Top Stories — Week of June 21, 2026
Hand-picked highlights across AI, cybersecurity, compliance, and IT — updated every week.
🤖 AI & ML
Google just redesigned the search box for the first time in 25 years — here’s why it matters more than you think.
Google has redesigned the search box for the first time in 25 years. The redesign was announced at the company's annual I/O developer conference.
VentureBeat → AI NewsRailway secures $100 million to challenge AWS with AI-native cloud infrastructure
Railway, a San Francisco-based cloud platform, has raised $100 million in a Series B funding round led by TQ Ventures with participation from FPV Ventures. This funding will be used to challenge legacy cloud infrastructure, particularly in the context of artificial intelligence applications.
VentureBeat → AI SecurityHackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
Hackers are exploiting a recently patched security flaw, CVE-2026-4020, in the Gravity SMTP WordPress plugin, which is installed on approximately 100,000 sites. The vulnerability is a medium-severity information disclosure flaw that can expose sensitive data, including configuration data, API keys, secrets, and OAuth tokens.
The Hacker News → AI SecurityUnpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips. The exploit targets the SecureROM, which is burned into the silicon at manufacture and cannot be patched with a software update.
The Hacker News →⚔️ Threats
AryStinger botnet infected thousands of D-Link routers worldwide
The AryStinger botnet has infected over 4,000 outdated routers worldwide, compromising them to be used as proxies for malicious traffic. The compromised routers are from D-Link.
BleepingComputer → Cyber AttacksNew Prinz Eugen ransomware prioritizes recent files for encryption
A new ransomware operation named 'Prinz Eugen' prioritizes recently modified files for encryption. It does not leave a ransom note on the system.
BleepingComputer → Ransomware & MalwareNY man charged after harassing college student with AI-generated nudes
A New York man has been charged with cyberstalking after allegedly sharing AI-generated nude images and fabricated racist messages to harass a Georgia college student. The harassment was carried out using fake social media profiles.
BleepingComputer → Ransomware & MalwareCISA warns Fortinet users to secure devices after FortiBleed leak
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned Fortinet users to secure their devices after a data leak exposed nearly 74,000 firewall and VPN credentials. The leak is referred to as "FortiBleed."
BleepingComputer →🔓 Breaches
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
A botnet called Popa, which has been active for four years, is linked to Android-based devices and has been used for various malicious activities. The Popa botnet is connected to NetNut, a "residential proxy" provider operated by Alarum Technologies Ltd, a publicly-traded Israeli firm listed on NASDAQ.
Krebs on Security → Latest BreachesWho Runs the Ransomware Group ‘The Gentlemen?’
The Gentlemen is a ransomware group that has become the second most active by victim count, offering affiliates 90% of any ransom paid by victims. The group has attracted a talented pool of hackers through an aggressive recruitment strategy.
Krebs on Security → Vulnerabilities & CVEsF5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
F5 has released security updates to address two critical security flaws in NGINX Open Source, specifically CVE-2026-42530 and another unspecified flaw, which could be exploited for remote code execution. The vulnerabilities affect NGINX Open Source systems.
The Hacker News → Vulnerabilities & CVEsOrphaned AI Agents: How to Find Hidden Access Risks Inside Your Network
A significant number of enterprises have orphaned AI agents, which are AI tools left running after their creator leaves the company, without proper authorization or oversight. These orphaned agents can interact with core intellectual property, posing potential security risks.
The Hacker News →📋 Compliance
French President Urges US to Share Cutting-Edge AI and Democracies to Cooperate on Regulation
French President Emmanuel Macron urged the world's wealthy democracies to work together on regulating advanced AI systems. He also urged the US to share cutting-edge AI.
SecurityWeek → NIST & FrameworksIn Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum
Apple has patched a Beats eavesdropping flaw. A GCP Config Connector flaw enables takeover.
SecurityWeek → Regulatory ComplianceAWS Unveils 'Continuum,' an AI-Powered Vulnerability Management Platform
AWS has unveiled 'Continuum,' an AI-powered vulnerability management platform that aims to help discover, prioritize, validate, and remediate code vulnerabilities. Continuum utilizes frontier AI models to achieve this goal.
Infosecurity Magazine → Regulatory ComplianceOperation Endgame Disrupts Malware Network Linked to Major Ransomware Gang
Operation Endgame has disrupted a malware network linked to the Evil Corp hackers, which was used to distribute the SocGholish malware. The operation resulted in the removal of SocGholish malware from approximately 15,000 sites.
Infosecurity Magazine →🏭 Industry
Chainguard, JPMorgan, BNY Team Up to Secure Open Source from AI Threats
Chainguard, JPMorgan, and BNY Mellon have teamed up to secure open source software from AI threats through a new industry coalition called Athena. Athena aims to address vulnerabilities in open source software that frontier AI models can exploit.
Infosecurity Magazine → Healthcare SecurityFBI Warns Courier Cash Pickups Are Driving Crypto Scams
The FBI has warned that courier cash pickups are being used in crypto investment scams to bypass traditional bank transfers. This method is allegedly being used to facilitate crypto scams.
Infosecurity Magazine → Critical InfrastructureISC Stormcast For Wednesday, June 17th, 2026 https://isc.sans.edu/podcastdetail/9976, (Wed, Jun 17th)
Unfortunately, the provided link does not contain any information about a specific news or incident. It appears to be a link to a podcast or a news summary from the SANS Internet Storm Center, but the content is not available in the provided snippet.
SANS ISC → Critical InfrastructureFrom a VHDX File to a Remcos RAT, (Tue, Jun 16th)
A malicious ZIP archive with the SHA256 hash a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094 contains a VHDX file that discloses a malicious JavaScript after being mounted. The VHDX file is automatically mounted on modern Windows OSs.
SANS ISC →🛠️ Tech & Tools
Accelerate security investigations with Kiro CLI
AWS security teams often struggle with time-consuming, manual processes that slow down investigations after a security event occurs in their environment. These manual processes involve recalling complex AWS Command Line Interface (AWS CLI) syntax for multiple services.
AWS Security Blog → Cloud & DevSecOpsSpring 2026 SOC 1 and 2 reports are now available in OSCAL format
Amazon Web Services (AWS) has released the Spring 2026 System and Organization Controls (SOC) 1 and 2 reports in both PDF and machine-readable OSCAL format. The reports cover 188 services over the 12-month period from April 1, 2025 to March 31, 2026.
AWS Security Blog → Security Tools & Research2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface
The 2026 World Cup is at risk of cyber attacks from ransomware groups, state-aligned actors, and other groups targeting critical infrastructure. These groups pose a threat to the event's security.
Unit 42 → Security Tools & ResearchOut of the Crypt: The Evolving Cyber Extortion Economy
Unit 42 has explored trends in data theft and extortion, outlining key strategies for organizations. The report focuses on the evolving cyber extortion economy as frontier AI models advance.
Unit 42 →