7/2/2026 July 3, 2026July 3, 2026 ~ The Cyber Beat ~ Leave a comment Germany Seeks Powers for Spies To Hack and Disrupt AttackersLaunch of UK’s National Cyber Action Plan Delayed Amid Labour Leadership CrisisSupreme Court Decision Threatens EU-U.S. Data Transfer AgreementSpaceX Showed Investors Prototype of Elon Musk’s New AI Device…Musk Denies Report That SpaceX Showed AI Handset Prototype Before IPODev Says Google Warned Him About Account Hijack – Then Charged Him $11,000 AnywayGoogle Loses Final Appeal To Overturn €4.1 Billion EU FineGoogle Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices…Krebs: FBI Seizes NetNut Proxy Platform, Popa BotnetStartup Sues Palo Alto Networks’ Koi Security, Saying an AI-Hallucinated Report Falsely Linked It To Chinese EspionageSafe Events Start With Threat Intel & Digital SecurityWhen Too Much Security Data Became the RiskAdaptHealth Investigates Cybersecurity Incident Involving Patient DataMedtronic Notifies Customers Impacted by ShinyHunters Data BreachSt. Paul Data Breach: 12,484 Residents, Employees Notified After July 2025 CyberattackCybercriminals Pose as Interpol in Phishing Emails to Infect Victims With RansomwareAI Agent Exploits Langflow RCE to Automate Database Ransomware AttackRansomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain CredentialsOpera Rolls Out Paste Protect Feature To Fight ClickFix AttacksToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google APISharePoint RCE CVE-2026-45659 Added to CISA KEV After Active ExploitationCisco Finally Confirms Attackers Exploiting Unified CM FlawResearcher Behind ‘Exploitarium’ Explains Release of Undisclosed Zero-Day Exploits
7/1/2026 July 1, 2026July 1, 2026 ~ The Cyber Beat ~ Leave a comment DHS Confirms Hackers Breached HSIN Info-Sharing PlatformU.S. Removes Curbs on Anthropic’s Latest Fable and Mythos AI ModelsCyber Insurers Focus on Speed as AI Rewrites SecurityPhantom Squatting Uses AI-Hallucinated Domains for Phishing and MalwareClaude Helped a Hacker Find a Way To Issue Tickets to Almost Every U.S. Music FestivalSuspected Member of “Scattered Spider” Hacking Group Extradited to U.S. From FinlandAmazon Fined $2.25M for Withholding Evidence From Fraud VictimsAn Artificial Cell With a Full Lifecycle Has Been Created for the First TimeProgress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation AttemptsUnpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes ClustersCritical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run CommandsAdobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign ClassicCitrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-ServiceKubota Says Hackers Had Month-Long Access To Network SystemsDental Implant Manufacturer Park Dental Research Corporation Hit With Ransomware AttackJapanese Insurer, Brewer, Manufacturer and Telecom Disclose Cyber BreachesOver 900 Oracle E-Business Instances Exposed To Ongoing AttacksBrazilian Banking Trojan Ousaban Targets Spain and PortugalVeil#Drop Fileless Malware Abuses Google Blogspot to Deploy Infostealer in MemoryAzure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ AttemptsSEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRATFortiBleed Credential-Theft Campaign Linked to Lynx RansomwareNew ChocoPoC Malware Targets Researchers via Trojanized PoC ExploitsEvilTokens Device-Code Phishing Kit Totally More Evil Than We All ThoughtAI-Generated Browser Ransomware Abuses Chromium API on Windows and AndroidResearcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery
6/30/2026 July 1, 2026July 1, 2026 ~ The Cyber Beat ~ Leave a comment U.S. Is Working on Ban Targeting Chinese Energy InvertersAnthropic To Restore Claude Fable Access on WednesdayMicrosoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak DataNew BioShocking Attack Manipulates AI Browser Into Data TheftAI-Generated Workflows Are a Silent Security DisasterPalo Alto, CrowdStrike Both Have Best Quarter Ever as AI Threats Bolster Cyber DemandInfosec Professionals Sour on Automated Pentesting ToolsMicrosoft Adds Smarter Bot Protection to Teams MeetingsMicrosoft Accelerates Quantum-Safe Roadmap as Risks GrowHuntress CEO Says Threat Hunter Used ‘Poor Judgment’ in Alerting Ransomware Crim About Law Enforcement ProbeHouse Passes Kids’ Online Safety Bill, but Senate Approval UnlikelyCIA Chief Highlights Major Shifts in Agency’s Tech ApproachKali Linux 2026.2 Released with 9 New Tools, NetHunter UpdatesBlackfield Ransomware Asks Nidec Corporation for $2 Million RansomInsurance Giant Aflac Discloses Data Breach After Subsidiary HackHackers Leverage Blockchain to Hit Japan’s Hotels Through Booking.com PhishingRustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoSClickFix Now Cybercriminals’ Favorite Malware Delivery TechniqueAirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic StudyMalicious PyPi Packages Give Hackers Control of Telegram Bot ServersSilent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet AddressesCISA: Windows BlueHammer Flaw Now Exploited by Ransomware GangsLangflow RCE Exploited to Deploy Monero Miner on Exposed AI App EndpointsGuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks
6/29/2026 June 30, 2026June 30, 2026 ~ The Cyber Beat ~ Leave a comment Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service AbuseFour Years Into Ukraine Invasion, Russia Turns Influence-Ops Back to U.S. and EuropeUkraine To Use Seized Crypto From Cybercrime Group To Buy War BondsMustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government AttacksChina’s Z.ai Claims It Can Match Mythos on CybersecurityApple Says It Is Releasing Updates Early in Response To AI Cybersecurity ConcernsMeta Contractors Posed as Teens to Prompt Rival Chatbots About Suicide, Sex, and DrugsSecurity Researchers Tricked Llms Into Giving Them Cocaine Recipes by Abusing Role Models for Prompt InjectionTop Google Security Staff Warn Search Data Could Be Hacked if EU Rules ChangeWhatsApp is Finally Getting Usernames to Help Keep Phone Numbers PrivateU.S. Offers $10 Million for Hackers Targeting WhatsApp, Signal UsersU.S. Seizes Hundreds of FIFA World Cup Illegal Streaming DomainsTrump Signs Memo Making It Easier for Americans To Fix Own VehiclesIran Cyberattacks on Israel Surged in 2026, Israeli Cyber Chief SaysU.S. Federal Insurance Regulator Confirms Data Breach Via Oracle FlawNissan Discloses Employee Data Breach Linked to Oracle Zero-Day AttacksNAIC Says Public Data Stolen in ShinyHunters’ PeopleSoft BreachTelegram-Based Millenium RAT Campaign Infects 60,000 Devices236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet DrainersCritical SimpleHelp Flaw Exploited To Deploy New Stealer MalwareHackers Now Exploit Critical Oracle E-Business Flaw in AttacksMicrosoft Removes 119 Edge Extensions That Hid Malware in Images and FontsMalicious Perplexity Chrome Extension Intercepted Searches and Address Bar InputHijacked npm and Go Packages Use VS Code Tasks to Deploy Python InfostealerPublic PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH FlawMicrosoft Extends Windows Server 2022 Hotpatching Until October 2027Justices Rule That Cellphone Location Histories Are Protected by the Fourth Amendment
6/26-28/2026 June 28, 2026June 28, 2026 ~ The Cyber Beat ~ Leave a comment China-Linked Hackers Strike Asian Critical Infrastructure with TinyRCT BackdoorGoogle Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage AttacksUkraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging CredentialsFBI Warns Russian Intelligence Hackers Target Signal Backup Recovery KeysEven the Secret Service Won’t Use Company-Issued PhonesThe Pentagon Is Looking Into the Dialog Data Exposure for Unmasking National Security OfficialsChina Has Matched Anthropic in Cybersecurity, Resetting AI RaceU.S. Allows Anthropic To Release Mythos AI To ‘Trusted’ U.S. OrganizationsOpenAI Limits New AI Models To ‘Trusted Partners’ at Request of U.S. GovernmentThe Three Chatbot Behaviors That Can Drive Humans to Delusional ThinkingMontenegro Police, FBI Arrest Iranian Wanted by Us for HackingRussia Accuses Apple of ‘Political Censorship’ After VK Apps Removed From App StoreFCC Votes To Toughen Rules in Bid To Better Protect Undersea CablesRussian Hackers Were Behind $2.5B Hack of Jaguar Land RoverApple Supplier Tata Tightens Internal Controls After Data BreachPolymarket Customers Lose $3 Million in Supply-Chain AttackData Breach Exposes up to 14.2 Million Email Logins at Six ISPsCybersecurity Firms Targeted by Fraudulent OpenAI Organization InvitesClean GitHub Repo Tricks AI Coding Agents Into Running MalwareMicrosoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js ImplantNew SharkLoader Malware Deploys Cobalt Strike in StrikeShark CyberattacksMiasma Malware Targets npm Packages and GitHub Actions in Supply Chain AttackNew DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned PacketsCISA Sets Urgent Deadline To Fix Cisco Flaw Exploited in AttacksCISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks ContinueNew Linux pedit COW Exploit Enables Root Access by Poisoning Cached BinariesAmazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
6/25/2026 June 26, 2026June 26, 2026 ~ The Cyber Beat ~ Leave a comment Ukraine’s State Postal Operator Reports App Disruption After CyberattackRussia Used Cellebrite Phone-Hacking Tool to Crack Down on Dissident After Firm Cut Off CountryMajor Increase in Ransomware Attacks Targeting Europe, Warns New ReportBritish Police Built a Sprawling Crime-Prediction Machine. Some Results Couldn’t Be TrustedTeens Who Hacked TfL Were Known to Police Years Before Cyber-AttackPoland Busts SIM-Swapping Gang Tied to Millions in Crypto TheftEx-Huntress Analyst Claims Company Insider Fed Info to a Ransomware Crim. Social Media Drama EnsuesPirloTV Sports Piracy Network Disrupted as 44 Domains SeizedDo CISOs Need a Code of Ethics?Hacked Klue Says Criminals Are Deleting Stolen Customer Data, but Now Other Hackers Are Making ThreatsAnother Russian Dairy Company Reportedly Disrupted by CyberattackTwenty Million U.S. IP Connections Used by Proxy ServicesBluekit Phishing Kit Adopts Browser-In-The-Middle for Login TheftOrder-Tracking App Shop Abused to Push Callback Phishing AttacksChrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection CapabilityNew Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted AnalysisMicrosoft Quietly Extends Free Windows 10 ESU Support to October 2027DHS Chief Says President Has Met With Potential Cisa Nominee; Agency Plans to Hire 600
6/24/2026 June 25, 2026June 25, 2026 ~ The Cyber Beat ~ Leave a comment Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Cyber EspionageSTT, Tata Delhi Data Centre Fire Leaves Clients Fearing Decades of Data Lost; Google HitMicrosoft’s Quantum Computing Technology Called Into Question, AgainGerman Rail Services Resume After Wireless Communications OutageUK’s Museums and Galleries Left Vulnerable to Cyber-Attack and Theft, MPs WarnAmadey and StealC Malware Network Disrupted, 27M Stolen Credentials RecoveredDraftKings Hacker ‘Snoopy’ Sentenced to 18 Months in PrisonKDDI Breach Affects Six Japanese ISPs, Exposes 14.2 Email CredentialsStealthy Mistic Backdoor Linked to Ransomware Access Broker KongTukeMalicious Edge Extension Abuses Native Messaging as Bridge to MalwareCordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain AttacksCISA Warns of Max Severity Ubiquiti Flaws Exploited in Attacks…Critical Lantronix EDS5000 Flaw Is Being Actively ExploitedMandiant Reveals How Cisco SD-WAN Zero-Day Attacks Gained Root Access
6/23/2026 June 24, 2026June 24, 2026 ~ The Cyber Beat ~ Leave a comment Iran Says Card-Based Banking Hit by Cyberattack on Three LendersFake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 AgentsOpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security FlawsNSA Lost Access to Powerful A.I. Model Amid Anthropic DisputeGitHub Updates Actions/Checkout to Block Common Pwn Request Attack PatternsGTA 6 Scams Emerge as Pre-Orders OpenFeds Seize Alleged Cyber-Scam Infrastructure Connected to Southeast Asian CompanyCompromise Kids Online Safety Bill Unveiled by House Leaders, With Key OmissionPassword Manager Maker LastPass Says Hackers Stole Customer Support Case Data During Klue BreachTata Electronics Confirms Cyberattack as Hackers Leak DataIndia’s Bajaj Auto Says Ransomware Attack Hits SystemsHealthtech Firm Xolis Suffers Data Breach Impacting 1.4 Million PeopleDialog Claims It Was Hacked. A Misconfigured Website Left Its Members ExposedNew macOS ClickFix Attack Silently Mounts DMGs to Push InfostealerLookalike npm Package Hides a Multi-Stage Windows RATWhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM ToolCisco Unified CM Flaw CVE-2026-20230 Now Exploited in Attacks
6/22/2026 June 23, 2026June 23, 2026 ~ The Cyber Beat ~ Leave a comment ‘Five Eyes’ Intelligence Alliance Warns That New AI Models Pose Urgent Cyber RiskOpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s MythosINTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-PacificHow 100 Romanian Hospitals Switched to Pen and Paper to Defeat a National Cyber-AttackWorld Cup Scams Are Getting Harder to SpotTwo Men Plead Guilty Over £39M TfL Cyber Attack…Teenager Who Hacked TfL Wanted in U.S. After £87M Cyber-ScamCanada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected DevicesFatal Tesla Crash Into Texas Home Now Under Federal Safety InvestigationTrump Signs Orders Calling for Powerful Quantum Computer, Targeting 2028Suspected Cyberattack Triggers False Emergency Alerts Across Parts of BrazilIndia’s Tata Electronics Hit by Cyber Breach Claiming to Expose Apple, Tesla Trade SecretsKlue Hack Results in Data Breach at Several Cybersecurity FirmsJaredFromSubway MEV Bot Hacked in $15 Million Crypto TheftNew OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealerWhatsApp Phishing Attack Uses Fake Business Docs to Hack PCsFortiBleed Campaign Used Custom FortiGate Sniffer to Steal CredentialsResearchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP RequestsFFmpeg Fixes PixelSmash Flaw in Widely Used Video DecoderMicrosoft Fixes AutoGen Studio Flaw That Enabled Code Execution
6/19-21/2026 June 21, 2026June 21, 2026 ~ The Cyber Beat ~ Leave a comment Microsoft Links Mastra AI Supply Chain Attack to North Korean HackersWhite House Delays Release of U.S. Voting Machine StudyEarly Users of Anthropic’s Mythos Still Have Access After U.S. OrderAWS Unveils ‘Continuum,’ an AI-Powered Vulnerability Management PlatformWhy Amazon Hates ‘Human-In-The-Loop’ AI GovernanceThe Classic Movie That Was Nearly Destroyed by a Single Line of CodeNew York Man Charged After Harassing Georgia College Student With AI-Generated NudesUK’s Information Commissioner Resigns Over ‘Inappropriate Humour’A Critical Deadline Is Approaching for Windows and Linux SecurityUnpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot ChainHackers Publish Knicks and Madison Square Garden Data OnlineMount Royal University (AB) Site Down Due to Cyber AttackAcworth (GA) Computer Networks Targeted in Early June CyberattackAryStinger Botnet Infected Thousands of D-Link Routers WorldwideKlue OAuth Breach Victim List Grows as Icarus Hackers Claim AttackNew Prinz Eugen Ransomware Prioritizes Recent Files for EncryptionAutoJack Attack Lets One Web Page Hijack AI Agent for Host Code ExecutionHackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API KeysCISA: Splunk Enterprise Flaw Actively Exploited, Patch by SundayCISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices
6/18/2026 June 19, 2026June 19, 2026 ~ The Cyber Beat ~ Leave a comment Bulgaria Allowed Surveillance Tech Firm to Sell Products to Repressive RegimesHow Hackers Found a Back Door Into the American Living RoomThe Midterms Are Going to Be a Data Security NightmareKrebs: ‘Popa’ Botnet Linked to Publicly-Traded Israeli FirmIsraeli Cyber Startup Dream Raises $260 Million, Valued at $3 BillionAccenture Takes Majority Stake in Cyber Company DragosCybercriminals Are Worried About AI Taking Their Jobs TooThe Hacker Sent by Anthropic to Calm the Government’s Nerves About AI SafetyLeak Confirms OpenAI Is Testing a ChatGPT for Science SubscriptionHow the Peter Thiel-Linked Dialog Club Secretly Ranks Its MembersTelegram Admits It Couldn’t Police Exam-Leak Channels, India Tells CourtHow to Watch the Knicks Parade on NYC Traffic Surveillance CamerasUK Social Media Ban for Minors Has Privacy Experts WorriedPolice Cleans Nearly 15,000 SocGholish-Infected Sites Tied to Evil CorpFIFA Bug Exposes World Cup Streams to Remote TakeoverNintendo Confirms Data Stolen in WebMD Subsidiary TinyPulse CyberattackTexas Government Data Breach Allowed Hackers to Steal 3 Million Driver’s Licenses and PassportsUniversity of Nottingham Confirms It Received No Ransom Request Following Cyber AttackAustralian Sugar Producer Mackay Sugar Works to Restore Operations as Ransomware Group Claims AttackGentlemen Ransomware Uses Multiple EDR Killers to Disable DefensesKlue OAuth breach linked to ‘Icarus’ Salesforce data theft attacksMicrosoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2Fake GitHub Stars and AI Videos Mask a Crypto ClipperLATAM Infrastructure Hit by Fortinet and Ivanti ExploitsShapedPlugin Update Flow Hacked to Infect WordPress SitesF5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code ExecutionApple Fixes Beats Studio Buds Flaw That Let Hackers Spy on ConversationsMicrosoft Fixes Issue Causing Windows Server 2016 Security Update Failures
6/17/2026 June 17, 2026June 17, 2026 ~ The Cyber Beat ~ 1 Comment North Korean Hiring Fraud Runs on AI and US Laptop FarmsHostile States Behind Three-Quarters of Attacks on Britain’s Critical Infrastructure, Cyber Chief WarnsEU Security Experts to Support Ukrainian Organizations in Case of Cyber-AttacksCISA Now Has Full Mythos Preview Access, People Familiar SayAt G7, Macron Says He Expects Progress on Broadening Access to Anthropic’s MythosIn U.S., EU Mutual Interest for Europe to Use Best AI Models, von Der Leyen SaysSensitive Enterprise Data Uploads to AI Models Double in a YearAI Threats and Alert Fatigue Challenge Cybersecurity TeamsCyber Warfare Firm Twenty Valued at $1 Billion in Latest Funding RoundAmazon AI Exec Predicts First ‘Commercially Useful’ Quantum Computers in 5-7 YearsFormer School IT Worker Sentenced for Hacking Saydel Community School District (IA)India’s Telegram Ban Hit the UAE Too. Here’s How to Get Around ItKodak Confirms Data Breach Claimed by ShinyHunters Extortion GangJunior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went OfflineHelpdesk Scammers Are Making House Calls to Make Their Lies Feel More RealFortiBleed Leak Exposes Fortinet VPN Credentials For 73,000 DevicesServerless Phishing Kit on GitHub Targets Mexican BanksGitHub Dismissed Security Reports on Flaws Now Exploited by Supply-Chain Worm, Researchers SayCrypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments144 Mastra npm Packages Compromised via Hijacked Contributor AccountCISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code ExecutionMicrosoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in DevelopmentGoogle to Use UK and EU User IP Addresses for Ad Measurement & Personalization
6/16/2026 June 16, 2026June 17, 2026 ~ The Cyber Beat ~ Leave a comment China-Linked SprySOCKS Backdoor Expands From Linux to WindowsFake Microsoft Alerts Used to Deploy North Korean NarwhalRAT MalwareEstonia to Quarantine Emails Sent From Russian .ru Domain Before They Reach Government OfficialsG7 Leaders Discuss ‘Trusted Partners’ Access to Cutting-Edge U.S. AI Models‘Dangerous’ AI Models Are Coming No Matter WhatSoftBank Launches Cybersecurity Product Based on OpenAI ModelsChainguard, JPMorgan, BNY Team Up to Secure Open Source from AI ThreatsPython Dev Saved From Disaster by intuition…and AIAssume You Will Be HackedSpaceX to Acquire AI Coding Startup Cursor for $60B in Stock, Days After Blockbuster IPOCyber Startup Ent Raises $100 Million in Seed FundingLeak Exposes Members of Peter Thiel’s Secretive ‘Dialog’ SocietyFrance to Stop Certifying Products Without Quantum-Safe EncryptionDragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major CompanyCardiac Monitor Maker iRhythm Security Skips a Beat as Data Thieves Go for the JugularClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update LuresRokarolla Android Trojan Combines Banking Fraud With Device SurveillanceMalicious JetBrains Marketplace Plugins Steal AI API Keys From DevelopersCISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege EscalationGoogle Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket SquattingAttackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last WeekUK to Require ID or Face Scan Before You Can Make Social Media AccountsFTC Warns of Record $3.5 Billion Losses to Imposter Scams in 2025, Tripling since 2020India Temporarily Blocks Telegram Over Medical Exam Cheating Fears
6/15/2026 June 16, 2026June 16, 2026 ~ The Cyber Beat ~ Leave a comment Israel Is Alarmed by Trump’s Deal With IranChinese Hackers Abused Google Workspace Rules to Steal Research and Defense EmailsNorth Korean Hackers Are Turning Developer Tools Into Malware Delivery ChannelsBelarus-Linked Hackers Target Gmail Accounts of Polish Public Figures and Their FamiliesCyber Leaders Urge U.S. to Lift Curbs on Anthropic’s Security Models…U.S. Saw Risk of Anthropic Models Being Diverted to Foreign Military IntelligenceMeta Tapped a Pentagon Supplier to Prototype Face Recognition for Its GlassesAdriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security RisksFinland Brings Charges Against Cargo Ship Officers for Cutting Submarine CablesFBI: Fraudsters Use Couriers to Steal Money in Crypto ScamsDOJ Seizes CFAKE, SOCFAKE Deepfake Nude Sites Under TAKE IT DOWN ActCyberattack on Russian Tech Firm Astral Disrupts Business, Government Services for WeekInfinite Campus Data Breach Affects 137,000 School Staff AccountsCouncil of Europe Investigates ShinyHunters Data Breach ClaimsAttackers Hijack Popular WordPress Plugins to Deploy Backdoors152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake TrafficLiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway ServersSimpleHelp Bug Lets Hackers Create Rogue Remote Support AccountsOne-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA CodesCisco Fixes SD-WAN vManage Flaw Exploited in Zero-Day AttacksUK Government Finds 400+ Vulnerabilities in AI HackathonsUK to Ban Social Media Access for Children Under 16
6/12-14/2026 June 15, 2026June 15, 2026 ~ The Cyber Beat ~ Leave a comment U.S. and Iran Say They Have Reached a Deal to Stop FightingChina-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a DecadeU.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals…Anthropic Halts Access to Top AI Models After U.S. Ban on Foreign UseAmazon CEO’s Talks With U.S. Officials Triggered Crackdown on Anthropic ModelsClaude Fable 5 Doesn’t Change the Mythos Security StoryAnthropic Flies Staff to D.C. To Clean Up White House FightThe FCC Wants to Kill Burner PhonesChinese Connected-Car Software Ban Shows CracksFBI Disrupts Massive AI-Powered Phishing Service Using a Million URLsGoogle Sues Chinese Smishing Network Accused of Using Gemini AI in PhishingThe FBI Built a Small Town to Simulate CyberattacksFired IT Worker Jailed for 21 Months After Sabotaging Old School DistrictUkrainian National Pleads Guilty to Role in Conti Ransomware OperationOver 73,000 French Gov’t Employees Affected in Tchap Messenger BreachPlymouth Council Exposes Hundreds in Latest Local Government Email GaffeMaine Disables Data Breach Notification Portal After Fake DisclosuresMurray County (GA) Restores Systems After Ransomware Attack, Pays $200,000 FeeOver 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF RootkitLangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code ExecutionCritical Splunk Enterprise Flaw Lets Attackers Run Code Without AuthenticationCISA Orders Feds to Patch Actively Exploited Ivanti Flaw by SundayphpBB Forum Fixes Auth Bypass Bug Lurking For a DecadeMicrosoft Has Mostly Repaired Flaw in Surface Hardware That Allowed Unprotected Devices to Be Bricked by a Single PacketNanoClaw Now Armed with JFrog for Safer PackagesBankruptcy Admin Approves Settlement Fund of $47 Million for 23andMe Data Breach VictimsMajor U.S. Surveillance Program Poised to Lapse After Legislative Deadlock
6/11/2026 June 12, 2026June 12, 2026 ~ The Cyber Beat ~ Leave a comment Cyber Force Not Included in Senate Defense Policy RoadmapTrump Nominates U.S. Attorney Jay Clayton to Be Director of National IntelligenceExtortion-Only Attacks Increase, With Data Theft Dominating Ransomware ClaimsVRChat Says Somebody Faked a Breach Notice With the Maine AG’s OfficeSignal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration AppsOpenAI to Acquire Ona to Support Its AI Coding Assistant, CodexNew “Agentjacking” Attacks Could Hijack AI Coding AgentsNew Attacks Trick OpenClaw AI Agent Into Running Code and Leaking SecretsGrok Is Still Hosting Sexualized Deepfakes of Famous WomenKorea Fines E-Commerce Giant Coupang $400M Over Data Breach Affecting MillionsInterpol Dismantles SniperDz Phishing-as-a-Service PlatformAuthorities Dismantle ‘AudiA6’ Ransomware Crypto-Laundering ServiceHacker Linked to Void Blizzard Faces Charges Over Cyberespionage CampaignThe Invisible Battlefield: How Cyberwar Is Reshaping Everyday LifeGoogle Says ShinyHunters Hackers Targeting Education Sector via Oracle Exploit…University of Nottingham Confirms Cyber Incident as ShinyHunters Group Claims Data Theft…Oracle Warns of Security Bug That Hackers Abused to Breach 100+ Companies…Oracle Mitigates PeopleSoft Zero-Day Exploited in Data Theft AttacksThe Gentlemen Ransomware Claims 478 Victims, Can Spread Like a WormJapanese Energy Firm Loses Drive With Data of 10.9 Million ClientsNovo Nordisk Flags Patient Data Breach From Some Clinical Trials in CyberattackOceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt AttackDrug Sites Hijacked Spotify’s Search Ranking Through Fake PodcastsCybercriminals Use Fake AI Guides and Dev Tools to Spread AsyncRAT MalwareMax Severity Ivanti Sentry Vulnerability Now Exploited in AttacksNew GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML FilesCISA Orders Agencies to Patch by Risk, Not Severity
6/10/2026 June 10, 2026June 10, 2026 ~ The Cyber Beat ~ Leave a comment China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance…China-Linked JDY Botnet Expands Targeting of U.S. Military NetworksUK Weakens Proposed Telecoms Defenses Against Chinese Hackers After Industry PushbackNorth Koreans Behind Nearly Half of U.S. Tech Industry Hacks, Says CrowdStrikeCISA Tells U.S. Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI ThreatsAI Shifts Cyber’s Hardest Problem From Finding Flaws to Fixing ThemMicrosoft Restricts Claude Fable for Employees Over Data Retention ConcernsAI Coding Adoption Hits 97% but Governance Lags BehindKrebs: Who Runs the Ransomware Group ‘The Gentlemen?’Valve Is Phasing Out Physical Steam Gift Cards Due to ScammersGitHub Announces npm Security Changes to Tackle Supply-Chain AttacksThe ‘Miasma’ Worm Source Code Briefly Leaked on GitHubWrongful Arrest Exposes Failures in One of the Oldest Police Face-Recognition Tools in the U.S.Over a Quarter of Identity Crime Victims Hit by Multiple Incidents, ITRC Data ShowsOracle PeopleSoft Servers Hacked in ShinyHunters Data Theft AttacksNearly a Million Passports and Photo IDs Were Left Unprotected on the Public InternetUniversity of Nottingham Student Data HackedCyber Attack Partially Closes Great Marlow School in BuckinghamshireCyberattack Shuts Down Major Australian Sugar Mills, Disrupting HarvestFake Software Tutorials on TikTok Spread Vidar StealerNew SilabRAT Trojan Hijacks Sessions to Steal CryptoCISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active ExploitationSix Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoSUnpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCEIvanti, Fortinet, and SAP Release Patches for Multiple Critical VulnerabilitiesMicrosoft Patches YellowKey, GreenPlasma, MiniPlasma Zero-DaysMicrosoft Patches Exchange Server Zero-Day Exploited in AttacksAngry Bug Hunter With Microsoft Beef Drops New Windows 0-Day
6/9/2026 June 10, 2026June 10, 2026 ~ The Cyber Beat ~ Leave a comment WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in UkraineHackers Pose as Women Seeking Romance to Spy on Russian SoldiersIran Signed a Ceasefire — Its Hackers Didn’tChinese Hackers Pose Biggest Espionage Threat to Tech Firms, CrowdStrike SaysAnthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of YouOpenClaw AI Agent Found Falling for Phishing Attacks, Spills User DataMeta to Use Off-Site Business Data for Feed and AI PersonalizationSignal Says UK Plan to Scan Devices for Nude Images ‘Endangers Us All’Microsoft Defender ‘RoguePlanet’ Zero-Day Grants SYSTEM PrivilegesMicrosoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe ContinuesCISA to Transform How It Assesses Cyber Vulnerabilities and Risks, Andersen SaysAI Is Making Patch Tuesday (Kinda) Fun AgainFrench Gov’t Messaging Service Breached in Account Hijacking AttackServiceNow Discloses Security Incident Exposing Customer DataNew FROST Attack Lets Websites Track What Sites and Apps You Open via SSD TimingResearchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight ModelsHades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential StealerCritical phpBB Flaw Lets Attackers Hijack Any Account with One RequestVeeam Backup & Replication RCE Flaw Lets Domain Users Run Remote CodeLiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCEGoogle Releases Patch for Chrome Vulnerability Exploited in the WildSAP Fixes Critical Flaws in NetWeaver and Commerce CloudKrebs: A Record-Breaking Patch Tuesday for June 2026…Microsoft Releases Windows 10 KB5094127 Extended Security Update
6/8/2026 June 9, 2026June 9, 2026 ~ The Cyber Beat ~ Leave a comment VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux AppliancesNorth Korean Hackers Use Fake Coding Tasks to Steal CryptoRussia Upgrades Rules for Its Digital Spy System to Better Track Citizens OnlineArmenia’s Pro-Europe Party Wins Election Despite Russia-Linked DisinformationHackers Likely Hijacked Over 20,000 Instagram Accounts With Meta’s AI ChatbotMeta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt OrderMeta Deletes Face-Recognition System From Its Smart Glasses App After Wired ReportNew Apple Feature Automatically Changes Your Compromised PasswordsTwo-Thirds of Open Source Community Unaware of Cyber Resilience Act‘Talk to My AI Twin’: Busy Executives Have a New Productivity HackUK Gives Big Tech 3 Months to Create Device Controls to Block Nude Images of KidsSoFi Confirms Third-Party Data Breach at Hong Kong SubsidiaryEvanston Township: Ransomware Sends Illinois High School on an Early Summer VacationMicrosoft’s Open Source Tools Were Hacked to Steal Passwords of AI DevelopersQilin Ransomware Claims Hack of Major New York/New Jersey Shipping AssociationUNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion CampaignNew Shai-Hulud Attack Trojanizes 19 Science-Focused PyPI PackagesNFCShare Android Malware Spreads via Fake Banking App Updates on GitHubCritical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 SetupsOne-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now PublicCritical UniFi OS Bug Lets Hackers Gain Root Without AuthenticationGogs Patches Critical Zero-Day Enabling Remote Code Execution
6/5-7/2026 June 8, 2026June 8, 2026 ~ The Cyber Beat ~ Leave a comment New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell FrameworkChinese APT UNC5221 Deploys New Malware to Keep Access to Hacked NetworksU.S. Says It Will Speed Development and Use of AI for National SecurityWhite House AI Policy Adviser Krishnan to Leave PositionTrump Says His Team Will ‘Look Into’ U.S. Taking Stake in AI CompaniesSecurity Chiefs Unfazed by Federal AI OversightBlacklisted AI Company Anthropic, White House Ease Tensions Ahead of IPOAnthropic Urges AI Labs to Pause Development, Warns Humans Risk Losing ControlEight Legal Questions for Your AI CompanyHands on With Intelligent Terminal, an AI-Powered Windows TerminalNew ChatGPT Lockdown Mode Limits Tools That Could Enable Data ExfiltrationFree Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AIAI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 BugsEU Unveils Tech Sovereignty Package to Cut Reliance on U.S., Chinese SuppliersApple Removes Russia’s State-Backed Messaging App Max From Its StoreAndroid Spyware Asin Targets Arabic Users via Fake News, PDF and War Map AppsSuspicious Polyfill Login Prompts Pop Up on Toshiba, Muji WebsitesSilent Ransom Group Targets Law Firms With Fake IT Support CallsWorld Food Programme Breach Exposes Data of 600K Vulnerable Gazan FamiliesCouncil in UK’s City of York Outs Hundreds of Disabled Residents With a Single Email BlunderOxford Uni Student Data Pwned Yet Again – This Time via Career Platform BreachOver 900 U.S. Gas Station Tank Gauge Systems Exposed to AttacksPCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay NetworkCoXMO Botnet Spreads via DD-WRT Router Flaw, Kills Rival MalwareMiasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain AttackCisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch AvailableCISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV CatalogThe $100 Million Crypto “Looksmaxxing” Boom: How Chinese Cartel Suppliers Pivoted to the Gray-Market Peptide EcosysteDark Web Nemesis Market Vendor Gets 26 Years for Selling Drugs4 Critical Threats Where Attackers Have the Advantage
6/4/2026 June 5, 2026June 5, 2026 ~ The Cyber Beat ~ Leave a comment Five Eyes Warn Chinese Spies Are Using Job Sites to Recruit InsidersRussia Seeks to Label Two Anti-Kremlin Hacker Groups as ‘Extremist’Trump Considers Palantir Exec Shyam Sankar to Lead CISACISA Directive for AI Executive Order to Be Released This Week, Andersen SaysMeta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of PhonesHackers Spied on a Stock Exchange Executive’s Outlook Mailbox for Five MonthsPink Is the Latest Goon Squad to Use Fake Helpdesk Calls to Steal CredsPolice Dismantles Fake ID Marketplace Used by Migrant SmugglersDoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in AssetsFTC Considers Setting Aside or Modifying $150 Million Privacy Penalty Against XSupreme Court Rules FCC Fines Punishing Telecom Giants for Sharing Location Data Were LegalUN Food Agency Discloses Breach Affecting 600,000 Gaza HouseholdsDentaQuest Data Breach Exposed Info of 2.6 Million AccountsMy SSN Was Exposed in a Breach at Columbia—A School I Have No Connection WithFake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDSFlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube AdsCredit Card Theft Campaign Abuses Stripe to Host Stolen Payment InfoHola Browser for Windows Compromised to Deliver CryptominerNew IronWorm Malware Hits 36 Packages in npm Supply-Chain AttackEverest Forms Pro Vulnerability Allows Remote Code Execution on WordPress SitesClaude Code GitHub Action Flaw Let One Malicious Issue Hijack RepositoriesCisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
6/3/2026 June 3, 2026June 3, 2026 ~ The Cyber Beat ~ Leave a comment Chinese Hackers Use New Atlas RAT Malware in European CyberattacksNew Cyber Force Would Cost up to $11 Billion to Start, Commission SaysDHS Chief Signals Efforts to Reshape CISAWhite House Unveils Pared-Back AI Executive OrderOpenAI’s Altman to Urge U.S. Lawmakers Not to Require AI Model ApprovalsOpenAI Upgrades GPT-5.5, as It Plans to Retire Legacy ChatGPT ModelsxAI Asks Court to Strip Alleged Grok Deepfake Nudes Victims of AnonymityTeaching AI Agents to Ask Better Questions by Playing “Battleship”AI as a Security Enabler, Not Role-ReplacerCrowdStrike Narrowly Beats Estimates on AI Tailwinds, but Stock Falls 10%Police Dismantles 9 Crime Groups in Illegal Streaming CrackdownThe U.S. Sanctions Nobitex Crypto Exchange Used by RansomwareThe Worst Hacks and Breaches of 2026 (So Far)Cyber Insurance Rates Are Dropping, but Exclusions WidenUltrahuman Says Hackers Accessed Customers’ Wellness Data via Internal ToolWeedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated ContentWhatsApp, Slack Notifications Could Hijack Google Gemini on AndroidGoogle DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RATOne-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth TokensMicrosoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug FlagCISA Warns of Cyberattacks Targeting Fuel Tank Monitoring SystemsCISA Warns of Active Attacks Exploiting Android, Linux BugsNew HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & CloudflareAcer Working to Patch Max Severity Zero-Days in Wave 7 RoutersUnpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 HashesAutonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
6/2/2026 June 2, 2026June 2, 2026 ~ The Cyber Beat ~ Leave a comment Trump Signs Executive Order to Review AI Models Before They’re ReleasedAnthropic Scales Claude Mythos to Critical Infrastructure in 15+ CountriesTurncoat AI Agents Emerge as the New Inside HackersMicrosoft Reveals New Quantum Chip Made With AI, Says It Will Have Systems by 2029Palo Alto Networks Tops Earnings as AI Fuels Cybersecurity UrgencyBeyond Assume-Breach: How AI-Native Security Will Reshape Enterprise DefenseHong Kong Securities Regulator Warns Licensed Firms of AI-Driven Cyber ThreatsAndroid Is Fighting Phone Scams With a New Feature to Prove Who’s CallingRussian Spy Agency Says Foreign Spies Turned Officials’ Smartphones Into Surveillance DevicesDingbat Criminal Breaks the ‘First and Second Rule of Ransomware Club’Las Vegas Local Casino Operator Station Casinos Victim of CyberattackAI-Built Ransomware Toolkit Automates EDR Evasion, AD DiscoveryOracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active ExploitationCritical Kirki Flaw Exploited to Hijack WordPress Admin AccountsGoogle June 2026 Android Update Patches 124 Flaws, One Actively ExploitedHackers More Focused on Misleading Voters Than Ballot Tampering
6/1/2026 June 2, 2026June 2, 2026 ~ The Cyber Beat ~ Leave a comment U.S. And Iran Trade Strikes Amid Talks to End WarChina-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & TaiwanFSB Group Gamaredon Hides Worm in Windows Data StreamsUnknown Hacker Group Targeted Russian Maritime Universities, Diplomats for Nearly Two YearsKrebs: Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts…Obama’s Old Instagram Account Was Reportedly Hacked Over the WeekendWebsites Can Now Spy on You Through Your Hard DriveThe Romance Scammer Who Made a Small Fortune Posing as a WWE SuperstarSpain Arrests Doxer Leaking Sensitive Data of Gov’t EmployeesFlorida Sues OpenAI and CEO Sam Altman, Claiming Company Concealed Serious Risks of ChatGPTAnthropic Files to Go Public in Blockbuster Year for IPOsNSA Selects New Leads for Key Cybersecurity PostsAfghan Finance Officials Targeted by Suspected Pakistani Cyberespionage CampaignDashlane Password Manager Users Locked Out by Brute Force AttacksGrand Theft Auto V Cheat Service Gets Hacked, Exposing Thousands of GamersHackers Hijack Thousands of Sites for ClickFix and FakeUpdate AttacksWordPress Malware Campaign Hides Payloads in Steam ProfilesOpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain AttackMiasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing WormCritical Windows Netlogon RCE Flaw Now Exploited in AttacksCritical Flowise Flaw Gives Attackers Full Server ControlMicrosoft Fixes KB5089549 Windows Security Update Install IssuesInspector General Finds NIST Mistakes Have Made Vulnerability Database IneffectiveMicrosoft Says It Will Not Pursue Security Researchers After Zero-Day Backlash
5/29-31/2026 June 1, 2026June 1, 2026 ~ The Cyber Beat ~ Leave a comment Chinese Hackers Exploit Iran War to Target Maritime and Energy CompaniesKimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code TunnelsUnited Flight Forced to Turn Around Because of a Bluetooth Speaker NameAnthropic Confirms Claude Mythos-Class Models Will Roll Out to the PublicUK Banks Still Lack Access to Mythos AI Model, BoE’s Bailey SaysDutch Authorities Dismantle Botnet Linked to 17 Million Infected DevicesMan Sent to Prison for Selling Data of 7 Millions Elderly AmericansU.S. Charges Google Security Engineer With Polymarket Insider TradingCalifornia Attorney General Sues 23andMe Successor for 2023 Data BreachGoogle Chrome Adds Session Cookie Theft Protection for All UsersCharter Communications Data Breach Affects 4.9 Million AccountsMalicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud SecretsLone Attacker Published 14 Malicious npm Packages Mimicking Popular OpenSearch, Elasticsearch LibrariesAttackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 ExploitAI-Generated npm Malware Leaks Its Own GitHub TokenChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing SurfacePAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active ExploitationWP Maps Pro Bug Exploited to Create Admin Accounts on WordPress SitesNew CIFSwitch Linux Flaw Gives Root on Multiple DistributionsName That Toon: Mark of (Cybersecurity) Progress
5/28/2026 May 29, 2026May 29, 2026 ~ The Cyber Beat ~ Leave a comment The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They AreRussia Conducting Daily Attacks on UK ‘From Seabed to Cyberspace,’ Spy Chief WarnsChina’s DJI Says Its Drones Not a Risk, Urges U.S. to Lift Ban on New ModelsGreyVibe Hackers Use ChatGPT, Gemini to Power CyberattacksJapan’s Major Banks to Use OpenAI’s New Model to Thwart Cyberattacks, Nikkei ReportsAnthropic Tops OpenAI as Most Valuable AI Startup, Nears $1 Trillion Valuation in Latest RoundCyber Threats Top CEO Business FearsSnowflake Buys Natoma to Help Freeze Out Rogue AgentsCanadian Man Gets 33 Years for Using Social Media to Coerce U.S. Children Into Sending Sexual ContentA Security Lapse at Prison Pay Phone Service Pay Tel Publicly Exposed Over 300K Callers’ Driver’s LicensesScammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing AttacksAttackers Move Past Typosquatting to Realistic and Plausible Package ImpersonationNew Threat Actor Jinx-0164 Targets Crypto Developers on macOSThreat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential StealerCritical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary CodeMicrosoft Condemns “Uncoordinated” Zero Day Disclosures2 Pittsburgh-Area Men Plead Guilty in Scheme to Hack Snapchat Accounts and Steal Explicit Photos
5/27/2026 May 28, 2026May 28, 2026 ~ The Cyber Beat ~ Leave a comment UK, Poland to Sign Defence Treaty to Tackle Russian ThreatsUK Spy Chief: Time Is Running Out for the West to Confront Threats From Russia and ChinaSpain Wants EU States to Retain Say in Barring Foreign Telco ProvidersChampion Ethical Hacker Warns AI Tools Like Mythos Will Make Competing HarderYes, AI Can Make Mistakes. AI Can Find Them, Too.China Wants Its Companies to Embrace AI—Without Firing Workers68% of UK Firms Plan to Increase Cyber Spending as AI Risks RiseAmazon Strikes $6 Billion Deal With Snowflake for Agentic Computing ChipsInfosecurity Europe: Why Burnout in Cybersecurity Demands Risk-Based ResponseToo Much Work to Do? Have Your Digital Twin Handle ItBosses Blinded by Confidence About Shadow AI Use by WorkersAI Expands From Multibillion-Dollar Enterprises to Main StreetRudd Orders Cyber Command Reviews as Pentagon Presses Reform AgendaCrowdStrike, Google Take Down Glassworm BotnetUK Visa Portal Exposed Thousands of Applicants’ Passports and Selfies — Then Called the Lawyers on UsCruise Operator Carnival Discloses Personal Data BreachThousands of Fake FIFA Domains Target World Cup FansAI Chatbot Recommendations Redirect Users to Cryptojacking Malware SitesFBI Warns of In-Person Data Theft Attacks From Silent Ransom Group Extortion GangPureLogs Variant Steals Data via Purchase Order LuresGrandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android UsersMalicious npm Package Stole Files From Claude AI User Directory via GitHubGitea Vulnerability Exposes Private Container Images without AuthenticationCISA Gives Feds 4 Days to Patch Actively Exploited Cpanel Plugin FlawDutch Police Arrests Suspect Linked to Ajax Football Club HackRomanian National Sentenced to More Than 4 Years for Hacking Oregon Government SystemsSome Eligible for up to $3,500 in Krispy Kreme Data Breach Settlement
5/26/2026 May 26, 2026May 26, 2026 ~ The Cyber Beat ~ Leave a comment Chinese Threat Actors Ditch Static Phishing Pages for Live Credential InterceptionMuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 CountriesMiniFast & MiniJunk: Iran-Linked Hackers Target U.S. Aviation with Phishing and SEO Poisoning CampaignIranian Hackers Responsible for Los Angeles Transit System Breach, Israeli Researchers SayU.S. Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred GrowsHackers Are Quickly Learning to Exploit Chatbot ‘Personalities’BadHost: Millions of AI Agents Imperiled by Critical Vulnerability in Open Source PackageIn the AI Age, Firms Chase Growth but With Fewer WorkersLaw Firm Wiley Rein Hit With Class Action Over Data Breach Tied to Chinese HackersDutch Authorities Arrest Men Suspected of Providing Infrastructure for Russian Cyber OperationsLithuania Investigates Theft of 600,000 State Registry Records by Foreign ActorMyPillow Must Decide Whether to Be Firm or Soft as Ransomware Crims Demand PayCharter Confirms Data Breach After ShinyHunters Extortion Threat7-Eleven Data Breach Exposes Personal Information of 185,000 PeopleBTMOB Android RAT Spreads Through No-Code Builder ToolingKnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt StrikeMicrosoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server VersionsCISA Orders Feds to Patch Actively Exploited Drupal VulnerabilityCERT-IN Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted AttacksMicrosoft Defender Can Now Automatically Isolate Hacked EndpointsKremlin Appoints Cyber Executive With Alleged GRU Ties to Security Council Role
5/22-25/2026 May 26, 2026May 26, 2026 ~ The Cyber Beat ~ Leave a comment U.S. Forces Conduct Strikes in Iran, Central Command SaysIran’s President Orders Reopening of International Internet Access, State Media ReportsIran Moved Billions Through Binance to Fund Regime—Continuing Into This MonthThe AI Era Is Creating a Bug Hunting Arms RaceClaude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used SoftwareAnthropic to Release Mythos-Class Models to the PublicOne Job That Is Growing in the AI Era? Cybersecurity Experts.CISA to Allow Researchers to Report Vulnerabilities to Exploited Bugs CatalogCyber Officials Brace for Lax AI OversightKrebs: Lawmakers Demand Answers as CISA Tries to Contain Data LeakGhostwriter Targets Ukraine Government Entities with Prometheus Phishing MalwareLazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto FirmsKrebs: Netherlands Seizes 800 Servers, Arrests 2 for Aiding CyberattacksItaly Disrupts CINEMAGOAL Piracy App that Stole Streaming Auth CodesWhy the Supreme Court’s Chatrie Case Could Change the Meaning of Privacy in AmericaMeta Settles School District Lawsuit Claiming Addictive Design Harmed Students’ Mental HealthTrump Mobile Confirms It Exposed Customers’ Personal Data, Including Phone Numbers and Home AddressesHackers Steal Patient and Billing Data From German Hospitals via Third-Party ProviderFake Streams, Counterfeit Merch and Other Scams: How Fraudsters Target F1 FansFake Gemini and Claude Code Sites Spread Infostealers Through SEO PoisoningFBI Warns ‘Kali365’ Phishing Kit Hijacks Microsoft 365 OAuth TokensGhost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix AttacksLiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as RootDrupal Core SQL Injection Bug Actively Exploited, Added to CISA KEVCISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEVUbiquiti Patches Three Max Severity UniFi OS VulnerabilitiesLaravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential StealerTrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIOPackagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux MalwareMegalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflowsnpm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
5/21/2026 May 21, 2026May 21, 2026 ~ The Cyber Beat ~ Leave a comment Chinese Hackers Target Telcos With New Linux, Windows MalwareXi and Putin Pledge Closer Cooperation on AI, Cyberspace and Satellite SystemsTrump Cancels Signing of AI Executive OrderStates Push Federal Government for More Cybersecurity SupportTeamPCP Is Poisoning Open Source Code at an Unprecedented ScaleJPMorgan Rolls Out AI Tools in Investment Banking Globally, Senior Banker SaysOpenAI Is Preparing to File for an IPO Very SoonSpaceX Confirms Plans for an IPO That Could Make Elon Musk a TrillionaireThe EU Is Going Through a Trump-Fueled Breakup With Big Tech‘Creepy’ Listening Tool for Targeted Ads Didn’t Actually Work, FTC SaysCybercriminal VPN Dismantled in Europol CrackdownApple Blocked Over $11 Billion in App Store Fraud in 6 YearsTwo Americans Plead Guilty to Assisting India-Based Tech Support Scam CentersKrebs: Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and CanadaUK Plans for Cybercrime Law Reform Would Protect Almost No One, Experts WarnMinecraft-Streaming Gran Swatted While Raising Cash for Grandson’s Cancer CareGitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension…GitHub Links Repo Breach to TanStack Npm Supply-Chain AttackShowboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy BackdoorSecurity Researcher: Google API Keys Remain Active After Deletion For 23 MinutesMicrosoft Warns of Two Actively Exploited Defender VulnerabilitiesNvidia Urges Users to Update GPU Drivers Due to Security VulnerabilitiesHighly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE AttacksMax Severity Cisco Secure Workload Flaw Gives Site Admin Privileges9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major DistrosGoogle Accidentally Exposed Details of Unfixed Chromium FlawThree-Quarters of Firms Knowingly Ship Vulnerable CodeHackerOne Takes an Axe to Its Bug Bounty RewardsTech Giants Promise British Regulator They Will Tweak Platforms to Protect Kids Online
5/20/2026 May 21, 2026May 26, 2026 ~ The Cyber Beat ~ Leave a comment China-Linked Webworm APT Evolves Tactics, Expands to European TargetsUkraine Says Russia Is Deploying AI-Powered Malware on the BattlefieldSenator Presses CISA for Answers About Alleged Github Repository LeakVerizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access VectorFears of Unfettered Hacking Spurred by Anthropic’s Mythos AI Model OverstatedData Brokers’ and AI Firms’ Opt-Out Forms Are Built to Fail, Report FindsA Bipartisan Amendment Would End Police License Plate Tracking NationwideA New York Cop Got Injured at a Boxing Match. Now Madison Square Garden Is Banning His LawyerLondon’s Police Asked Big Tech for Comms Data Over 700,000 Times Last YearUkraine Identifies Infostealer Operator Tied to 28,000 Stolen AccountsGitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos…GitHub Investigates Internal Repositories Breach Claimed by TeamPCPGrafana GitHub Breach Exposes Source Code via TanStack npm Attack7-Eleven Confirms Breach After ShinyHunters ClaimsTrump Mobile Site Reportedly Exposing Customers’ Private DataDelano Becomes Latest Minnesota School District Hit by Ransomware AttackAurora (IL) Investigating Recent Cyber AttackResearchers Warn CypherLoc Scareware Has Targeted Millions of UsersHackers Bypass SonicWall VPN MFA Due to Incomplete PatchingExploit Released for New PinTheft Arch Linux Root Escalation FlawMicrosoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
5/19/2026 May 20, 2026May 20, 2026 ~ The Cyber Beat ~ Leave a comment Huawei Zero-Day Attack Behind Last Year’s Crash of Luxembourg’s Entire Telecoms NetworkU.S. Lawmakers Seek to Undercut Chinese AI and Tech Sales AbroadAI-Related Data Breaches Surpass Stolen Credentials in Cyber Incidents, Verizon Report SaysAI Raises the Bar on Vulnerability Awareness and Secure-by-Design SoftwareU.S. Software Stocks Rebound, Seeking to Loosen AI’s GripYou Can Get Some of Your Nudes Removed From the Internet Under a New U.S. LawUK Regulator to Require Tech Firms to Tackle Deepfakes, Non-Consensual Intimate ImagesFBI: Americans Lost Over $388 Million to Scams Using Crypto ATMs in 2025Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing ToolDiscord Rolls Out End-To-End Encryption on Voice, Video CallsTrapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 AppsMicrosoft Self-Service Password Reset Abused in Azure Data Theft AttacksMini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer AccountShai-Hulud Keeps Burrowing: 314 npm Packages Infected After Another Account CompromiseNew Shai-Hulud Malware Wave Compromises 600 npm PackagesPopular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD CredentialsCompromised Nx Console 18.95.0 Targeted VS Code Developers with Credential StealerSEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic AccessMax-Severity Flaw in ChromaDB for AI Apps Allows Server HijackingDrupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
5/18/2026 May 19, 2026May 19, 2026 ~ The Cyber Beat ~ Leave a comment Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons SimulationsKrebs: CISA Admin Leaked AWS GovCloud Keys on GithubAnthropic to Let Partners Share Mythos Cybersecurity Findings With OthersMythos Rewires the Bug-Bounty IndustryLinus Torvalds Says Linux Security List Is Becoming ‘Unmanageable’ Due to AI Bug ReportsExperts Warn of Privacy Risks as AI Firms Looks to Connect to Financial AccountsGoogle and Blackstone to Create New AI Cloud CompanyJury Dismisses All Claims in Elon Musk’s Lawsuit Against OpenAI CEO Sam AltmanInterpol Launches Sweeping Cybercrime Crackdown in MENA RegionNYC Health + Hospitals Says Hackers Stole Medical Data and Fingerprints During Breach Affecting at Least 1.8 Million PeopleDo Fear the Reaper – Stealer Swipes macOS Users’ Passwords, Wallets, Then Backdoors ThemShai-Hulud Copycat Worm Infects Yet Another Npm PackageExploit Available for New DirtyDecrypt Linux Root Escalation FlawMiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched SystemsIvanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation FlawsSecurity Researchers Find 47 Zero-Days at Pwn2Own BerlinMicrosoft Confirms Windows 11 Security Update Install Issues
5/15-17/2026 May 17, 2026May 17, 2026 ~ The Cyber Beat ~ Leave a comment Hackers Have Breached Tank Readers at U.S. Gas Stations; Officials Suspect Iran Is ResponsibleChina-Linked Hackers Deploy New TencShell Malware Against Global ManufacturerTurla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent AccessFired Hacker Twins Forget to End Teams Recording, Capture Own CrimesMicrosoft Backpedals: Edge to Stop Loading Passwords Into MemoryMicrosoft Reports Severe Zero-Day Flaw in On-Prem Exchange ServersMicrosoft Rejects Critical Azure Vulnerability Report, No CVE IssuedMicrosoft Exchange, Windows 11 Hacked on Second Day of Pwn2OwnYour 401(K) Is the New Identity Theft TargetMore than $10 Million Stolen From Crypto Platform THORChainGremlin Stealer Evolves into Modular Threat with Advanced Evasion CapabilitiesGrafana GitHub Token Breach Led to Codebase Download and Extortion AttemptPopular node-ipc npm Package Compromised to Steal CredentialsTycoon2FA Hijacks Microsoft 365 Accounts via Device-Code phishingCISA Orders All Federal Agencies to Patch Exploited Bug in Cisco SD-WAN Systems by SundayNGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCEFunnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout SkimmingFour OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
5/14/2026 May 15, 2026May 15, 2026 ~ The Cyber Beat ~ Leave a comment ODNI Taps Officials to Coordinate Response to Foreign Election ThreatsMustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage CampaignIranian MuddyWater Hackers Targeted Major South Korean Electronics MakerGhostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt StrikeBank of Spain Calls for Access to Advanced AI Tools, Flags Cyber RisksApple’s Security Has Been Tough to Crack. Mythos Helped Find a Way In.Your iPhone Gets Stolen. Then the Hacking BeginsConnected Cars Generate Data Enticing to Automakers and Hackers AlikeNobody Believes the ‘Criminals and Scumbags’ Who Hacked Canvas Really Deleted Stolen Student DataTo Gain Root Access at This Company, All an Intruder Had to Do Was Ask NicelyAI Models Are Getting Better at Replacing Cybersecurity Pros on Certain TasksOpenAI Confirms Security Breach in TanStack Supply Chain AttackTeamPCP Hackers Advertise Mistral AI Code Repos for SaleFoxconn Factories Resume Operations After Ransomware AttackSurfside Beach (SC) Loses Over $500K in Cyber Scam, State Authorities InvestigatingKongTuke Hackers Now Use Microsoft Teams for Corporate BreachesStealer Backdoor Found in 3 Node-IPC Versions Targeting Developer SecretsHackers Exploit Auth Bypass Flaw in Burst Statistics WordPress PluginCisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin AccessPraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of DisclosureNew Fragnesia Flaw Hands Linux Local Users Root Access18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCEWindows 11 and Microsoft Edge Hacked at Pwn2Own Berlin 2026
5/13/2026 May 13, 2026May 13, 2026 ~ The Cyber Beat ~ Leave a comment Tech Rivalry, Distrust Sap Summit Hopes for Trump-Xi AI PushChina ‘Very Disappointed’ With Europe’s Planned Investment Restrictions, Diplomat SaysVietnam to Develop Domestic Cloud So It Can Ditch Risky Overseas Operators for Government WorkloadsAndroid Adds Intrusion Logging for Sophisticated Spyware ForensicsWhatsApp Adds Meta AI Chats That Are Built to Be Fully PrivateAI-Driven Cyberattacks Will Start to Be the ‘New Norm’ in Months, Palo Alto WarnsRansomware: Over Half of CISOs Would Consider Paying Ransom to HackersUK Moves to Shield Security Researchers in Cybercrime Law OverhaulDHS Plans Experiment Running ‘Reconnaissance’ Drones Along the U.S.-Canada BorderAlleged Dream Market Admin Arrested in Germany After U.S. IndictmentAzerbaijani Energy Firm Hit by Repeated Microsoft Exchange ExploitationGemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal DataFoxconn Confirms Cyberattack Claimed by Nitrogen Ransomware GangAvada Builder Flaws Expose One Million WordPress SitesMicrosoft Fixes BitLocker Recovery Issue Only for Windows 11 Users…Windows BitLocker Zero-Day Gives Access to Protected Drives, PoC ReleasedMicrosoft Fixes Windows Autopatch Bug Installing Restricted DriversMicrosoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch TuesdayMicrosoft on Pace to Break Annual Vulnerability Record as AI-Driven Patch Wave Takes HoldEuropean Commission Head Pushes Creation of New Law Delaying Teens’ Social Media Access
5/12/2026 May 12, 2026May 12, 2026 ~ The Cyber Beat ~ Leave a comment European Countries Are Exporting Surveillance Tech to Countries With Poor Human Rights Records, Report SaysTrump and XI Appear Intent on Keeping Iran War From Overshadowing China SummitIran Is Using Tiny ‘Mosquito’ Boats to Shut Down the Strait of HormuzPentagon Deploys Anthropic’s Mythos to Patch Cyber Gaps While Planning to Ditch FirmAnthropic’s Mythos Sends U.S. Banks Rushing to Plug Cyber HolesOpenAI Just Released Its Answer to Claude MythosHonest: How AI Killed a 133-Year-Old Princeton TraditioniOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and AndroidAndroid 17 to Expand Banking Scam Call and Privacy ProtectionsSignal Adds Security Warnings for Social Engineering, Phishing AttacksAirbit Crypto Ponzi Victims Can Now Claim Slice of $400M Asset HaulCongressman Launches Inquiry Into How Food Retailers Use Surveillance Pricing20 Leaders Who Built the CISO Era: 2 Decades of ChangeFoxconn Ransomware Attack Shows Nothing Is Safe ForeverCanvas Owner Reaches ‘Agreement’ With Hackers to Secure Stolen Data…Congress Investigates Canvas Breach as Company Pays RansomŠKoda Warns of Customer Data Breach After Online Shop HackFleetWave Outage Takes Another Turn. Chevin Confirms Crooks Accessed Customer DataWest Pharmaceutical Warns of Ransomware Attack Impacting Business OperationsAttackers Combine ClickFix With PySoxy Proxying to Maintain PersistenceMini Shai-Hulud Hits TanStack npm PackagesRubyGems Suspends New Signups After Hundreds of Malicious Packages Are UploadedNew Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code ExecutionFortinet Warns of Critical RCE Flaws in FortiSandbox and FortiAuthenticatorSAP Fixes Critical Vulnerabilities in Commerce Cloud and S/4HANAMicrosoft Releases Windows 10 KB5087544 Extended Security UpdateKrebs: Patch Tuesday, May 2026 Edition
5/11/2026 May 11, 2026May 11, 2026 ~ The Cyber Beat ~ Leave a comment Trump’s Complaints About Iran War Leaks Prompt Aggressive DOJ InvestigationsThe U.A.E. Has Been Secretly Carrying Out Attacks on IranUK Water Company Allowed Hackers to Lurk Undetected for Nearly Two Years, Regulator FindsU.S.: FCC Relaxes Foreign-Made Router Ban to Allow for Security UpdatesGoogle Says Criminals Used AI-Built Zero-Day in Planned Mass Hack Spree…Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass ExploitationBritain’s Bank Regulator Expects ‘Quite Significant Disruption’ From Latest AI ModelsI Asked ChatGPT to Manage a Stock Portfolio. Here’s How It Did.Cyber-Crime Increasingly Coming With Threats of Physical ViolenceTexas Sues Netflix Over Alleged Data Practices That Create ‘Surveillance Machinery’ Without User ConsentTeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain AttackBWH Hotels Guests Warned After Reservation Data Checks Out With CybercrooksA Million Baby Monitors and Security Cameras Were Easily Viewable by HackersEducation Tech Giant Instructure Confirms Hackers Used Canvas Flaw to Deface PortalsTrickMo Variant Routes Android Trojan Traffic Through TONNew GhostLock Tool Abuses Windows API to Block File AccesscPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager BackdoorRushed Patches Follow Broken Embargo on New Linux Kernel VulnerabilitiesAnthropic’s Bug-Hunting Mythos Was Greatest Marketing Stunt Ever, Says cURL CreatorTech & Security Controls Can’t Stop These Threats — Only Your People Can
5/8-10/2026 May 10, 2026May 10, 2026 ~ The Cyber Beat ~ Leave a comment Pro-Ukraine BO Team and Head Mare Hackers Appear to Team Up in Attacks Against RussiaOperation Epic Fury Exposes Security Detection Gaps in Oil and Gas SectorKrebs: Canvas Breach Disrupts Schools & Colleges Nationwide…The Canvas Hack Is a New Kind of Ransomware Debacle…Disrupts Final ExamsMeet Rassvet, Russia’s Answer to StarlinkWorm Rubs Out Competitor’s Malware, Then Takes ControlFormer Gov’t Contractor Convicted for Wiping Dozens of Federal DatabasesKingdom Market Administrator Given 16-Year SentencePolice Shut Down Reboot of Crimenetwork Marketplace, Arrest AdminMeta U-Turns on Encryption Push for Instagram as DMs Go PlaintextGM to Pay Over $12 Million in California Privacy Settlement Involving Driver DataHas CISA Finally Found Its New Leader in Tom Parker?JD Vance Holds AI Wake-Up Call With Tech CEOs After Hacking Powers UnleashedHow the Story of a USB Penetration Test Went ViralAWS Data Center Outage Hits Trading on Fanduel, Coinbase — Recovery to Take HoursZara Data Breach Exposed Personal Information of 197,000 PeopleNVIDIA Confirms GeForce NOW Data Breach Affecting Armenian UsersNew Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH CredentialsTCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook WormsJDownloader Site Hacked to Replace Installers with Python RAT MalwareHackers Abuse Google Ads, Claude.ai Chats to Push Mac MalwareFake OpenAI Repository on Hugging Face Pushes Infostealer MalwareFake Call History Apps Stole Payments From Users After 7.3 Million Play Store DownloadsDirty Frag Vulnerability Made Public Early: Root Privilege on All DistributionsLinux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major DistributionsOllama Out-of-Bounds Read Vulnerability Allows Remote Process Memory LeakcPanel, WHM Release Fixes for Three New Vulnerabilities — Patch NowCISA Gives Feds Four Days to Patch Ivanti Flaw Exploited as Zero-Day
5/7/2026 May 7, 2026May 7, 2026 ~ The Cyber Beat ~ Leave a comment Polish Intelligence Warns Hackers Attacked Water Treatment Control SystemsOpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns DragosThousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open WebCline Kanban Flaw Lets Websites Hijack AI Coding AgentsAnthropic Response to 1-Click Pwn: Shouldn’t Have Clicked ‘Ok’You Can Disable Gemini in Chrome if It’s Freaking You OutEU Countries, Lawmakers Clinch Provisional Deal on Watered-Down AI RulesA Hacker Ran Me Over With a Robot Lawn MowerLegacy Security Tools Are Failing Data Protection, Capital One Software Report FindsFake IT Workers Rented Laptops to Nork Scammers, Got Prison Time$250M Crypto-Robbing Gang’s Dirty Work Guy Sentenced to 6.5 Years Behind BarsNorth Carolina Man Pleads Guilty to Doxxing Supreme Court JusticesHackers Deface Canvas School Login Pages After Claiming Another Instructure HackMassive Cyber Attack Hits Entire San Diego Community College DistrictAustralia Warns of ClickFix Attacks Pushing Vidar Stealer MalwareResearchers Spot Uptick in Use of Vercel for Phishing CampaignsFake Claude AI Site Drops Beagle Backdoor on Windows UsersPyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and LinuxPCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud SystemsPAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage…Palo Alto Networks Firewall Zero-Day Exploited for Nearly a MonthIvanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level AccessArgentina to Expel Russian Citizen Suspected of Running Disinformation Network in Latin America
5/6/2026 May 6, 2026May 6, 2026 ~ The Cyber Beat ~ Leave a comment Iran-Linked APT MuddyWater Posed as Chaos Ransomware Member in Espionage CampaignEU Plan to Phase Out Chinese Tech Could Cost Bloc Over $400 Billion, Chinese Study SaysSecurity Cameras Are Failing Spectacularly at Common SenseHackers Hate AI Slop Even More Than You DoOne in Eight Workers Has Sold Their Corporate LoginsCISA Urges Critical Infrastructure Providers to Make Plans to Remain Operational if hit by Cyber-AttackGoogle’s Android Apps Get Public Verification to Stop Supply Chain AttacksDAEMON Tools Devs Confirm Breach, Release Malware-Free VersionNew Stealthy Quasar Linux Malware Targets Software DevelopersMirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS AttacksHackers Abuse Google Ads for GoDaddy ManageWP Login PhishingPalo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code ExecutionCritical vm2 Sandbox Bug Lets Attackers Execute Code on HostsNew Cisco DoS Flaw Requires Manual Reboot to Revive Devices
5/5/2026 May 5, 2026May 5, 2026 ~ The Cyber Beat ~ Leave a comment China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across RegionsNorth Korean APT ScarCruft Targets Yanbian Gamers via Trojanized PlatformSmall Defense Firms Lack Network Data to Stop Nation-State Hackers, Analyst SaysStates Concerned Over Access to Frontier AI Model PilotsAI Adoption Outpaces Safety Policies, Leaving Organizations Exposed to Cyber RiskResearchers Gaslit Claude Into Giving Instructions to Build ExplosivesStudent Hacked Taiwan High-Speed Rail to Trigger Emergency BrakesKarakurt Extortion Gang ‘Cold Case’ Negotiator Gets 8.5 Years in PrisonRomance Scammers Turn Sweet Talk Into £102M PaydayFTC to Ban Data Broker Kochava From Selling Americans’ Location DataAustralia Launches Cyber Review Board Modeled on Version Disbanded in U.S.Real Estate Giant Cushman & Wakefield Confirms Vishing Incident as ShinyHunters and Qilin Both Come KnockingShinyHunters Claims Dump Puts 119K Vimeo Emails in the WildInstructure Hacker Claims Data Theft From 8,800 Schools, UniversitiesMicrosoft Flags Mass Phishing Campaign Using Fake Compliance EmailsCloudZ Malware Abuses Microsoft Phone Link to Steal SMS and OTPsDAEMON Tools Supply Chain Attack Compromises Official Installers with MalwareMetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution AttacksCritical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCEGoogle Now Offers up to $1.5 Million for Some Android ExploitsGerman Officials Advance Legislation That Would Expand Law Enforcement Use of Surveillance Technology
5/4/2026 May 4, 2026May 4, 2026 ~ The Cyber Beat ~ Leave a comment Itron Hackers Accessed Critical Infrastructure OperatorsSilver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and RussiaIf the Vote You Rocked, Your Personal Info Can Be GrokkedEU Recommends Member States to Not Use Huwaei, ZTE in Connectivity InfrastructureWhite House Considers Vetting AI Models Before They Are ReleasedChatGPT Wrestles With Its Most Chilling Conversation: How Do I Plan an Attack?You Have No Idea How Much You Still Use BlackBerryDHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE PostsForbes Preliminarily Agrees to Pay $10 Million to Settle California Wiretapping LawsuitRansomware Group Claims Breach of Pro-Orbán Hungarian Media FirmInstructure Confirms Data Breach, ShinyHunters Claims AttackHanover County Schools Confirms Data Breach IncidentPhishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM ToolsAmazon SES Increasingly Abused in Phishing to Evade DetectionBackdoored PyTorch Lightning Package Drops Credential StealerWeaver E-Cology Critical Bug Exploited in Attacks Since MarchProgress Patches Critical MOVEit Automation Bug Enabling Authentication BypassCISA Says ‘Copy Fail’ Flaw Now Exploited to Root Linux SystemsKids Say They Can Beat Age Checks by Drawing on a Fake Mustache
5/1-3/2026 May 3, 2026May 3, 2026 ~ The Cyber Beat ~ Leave a comment Ubuntu Infrastructure Has Been Down for More Than a Day…Ubuntu Services Hit by Outages After DDoS Attack…Pro-Iran Crew turns DDoS into Shakedown as Ubuntu.com Stays DownCyber Spies Target Russian Aviation Firms to Steal Satellite and GPS DataU.S. Officials Weigh Cutting Deadlines to Fix Digital Flaws Amid Worries Over AI-Powered Hacking, Sources SayBritish Cyber Agency Warns of Looming ‘Patch Wave’ as AI Speeds Flaw DiscoveryBrace for the Patch Tsunami: AI Is Unearthing Decades of Buried Code DebtGPT-5.5 Matches Heavily Hyped Mythos Preview in New Cybersecurity TestsSenate Judiciary Advances Bill That Would Bar Minors From Interacting With AI CompanionsSecurity Strategies Shift Focus to Cyber InsuranceTwo Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware AttacksDisneyland Now Uses Face Recognition on VisitorsEdu Tech Firm Instructure Discloses Cyber Incident, Probes ImpactTrellix Confirms Source Code Breach With Unauthorized Repository AccessCritrical cPanel Flaw Mass-Exploited in “Sorry” Ransomware AttacksCity of Ardmore (OK) Issues Alert After Ransomware AttackRansomware Attack Cripples Adams County (MS) Systems, Officials Say30,000 Facebook Accounts Hacked via Google AppSheet Phishing CampaignTelegram Mini Apps Abused for Crypto Scams, Android Malware DeliveryConsentFix v3 Attacks Target Azure with Automated OAuth AbuseCybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion AttacksCISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEVMicrosoft Fixes Remote Desktop Warnings Displaying IncorrectlyMicrosoft Defender Wrongly Flags DigiCert Certs as Trojan:Win32/Cerdigent.A!dha
4/30/2026 April 30, 2026April 30, 2026 ~ The Cyber Beat ~ Leave a comment Trump Signs Bill to Fund DHS After Lengthy Shutdown Over ICE OperationsTrump’s Cyber Ambassador Nominee Advances to Full Senate VoteFBI Cyber Boss: China’s Hacker-For-Hire Ecosystem ‘Out of Control’New Bluekit Phishing Service Includes an AI Assistant, 40 TemplatesBot Her Emails: Most Modern Phishing Campaigns Are AI-Enabled‘It Took Nine Seconds’: Claude AI Agent Deletes Company’s Entire Database, Then ApologisesOpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk AccountsHow Mythos Could Upend the Economics of HackingFBI Links Cybercriminals to Sharp Surge in Cargo Theft AttacksRomanian Leader of Online Swatting Ring Gets 4 Years in PrisonFrance Investigates 15-Year-Old Over Alleged Hack of National ID AgencyZambia Cancels Global Digital Freedoms Conference Days Before StartCongress Punts FISA Renewal to JuneKrebs: Anti-DDoS Firm Huge Networks Heaped Attacks on Brazilian ISPsMoldova’s Health Insurance Agency Reports Possible Data Leak After CyberattackStelia North America Hacked in Ransomware AttackDental Practice Software Maker Practice by Numbers Fixes Bug That Exposed Patients’ Medical RecordsSandhills (SC) Medical Data Breach May Have Exposed Info of 78,000+90,000 Screenshots of One Celebrity’s Phone Were Exposed OnlinePyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal CredentialsNew Python Backdoor Uses Tunneling Service to Steal Browser and Cloud CredentialsEtherRAT Distribution Spoofing Administrative Tools via GitHub FacadesCritical cPanel and WHM Bug Exploited as a Zero-Day, PoC Now AvailableNew Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major DistributionsGoogle Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
4/29/2026 April 30, 2026April 30, 2026 ~ The Cyber Beat ~ Leave a comment New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATsU.S., China Partner on Scam Center Takedown in DubaiSwiss Police Arrest 10 Suspected Members of Nigeria-Linked Crime Group Black AxeEuropean Police Dismantles €50 Million Crypto Investment Fraud RingEuropean Commission Accuses Meta of Breaching Child Safety RulesMicrosoft Says Backend Change Broke Teams Free Chat and CallsHouse Approves Spy Program on Second Attempt, Senate Fate Murky‘New Einstein’ Vows to Find ‘Source Code of Universe’ and Change Everything; Rejects Bezos Job OfferParsing Agentic Offensive Security’s Existential ThreatMedtronic Confirms Data Breach After ShinyHunters ClaimsPine Bluff Schools (AR) Lose $3.2M in Cyberattack ScamPopular WordPress Redirect Plugin Hid Dormant Backdoor for YearsHackers Exploit RCE Flaws in Qinglong Task Scheduler for CryptominingMalicious npm Dependency Linked to AI Assisted Commit Targets Crypto WalletsSAP-Related npm Packages Compromised in Credential-Stealing Supply Chain AttackCursor Extension Flaw Exposes Developer API KeysCritical cPanel Authentication Vulnerability Identified — Update Your Server ImmediatelyCISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
4/28/2026 April 29, 2026April 29, 2026 ~ The Cyber Beat ~ Leave a comment China-Linked Hackers Led Phishing Campaigns Targeting Journalists and Activists, Researchers SayNorth Korean BlueNoroff Hackers Target Crypto Firms with ClickFix and AI-Made Zoom LuresCyber Command, NSA Chief Warns Foreign Adversaries Likely to Target MidtermsThe Simple Security Flaws That Exposed Trump to Another GunmanAttack of the Killer Script KiddiesAfter Mythos, Nobody Is Safe From Cybersecurity ThreatsThe Race Is on to Keep AI Agents From Running Wild With Your Credit CardsEU Countries, Lawmakers Fail to Reach Deal on Watered-Down AI RulesWhy Sharing a Screenshot Can Get You Jailed in the UAEUkrainian Police Detain Hackers Suspected of Stealing Thousands of Roblox Accounts for ResaleU.S. Reportedly Charges Scattered Spider Hacker Arrested in FinlandRansomware Turf War as 0APT and KryBit Groups Trade BlowsVidar Rises to Top of Chaotic Infostealer MarketNo Metrics Are Better Than Bad Metrics in the SOC, Says NCSCElectricity Is a Growing Area of Cyber-RiskHave I Been Pwned Claims Pitney Bowes Hit by 8.2m Email Address LeakCheckmarx Confirms LAPSUS$ Hackers Leaked its Stolen GitHub DataVideo Service Vimeo Confirms Anodot Breach Exposed User DataAmeriprise Data Breach Hits 48,000 CustomersRobinhood Account Creation Flaw Abused to Send Phishing EmailsBrazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer CampaignVECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXiHackers are Exploiting a Critical LiteLLM Pre-Auth SQLi FlawCritical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCEResearchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git PushMicrosoft Confirms Active Exploitation of Windows Shell CVE-2026-32202Microsoft Patches Entra ID Role Flaw That Enabled Service Principal TakeoverMicrosoft to Deprecate Legacy TLS in Exchange Online Starting JulyMicrosoft: New Remote Desktop Warnings May Display Incorrectly
4/27/2026 April 27, 2026April 27, 2026 ~ The Cyber Beat ~ Leave a comment Cole Allen Charged With Attempting to Assassinate TrumpAlleged Silk Typhoon Hacker Extradited to U.S. for CyberespionageMoney Launderer Linked to $230M Crypto Heist Gets 70 Months in PrisonFTC: Americans Lost Over $2.1 Billion to Social Media Scams in 2025Tennessee Becomes Second State to Ban Cryptocurrency ATMs Over Scam ConcernsMythos Changed the Math on Vulnerability Discovery. Most Teams Aren’t Ready for the Remediation SideMost Cybersecurity Professionals Feel Undervalued and Underpaid…Nearly Half of Cybersecurity Pros Want to Quit – Here’s WhyMedtronic Says Cyberattack on IT Network Has Not Disrupted OperationsHome Security Giant ADT Data Breach Affects 5.5 Million PeopleCheckmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 AttackPhantomCore Exploits TrueConf Vulnerabilities to Breach Russian NetworksFake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto FraudPyPi Package With 1.1m Monthly Downloads Hacked to Push InfostealerResearchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 MalwareDisinformation Campaign Targeted Tibetan Parliament-In-Exile Elections
4/24-26/2026 April 26, 2026April 26, 2026 ~ The Cyber Beat ~ Leave a comment Trump Faces Unprecedented Third Assassination Attempt…Officials Identify Suspect in White House Correspondents’ Dinner…Washington Hotel Shooting Raises Questions About Trump SecurityIran’s Cyber Threat May Be Less ‘Shock and Awe’ Than ‘Low and Slow,’ Officials SayNASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense SoftwareGerman Government Suspects Russia of Signal Attack Targeting PoliticiansRogue Ransomware Negotiator Rattles Trust in Outside Data-Breach RespondersToronto Police Arrest Three in Canada’s First Mobile Sms Blaster CaseNorway’s Prime Minister Proposes Ban on Social Media Access for Young TeensMicrosoft to Roll Out Entra Passkeys on Windows in Late AprilPentagon Grapples With Securing AI as It Moves Toward Autonomous WarfareAmerican Utility Firm Itron Discloses Breach of Internal IT NetworkShinyHunters Claim They Have Cruise Giant Carnival’s Booty as 7.5m Emails SurfaceADT Confirms Data Breach After ShinyHunters Leak ThreatNew BlackFile Extortion Group Linked to Surge of Vishing AttacksCity of Suffolk (VA) Victim of Cybersecurity AttackTropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering SoftwareOver 10,000 Zimbra Servers Vulnerable to Ongoing XSS AttacksNew ‘Pack2TheRoot’ Flaw Gives Hackers Root Linux AccessLMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of DisclosureCISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
4/23/2026 April 23, 2026April 23, 2026 ~ The Cyber Beat ~ Leave a comment CISA: U.S. Agency Breached Through Cisco Vulnerability, FIRESTARTER Backdoor Allowed Access Through MarchChina-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go BackdoorsUK Warns of Chinese Hackers Using Proxy Networks to Evade DetectionUNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW MalwareDev Targeted by Sophisticated Job Scam: ‘I Let My Guard Down, and Ran the Freaking Code’Anthropic’s Mythos Breach Was Humiliating‘Zealot’ Shows What AI’s Capable of in Staged Cloud AttackGoogle Favors General-Purpose Gemini Models Over Cybersecurity‑Specific AIUK Regulator Closes Loophole That Allowed Rogue Companies to Track Phone Users’ LocationSurveillance Companies Exploiting Telecom System to Spy on Targets’ Locations, Research ShowsAge Checks Could Turn Internet Into an ID Checkpoint, Complains Proton CEOCosmetics Giant Rituals Discloses Data Breach Affecting CustomersMedical Data of 500,000 Britons Put Up for Sale on Chinese WebsiteVercel Finds More Compromised Accounts in Context.ai-Linked BreachBitwarden CLI Compromised in Ongoing Checkmarx Supply Chain CampaignTrigona Ransomware Attacks Use Custom Exfiltration Tool to Steal DataIn a First, Ransomware Family Kyber Is Confirmed to Be Quantum-SafeHackers Exploit File Upload Bug in Breeze Cache WordPress PluginCISA Orders Feds to Patch BlueHammer Flaw Exploited as Zero-DayTrump’s Pick for CISA Director Withdraws From ConsiderationU.S. Sanctions Cambodian Senator for Millions Earned Through Scam CompoundsHouse Republicans Unveil Data Privacy Law That Would Override State Protections