Anthropic tells G7 to cooperate Fortinet VPN leak exposes credentials Crypto Clipper abuses reviews, narrators, and comments Get the show notes here: https://cisoseries.com/cybersecurity-news-anthropic-tells-g7-to-cooperate-fortinet-vpn-leak-exposes-credentials-crypto-clipper-abuses-reviews/ Huge thanks to our sponsor, ThreatLocker Every security leader is being asked the same question right now:…
IT Security News Hourly Summary 2026-06-18 09h : 9 posts
9 posts were published in the last hour 7:4 : CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It 7:4 : Hackers Use Reporter Impersonation to Target C-Suite Executives in Social Engineering Attacks 6:34 : Alibaba…
CVE-2026-48907: How the Joomla JCE Exploit Works and What to Do About It
CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request. Here is how the attack works and how to check if your site was hit. CVE-2026-48907: How the Joomla JCE Exploit Works…
Hackers Use Reporter Impersonation to Target C-Suite Executives in Social Engineering Attacks
A recent engagement demonstrates how persuasive pretexts and careful reconnaissance let attackers bypass technical controls by exploiting human trust at the executive level. Rather than inventing a sophisticated exploit, testers impersonated a journalist reporting an anonymous tip about hazardous-waste disposal…
Alibaba Cloud Launches First French Region
Chinese cloud giant opens first data centres in Paris, with two availability zones, amid rising demand to keep data local This article has been indexed from Silicon UK Read the original article: Alibaba Cloud Launches First French Region
Malicious LNK Files Disguised as Job Resumes Target Corporate Employees
Malicious LNK files masquerading as job resumes are being used in targeted campaigns against corporate employees, combining social engineering with multi-stage malware delivery to achieve stealthy persistence and remote access. Attackers craft filenames that include company names and job titles…
Securing digital keys when your phone unlocks the car
In this interview with Help Net Security, Alysia Johnson, President of the Car Connectivity Consortium (CCC), explains how the CCC Digital Key has grown from a single-brand feature into a standard meant to work across phones, automakers, and suppliers. She…
Councils Trial AI To Speed Up Planning Applications
Dorset, Camden and Barnet councils begin trialling use of Google-developed AI tool to help with simpler application types This article has been indexed from Silicon UK Read the original article: Councils Trial AI To Speed Up Planning Applications
The UK Will Scan Asylum-Seekers’ Faces for Age Checks—Despite Knowing the Tech Is Flawed
Internal Home Office tests of age-verification technology show the risks of life-altering errors. It’s moving forward anyway. This article has been indexed from Security Latest Read the original article: The UK Will Scan Asylum-Seekers’ Faces for Age Checks—Despite Knowing the…
How security teams are getting credential visibility into developer endpoints
As we noted in our earlier analysis, attackers already know secrets are on your developers’ machines, the only question is whether security teams do. The supply chain attack calendar of 2026 has been relentless. Megalodon backdoored 5,500 GitHub repositories in…
Google’s open standard for AI agents to discover and verify tools
AI agents depend on tools, skills, and other agents spread across many teams, organizations, and platforms. These capabilities live in separate systems with their own registries, and an agent working in one environment has limited means to locate and connect…
Hackers Use AI-Generated YouTube Narrators to Promote Crypto Clipper Malware
A sophisticated social‑engineering campaign is leveraging AI‑generated YouTube narrators, ghost accounts across multiple platforms, and manipulated reputation signals to distribute a Rust‑based clipboard hijacker that steals cryptocurrency by replacing wallet addresses on victims’ clipboards. The operation centers on a WordPress…
What happens to oversight when AI agents write a lab’s own code
Inside the labs building frontier AI, a growing share of the coding gets done by the AI itself. These agents write, edit, and run software with light human oversight between steps, and they reach into production infrastructure, research pipelines, and…
CFGI – 248,235 breached accounts
In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters “pay-or-leak” extortion campaign. The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k unique email addresses, names, phone numbers…
Microsoft Confirms Defender RoguePlanet 0-Day Exploit and Working to Release Patch
Microsoft has officially acknowledged a critical zero-day vulnerability in Microsoft Defender, publicly dubbed “RoguePlanet,” and confirmed it is actively developing a security patch to address the flaw. Tracked as CVE-2026-50656, the vulnerability was formally published on June 16, 2026, by…
Homebrew tightens tap security, begins work on its interface
Anyone who installs software through a third-party Homebrew tap runs Ruby code written by people outside the project, and that code runs without a sandbox. That risk sits at the center of Homebrew 6.0.0. Tap trust Homebrew now requires a…
AWS Continuum brings AI models to code vulnerability management
AWS Continuum for code vulnerabilities, a system built to handle a vulnerability across its lifecycle, from discovery through to a fix, is now available in gated preview. It reasons over a customer’s environment, confirms which findings are real, and works…
Most agentic AI projects in production have stalled over data problems
Enterprises are connecting AI agents to live data feeds and putting them to work on tasks that once required human review, from IT operations to software development. The number doing this in production reached 32 percent in 2026, up from…
From package to postinstall payload: Inside the Mastra npm supply chain compromise
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend against supply chain attacks using Microsoft Defender and actionable threat intelligence. The post From package to postinstall payload: Inside the…
IT Security News Hourly Summary 2026-06-18 06h : 1 posts
1 posts were published in the last hour 3:31 : Protecting legacy OT systems against modern cyberthreats
Protecting legacy OT systems against modern cyberthreats
Many manufacturing plants depend on OT systems that stay in service for many years. That long run can hide significant cybersecurity risks. This article has been indexed from WeLiveSecurity Read the original article: Protecting legacy OT systems against modern cyberthreats
Threat Actors Abuse claude.ai Shared Chat for ClickFix Malvertising Campaign
Cybercriminals hijacked Google Ads searches for popular AI developer tools to funnel over 2,000 victims toward malicious download pages before quietly moving their operation onto claude.ai’s own platform, turning the trusted domain into a delivery mechanism for credential-stealing malware. This…
The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th)
[This is a Guest Diary by Adam Nason, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: The Behavior of Coordinated SSH Brute…
ISC Stormcast For Thursday, June 18th, 2026 https://isc.sans.edu/podcastdetail/9978, (Thu, Jun 18th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, June 18th, 2026…