Latest Cybersecurity News and Articles
25 June 2026
An analysis of a popular Google Chrome ad block extension for YouTube has uncovered the ability to execute arbitrary JavaScript code.
According to Island, the extension, named Adblock for YouTube (ID: cmedhionkhpnakcndndgjdbohmhepckk), has more than 10 million installs and carries a Featured badge on the Chrome Web Store.
The extension description states that it allows users to prevent web
25 June 2026
The startup’s platform functions as a secure control layer, aiming to secure AI tools across enterprises.
The post Runlayer Raises $30 Million in Series A Funding appeared first on SecurityWeek.
25 June 2026
It’s dumb out there again.
This week has the usual smell of prod on fire and nobody wanting to admit who left the door open — old creds still working, trusted apps doing sketchy crap, browser tricks jumping the fence, and “normal” workflows turning into phishing pipes because apparently email was not enough hell already.
The worst part is how cheap some of it feels. Not elite. Not cinematic.
25 June 2026
Mandiant has helped the California water utility investigate the cyberattack launched by Iranian hacker group Handala.
The post Cal Water Finds No Evidence of OT Activity After Hackers Claimed They Could Disrupt Water Supply appeared first on SecurityWeek.
25 June 2026
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.
The post Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning appeared first on SecurityWeek.
25 June 2026
Despite the abundance of telemetry at analysts’ disposal, many security operations teams struggle to answer a few basic questions during incident investigation: What happened? What evidence do we have? How do we know we’re seeing it all, in context?
Answering these questions requires teams to go beyond alerts, the most common basis for initial triage. But investigations (and their outcomes)
25 June 2026
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects.
The post GitLab Patches Code Execution, Information Disclosure Vulnerabilities appeared first on SecurityWeek.
25 June 2026
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities.
The post 25-Year-Old Vulnerability Patched in Curl appeared first on SecurityWeek.
25 June 2026
A previously undocumented Rust-based macOS implant and information stealer has been found to embed a prompt injection payload designed to trick a malware analyst's artificial intelligence (AI) tools and trick it into aborting or refusing an analysis of the artifact.
The malware has been codenamed Gaslight owing to this deceptive behavior. It's been assessed with high confidence that the tool is
25 June 2026
The 2026 Industrial Control Systems (ICS) Cybersecurity Conference takes place October 6-8, 2026, at the W Nashville.
The post SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary Edition appeared first on SecurityWeek.
25 June 2026
A new, stealthy backdoor named Mistic has been deployed as part of suspected financially motivated attacks aimed at multiple organizations spanning insurance, education, IT, and professional services sectors since April 2026.
According to Symantec and Carbon Black's Threat Hunter Team, the backdoor, also tracked as MLTBackdoor, is said to be linked to an initial access broker (IAB) named
25 June 2026
The guidance aims to establish product cybersecurity requirements for IoT devices integrated into federal agencies’ networks.
The post NIST Opens Updated IoT Security Guidance to Public Review appeared first on SecurityWeek.
25 June 2026
More than half of the bugs are use-after-free defects, which can potentially lead to remote code execution.
The post Chrome 149 Update Resolves 18 Severe Vulnerabilities appeared first on SecurityWeek.
25 June 2026
CVE-2026-20245, the 7th Cisco SD-WAN vulnerability exploited in 2026, was used for months prior to its disclosure and patching.
The post Cisco SD-WAN Zero-Day Exploited Months Before Patching appeared first on SecurityWeek.
25 June 2026
An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant.
The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated, local attacker to execute arbitrary commands with elevated privileges
24 June 2026
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
The post When Information Becomes the Attack Surface – Understanding AI Agent Traps appeared first on SecurityWeek.
24 June 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026.
The vulnerability in question is CVE-2025-67038 (CVSS score: 9.8), a code injection flaw that could result in the execution
24 June 2026
A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC.
"The main common goal was to disrupt the 'assembly lines' cybercriminals use to launch ransomware, financial fraud, and attacks on critical infrastructure," Europol said in
24 June 2026
Hundreds of C&C servers were disrupted in an operation involving law enforcement and several cybersecurity companies.
The post Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware appeared first on SecurityWeek.
24 June 2026
Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains.
The "critical exploitable pattern" has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositories at dozens of the largest organizations worldwide, including Microsoft, Google, Apache, and