AI
4 Critical Threats Where Attackers Have the Advantage
Deepfakes, software supply chain risks, prompt injections, and AI application compromises
Everybody Is Vibe Coding But Nobody Told the Security Team
Companies should not ban vibe-coding, but run them through application security reviews, and monitor traffic to online vobe-coding services to detect their use.
New Apple feature automatically changes your compromised passwords
Apple says the built-in password app and Safari now use AI to "agentically" take action based on your behavior and secure your passwords automatically.
Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver
Most deployments simply turn on AI features in several disconnected products, so the operators have to learn multiple interfaces and the products repeat one another's work. To provide value, AI must be deployed across the SOC lifecycle: threat intelligence, threat hunting, detection, investigation, and remediation. It also needs to know the dynamic environment it's operating in continuously draw on it. And there must be effective SOC governance.
OpenAI rolls out a Lockdown Mode for extra protection against prompt injection attacks
It's very limiting: downloads are blocked, and Deep Research and Agent Mode are disabled completely. Lockdown Mode won't stop prompt injections from appearing in content ChatGPT processes. Instead, it's designed to prevent an attacker from extracting sensitive data from your account by limiting network requests that someone could exploit.
Gemini Voice Assistant Hijacked via Messaging Notifications
The Fake Context Alignment attack works by exploiting notifications from popular apps such as WhatsApp, Slack, and SMS, which silently inject malicious instructions into Gemini’s conversation context without the user’s knowledge.
ZEC Crashes 38% as Zcash Discloses ‘Critical Counterfeiting Vulnerability’
An Orchard vulnerability that allowed undetectable counterfeiting of ZEC in its shielded pool has reignited debate over privacy coins. "Due to the privacy properties of Orchard and the nature of the bug, there is no definitive way to determine, using only cryptography, whether such exploitation occurred."
Unlike Bitcoin or Ethereum, where on-chain exploitation is immediately visible, privacy coins like Zcash create conditions where a successful attack may never be detected. A network upgrade has been proposed to mitigate this risk, but not yet deployed.
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
Apps using the SDK may offer you "ad-free" streaming in exchange for turning your TV into an exit node, which routes strangers' web traffic through your home IP address. It's described as a consent-sourced pool of 150 million-plus IPs. The settings the SDK loads allow up to 200 GB of traffic a month.
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The agent scanned the project's roughly 1.5 million lines of C and produced 21 confirmed zero-days, each with a reproducible proof-of-concept input.
The company puts the cost of the run at around $1,000. Several of the bugs had been latent for 15 to 20 years; one stack overflow in the service-description-table code dates to 2003 and sat untouched for 23 years.
Politics
Tests suggest Russian satellites can jam GPS on a continental scale
Russian satellites have been identified as the cause of mysterious, seconds-long bursts of GPS interference across Europe—a rare example of human-made GPS interference coming from space. But uncertainty still hangs over whether such interference is intentional and if it could be more powerfully weaponized as GPS jamming with continental reach in the future.
WhatsApp Catches Spyware Firm NSO Defying No-Hacking Court Order
NSO Group Technologies Limited is an Israeli cyber-intelligence firm primarily known for its proprietary spyware Pegasus, which is capable of remote zero-click surveillance of smartphones.
In October 2025, a judge granted WhatsApp a permanent injunction barring NSO from hacking its users. NSO has been seeking to overturn the order blocking it from targeting WhatsApp users, arguing that the company will “suffer irreparable harm”.
According to WhatsApp, the spyware maker has violated the permanent injunction. The messaging app reported on Monday that it had recently learned of a social engineering attack that attempted to trick users into clicking on malicious links.
Because Flock Can’t Be Trusted, Cities Are Covering Cameras With Garbage Bags
When thing go poorly, no one seems to know who’s responsible for removing the unwanted tech, much less who actually has the authority to shut a surveillance system down.
Ukraine Is Not Losing. Russia Is Not Winning.
Ukrainians stop Russian drones with AI-powered interceptors--small drones that looks like miniature rocket ships.
The AI-powered drone interceptors are made possible by a complicated network of radar systems, acoustic sensors, and other tools that hundreds of large and small Ukrainian tech companies are creating and updating every day, using data they get directly from soldiers.
The front line is not a line at all, but rather a broad no-go zone, some 20 miles wide. Everything inside this zone is visible to drones, which means that any Russian truck, tank, or infantryman seeking to attack new territory is instantly identified and can easily be hit. Because the Russian commanders keep attacking anyway, the Ukrainians are killing and wounding thousands of enemy soldiers, perhaps as many as 30,000, every month. They say their goal is to remove more Russians from the battlefield than can be recruited to replace them, and they may be close to succeeding.
Running short on soldiers, Russia begins 'aggressive' recruiting drive in educational institutions
The Kremlin has set a quota for 2 per cent of male students to be recruited to the military and it is offering to wipe tuition fees and expunge poor grades for some of those who sign up.
French govt messaging service breached in account hijacking attack
Tchap has now reached over 300,000 monthly users and over 500,000 downloads on Google's Play Store after Prime Minister François Bayrou mandated the use of Tchap and banned foreign apps for work communications for all civil servants in early August 2025.
The threat actor "social engineered a valid account on the education shard" and claims to have scraped nearly 650,000 messages, and said, "Every file ever shared on Tchap, on any shard, is downloadable without a token."
CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day
The vulnerability affects only instances configured to use the deprecated IKEv1 key exchange protocol, with security gateways that don't require a machine certificate for connections and accept legacy Remote Access clients.
Apple removes Russia’s state-backed messaging app Max from its store
Apple said the app had been removed "in compliance with sanctions regulations," without specifying which sanctions were involved.
Cable lobby warns of chaos if FCC doesn’t relax ban on foreign routers
The FCC last month ruled that existing routers can receive software and firmware updates until at least January 1, 2029. But hardware changes are also necessary, and supply-chain shortages make it necessary to use foreign components.
Infosec
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
What's notable about the latest campaign is the re-compromise of the "durabletask" PyPI package, which was infected by TeamPCP last month to deliver an information stealer on Linux systems. Miasma is assessed to be a variant of the Mini Shai-Hulud worm that TeamPCP publicly released in mid-May 2026.
"The commit added no dependencies. It planted a 4.3 MB payload runner and wired it to execute automatically through five developer tools: Claude Code, Gemini CLI, Cursor, VS Code, and the npm test script. The attack detonates when a developer clones one of the affected repos and opens it in an AI coding agent."
"The worm's genius and the reason conventional defences largely failed is that it operates entirely within legitimate channels. It does not exploit a vulnerability in npm or GitHub. It exploits the trust model those platforms are built on: the assumption that if a package is signed with a valid key and published by an authenticated maintainer, it is safe."
For the 2nd time in weeks, Microsoft packages laced with credential stealer
73 packages were flagged as malicious when automated systems on GitHub blocked them on the platform. Anyone who touched any one of the 73 packages—listed here—should drop whatever else they’re doing and thoroughly investigate, lest there are any compromised credentials that will be used in future attacks.
The Microsoft GitHub account compromised in the May attack is the same one used late last week. The explanation for this double compromise isn’t currently known. It may mean that Microsoft failed to fully change credentials for the account. It might also be the result of an unknown package run on a Microsoft developer machine that stole the new credentials. Microsoft isn’t providing details at the moment.
Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks
A direct descendant of Mini Shai-Hulud, Miasma is a multi-stage dropper executed during NPM installation. The payload scans the local system and connected cloud services for credentials, API keys, tokens, and other secrets, and uses them to spread itself by infecting the packages the victim has access to.
By June 5, at least 57 NPM packages and over 300 malicious package versions associated with the Miasma supply chain attack had been identified. Hades, the PyPI branch of Miasma, affected at least 29 packages.
Ruby Fights Supply-Chain Attacks With Filter Offering 'Cooldown' Before Installing New Packages
packaging-managing Bundler tool now offers a filter that blocks new version until it's been public "for at least N days. Releases too new to have been scrutinized are passed over in favor of ones that have aged past the window."
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in an attempt to tackle software supply chain threats.
This two-hour delay does not apply to extensions from trusted publishers such as Microsoft, GitHub, and OpenAI, it added. Extensions from such publishers will continue to be updated immediately.
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
The flaw, CVE-2026-23111, sits in the kernel's nf_tables packet-filtering code and was patched upstream on February 5, 2026. The flaw came down to a single stray character, an inverted check in nf_tables, and the upstream fix removed it in one line.
It's a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container.
|