• Open

    The Nansh0u Campaign – Hackers Arsenal Grows Stronger
    In the beginning of April, three attacks detected in the Guardicore Global Sensor Network (GGSN) caught our attention. All three had source IP addresses originating in South-Africa and hosted by VolumeDrive ISP (see IoCs).
    PLEASE_READ_ME: The Opportunistic Ransomware Devastating MySQL Servers
    Guardicore Labs uncovers a Ransomware detection campaign targeting MySQL servers. Attackers use Double Extortion and publish data to pressure victims.
    Threats Making WAVs - Incident Response to a Cryptomining Attack
    Guardicore security researchers describe and uncover a full analysis of a cryptomining attack, which hid a cryptominer inside WAV files. The report includes the full attack vectors, from detection, infection, network propagation and malware analysis and recommendations for optimizing incident response processes in data centers.
    The Oracle of Delphi Will Steal Your Credentials
    Our deception technology is able to reroute attackers into honeypots, where they believe that they found their real target. The attacks brute forced passwords for RDP credentials to connect to the victim download and execute a previously undetected malware, which we named Trojan.sysscan.
    Keep Your Tech Flame Alive: Trailblazer Rachel Bayley
    In this Akamai FLAME Trailblazer blog post, Rachel Bayley encourages women to step into the unknown and to be their authentic selves.

  • Open

    Podcast: The AI Tokenpocalypse Is Here
    How companies are burning through their AI tokens; and the fake AI-generated flowers all over Etsy, eBay, and Amazon.
    Scientists Asked AI to Impersonate 112 Public Figures. What Happened Next Is a ‘Dire’ Warning
    Researchers discovered that people found AI impersonators to be more authentic, coherent, and relevant than the real politicians, raising alarm bells around the potential for public deception.
    Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email Addresses
    ”Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses,” the person who reported the issue said.
  • Open

    OFAC Updates ISIS-Khorasan Sanctions with Over 100 Cryptocurrency Wallets
    Summary OFAC updated its ISIS Khorasan (ISIS-K) designation to include 134 cryptocurrency wallet addresses (131 on TRON and 3 on… The post OFAC Updates ISIS-Khorasan Sanctions with Over 100 Cryptocurrency Wallets appeared first on Chainalysis.  ( 11 min )
    Chainalysis Supports Robinhood Chain with Automatic Token Support
    Chainalysis is excited to announce support for Robinhood Chain, a permissionless layer 2 purpose-built for on-chain financial services and tokenized… The post Chainalysis Supports Robinhood Chain with Automatic Token Support appeared first on Chainalysis.  ( 9 min )
  • Open

    Fake Perplexity Chrome extension spies on your searches
    A fake Perplexity Chrome extension secretly monitored searches. If you installed "Search for perplexity ai," you need to remove it manually.  ( 23 min )
    BioShocking: when “gaming” AI agents is no longer a game
    Researchers warned AI vendors about a proof-of-concept called BioShiocking that tricks agents by gamifying the outcome.  ( 24 min )
    Chrome needs another whopper update to fix 382 security bugs
    Google's released a huge update of 382 security fixes, 15 of which were rated as critical. So, it's time to update again!  ( 23 min )
    ChatGPT produced graphic violent images that shocked researchers
    AI assistants like ChatGPT are supposed to have appropriate guardrails to stop people creating harmful content. However, they don't always work.  ( 23 min )
  • Open

    Secure Amazon container workloads using container attribute-based rules in AWS Network Firewall
    Today, you can use AWS Network Firewall to protect traffic flowing to and from containerized applications on Amazon Elastic Kubernetes Service (Amazon EKS) and Amazon Elastic Container Service (Amazon ECS) clusters. If you run AI and machine learning (ML) workloads on Amazon EKS—such as model inference, RAG pipelines, or JupyterHub—your containerized workloads require the same […]  ( 112 min )
    How to use the AWS Workload Credentials Provider for cross-account secret retrieval and prefetching secrets
    If you manage secrets across multiple AWS accounts or need faster secret access for latency-sensitive applications, this post shows you how to meet those requirements using two new features of the AWS Workload Credentials Provider (provider). You will learn how to configure role chaining for cross-account secret retrieval and prefetching of secrets to reduce cold-start […]  ( 112 min )
  • Open

    Microsoft named a leader in the Frost Radar for cloud and application runtime security
    Frost & Sullivan names Microsoft a leader as cloud and application security converge into unified, runtime risk reduction. The post Microsoft named a leader in the Frost Radar for cloud and application runtime security appeared first on Microsoft Security Blog.  ( 21 min )
  • Open

    The June 2026 Apple Security Update Review
    We’re back with our look at the Apple macOS and iOS security updates. As this is a new feature for us, please let us know your feedback on the blog. For Jun 2026, Apple released 37 unique CVEs across iOS 26.5.2 / iPadOS 26.5.2, macOS Tahoe 26.5.2, Safari 26.5.2. Since Apple doesn’t provide CVSS scores or other severity information, we’re left to speculate on which of these bugs is the most severe. The overwhelming majority (31 of 37) are WebKit/WebRTC bugs reachable through malicious web content. Most of those are crash/DoS bugs rather than code execution, so the real risk lives in the small set of kernel bugs and the handful of WebKit sandbox escapes. However, there are a couple that stand out. -    CVE-2026-43724 (Kernel) – According to Apple, “An app may be able to cause unexpected sys…
  • Open

    Infosec News Nuggets — July 1, 2026
    Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts — A massive, ongoing automated password spray campaign targeting Microsoft’s Azure CLI compromised at least 78 accounts across 64 organizations between June 12 and June 26, making more than 81 million login attempts. The threat actor, operating from IPv6 space controlled by […] The post Infosec News Nuggets — July 1, 2026 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    AI Inference Is Swallowing the Cloud
    No content preview
  • Open

    How I Found an Email Verification Bypass on an AI Freelance Platform
    No content preview
    Hack Smarter — City Council (Active Directory)
    No content preview
    Why Being in the Docker Group Is a Backdoor to Your Whole System
    If you’ve worked with Docker on Linux, you’ve probably encountered this command at least once: Continue reading on InfoSec Write-ups »
    Is the Android Lock Screen an Illusion? A Critical Logical Bypass Discovered in the Gemini App
    No content preview
    ChatGPT: Guardrail Bypass to LFI Vulnerability POC
    No content preview
    Auth Bypass is it?
    Target, domains, API keys, bearer tokens, SSO IDs, and organisation names are redacted. This writeup is for educational purposes and… Continue reading on InfoSec Write-ups »
    LLMborghini: TryHackMe AI Security Challenge
    Exploring Prompt Injection and Jailbreaking Through a Practical AI Security Challenge Continue reading on InfoSec Write-ups »
    Asymmetric Signing, Machine Fingerprinting, and Offline Grace Periods: Building a License System…
    No content preview
    Beyond Canarytokens: Building a DIY Document Tripwire with Passive OS Fingerprinting
    No content preview
    Cryptanalysis: Recovering an Affine Encryption Scheme Using GF(2) Linear Algebra
    No content preview

  • Open

    Watch out for “high paying, low effort” Amazon job texts
    Scammers are using Amazon and the promise of big money to lure people in to their trap.  ( 27 min )
    Update time: Apple releases security patches for iOS, MacOS Tahoe, Safari
    A new Apple update fixes a multitude of browser and browser related vulnerabilities which have been public knowledge for a while  ( 24 min )
  • Open

    Accelerating the quantum-safe timeline
    We’re accelerating quantum-safe readiness—and sharing what organizations can do now to transition earlier and with confidence. The post Accelerating the quantum-safe timeline appeared first on Microsoft Security Blog.  ( 21 min )
    ​​What’s new in Microsoft Security: June 2026
    This month’s updates help security and IT teams strengthen identity and multicloud foundations, protect data wherever it lives, and secure the developer workflows powering AI innovation. The post ​​What’s new in Microsoft Security: June 2026 appeared first on Microsoft Security Blog.  ( 21 min )
    Securing AI agents: When AI tools move from reading to acting
    MCP tool poisoning turns trusted AI agents into a control plane for data loss. Learn how threat actors manipulate tool descriptions to trigger unauthorized actions, and how to detect, contain, and prevent it. The post Securing AI agents: When AI tools move from reading to acting appeared first on Microsoft Security Blog.  ( 23 min )
  • Open

    I Have Thoughts About That Kylie Jenner Meta Glasses Ad
    Meta's new Starfire AI glasses, made in partnership with Kylie Jenner, are giving me the creeps.
    County With 37 Data Centers Asks Schools to ‘Conserve Electricity’
    Henrico County is a major hub for data centers in Virginia. Its officials said it expects a 25% rise in electricity costs next year, and advised workers to close the blinds and turn off their computers to make up for it.
    Scammers Sell Seeds for Exotic AI-Generated Flowers That Don’t Exist
    Ebay, Amazon, and Etsy are unable to stop the flood of AI-generated seed scams.
    Companies Are Making Claude and Codex Talk Like Cavemen to Stop AI’s Soaring Costs
    A senior OpenAI employee has contributed code to the project, simply called 'caveman.'
    How I Bought a Private Jet By Selling $10 Subscriptions to 404 Media
    My journey inside the world of LARPing, where hustlebros pretend to be rich for TikTok.
  • Open

    Infosec News Nuggets — June 30, 2026
    Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts Microsoft has dismantled a long-running malicious extension operation it calls StegoAd, tied to a single threat actor active since at least 2021, after 119 Edge add-ons with up to 2.6 million combined installs were found hiding payloads inside PNG icons, WebP images, and […] The post Infosec News Nuggets — June 30, 2026 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 11 min )
  • Open

    Moving Forward Responsibly: Our 2025 Impact Report
    No content preview

  • Open

    Tidal Says It Won’t Pay Royalties for AI-Generated Music
    Spotify competitor Tidal built a reputation by collaborating with musicians and focusing on audio quality. How will it handle the era of AI-generated slop?
    Inside Cannes, the Advertising Industry’s Biggest Party
    Reporting from Microsoft Gardens, next to Salesforce Beach, Amazon Port, and the Canva Creative Cabana.
  • Open

    What the June 2026 Threat Technique Catalog update means for your AWS environment
    The AWS Customer Incident Response Team (AWS CIRT) encounters patterns that repeat across engagements when helping customers respond to security incidents. We’re passionate about making sure that information is accessible so that everyone can improve their security posture and their organization’s resilience to disruption. The primary method we use to share this information is the […]  ( 111 min )
  • Open

    Chromium extension uses AI‑related branding to redirect browser search
    A malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI redirects browser search traffic using MV3 APIs and intermediary infrastructure. The post Chromium extension uses AI‑related branding to redirect browser search appeared first on Microsoft Security Blog.  ( 25 min )
  • Open

    An Ontology for Accountability: Defining What Data Quality Means in Blockchain Analytics
    We built this to be questioned Before I came to blockchain analytics, I spent years in academia studying the formal… The post An Ontology for Accountability: Defining What Data Quality Means in Blockchain Analytics appeared first on Chainalysis.  ( 13 min )
    10 Questions to Ask Your Blockchain Analytics Provider about Data Quality
    Blockchain analytics tools provide critical intelligence to compliance teams, regulators, and investigators. These professionals use that intelligence to uncover illicit… The post 10 Questions to Ask Your Blockchain Analytics Provider about Data Quality appeared first on Chainalysis.  ( 12 min )
  • Open

    This pay gap is programmed (Lock and Code S07E13)
    This week on the Lock and Code podcast, we speak with Veena Dubal about algorithmic wage discrimination and its appetite for all worker data.  ( 22 min )
    119 Edge extensions promised useful tools, instead downloaded malware
    Microsoft has removed over 100 Edge extensions that were delivering malware hidden in images.  ( 24 min )
    A week in security (June 22 – June 28)
    A list of topics we covered in the week of June 22 to June 28 of 2026  ( 23 min )

  • Open

    Sysco - 2,691,852 breached accounts
    In June 2026, the food distribution company Sysco was targeted by a ShinyHunters "pay or leak" extortion campaign. Data was subsequently published containing 2.7M unique email addresses belonging to staff and customers. The data also contained largely corporate contact information including names, phone numbers, physical addresses, internal job titles, and customer feedback.  ( 2 min )

  • Open

    📖 [The CloudSecList] Issue 344
    📖 [The CloudSecList] Issue 344 was originally published by Marco Lancini at CloudSecList on June 28, 2026.
  • Open

    Scientists Think They’ve Uncovered the 15-Million-Year-Old Origin of Laughter
    Recordings of laughter from humans and other great apes suggest that the distinctive rhythm of "ha ha ha" emerged in a common ancestor that lived at least 15 million years ago.

  • Open

    Behind the Blog: Salesforce Beach
    This week, we discuss talking aloud to computers, Cannes, and “Engineering Creativity: Guac Is Extra."
  • Open

    Inside a Sandwich Attack: Lessons From the $7.5 Million Heist Against JaredfromSubway.eth
    Summary JaredfromSubway.eth, the most prolific sandwich-attack bot on Ethereum, was drained of at least $7.5 million in a reverse honeypot… The post Inside a Sandwich Attack: Lessons From the $7.5 Million Heist Against JaredfromSubway.eth appeared first on Chainalysis.  ( 13 min )
  • Open

    Infosec News Nuggets — June 26, 2026
    Amadey, StealC malware operations disrupted in Operation Endgame action A coordinated law enforcement operation involving Europol, Microsoft, ESET, Bitdefender, and partners has dismantled the criminal infrastructure behind the Amadey and StealC malware families — two cornerstone tools in the ransomware-as-a-service pipeline. The June 15–19 action, the latest phase of Operation Endgame, took down 326 servers […] The post Infosec News Nuggets — June 26, 2026 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    Malware steals Chrome session cookies to take over your accounts
    A phishing campaign installs a malicious Chrome extension to hijack browser sessions and compromise Windows devices.  ( 22 min )
  • Open

    The Cloud Giants Are Architecting an Agentic Future They Can’t Run
    No content preview
  • Open

    American Tower - 216,601 breached accounts
    In June 2026, telecommunications tower infrastructure company American Tower was the target of a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data allegedly taken from the company containing more than 200k unique email addresses belonging to employees, contractors, customers, and leads. Exposed data also included names, addresses, and phone numbers.  ( 2 min )

  • Open

    Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access
    Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in Europe and Asia. The campaign uses photo-themed ZIP archives and fake image shortcut files to deliver a persistent Node.js implant and evade detection. The post Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access appeared first on Microsoft Security Blog.  ( 40 min )
    Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms
    Microsoft named a Leader in the Forrester Wave™: Endpoint Management Platforms, Q2 2026, with the highest scores in the current offering and strategy categories. The post Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms appeared first on Microsoft Security Blog.  ( 21 min )
  • Open

    Beware of “Parcel Expert” job offers: They’re parcel mule scams
    Most parcel mule scams start with fake job offers that trick victims into handling stolen goods.  ( 25 min )
    Update Chrome to patch critical browser security flaws
    Chrome has patched 18 vulnerabilities, including four critical flaws. Two WebGL bugs could allow attackers to escape the browser's security sandbox.  ( 22 min )
    Fake domain renewal emails trick website owners into paying scammers
    We uncovered fake domain renewal notices and convincing websites to pressure website owners into paying scammers.  ( 25 min )
    Elite network says it was hacked after members’ personal data was left exposed
    Personal data belonging to politicians, military leaders, and executives was left publicly accessible in what looks like a security misconfiguration.  ( 23 min )
  • Open

    Emile Dirks Elected to PEN Canada’s Board of Directors
    Senior research associate Emile Dirks has been elected to serve as a member of PEN Canada's board of directors.  The post Emile Dirks Elected to PEN Canada’s Board of Directors appeared first on The Citizen Lab.
  • Open

    The New MCP Specification: What Security Teams Must Prepare For
    No content preview
    Your AI Cost Model Stops at the Token Price. The Bill Doesn't.
    Your AI cost model stops at the token price, but the bill doesn't. Discover why almost 80% of production AI spend sits in inference and how to optimize your setup.
    Linode Interfaces and Default Firewall Now Generally Available
    No content preview
  • Open

    Bodycam Shows Moment Cops Arrested a Man for Speaking Too Long at Data Center Meeting
    We spoke to Darren Blanchard, the man arrested while speaking out against data centers at a community meeting. He's sharing the bodycam footage of his arrest for the first time with 404 Media.
  • Open

    Infosec News Nuggets — June 25, 2026
    ‘Cordyceps’: Malicious Pull Requests Threaten CI/CD Workflows Security researchers at Novee have disclosed a widespread CI/CD vulnerability class dubbed “Cordyceps,” named for the parasitic fungus known for hijacking its hosts. The weakness exploits overly permissive automated workflows triggered by pull requests, allowing any unauthenticated user — with nothing more than a free GitHub account — […] The post Infosec News Nuggets — June 25, 2026 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )

  • Open

    Restrict AWS Management Console access to expected networks with sign-in resource-based policies and RCPs
    Amazon Web Services (AWS) recently announced support for resource-based policies and resource control policies (RCPs) for AWS Sign-In. By using resource-based policies and RCPs, you can restrict access to the AWS Management Console sign-in and aws login CLI sessions to requests from your expected networks, your on-premises data center networks, and your Amazon Virtual Private […]  ( 112 min )
  • Open

    CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms
    Learn how CNAPP platforms are helping organizations prioritize exploitable risks, reduce exposure, and operationalize security across the application lifecycle. The post CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms appeared first on Microsoft Security Blog.  ( 20 min )
    StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them
    On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that formed the backbone of the StealC and Amadey infrastructure. This blog is a technical breakdown of StealC and Amadey. The post StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them appeared first on Microsoft Security Blog.  ( 32 min )
  • Open

    PixelSmash flaw turns video files into attack tools
    Researchers have found a critical FFmpeg flaw that could let attackers use a malicious video file to compromise vulnerable systems.  ( 23 min )
    Watch out for renewal scams pretending to be Malwarebytes
    Scammers are sending fake software renewal notices that claim you've been charged for a subscription. Some even impersonate Malwarebytes.  ( 23 min )
    “Total access to all your devices.” Sextortion scammers strike again
    They say they have videos, malware, and total control of your devices. Here's how to read a sextortion email like a security researcher instead of a victim.  ( 27 min )
  • Open

    Vast ‘Structures’ In Space Reveal the Universe Isn't What We Thought
    Physicists have discovered that the dark matter structures that scaffold the universe—known as the “cosmic web”—are far larger and more persistent than expected, challenging a core assumption about the universe.
    The Trump Administration’s New Census Data Rules Are a Policy Disaster
    The new policy, which forbids "noise infusion" as a technique for anonymizing data, will "handcuff" the Census Bureau and limit what information becomes public, data experts say.
  • Open

    Agentic Disconnect: The Latency Crisis Facing Modern AI Architecture
    No content preview
  • Open

    Madison Square Garden Sports - 9,796,738 breached accounts
    In June 2026, the sports and entertainment company Madison Square Garden Sports was the target of a ShinyHunters "pay or leak" extortion campaign. The group later published the alleged data, which included almost 10M unique email addresses spanning staff and customers, along with extensive personal, employment and customer relationship information.  ( 2 min )
  • Open

    AI Finds Vulnerabilities. Security Experts Find Impact.
    AI got a security consultant 80% of the way through a real web application assessment. The other 20% was where the actual security work happened. This walkthrough shows where AI delivered, where it produced confident but impossible explanations, and why human judgment still drives real findings.  ( 13 min )
  • Open

    Infosec News Nuggets — June 24, 2026
    Scattered Spider Hackers Plead Guilty on Day 1 of Trial Two young British members of the notorious Scattered Spider cybercrime group — Thalha Jubair, 20, and Owen Flowers, 18 — pleaded guilty on the opening day of what was expected to be a six-week UK trial, admitting to conspiring to hack Transport for London in […] The post Infosec News Nuggets — June 24, 2026 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )

  • Open

    Inside the dark web: Stolen identities for 95¢, malware, and scams-for-hire
    We spent 48 hours exploring the dark web and found stolen identities, malware, scams, and a thriving cybercrime economy.  ( 28 min )
    Meta pauses controversial employee-tracking program after security review
    Meta has paused its controversial employee-tracking program. Unfortunately, employee privacy wasn't what stopped it.  ( 22 min )
    Hackers steal passport and driver’s license data of 3 million Texans
    A breach at a Texas Parks and Wildlife Department vendor exposed personal information belonging to more than three million Texans.  ( 23 min )
  • Open

    AI Reconnaissance: The Missing Layer in Chatbot Security
    No content preview
  • Open

    Infosec News Nuggets — June 23, 2026
    Five Eyes intelligence alliance warns of threats from new AI models — The intelligence-sharing alliance comprising the US, UK, Canada, Australia, and New Zealand issued an urgent call to action today, warning that frontier AI models are “fundamentally transforming” offensive cyber capabilities and that the threat timeline is “not years, it is months.” The three-page […] The post Infosec News Nuggets — June 23, 2026 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    OFAC Sanctions ISIS Operators for Financing Terror Group with Crypto
    Summary OFAC designated three individuals and six entities across Europe, the Middle East, and West Africa for facilitating financial transactions… The post OFAC Sanctions ISIS Operators for Financing Terror Group with Crypto appeared first on Chainalysis.  ( 11 min )

  • Open

    Guarding AI memory
    What happens when threat actors target what AI remembers? Microsoft breaks down the risks and the defenses. The post Guarding AI memory appeared first on Microsoft Security Blog.  ( 22 min )
  • Open

    Why Resilient Systems Design Is Critical for Cloud Reliability
    No content preview
    What Changes When You Move Your Logic to the Smarter, More Connected Edge?
    Discover how moving logic like mass redirects, data transformation, and bot triage to Akamai Functions lowers latency, reduces origin load, and cuts costs.
  • Open

    Prevent data exfiltration: AWS egress controls for cloud workloads
    When securing an Amazon Web Services (AWS) environment, teams naturally prioritize inbound controls, firewalls, WAFs, and access policies, because that’s where the most visible threats originate. Outbound traffic, on the other hand, tends to get less attention. It’s often left open by default to avoid breaking application dependencies and because the risk feels less immediate. […]  ( 116 min )
  • Open

    InfoSec News Nuggets – 06/22/2026
    Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices Canada’s Security Intelligence Service obtained a first-of-its-kind judicial warrant that permitted it to reach into infected servers, home routers, and IoT devices on Canadian soil — including Ring doorbells, security cameras, and smart TVs — and neutralize two foreign-run botnets without the owners’ knowledge or […] The post InfoSec News Nuggets – 06/22/2026 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )

  • Open

    📖 [The CloudSecList] Issue 343
    📖 [The CloudSecList] Issue 343 was originally published by Marco Lancini at CloudSecList on June 21, 2026.
  • Open

    JCPenney - 368,418 breached accounts
    In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from JCPenney through the exploitation of a critical zero-day vulnerability in Oracle PeopleSoft was later published publicly. The exposed records indicated they primarily related to internal HR systems and impacted current and former employees. The data included 368k corporate and personal email addresses, names, dates of birth, Social Security numbers, phone numbers and home addresses.  ( 2 min )

  • Open

    WhatsApp Accuses NSO of Fresh Pegasus Targeting
    Meta’s WhatsApp said it will ask a US court to hold NSO Group in contempt for using WhatsApp to lure targets into downloading the surveillance spyware. The post WhatsApp Accuses NSO of Fresh Pegasus Targeting appeared first on The Citizen Lab.
  • Open

    InfoSec News Nuggets – 06/19/2026
    F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution F5 released out-of-band security updates for two critical NGINX vulnerabilities — CVE-2026-42530 (CVSS 9.2), a use-after-free flaw in the HTTP/3 QUIC module, and CVE-2026-42055 (CVSS 9.2), a heap-based buffer overflow in the HTTP/2 proxy and gRPC modules — both exploitable by unauthenticated remote […] The post InfoSec News Nuggets – 06/19/2026 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 11 min )

  • Open

    Ralph Lauren - 139,903 breached accounts
    In June 2026, fashion retailer Ralph Lauren was targeted in a ShinyHunters "pay or leak" extortion campaign. The group subsequently published hundreds of gigabytes of data they claimed was obtained from the organisation's Salesforce instance, including 140k unique email addresses along with names, phone numbers, genders and age groups.  ( 2 min )
    Operation Endgame 4.0 - 4,160,519 breached accounts
    On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation, a prolific malware distribution network used to compromise systems and facilitate further cybercrime. Coordinated by international law enforcement agencies with support from Europol and Eurojust, the operation remediated almost 15,000 compromised websites and disrupted more than 100 servers and domains used to distribute malware. Authorities initially provided HIBP with 154k impacted email addresses and more than half a million previously unseen passwords recovered during the operation. The following week, a further 4M email addresses and 9M passwords relating to the StealC malware operation targeted by Operation Endgame were provided to HIBP, bringing the total to almost 4.2M unique email addresses.  ( 2 min )
    CFGI - 248,235 breached accounts
    In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign. The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k unique email addresses, names, phone numbers and physical addresses.  ( 2 min )
  • Open

    Accelerate security investigations with Kiro CLI
    When a security event occurs in your Amazon Web Services (AWS) environment, rapid response is critical. However security teams often struggle with time-consuming, manual processes that slow down investigations. Analysts must recall complex AWS Command Line Interface (AWS CLI) syntax for multiple services, manually correlate findings across Amazon GuardDuty, AWS CloudTrail, and other security tools, […]  ( 116 min )
    Spring 2026 SOC 1 and 2 reports are now available in OSCAL format
    Amazon Web Services (AWS) is excited to release the Spring 2026 System and Organization Controls (SOC) 1 and 2 reports in machine-readable OSCAL format alongside the PDF version of the reports. The reports cover 188 services over the 12-month period from April 1, 2025 to March 31, 2026, giving customers a full year of assurance. […]  ( 108 min )
  • Open

    Stop Treating Your LLMs Like Web Servers
    No content preview
    DNS Is Your Most Critical — and Most Misconfigured — Security Control
    No content preview
  • Open

    Shynet | VERSION 0.13.1
    The following document describes identified vulnerabilities in the Shynet application version 0.13.1.  ( 13 min )
    The Smash-and-Grab Era
    We walk through three eras of cyber attacks and makes a troubling case that LLMs are removing the one constraint that kept attackers slow and detectable.  ( 9 min )
  • Open

    InfoSec News Nuggets – 06/18/2026
    Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development Microsoft formally acknowledged RoguePlanet, a Defender zero-day now tracked as CVE-2026-50656 with a CVSS score of 7.8, confirming it is working on a fix for the privilege escalation flaw in the Microsoft Malware Protection Engine nearly a week after a researcher going by Chaotic Eclipse […] The post InfoSec News Nuggets – 06/18/2026 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )
  • Open

    Brazil’s Maturing Market Meets Maturing Threats: How Global Crypto Crime Trends Are Landing in Latin America’s Largest Market
    Brazil is Latin America’s largest crypto market, and one of the world’s most dynamic. Between July 2024 and June 2025,… The post Brazil’s Maturing Market Meets Maturing Threats: How Global Crypto Crime Trends Are Landing in Latin America’s Largest Market appeared first on Chainalysis.  ( 16 min )
    Mercado brasileiro amadurece e enfrenta ameaças cada vez mais sofisticadas: como as tendências globais do crime com cripto estão chegando ao maior mercado da América Latina
    O Brasil é o maior mercado de criptomoedas da América Latina e um dos mais dinâmicos do mundo. Entre julho… The post Mercado brasileiro amadurece e enfrenta ameaças cada vez mais sofisticadas: como as tendências globais do crime com cripto estão chegando ao maior mercado da América Latina appeared first on Chainalysis.  ( 17 min )

  • Open

    Black Box Probing: a Security Analysis of Xiaomi's MJA1 Secure Chip
    Xiaomi's MJA1 is a proprietary secure chip used in their recent cameras to protect sensitive data and device communications. With no public documentation available, we conducted a black-box security analysis covering hardware identification, I2C sniffing, flash dumping, and firmware reverse engineering. This post walks through how we mapped the chip's command protocol, brute-forced undocumented commands, and assessed its security properties.
  • Open

    How Freedom Tech Is Pushing Back Against Digital Authoritarianism
    Senior legal advisor Siena Anstis and senior researcher John Scott-Railton spoke with Forbes about the lagging safeguards that let spyware proliferate.  The post How Freedom Tech Is Pushing Back Against Digital Authoritarianism appeared first on The Citizen Lab.
  • Open

    How Akamai Defended an Indian Bank Against Record-Breaking DDoS Attacks
    Learn how Akamai successfully neutralized one of the largest DDoS attacks ever recorded in the Indian banking sector before a single customer was impacted.
    Microsegmentation: Your Digital First Responder to LLM Threats
    No content preview
    Keep Your Tech FLAME Alive: Trailblazer Katrina Cole
    Meet Katrina Cole, an Information Security Consultant who entered tech at age 40. Read her advice for women in tech and her proactive approach to security.
  • Open

    Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening
    Sanctions compliance in crypto isn’t just about knowing who’s on a list today. It’s about understanding the full arc of… The post Seeing the Full Picture: Why Pre- and Post-Designation Exposure Changes Everything in Sanctions Screening appeared first on Chainalysis.  ( 11 min )
    Approval Phishing: From Just One Case to Full-Scale Disruption
    Chain of Thought is our new expert-hosted webinar series, taking you behind the scenes of real investigations, emerging typologies and… The post Approval Phishing: From Just One Case to Full-Scale Disruption appeared first on Chainalysis.  ( 13 min )
  • Open

    Introducing AWS Continuum: Security at machine speed
    What we believe We’ve been thinking deeply about enterprise security. The operating model that served us for the past decade (collect telemetry, store it, query it, build dashboards to watch it) is no longer keeping pace. We need to shift to the new world: telemetry, context, reasoning, and actions. An approach that produces outcomes. The […]  ( 109 min )
  • Open

    InfoSec News Nuggets – 06/17/2026
    144 Mastra npm Packages Compromised via Hijacked Contributor Account  A software supply chain attack codenamed easy-day-js compromised 144 npm packages associated with the Mastra namespace, a popular open-source framework for building AI applications, after attackers mass-published more than 140 malicious packages within an 88-minute automated window using a single hijacked npm account. The malicious code was introduced through a third-party dependency named […] The post InfoSec News Nuggets – 06/17/2026 appeared first on AboutDFIR - The Definitive Compendium Project.  ( 10 min )

  • Open

    Threat tactic spotlight: Subdomain takeover
    In this blog post you’ll learn how to detect and prevent subdomain takeover – a tactic where threat actors exploit dangling DNS records to redirect traffic to attacker-controlled resources. We’ll explain the issue, how the situation arises, and how you can use various AWS features and services to help mitigate the impact of this tactic. […]  ( 115 min )
  • Open

    A Crash, Not a Shell: SolarWinds Serv-U CVE-2026-28318
    A single unauthenticated request can kill SolarWinds Serv-U, and the heap corruption underneath it looked like it could be more. Bishop Fox chased three separate roads to remote code execution and hit a wall on every one. Here is what we found, why it matters, and how to detect exposure safely.  ( 9 min )

  • Open

    June 2026 Stealer Logs - 56,278,397 breached accounts
    In June 2026, a collection of accumulated stealer logs from various sources was added to HIBP. The corpus comprised 56M unique email addresses across hundreds of millions of stealer log records. The data also contained 124M unique passwords, which have been added to Pwned Passwords and are now searchable. Individuals can view any records captured against their email address in the stealer logs section of their dashboard. Organisations can see logs affecting their domain via the stealer logs API.  ( 2 min )
    Berkadia - 305,216 breached accounts
    In March 2026, the commercial real estate finance company Berkadia was the target of a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken from Berkadia's Salesforce instance, including over 300k unique email addresses as well as names, physical addresses and phone numbers, among other data.  ( 2 min )
    Infinite Campus - 137,123 breached accounts
    In March 2026, the student information system Infinite Campus was targeted in a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken from Infinite Campus, containing 137k unique email addresses along with names, phone numbers, physical addresses and support tickets. Infinite Campus subsequently sent notifications, advising that the exposed data largely consisted of "names and contact information for school staff" and that "the majority is directory information commonly found on school websites".  ( 2 min )
  • Open

    Spying Via Your Mobile Phone: Companies Can Locate Any Device at Any Time
    Citizen Lab doctoral fellow Swantje Lange spoke with Tagesspiegel about the Lab’s recent research on telecom surveillance campaigns. The post Spying Via Your Mobile Phone: Companies Can Locate Any Device at Any Time appeared first on The Citizen Lab.

  • Open

    📖 [The CloudSecList] Issue 342
    📖 [The CloudSecList] Issue 342 was originally published by Marco Lancini at CloudSecList on June 14, 2026.

  • Open

    Canada Finally Has a National AI Strategy. Experts Hate It.
    Senior fellow Cynthia Khoo writes that “pillars core to a functioning democracy are [being] reoriented around the false god of AI” in The Walrus.  The post Canada Finally Has a National AI Strategy. Experts Hate It. appeared first on The Citizen Lab.
    Who Watches the Watchers?
    Citizen Lab director Ron Deibert spoke to Politiken about the spyware industry, calling it “a symptom that something is fundamentally wrong.”  The post Who Watches the Watchers? appeared first on The Citizen Lab.
    Luis Fernando García On State Surveillance in Latin America
    Senior researcher Luis Fernando García participated in a Conversatorio Regional hosted by CELS, ODIA, Democracia en Red, and Vía Libre. The post Luis Fernando García On State Surveillance in Latin America appeared first on The Citizen Lab.

  • Open

    Enabling Proper PCI Testing with Internal Penetration Tests
    PCI DSS v4.0.1 made internal penetration testing more complex, bringing cloud infrastructure, SaaS apps, and build pipelines explicitly into scope. Derek Rush breaks down how to scope a compliant IPT, what to test, and what a QSA-ready deliverable actually looks like in practice.  ( 10 min )

  • Open

    University of Nottingham - 454,635 breached accounts
    In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolments and fee payments. In a post about the incident, the university advised that the breach affected both "current students, and alumni".  ( 2 min )
  • Open

    Ron Deibert Speaks About “Greek Watergate”
    Citizen Lab director Ron Deibert gave a keynote speech about the Greek spyware scandal at an event hosted by Eteron think tank in Athens in May. The post Ron Deibert Speaks About “Greek Watergate” appeared first on The Citizen Lab.
  • Open

    AI Security at Machine Speed: A Roadmap for Modern AppSec
    With AI API calls set to grow 1,000x by 2027, you need a roadmap to secure your enterprise against agentic threats.

  • Open

    Submission to the Standing Senate Committee on National Security, Defence and Veterans Affairs of Bill C-8
    On May 25, senior research associate Kate Robertson appeared before SECD to testify on Bill C-8. The post Submission to the Standing Senate Committee on National Security, Defence and Veterans Affairs of Bill C-8 appeared first on The Citizen Lab.
  • Open

    The June 2026 Security Update Review
    I’ve made it through Pwn2Own Berlin, had a little vacation, and now I’m back for Patch Tuesday. Microsoft and Adobe didn’t disappoint. In fact, they have heralded my return with the largest Patch Tuesday release ever. Thanks? Take a break from your regularly scheduled activities and let’s take a look at the latest security patches from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for June 2026 For May, June released 11 bulletins addressing 123 unique CVEs in Adobe Acrobat Reader, ColdFusion, Experience Manager, Experience Manager Forms, InDesign, InCopy, Substance 3D Sampler, Content Credentials SDK, Dreamweaver, Format Plugins, and Adobe Campaign Classic. A total of 11 of these CVEs were reported thro…
  • Open

    Mythos Doesn't Deploy Itself
    AI is raising the ceiling for skilled researchers and flooding bug bounty programs with polished but inaccurate submissions at the same time. Both things are true, and the reconciling variable is the harness built around the model and the expertise of the person driving it.  ( 9 min )

  • Open

    Extending LLVM's BOLT-based Binary Analyser to Validate Stack Variable Initialisation
    The Open Source Technology Improvement Fund (OSTIF) commissioned Quarkslab to extend the BOLT-based static binary analyser in LLVM to support additional compiler flags for security hardening. This work resulted in the first iteration of a scanner for validating the implementation of -ftrivial-auto-var-init.
  • Open

    ICYMI: May 2026 @AWS Security
    Read all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Security Blog posts This month’s AWS Security Blog posts covered AI security, network protection, identity management, compliance frameworks, and supply chain security. Read […]  ( 112 min )
    Operationalizing AWS security: A maturity roadmap
    Enabling security tooling is the starting point. Making it operational—where findings drive decisions, response times are measurable, and your security posture improves week over week—is where most organizations struggle. This blog post provides a phased maturity roadmap for organizations that have already enabled AWS Security Hub and Amazon GuardDuty. These two services form the foundation […]  ( 118 min )
  • Open

    Your Origin Server Might Be Your Most Expensive Decision
    No content preview

  • Open

    Baker Distributing - 102,935 breached accounts
    In May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site. In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Salesforce infrastructure including 103k unique email addresses along with names, physical addresses, phone numbers and tickets relating to the company's HVAC contractor customer base. The exposed data was largely corporate contact and support information with limited sensitivity.  ( 2 min )

  • Open

    📖 [The CloudSecList] Issue 341
    📖 [The CloudSecList] Issue 341 was originally published by Marco Lancini at CloudSecList on June 07, 2026.

  • Open

    Building secure B2C applications with fine-grained access control using Amazon Cognito and Amazon Verified Permissions
    Modern web applications require robust security controls to protect user data and application resources. Authentication and authorization are two fundamental pillars of application security that answer critical questions: Who are you? and What are you allowed to do? Implementing these controls correctly can be challenging for developers, especially when building data-intensive applications with frameworks like […]  ( 114 min )
  • Open

    Popping Root on UniFi OS Server: Unauthenticated RCE Chain Detection & Analysis
    A three-part vulnerability chain in UniFi OS Server lets an unauthenticated attacker bypass the auth gateway, hit a command injection sink, and escalate to root in a single request. Bishop Fox confirmed the chain end to end and breaks down the attack, the impact, and how to detect it safely.  ( 19 min )
  • Open

    BCD Travel - 396,313 breached accounts
    In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses. Other exposed data included names, addresses, phone numbers, job titles and employer names, spanning a variety of different data sets including leads, internal staff and support tickets.  ( 2 min )

  • Open

    From prompt to pwned: chaining LLM and web bugs to Admin
    During a Red Team exercise we were able to chain multiple LLM and web-based vulnerabilities to achieve admin account takeover from a low-privileged account. Trusting the LLM turned out to be the first falling domino of a long chain of events that lead to complete compromise. In this article we describe how it went down.
  • Open

    Amazon Cognito unlocks advanced capabilities with next-generation infrastructure
    Amazon Cognito recently introduced high-throughput performance for demanding workloads, customer-managed keys for full control over data encryption at rest, and multi- Region replication for business continuity improvement. These capabilities were made possible through a next-generation storage infrastructure designed for extensibility and scale. To deliver this, we migrated hundreds of millions of user profiles, and you […]  ( 110 min )
    Gain visibility into DDoS attacks with flow logs in AWS Shield Advanced
    Reconstructing distributed denial of service (DDoS) attack traffic used to mean combining data from multiple sources after the fact. AWS Shield Advanced attack flow logs change that—they capture traffic metadata during attacks so you can pinpoint sources, verify mitigations, and feed your existing analysis pipelines. Shield publishes logs to Amazon Simple Storage Service (Amazon S3), […]  ( 111 min )
    Customize federated sign-in with new Amazon Cognito Lambda trigger
    You can use Amazon Cognito user pools to add sign-up and sign-in functionality to your web and mobile applications. You can authenticate users directly with Amazon Cognito managed accounts using passwords, passwordless flows, or custom authentication flows, or let users federate in through external identity providers (IdP) using SAML, OpenID Connect, or social providers such […]  ( 119 min )
  • Open

    Putting CLIMATE into Practice: Building an Inventory Management Plan
    No content preview

  • Open

    DentaQuest - 2,553,599 breached accounts
    In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addresses along with names, addresses and phone numbers. Much of the data appeared in healthcare enrollment files (ASC X12 transaction sets) with some containing Medicaid IDs, while additional data appeared in member records and related files. DentaQuest acknowledged "a cybersecurity incident involving unauthorized access to a limited portion of our network", and advised they had contained the attack and mitigated the threat.  ( 2 min )
  • Open

    "Practical Android Software Protection in the Wild" - An Appetizer
    This article describes the main software protection techniques used in Android applications, organized around a taxonomy covering environment checks, obfuscation, and program loading abuse. It presents the results of a large-scale analysis of nearly 2.5 million Android apps, studying how widely these protections are adopted across different markets, app categories, and malware samples.
  • Open

    Otto Support - Testing MCP Servers
    MCP servers introduce a new attack surface, but the security fundamentals are familiar. In this final otto-support post, we use nmap, a Nuclei template, and MCP Inspector to discover, enumerate, and exploit an authorization gap without ever touching an LLM.  ( 8 min )
  • Open

    Optimize AI Inference: Real-Time NodeBalancers Metrics for AI Workloads
    No content preview

  • Open

    Identify unused AWS KMS keys and prevent accidental key deletions
    As you scale your use of Amazon Web Services (AWS), managing KMS keys becomes increasingly important. Whether you manage a handful of keys or thousands across multiple AWS accounts and AWS Regions, there’s often a need to audit key usage to help you meet compliance requirements, evaluate your risk posture, and optimize key management costs. […]  ( 112 min )
    Secure multi-tenant AI agents with Amazon Bedrock AgentCore resource-based policies
    Software as a service (SaaS) providers building AI-powered applications on Amazon Bedrock AgentCore often need to serve multiple tenants with distinct security requirements from a shared infrastructure. Some tenants require cross-account access from their own Amazon Web Services (AWS) accounts, while others mandate that traffic stay within a private virtual private cloud (VPC) for regulatory […]  ( 114 min )
  • Open

    Highlights from the Akamai India Partner Summit 2026
    No content preview
2026-07-02T03:38:06.901Z osmosfeed 1.15.1