Latest Cybersecurity News and Articles
08 June 2026
Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in an attempt to tackle software supply chain threats.
"When automatic updates are enabled, new versions are auto-updated two hours after they are published, adding an extra layer of protection
07 June 2026
Emphere’s solution delivers AI-driven remediation to software companies to speed up releases.
The post Emphere Raises $2.1 Million for AI-Powered Vulnerability Remediation appeared first on SecurityWeek.
06 June 2026
OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks.
The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection guarantees. Lockdown Mode is available to logged-in users across Free, Go, Plus, and Pro, and
06 June 2026
Raising $59 million to date, Opal also announced five senior leadership appointments.
The post Opal Security Raises $23 Million for AI-Native Identity Governance appeared first on SecurityWeek.
06 June 2026
A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the AI industry.
The company, the successor to Luminati, operates what it calls the largest residential proxy network in the world,
06 June 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash
06 June 2026
Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent.
The same week, Google shipped Chrome 149 with patches for 429 security bugs, the most ever in a single release.
Only the FFmpeg bugs were found by AI.
06 June 2026
Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign.
The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, per OpenSourceMalware. The development has GitHub to disable access to those repositories.
"Access to this
06 June 2026
Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation.
The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types -
On-Prem Deployment
Cisco SD-WAN Cloud-Pro
Cisco SD-WAN Cloud (Cisco Managed)
Cisco SD-WAN for Government (FedRAMP)
"A
05 June 2026
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively.
According to JFrog, the information stealer "scrapes every secret it can find on a developer's machine, hides behind an eBPF kernel rootkit, and
05 June 2026
CVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included packages contain a vulnerability.
The post OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds appeared first on SecurityWeek.
05 June 2026
Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET.
The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites mimicking utilities, war-related updates, and a government news source:
govlens[.]net, which
05 June 2026
Other noteworthy stories that might have slipped under the radar: Ultrahuman data leak, The Gentlemen ransomware analysis, Hola Browser bundles miner.
The post In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA appeared first on SecurityWeek.
05 June 2026
Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework.
ReliaQuest has assessed with moderate to high confidence that the espionage-focused activity is linked to China.
"OP-512 was highly likely conducting espionage through a
05 June 2026
The ShinyHunters extortion group leaked roughly 234 GB of data allegedly stolen from the dental benefits administrator.
The post Hackers Leak DentaQuest Information Impacting 2.6 Million appeared first on SecurityWeek.
05 June 2026
Eighteen months ago, the AI SOC was a marketing line. Today it's a budget item. The category has crossed over from interesting to inevitable, with billions of dollars now flowing into AI-powered security operations platforms, agentic SOC tools, and AI co-pilots built into every layer of the security stack. The data shows SOCs are buying, deploying, and standing up AI capabilities at the fastest
05 June 2026
Over 100 bugs are critical or high-severity, mainly use-after-free and insufficient validation of untrusted input flaws.
The post Chrome 149 Patches 429 Vulnerabilities appeared first on SecurityWeek.
05 June 2026
Experts commented on the EO’s voluntary nature, the balance between innovation and security, and potential implementation gaps.
The post Industry Reactions to New Trump AI Cybersecurity Executive Order: Feedback Friday appeared first on SecurityWeek.
05 June 2026
Posing as recruiters on online platforms, Chinese intelligence officers target personnel with access to classified or privileged information.
The post Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities appeared first on SecurityWeek.
05 June 2026
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise.
The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a remote code execution bug impacting all versions of the plugin up to, and including, 1.9.12. A patch for the flaw was