 702 of the Foreign Intelligence Surveillance Act (FISA), since it was passed into law in 2008. First seen on therecord.media Jump to article: therecord.media/major-us-surveillance-program-set-to-lapse-702-fisa
-
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines.Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted using Sentry, an open-source error-tracking and performance-monitoring platform.”The attack First…
-
Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign
Tags: advisory, breach, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, update, vulnerability, zero-dayShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran…
-
Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign
Tags: advisory, breach, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, update, vulnerability, zero-dayShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran…
-
LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution
Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution.LangGraph is an open-source framework created by LangChain to build complex, stateful, and multi-agent artificial intelligence (AI) agentic applications.”An SQL injection in LangGraph’s function could First seen on thehackernews.com Jump to article:…
-
Tchap Messenger Hack Exposes Data of Over 73,000 French Government Employees
A suspected cyberattack targeting Tchap, the secure messaging platform used by French government agencies, has reportedly exposed sensitive data belonging to more than 73,000 government employees. According to threat intelligence reports shared by the ThreatMon monitoring account, a threat actor claims to have exfiltrated approximately 13.5 GB of internal data, covering nearly three years of…
-
163 Organizations Hit by Thai Gambling SEO Poisoning Campaign
A large-scale Thai gambling SEO poisoning operation has compromised 163 organizations across more than 30 countries by exploiting abandoned cloud DNS delegations, according to research from Cyble Research & Intelligence Labs (CRIL). First seen on thecyberexpress.com Jump to article: thecyberexpress.com/thai-gambling-seo-poisoning/
-
Oracle PeopleSoft Zero-Day RCE Vulnerability Exploited by ShinyHunters
Tags: cve, cvss, cyber, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, vulnerability, zero-dayA newly disclosed zero-day vulnerability in Oracle PeopleSoft is being actively exploited by the ShinyHunters threat group, according to a joint investigation by Mandiant and Google Threat Intelligence Group (GTIG). Tracked as CVE-2026-35273 with a critical CVSS score of 9.8, the flaw affects the Environment Management component and enables unauthenticated remote code execution. Researchers confirmed…
-
Vietnamese Digital Spies Look for Domestic Targets
Eset Says Threat Actor Redirected Efforts From Foreign Operations. Eset linked OceanLotus, also known as APT32, to a supply-chain attack on Vietnam’s FireAnt financial platform and a prolonged intrusion into a transport infrastructure company, suggesting the state-aligned threat actor is increasingly focused on gathering intelligence from domestic targets. First seen on govinfosecurity.com Jump to article:…
-
DOJ, FBI Seize 13 Domains in Chinese Recruitment Op
Fake Recruiting Sites Used for Info Gathering. The Department of Justice and FBI seized 13 websites tied to an alleged Chinese intelligence gathering operation, using fake recruiting firms and deceptive job offers to target current and former U.S. government employees and security clearance holders. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/doj-fbi-seize-13-domains-in-chinese-recruitment-op-a-31952
-
Joint Commission Certification Targets Healthcare AI Risks
Program Focuses on AI Governance, Safety, Privacy, Bias and Transparency. Accreditation organization Joint Commission is rolling out a voluntary program for certifying the responsible deployment and use of artificial intelligence technologies by U.S. healthcare provider organizations, including governance, safeguards, monitoring processes and education. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/joint-commission-certification-targets-healthcare-ai-risks-a-31949
-
Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE
A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck.The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations.”The ‘POST /api/v2/…
-
FBI seizes 13 websites linked to alleged Chinese intelligence-gathering effort
Federal authorities have seized 13 internet domains allegedly used to target current and former U.S. government employees and military personnel with access to classified and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/11/fake-consulting-websites-target-us-security-clearance-holders-china/
-
Trump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief Pick
US lawmakers are alarmed that Bill Pulte, a housing official with no intelligence experience, is poised to take charge of one of the government’s most powerful surveillance tools. First seen on wired.com Jump to article: www.wired.com/story/trump-risks-key-surveillance-authority-over-unqualified-spy-chief-pick/
-
Meta to Use Off-Site Business Data for Feed and AI Personalization
Meta on Tuesday announced that it will use information shared by other businesses to personalize users’ feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads.”Businesses often share information about people’s activity on their sites with us to make ads more relevant,” Meta said in a statement.”We already use this…
-
Partners can help secure AI and increase trust
Context and Veeam underline the challenges and importance of securing artificial intelligence, while Arrow takes steps to increase partner skills around the technology First seen on computerweekly.com Jump to article: www.computerweekly.com/microscope/news/366643947/Partners-can-help-secure-AI-and-increase-trust
-
Apple Intelligence can now replace weak passwords without user intervention
Apple’s next generation of Apple Intelligence, the company’s personal intelligence system, expands its capabilities and introduces new security features in Passwords. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/09/apple-intelligence-automated-passwords-security-updates/
-
Filigran uses AI agents to make CTEM practical for overstretched security teams
Filigran has unveiled XTM One, an AI-native orchestration layer designed to automate Continuous Threat Exposure Management (CTEM) workflows, as organisations struggle to keep pace with growing volumes of threat intelligence, vulnerabilities and attack data. The launch reflects a broader challenge facing security teams. While many organisations have invested heavily in threat intelligence, attack surface management…
-
CVE-2026-23111: Linux nf_tables Flaw Enables Root Exploits
A Linux kernel nf_tables bug lets local users gain root via use-after-free caused by a logic error; patch removes a single “!”. CVE-2026-23111 lives in nf_tables, the Linux kernel’s packet filtering framework. Exodus Intelligence researcher Oliver Sieber found the bug in early 2025 and chained it into a full local privilege escalation. The flaw was…
-
CVE-2026-23111: Linux nf_tables Flaw Enables Root Exploits
A Linux kernel nf_tables bug lets local users gain root via use-after-free caused by a logic error; patch removes a single “!”. CVE-2026-23111 lives in nf_tables, the Linux kernel’s packet filtering framework. Exodus Intelligence researcher Oliver Sieber found the bug in early 2025 and chained it into a full local privilege escalation. The flaw was…
-
New Apple feature automatically changes your compromised passwords
At WWDC 26, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. This works in Safari, and it’s rolling out with iOS 27. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/apple/new-apple-feature-automatically-changes-your-compromised-passwords/
-
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container.The flaw, CVE-2026-23111, sits in the kernel’s nf_tables packet-filtering code and was patched upstream on February 5, 2026. Exodus Intelligence released its full technical walkthrough on June 8,…
-
Miasma Worm Hits Microsoft’s AI Coding Ecosystem
Attackers Compromised More Than 70 Microsoft Repositories in Under 2 Minutes. Attackers linked to the Miasma supply-chain campaign compromised a Microsoft contributor account and pushed malicious code into more than 70 repositories, using artificial intelligence-assisted coding tools as an infection path to steal credentials and developer secrets at scale. First seen on govinfosecurity.com Jump to…