Infosecurity News
CISA Orders Agencies to Patch by Risk, Not Severity
New CISA directive tells federal agencies to patch by real-world risk, not CVSS severity scores
Cybercriminals Use Fake AI Guides and Dev Tools to Spread AsyncRAT Malware
Fake AI guides hide a multi-stage chain that drops AsyncRAT, with signs of AI-assisted coding
Most Cybersecurity Teams Struggle to Find Time for Training on New Cyber Threats
Organizations are aware of the challenges that new technologies like AI bring: but cybersecurity staff struggle to make time for the required training during working hours
Interpol Dismantles SniperDz Phishing-as-a-Service Platform
New revelations by Group-IB expose the full scale of the decade-old SniperDz phishing operation
Extortion-Only Attacks Increase, With Data Theft Dominating Ransomware Claims
Extortion-only attacks are increasing as data theft drives most ransomware claims, with many organizations unable to stop stolen data from being exposed
New “Agentjacking” Attacks Could Hijack AI Coding Agents
Tenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary code
Fake Software Tutorials on TikTok Spread Vidar Stealer
Threat actors push fake free-software tutorials on TikTok and Instagram to spread Vidar stealer
New SilabRAT Trojan Hijacks Sessions to Steal Crypto
MaaS trojan SilabRAT uses HVNC and browser cloning to hijack sessions and steal crypto
Cybersecurity Software Fails to Detect Fifth of Brower-Based Phishing Attacks
Menlo Security research warns that as enterprise applications become increasingly browser based, traditional cybersecurity tools leave them vulnerable to cyber threats
New Fable 5 Is a "Mythos-Class" LLM Available to All, Anthropic Announces
Anthropic unveils Claude Mythos 5 and Fable 5, a restricted-access frontier AI model and guardrailed version for everyone to use
Over a Quarter of Identity Crime Victims Hit by Multiple Incidents, ITRC Data Shows
Nearly 26% of identity crime victims faced multiple incidents in the past year, as ITRC warns of a growing "multi-layered crisis"
Microsoft Fixes 200 CVEs in June Patch Tuesday
Microsoft has patched 200 vulnerabilities including three zero-days
75% of Firms Deploy Vulnerable Code Amid Pressure on CISOs, Report Finds
Checkmarx report warns that business pressure is among the reason security leaders let security compliance slip
AI Coding Adoption Hits 97% but Governance Lags Behind
Most dev teams use AI coding assistants but only 30% have full governance in place
Critical phpBB Flaw Lets Attackers Hijack Any Account with One Request
Critical phpBB authentication bypass lets attackers hijack any account with one request
Google Releases Patch for Chrome Vulnerability Exploited in the Wild
The flaw, CVE-2026-11645, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page
Check Point Warns Critical Auth Bypass Bug Exploited in the Wild
Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin
Infosecurity Europe: Why JLR’s CISO Enforced In-Person Password Resets Following Cyber-Attack
Speaking at Infosecurity Europe, Ashish Shrestha, former CISO at Jaguar Land Rover revealed why he wanted over 30,000 employees to change their passwords in the immediate aftermath of the incident
WhatsApp Discovers NSO Group-Linked Spearphishing Attempts
Meta’s WhatsApp demands contempt ruling after users report NSO Group-linked phishing
North Korean Hackers Use Fake Coding Tasks to Steal Crypto
North Korean actor UNK_DeadDrop targeted developers with fake coding tasks to steal crypto
