A critical exploit chain dubbed AutoJack that allows a single malicious web page to hijack Microsoft’s AutoGen Studio browsing agent and execute arbitrary code on the host machine without any user interaction beyond submitting a URL. AutoJack is a three-vulnerability…
5 People You Meet In Cybersecurity – David Shipley Interviews Amy Lee
In this special Cybersecurity Today weekend interview, host David Shipley speaks with Amy Yee about leadership, resilience, and the human side of cybersecurity. Amy shares her remarkable journey from electrical engineering and venture capital to becoming the inaugural Chief Digital…
IT Security News Hourly Summary 2026-06-20 06h : 2 posts
2 posts were published in the last hour 4:4 : Innovator Spotlight: Centrii 4:4 : Innovator Spotlight: Ensemble
Innovator Spotlight: Centrii
Innovators Spotlight: Turning OT Cyber Risk Into a Dollar Figure With Centrii If you spend your days drowning in dashboards that are screaming red, this one is for you. The… The post Innovator Spotlight: Centrii appeared first on Cyber Defense…
Innovator Spotlight: Ensemble
Ensemble: Building Cyber Resilience Into The Revenue Cycle If you work in healthcare, you already know the punchline. Margins are thin, data is sensitive, and everyone wants to move fast… The post Innovator Spotlight: Ensemble appeared first on Cyber Defense…
Threat Brief: Mitigating Large-Scale Credential Attacks
We provide guidance for preparing for and mitigating large-scale credential attacks, focusing on recent campaigns targeting security vendors’ devices. The post Threat Brief: Mitigating Large-Scale Credential Attacks appeared first on Unit 42. This article has been indexed from Unit 42…
Encryption, spyware, and now Mythos: History shows why cyber export control doesn’t work
For the last 30 years, stopping the flow of cybersecurity-related software has proven to be ineffective. It’s unclear why it would work now with Anthropic’s cybersecurity model Mythos. This article has been indexed from Security News | TechCrunch Read the…
Android 17 Is Live on Pixel, but Samsung and Other Android Users Still Have to Wait
Android 17 is rolling out to supported Pixel devices first, while non-Pixel users and IT teams face separate OEM timelines, beta programs, and app-testing considerations. The post Android 17 Is Live on Pixel, but Samsung and Other Android Users Still…
Analysis of Reported Credential Compromise of FortiGate Devices
What you need to know about “FortiBleed” This article has been indexed from PSIRT Blog Read the original article: Analysis of Reported Credential Compromise of FortiGate Devices
IT Security News Hourly Summary 2026-06-20 00h : 2 posts
2 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-06-19 21:33 : Friday Squid Blogging: Victims of Unregulated Squid Fishing
IT Security News Daily Summary 2026-06-19
126 posts were published in the last hour 21:33 : Friday Squid Blogging: Victims of Unregulated Squid Fishing 20:33 : The Department of Know: SearchLeak, Check Point zero-day, and pulling the plug on Fable 19:33 : What Are AI SOC…
Friday Squid Blogging: Victims of Unregulated Squid Fishing
Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog…
The Department of Know: SearchLeak, Check Point zero-day, and pulling the plug on Fable
This week’s Department of Know is hosted by Rich Stroffolino, with guests Arif Hameed, CISO, C&R Software; Adam Palmer, CISO, First Hawaiian Bank; Jon Collins, Field CTO, GigaOm; and Jack Leidecker, EVP, CSO, Gainsight. Huge thanks to our sponsor, ThreatLocker Every…
What Are AI SOC Agents? Use Cases, Architecture, and the Leading Vendors
The Alert Volume Problem That Created This Category The SANS 2025 Global SOC Survey found that 85% of SOCs trigger incident response primarily from endpoint alerts, while 42% admit to ingesting all data into their SIEM with no structured plan…
ShinyHunters targets Oracle PeopleSoft customers through critical zero-day
Oracle has issued a security alert to customers about a critical vulnerability affecting PeopleSoft environments after the notorious threat actor ShinyHunters claimed it used a previously unknown flaw to compromise over 100 entities. The vulnerability CVE-2026-35273 is in Oracle PeopleSoft…
AI-Powered Attacks Become Top Concern for Security Professionals, New Filigran Survey Reveals
AI-powered attacks are the biggest cybersecurity concern among security professionals. Forty-one percent identified AI-powered attacks at scale as their biggest security concern, nearly double the number citing supply chain risk (21%) or unknown threats (21%). AI-driven threats and what security…
Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips. That code is burned into the silicon at manufacture. No software update can reach it. Affected devices…
Testing Strategies for Web Development Code Generated by LLMs
Large Language Models (LLMs) can automate the development process by producing a substantial amount of web application code in just a few minutes. Nonetheless, it is important to bear in mind that these models are pattern-based and not deterministic. Work…
Meteor 3.0 Migration Helped Rocket.Chat Move Off End-of-Life Node.js Runtime
Meteor 3.0 helped Rocket.Chat move from Node.js 14 to Node.js 20, cutting runtime debt after Fibers removal and reducing supply-chain risk across federal users. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read…
CISA Adds LiteSpeed cPanel Plugin Vulnerability to KEV List Following Active Exploitation
CISA has added a critical LiteSpeed cPanel Plugin vulnerability, tracked as CVE-2026-54420, to its Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation in the wild. The flaw affects shared hosting environments and poses a significant risk to servers…
NSPM-12: The New Baseline for National Security Cybersecurity
National Security Presidential Memorandum 12 (NSPM-12), which was signed on June 12, 2026, creates a thorough national policy for National Security Systems (NSS) cybersecurity. Because it requires these highly targeted… The post NSPM-12: The New Baseline for National Security Cybersecurity…
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker’s web page, and that page’s JavaScript can reach a privileged local…
Nearly 15,000 infected websites cleaned in SocGholish crackdown
Thousands of everyday websites were cleaned as part of a global operation targeting the malware network behind fake browser update scams. This article has been indexed from Malwarebytes Read the original article: Nearly 15,000 infected websites cleaned in SocGholish crackdown
Researchers drop checkm8-style BootROM exploit for A12 and A13 iPhones
Owners of affected iPhones can stop checking for patches now: the fix for this SecureROM bug comes in a new handset This article has been indexed from www.theregister.com – Articles Read the original article: Researchers drop checkm8-style BootROM exploit for…