The Nansh0u Campaign – Hackers Arsenal Grows Stronger In the beginning of April, three attacks detected in the Guardicore Global Sensor Network (GGSN) caught our attention. All three had source IP addresses originating in South-Africa and hosted by VolumeDrive ISP (see IoCs).
PLEASE_READ_ME: The Opportunistic Ransomware Devastating MySQL Servers Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.
Threats Making WAVs - Incident Response to a Cryptomining Attack Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident response processes in data centers.
The Oracle of Delphi Will Steal Your Credentials Our deception technology is able to reroute attackers into honeypots, where they believe that they found their real target. The attacks brute forced passwords for RDP credentials to connect to the victim download and execute a previously undetected malware, which we named Trojan.sysscan.
Keep Your Tech Flame Alive: Trailblazer Rachel Bayley In this Akamai FLAME Trailblazer blog post, Rachel Bayley encourages women to step into the unknown and to be their authentic selves.
AI Fiction Is Easy to Detect Because It's Stupid and Bad, Research Finds ChatGPT uses too many dream sequences and Gemini won’t stop describing characters.
Behind the Blog: The Promise of the Internet This week, we discuss mobile podcasting, participating in the meme, and vertigo.
AWS designated as a critical third party to the UK financial sector Amazon Web Services EMEA Sarl (AWS) has been designated as a critical third party (CTP) to the UK financial sector by HM Treasury. The CTP regime came into force on January 1, 2025, and establishes a framework through which the Bank of England, PRA, and FCA (collectively the UK regulators) can set requirements on and […] ( 107 min )
Securing our future: July 2026 progress report on Microsoft’s Secure Future Initiative Microsoft’s latest Secure Future Initiative report outlines progress on secure foundations, AI-powered defense, and future-ready cybersecurity. The post Securing our future: July 2026 progress report on Microsoft’s Secure Future Initiative appeared first on Microsoft Security Blog.
Black Hat Europe 2025 | Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL No content preview
CVE-2026-47291: Remote Code Execution in the Windows HTTP.sys In this excerpt of a TrendAI Research Services vulnerability report, Yazhi Wang and Jonathan Lein of the TrendAI Research team detail a recently patched remote code execution bug in the Windows HTTP protocol stack. Successful exploitation of this vulnerability can result in a denial-of-service condition, or, in the worst case, code execution with kernel privileges. The following is a portion of their write-up covering CVE-2026-47291, with a few minimal modifications. A remote code execution vulnerability exists in the HTTP Protocol Stack for Microsoft Internet Information Services implemented in HTTP.sys. The vulnerability is due to invalid validating incoming HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted HTTP packets to the target sys…
This new Windows malware can take over your PC and wipe it clean GigaWiper is a remote access Trojan that can spy on victims and permanently wipe their systems in three different ways.
How mule betting scams recruit ordinary people Easy-money offers to open a gambling account could make you part of a money laundering operation. Here's how to spot a mule betting scam.
Two Chrome updates in two days fix critical vulnerabilities Chrome updates are arriving within days of each other. Learn how to update Chrome and check if you're running the latest version.
Introducing OAuth Support for AWS MCP Server You can now connect your agents to the AWS MCP Server using the same credentials and sign-in methods that you already use for connecting to the AWS Management Console or AWS Command Line Interface (AWS CLI) through a familiar browser-based experience powered by industry-standard OAuth. This new sign-in path supports AWS Identity and Access Management […] ( 114 min )
Patreon Blocks Crawlers From Stealing Creators' Work for AI Training “Creators deserve credit, compensation, and consent. If that's not on the table, the crawlers can stay the fuck off Patreon," CEO Jack Conte wrote on Thursday.
Farmers Finally Get a John Deere Right to Repair Agreement That Doesn’t Screw Them Over The FTC's settlement with John Deere actually has teeth, unlike previous settlements that largely maintained the status quo.
LinkedIn and X Are Flooded With AI Spam, Browsing Data Suggests An AI detection company found that amount of AI content that users actually see in their day-to-day browsing is shockingly high.
Black Hat Europe 2025 | Ghost In The Stack: Evolving Call Stack Spoofing In A Post-CET Era No content preview
How World Cup crypto prediction sites take your money Crypto prediction games promise easy wins, but some are little more than token sales or outright scams. Here's what to look for.
6.9 million driver’s license numbers stolen from AssuranceAmerica Millions of AssuranceAmerica customers are being notified after attackers accessed driver's license numbers and other personal information.
Microsoft fixes RoguePlanet zero-day in Defender The RoguePlanet zero-day is now fixed in Microsoft Defender. Here's how to make sure your system is protected.
Turn off this Meta setting before someone generates AI images of you Meta's new Muse Image tool lets anyone generate AI images of you from your public Insta profile. You won't be notified, and it's on by default.
GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware GigaWiper is a destructive backdoor that combines multiple wiping and ransomware-like capabilities into a single operational platform. This blog analyzes how the malware incorporates code from several previously separate malware families and provides guidance to help defenders detect and defend against similar threats. The post GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware appeared first on Microsoft Security Blog.
Black Hat Europe 2025 | Breaking AI Inference Systems: Lessons From Pwn2Own Berlin No content preview
When AI Models Outgrow Storage Discover how Akamai Object Storage absorbs high-frequency machine data, mitigates egress costs, and scales production AI model outputs.
Designing for the inevitable: System prompt leakage and mitigations in generative AI applications System prompts form the foundation of generative AI applications. A system prompt is a collection of instructions and operational context provided to a large language model (LLM) that shapes how the model behaves and interacts with users and tools. System prompts often contain proprietary information, including role definitions, behavioral guidelines, tool descriptions and usage instructions, […] ( 116 min )
The CISO’s guide to post-quantum mandates and migrations Over a dozen major economies have now published post-quantum cryptography (PQC) adoption guidance. As a CISO, you’re probably well into your migration plan and know the most difficult part has little to do with changing algorithms. The real leadership challenge is driving coordinated change across a large, complex organization where asymmetric cryptography is embedded in […] ( 115 min )
Meta Patents AI Device That Tracks Your Emotions, Watches You Take Your Meds Imagine a wearable device that records every moment of your day and makes suggestions based on your mood.
Porn Platform Gives Sex Workers Stake in the Company's Profits One of the co-founders of MintStars, a subscription site used by adult content creators, announced she's giving her entire stake in the company to a pool for the platform's creators and to the nonprofit SWOP Behind Bars.
We Are Living in a ‘ChatGPT Flyer Pandemic’ "Hey if this is your flyer, I’m not going, I’m not donating, I’m not sharing. Don’t ask me."
'Knockoff' Browser Extension Hides Sketchy Brands on Amazon "Sorry to brands like WNPETHOME, EHEYCIGA, YXYL, LU&MN, JOYIN, TOMY, GODONLIF, YOOJEE, LINGTENG, LANEIGE, VISCOO, BIODANCE, COOFANDY, BALENNZ, TOSY, and LUENX."
LARPING: How Influencers Fake Being Rich How companies are burning through their AI tokens; and the fake AI-generated flowers all over Etsy, eBay, and Amazon.
Protecting Microsoft at AI speed: How SFI proactively hardens our cloud At Microsoft we encompass these security requirements, along with threat knowledge, and operational frameworks in our Secure Future Initiative (SFI), to guide what a well-defended cloud service looks like. But defining the requirements is only the start. Meeting the requirements means continuously evaluating our live services against them, at AI speed. The post Protecting Microsoft at AI speed: How SFI proactively hardens our cloud appeared first on Microsoft Security Blog.
AI Surveillance Is Being Supercharged–And It Will Chill Social Progress Senior research fellow Jon Penney and co-author Bruce Schneier argue that widely deploying AI surveillance could be corrosive to democracy. The post AI Surveillance Is Being Supercharged–And It Will Chill Social Progress appeared first on The Citizen Lab.
Cracking Firmware with Claude: Senior-Level Skill, Junior-Level Autonomy A senior Bishop Fox researcher once cracked SonicWall's proprietary firmware encryption by hand. We gave Claude the same problem, two artifacts, one instruction, and mostly got out of the way. What happened next reveals something important about where AI-assisted security research is heading.
Your next car could be watching your face Driver-monitoring technology is becoming mandatory in new cars, but privacy experts warn it could create new risks alongside the safety benefits.
Enforce zero data retention on Amazon Bedrock with Bedrock Projects and service control policies With the introduction of models that require data sharing with third-party providers—such as Claude Fable 5—organizations need a way to centrally enforce data retention policies. Amazon Bedrock gives you control over whether your prompts and model outputs are retained after an inference request completes. You might need a way to enforce your retention settings across […] ( 117 min )
How the Reddit and Discord false report scam steals accounts Scammers are tricking Reddit and Discord users into handing over login codes by claiming they were involved in a false report.
Fake Netflix, Coca-Cola, and FIFA job scams target marketers A fake recruiter phishing campaign uses trusted brands, nested redirects, and fake Google prompts to steal accounts.
Claude Code’s hidden tracker was an “experiment,” says Anthropic Anthropic's hidden Claude Code tracker has raised new questions about prompt steganography and developer trust.
Scammers are using AI to sell impossible flowers AI-generated flower scams are blooming online, with scammers using fake images to sell seeds for plants that don't exist, like these "cat's face orchids."
Cops Say Waymo Snitched on Teens for Allegedly Drinking and Shooting a Toy Gun The San Mateo Police Department posted on Facebook: “Parents do you know where your teens are? Waymo does!"
Scientists Gave Mice Cocaine. This Is What It Did to Their Brains Researchers found that a single dose left persistent changes to the genomes of neurons, a discovery that could have implications for treating addiction.
JWTweak v2.1: A Guided, Offline Toolkit for Modern JWT Attacks Paste a token, get a full attack plan — then execute it, entirely offline. Continue reading on InfoSec Write-ups »
The HTTP 303 SSRF Hack : From Python HTTP Client Defaults to AWS Credential Exfiltration. No content preview
Chaining a DOM XSS Sink, WAF Bypass, Cross-Origin Smuggling, and SDK Abuse into One Click Account… No content preview
BadSuccessor — Exploiting delegated Managed Service Accounts in Windows Server 2025 No content preview
Breadth, Depth, And Quality: Why Comparing Blockchain Analytics Vendors by Cluster Count Is Only Part of the Calculation When compliance teams, regulators, or investigators evaluate blockchain analytics providers, the conversation almost always starts the same: How many services… The post Breadth, Depth, And Quality: Why Comparing Blockchain Analytics Vendors by Cluster Count Is Only Part of the Calculation appeared first on Chainalysis. ( 12 min )
The Hidden Latency Tax in Retail Personalization Every personalization decision adds latency that has a measurable cost in conversions and order value. Learn where that cost comes from — and how to avoid paying it.
A Fistful of Headers: Taming the Wild Web at Scale | Cary Hooper and Wesley McElhinny No content preview
Enforce least-privilege authorization in multi-agent AI chains using Cedar If you’re building multi-agent AI systems, you need to prevent authorization scope from silently expanding as agents delegate tasks through multi-hop chains. Without proper controls, an agent can potentially act beyond what the originating user authorized, even when role-based access control (RBAC) policies are in place. The OWASP Top 10 for Agentic Applications classifies this […] ( 116 min )
How to tell if an image is AI-generated Scammers are using AI-generated images to make fake stories more convincing. Here's how to separate real from fake.
Choose your WhatsApp username carefully WhatsApp is introducing usernames to help protect your phone number. Just make sure you don't undermine that privacy by choosing the wrong one.
NetNut botnet takes a hit. Don’t be part of the next one. Google, the FBI, and other partners have disrupted a residential proxy network built on millions of hijacked devices and used by criminals.
A week in security (June 29 – July 5) A list of topics we covered in the week of June 29 to July 5 of 2026
5 insights from Frost & Sullivan’s 2025 Frost Radar™ for Cloud Security Posture Management Read five key learnings from the Frost & Sullivan 2025 Frost Radar™ for CSPM to learn how CSPM is evolving from point-in-time compliance to continuous risk management. The post 5 insights from Frost & Sullivan’s 2025 Frost Radar™ for Cloud Security Posture Management appeared first on Microsoft Security Blog.
Black Hat Europe 2025 | Not Just Victims: The Hidden Villains Inside Infostealer Logs No content preview
Footage Shows Cop Stalking Woman He Met on a TV Set After Surveilling Her With a License Plate Reader A Florida police officer met a woman on a TV set, surveilled her for weeks, stalked her, and nearly caused a head-on collision while chasing her to pull her over.
Mastering curl Commands Bug Bounty Hunter's Guide Every bug bounty hunter has curl installed. Few use it to its full potential. While Burp Suite and custom scripts get the limelight, curl… Continue reading on InfoSec Write-ups »
Black Hat Europe 2025 | Taking Control Over Legacy And ERTMS/ETCS Railroad Signaling Systems No content preview
📖 [The CloudSecList] Issue 345 📖 [The CloudSecList] Issue 345 was originally published by Marco Lancini at CloudSecList on July 05, 2026.
SOLVED: The Case of the Missing Megalodon A short-statured human relative that lived on a lush island probably didn’t wield fire or hunt big game, but it did walk in the footsteps of dragons, according to a new study.
Moody Bible Institute - 2,303,416 breached accounts In June 2026, Moody Bible Institute was targeted by a ShinyHunters "pay or leak" extortion campaign. Over 2.3M unique email addresses and other personal data were later published publicly, including names, physical addresses, phone numbers, dates of birth and other information relating to donors, supporters, students and alumni. In their disclosure notice, Moody advised that they had "engaged both internal and external cybersecurity experts to thoroughly investigate the matter".
Black Hat Europe 2025 | Automatic Detection of Taint-Style Vulnerabilities in LLM-based Agents No content preview
Verified X ad spreads Mac malware, while ConsentFix steals Microsoft accounts Two new campaigns show how cybercriminals are increasingly relying on social engineering instead of software exploits to compromise devices and accounts.
Behind the Blog: With Blogs Like These, Who Needs a Private Jet This week, we discuss the Supreme Court, the private jet, and AI on the TV.
Apple’s Hide My Email doesn’t hide it very well A year ago a researcher found a vulnerability in Apple's Hide My Email feature and now he's tired of waiting for a fix.
Fake Google and Cloudflare verification pages spread multiple malware families We uncovered ClickFix attacks using fake Google and Cloudflare pages to deliver everything from infostealers to a newly discovered malware loader.
WinRAR flaw could allow attackers to take control of your computer A new WinRAR update fixes a serious security flaw, but without automatic updates many users could miss the patch.
Improving security posture across the Microsoft partner ecosystem Read how Microsoft strengthens partner ecosystem security with CSP vetting, least privilege access, monitoring, and risk management best practices. The post Improving security posture across the Microsoft partner ecosystem appeared first on Microsoft Security Blog.
On Favicons: From Browser Icons to Attack Surface Intelligence Favicons are small, static, and rarely changed, which makes them a surprisingly durable fingerprint for identifying software across the internet. Bishop Fox built an AI-assisted pipeline to hash and enrich them at scale, and this post shares the methodology, the dataset, and why it matters.
OFAC Updates ISIS-Khorasan Sanctions with Over 100 Cryptocurrency Wallets Summary OFAC updated its ISIS Khorasan (ISIS-K) designation to include 134 cryptocurrency wallet addresses (131 on TRON and 3 on… The post OFAC Updates ISIS-Khorasan Sanctions with Over 100 Cryptocurrency Wallets appeared first on Chainalysis. ( 11 min )
Chainalysis Supports Robinhood Chain with Automatic Token Support Chainalysis is excited to announce support for Robinhood Chain, a permissionless layer 2 purpose-built for on-chain financial services and tokenized… The post Chainalysis Supports Robinhood Chain with Automatic Token Support appeared first on Chainalysis. ( 9 min )
Secure Amazon container workloads using container attribute-based rules in AWS Network Firewall Today, you can use AWS Network Firewall to protect traffic flowing to and from containerized applications on Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Container Service (Amazon ECS) clusters. If you run AI and machine learning (ML) workloads on Amazon EKS—such as model inference, RAG pipelines, or JupyterHub—your containerized workloads require the same […] ( 112 min )
How to use the AWS Workload Credentials Provider for cross-account secret retrieval and prefetching secrets If you manage secrets across multiple AWS accounts or need faster secret access for latency-sensitive applications, this post shows you how to meet those requirements using two new features of the AWS Workload Credentials Provider (provider). You will learn how to configure role chaining for cross-account secret retrieval and prefetching of secrets to reduce cold-start […] ( 112 min )
Microsoft named a leader in the Frost Radar for cloud and application runtime security Frost & Sullivan names Microsoft a leader as cloud and application security converge into unified, runtime risk reduction. The post Microsoft named a leader in the Frost Radar for cloud and application runtime security appeared first on Microsoft Security Blog.
The June 2026 Apple Security Update Review We’re back with our look at the Apple macOS and iOS security updates. As this is a new feature for us, please let us know your feedback on the blog. For Jun 2026, Apple released 37 unique CVEs across iOS 26.5.2 / iPadOS 26.5.2, macOS Tahoe 26.5.2, Safari 26.5.2. Since Apple doesn’t provide CVSS scores or other severity information, we’re left to speculate on which of these bugs is the most severe. The overwhelming majority (31 of 37) are WebKit/WebRTC bugs reachable through malicious web content. Most of those are crash/DoS bugs rather than code execution, so the real risk lives in the small set of kernel bugs and the handful of WebKit sandbox escapes. However, there are a couple that stand out. - CVE-2026-43724 (Kernel) – According to Apple, “An app may be able to cause unexpected sys…
PEPR '26 - Architecting Scalable Data Lineage Graph for Privacy Compliance and Agentic Analysis No content preview
Accelerating the quantum-safe timeline We’re accelerating quantum-safe readiness—and sharing what organizations can do now to transition earlier and with confidence. The post Accelerating the quantum-safe timeline appeared first on Microsoft Security Blog.
What’s new in Microsoft Security: June 2026 This month’s updates help security and IT teams strengthen identity and multicloud foundations, protect data wherever it lives, and secure the developer workflows powering AI innovation. The post What’s new in Microsoft Security: June 2026 appeared first on Microsoft Security Blog.
Securing AI agents: When AI tools move from reading to acting MCP tool poisoning turns trusted AI agents into a control plane for data loss. Learn how threat actors manipulate tool descriptions to trigger unauthorized actions, and how to detect, contain, and prevent it. The post Securing AI agents: When AI tools move from reading to acting appeared first on Microsoft Security Blog.
What the June 2026 Threat Technique Catalog update means for your AWS environment The AWS Customer Incident Response Team (AWS CIRT) encounters patterns that repeat across engagements when helping customers respond to security incidents. We’re passionate about making sure that information is accessible so that everyone can improve their security posture and their organization’s resilience to disruption. The primary method we use to share this information is the […] ( 111 min )
Chromium extension uses AI‑related branding to redirect browser search A malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI redirects browser search traffic using MV3 APIs and intermediary infrastructure. The post Chromium extension uses AI‑related branding to redirect browser search appeared first on Microsoft Security Blog.
An Ontology for Accountability: Defining What Data Quality Means in Blockchain Analytics We built this to be questioned Before I came to blockchain analytics, I spent years in academia studying the formal… The post An Ontology for Accountability: Defining What Data Quality Means in Blockchain Analytics appeared first on Chainalysis. ( 13 min )
10 Questions to Ask Your Blockchain Analytics Provider about Data Quality Blockchain analytics tools provide critical intelligence to compliance teams, regulators, and investigators. These professionals use that intelligence to uncover illicit… The post 10 Questions to Ask Your Blockchain Analytics Provider about Data Quality appeared first on Chainalysis. ( 12 min )
Black Hat Europe 2025 | How We Turned AI's 'Web Browsing' Into A Gateway For Targeting 1B+ Users No content preview
Black Hat Europe 2025 | The Forensic Trail On GitHub: Hunting For Supply Chain Activity No content preview
Sysco - 2,691,852 breached accounts In June 2026, the food distribution company Sysco was targeted by a ShinyHunters "pay or leak" extortion campaign. Data was subsequently published containing 2.7M unique email addresses belonging to staff and customers. The data also contained largely corporate contact information including names, phone numbers, physical addresses, internal job titles, and customer feedback.
📖 [The CloudSecList] Issue 344 📖 [The CloudSecList] Issue 344 was originally published by Marco Lancini at CloudSecList on June 28, 2026.
Black Hat Europe | LINE-Break: Cryptanalysis And Reverse Engineering Of Letter Sealing No content preview
Inside a Sandwich Attack: Lessons From the $7.5 Million Heist Against JaredfromSubway.eth Summary JaredfromSubway.eth, the most prolific sandwich-attack bot on Ethereum, was drained of at least $7.5 million in a reverse honeypot… The post Inside a Sandwich Attack: Lessons From the $7.5 Million Heist Against JaredfromSubway.eth appeared first on Chainalysis. ( 13 min )
American Tower - 216,601 breached accounts In June 2026, telecommunications tower infrastructure company American Tower was the target of a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data allegedly taken from the company containing more than 200k unique email addresses belonging to employees, contractors, customers, and leads. Exposed data also included names, addresses, and phone numbers.
Emile Dirks Elected to PEN Canada’s Board of Directors Senior research associate Emile Dirks has been elected to serve as a member of PEN Canada's board of directors. The post Emile Dirks Elected to PEN Canada’s Board of Directors appeared first on The Citizen Lab.
Your AI Cost Model Stops at the Token Price. The Bill Doesn't. Your AI cost model stops at the token price, but the bill doesn't. Discover why almost 80% of production AI spend sits in inference and how to optimize your setup.
Restrict AWS Management Console access to expected networks with sign-in resource-based policies and RCPs Amazon Web Services (AWS) recently announced support for resource-based policies and resource control policies (RCPs) for AWS Sign-In. By using resource-based policies and RCPs, you can restrict access to the AWS Management Console sign-in and aws login CLI sessions to requests from your expected networks, your on-premises data center networks, and your Amazon Virtual Private […] ( 112 min )
Madison Square Garden Sports - 9,796,738 breached accounts In June 2026, the sports and entertainment company Madison Square Garden Sports was the target of a ShinyHunters "pay or leak" extortion campaign. The group later published the alleged data, which included almost 10M unique email addresses spanning staff and customers, along with extensive personal, employment and customer relationship information.
AI Finds Vulnerabilities. Security Experts Find Impact. AI got a security consultant 80% of the way through a real web application assessment. The other 20% was where the actual security work happened. This walkthrough shows where AI delivered, where it produced confident but impossible explanations, and why human judgment still drives real findings.
OFAC Sanctions ISIS Operators for Financing Terror Group with Crypto Summary OFAC designated three individuals and six entities across Europe, the Middle East, and West Africa for facilitating financial transactions… The post OFAC Sanctions ISIS Operators for Financing Terror Group with Crypto appeared first on Chainalysis. ( 11 min )
What Changes When You Move Your Logic to the Smarter, More Connected Edge? Discover how moving logic like mass redirects, data transformation, and bot triage to Akamai Functions lowers latency, reduces origin load, and cuts costs.
Prevent data exfiltration: AWS egress controls for cloud workloads When securing an Amazon Web Services (AWS) environment, teams naturally prioritize inbound controls, firewalls, WAFs, and access policies, because that’s where the most visible threats originate. Outbound traffic, on the other hand, tends to get less attention. It’s often left open by default to avoid breaking application dependencies and because the risk feels less immediate. […] ( 116 min )
📖 [The CloudSecList] Issue 343 📖 [The CloudSecList] Issue 343 was originally published by Marco Lancini at CloudSecList on June 21, 2026.
JCPenney - 368,418 breached accounts In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from JCPenney through the exploitation of a critical zero-day vulnerability in Oracle PeopleSoft was later published publicly. The exposed records indicated they primarily related to internal HR systems and impacted current and former employees. The data included 368k corporate and personal email addresses, names, dates of birth, Social Security numbers, phone numbers and home addresses.
WhatsApp Accuses NSO of Fresh Pegasus Targeting Meta’s WhatsApp said it will ask a US court to hold NSO Group in contempt for using WhatsApp to lure targets into downloading the surveillance spyware. The post WhatsApp Accuses NSO of Fresh Pegasus Targeting appeared first on The Citizen Lab.
PEPR '26 - Privacy in Theory, Bugs in Practice: Grey-Box Testing for Differential Privacy Libraries No content preview
PEPR '26 - The Emperor's New Embeddings: Obfuscating ML Inputs Doesn't Provide Privacy No content preview
PEPR '26 - Surfacing Hidden Privacy Risks in Code: Lessons from LLM and Retrieval Assisted Detection No content preview
PEPR '26 - Production Multi-Party Computation via the Distributed Aggregation Protocol No content preview
PEPR '26 - Adopting AI in Local Government with Privacy and Equity in Mind: A Case Study of the... No content preview
PEPR '26 - The Disposable Identity: Eliminating Non-Human Identity Risk in Federal Healthcare... No content preview
Ralph Lauren - 139,903 breached accounts In June 2026, fashion retailer Ralph Lauren was targeted in a ShinyHunters "pay or leak" extortion campaign. The group subsequently published hundreds of gigabytes of data they claimed was obtained from the organisation's Salesforce instance, including 140k unique email addresses along with names, phone numbers, genders and age groups.
Operation Endgame 4.0 - 4,160,519 breached accounts On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation, a prolific malware distribution network used to compromise systems and facilitate further cybercrime. Coordinated by international law enforcement agencies with support from Europol and Eurojust, the operation remediated almost 15,000 compromised websites and disrupted more than 100 servers and domains used to distribute malware. Authorities initially provided HIBP with 154k impacted email addresses and more than half a million previously unseen passwords recovered during the operation. The following week, a further 4M email addresses and 9M passwords relating to the StealC malware operation targeted by Operation Endgame were provided to HIBP, bringing the total to almost 4.2M unique email addresses.
CFGI - 248,235 breached accounts In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign. The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k unique email addresses, names, phone numbers and physical addresses.
Accelerate security investigations with Kiro CLI When a security event occurs in your Amazon Web Services (AWS) environment, rapid response is critical. However security teams often struggle with time-consuming, manual processes that slow down investigations. Analysts must recall complex AWS Command Line Interface (AWS CLI) syntax for multiple services, manually correlate findings across Amazon GuardDuty, AWS CloudTrail, and other security tools, […] ( 116 min )
Spring 2026 SOC 1 and 2 reports are now available in OSCAL format Amazon Web Services (AWS) is excited to release the Spring 2026 System and Organization Controls (SOC) 1 and 2 reports in machine-readable OSCAL format alongside the PDF version of the reports. The reports cover 188 services over the 12-month period from April 1, 2025 to March 31, 2026, giving customers a full year of assurance. […] ( 108 min )
Shynet | VERSION 0.13.1 The following document describes identified vulnerabilities in the Shynet application version 0.13.1.
The Smash-and-Grab Era We walk through three eras of cyber attacks and makes a troubling case that LLMs are removing the one constraint that kept attackers slow and detectable.
Brazil’s Maturing Market Meets Maturing Threats: How Global Crypto Crime Trends Are Landing in Latin America’s Largest Market Brazil is Latin America’s largest crypto market, and one of the world’s most dynamic. Between July 2024 and June 2025,… The post Brazil’s Maturing Market Meets Maturing Threats: How Global Crypto Crime Trends Are Landing in Latin America’s Largest Market appeared first on Chainalysis. ( 16 min )
Mercado brasileiro amadurece e enfrenta ameaças cada vez mais sofisticadas: como as tendências globais do crime com cripto estão chegando ao maior mercado da América Latina O Brasil é o maior mercado de criptomoedas da América Latina e um dos mais dinâmicos do mundo. Entre julho… The post Mercado brasileiro amadurece e enfrenta ameaças cada vez mais sofisticadas: como as tendências globais do crime com cripto estão chegando ao maior mercado da América Latina appeared first on Chainalysis. ( 17 min )
How Freedom Tech Is Pushing Back Against Digital Authoritarianism Senior legal advisor Siena Anstis and senior researcher John Scott-Railton spoke with Forbes about the lagging safeguards that let spyware proliferate. The post How Freedom Tech Is Pushing Back Against Digital Authoritarianism appeared first on The Citizen Lab.
How Akamai Defended an Indian Bank Against Record-Breaking DDoS Attacks Learn how Akamai successfully neutralized one of the largest DDoS attacks ever recorded in the Indian banking sector before a single customer was impacted.
Keep Your Tech FLAME Alive: Trailblazer Katrina Cole Meet Katrina Cole, an Information Security Consultant who entered tech at age 40. Read her advice for women in tech and her proactive approach to security.
Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening Sanctions compliance in crypto isn’t just about knowing who’s on a list today. It’s about understanding the full arc of… The post Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening appeared first on Chainalysis. ( 11 min )
Introducing AWS Continuum: Security at machine speed What we believe We’ve been thinking deeply about enterprise security. The operating model that served us for the past decade (collect telemetry, store it, query it, build dashboards to watch it) is no longer keeping pace. We need to shift to the new world: telemetry, context, reasoning, and actions. An approach that produces outcomes. The […] ( 109 min )
Threat tactic spotlight: Subdomain takeover In this blog post you’ll learn how to detect and prevent subdomain takeover – a tactic where threat actors exploit dangling DNS records to redirect traffic to attacker-controlled resources. We’ll explain the issue, how the situation arises, and how you can use various AWS features and services to help mitigate the impact of this tactic. […] ( 115 min )
A Crash, Not a Shell: SolarWinds Serv-U CVE-2026-28318 A single unauthenticated request can kill SolarWinds Serv-U, and the heap corruption underneath it looked like it could be more. Bishop Fox chased three separate roads to remote code execution and hit a wall on every one. Here is what we found, why it matters, and how to detect exposure safely.
June 2026 Stealer Logs - 56,278,397 breached accounts In June 2026, a collection of accumulated stealer logs from various sources was added to HIBP. The corpus comprised 56M unique email addresses across hundreds of millions of stealer log records. The data also contained 124M unique passwords, which have been added to Pwned Passwords and are now searchable. Individuals can view any records captured against their email address in the stealer logs section of their dashboard. Organisations can see logs affecting their domain via the stealer logs API.
Berkadia - 305,216 breached accounts In March 2026, the commercial real estate finance company Berkadia was the target of a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken from Berkadia's Salesforce instance, including over 300k unique email addresses as well as names, physical addresses and phone numbers, among other data.
Infinite Campus - 137,123 breached accounts In March 2026, the student information system Infinite Campus was targeted in a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken from Infinite Campus, containing 137k unique email addresses along with names, phone numbers, physical addresses and support tickets. Infinite Campus subsequently sent notifications, advising that the exposed data largely consisted of "names and contact information for school staff" and that "the majority is directory information commonly found on school websites".
Spying Via Your Mobile Phone: Companies Can Locate Any Device at Any Time Citizen Lab doctoral fellow Swantje Lange spoke with Tagesspiegel about the Lab’s recent research on telecom surveillance campaigns. The post Spying Via Your Mobile Phone: Companies Can Locate Any Device at Any Time appeared first on The Citizen Lab.
📖 [The CloudSecList] Issue 342 📖 [The CloudSecList] Issue 342 was originally published by Marco Lancini at CloudSecList on June 14, 2026.
Canada Finally Has a National AI Strategy. Experts Hate It. Senior fellow Cynthia Khoo writes that “pillars core to a functioning democracy are [being] reoriented around the false god of AI” in The Walrus. The post Canada Finally Has a National AI Strategy. Experts Hate It. appeared first on The Citizen Lab.
Who Watches the Watchers? Citizen Lab director Ron Deibert spoke to Politiken about the spyware industry, calling it “a symptom that something is fundamentally wrong.” The post Who Watches the Watchers? appeared first on The Citizen Lab.
Luis Fernando García On State Surveillance in Latin America Senior researcher Luis Fernando García participated in a Conversatorio Regional hosted by CELS, ODIA, Democracia en Red, and Vía Libre. The post Luis Fernando García On State Surveillance in Latin America appeared first on The Citizen Lab.