🛡️ AI News Hunt

Live · Last updated: Jun 22, 2026, 4:41 AM UTC

AI News

AI Security

The Hacker News

Hackers are exploiting a recently patched security flaw, CVE-2026-4020, in the Gravity SMTP WordPress plugin, which is installed on approximately 100,000 sites. The vulnerability is a medium-severity information disclosure flaw that can expose sensitive data, including configuration data, API keys, secrets, and OAuth tokens.

The Hacker News

Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips. The exploit targets the SecureROM, which is burned into the silicon at manufacture and cannot be patched with a software update.

Cyber Attacks

Latest Breaches

Krebs on Security

A botnet called Popa, which has been active for four years, is linked to Android-based devices and has been used for various malicious activities. The Popa botnet is connected to NetNut, a "residential proxy" provider operated by Alarum Technologies Ltd, a publicly-traded Israeli firm listed on NASDAQ.

Krebs on Security

The Gentlemen is a ransomware group that has become the second most active by victim count, offering affiliates 90% of any ransom paid by victims. The group has attracted a talented pool of hackers through an aggressive recruitment strategy.

Krebs on Security

Microsoft released a record-breaking 200 security patches for its Windows operating systems and supported software as part of its June 2026 Patch Tuesday cycle. Nearly three dozen of these patches were rated "critical" and exploit code for at least three vulnerabilities is publicly available.

Krebs on Security

Authorities in the Netherlands have arrested 2 individuals, the co-owners of related Internet hosting companies, for operating IT infrastructure used by Russia. The arrests were related to the companies' involvement in cyberattacks, influence operations, and disinformation campaigns inside the European Union.

Ransomware & Malware

Vulnerabilities & CVEs

Cybersecurity Trends

CSO Online

Microsoft's latest Windows update has caused issues with OLE (Object Linking and Embedding) automations, resulting in some Microsoft Office applications failing to open when called by third-party applications. This issue is related to the June 9, 2026, KB5094 update.

Cloud & DevSecOps

AWS Security Blog

AWS security teams often struggle with time-consuming, manual processes that slow down investigations after a security event occurs in their environment. These manual processes involve recalling complex AWS Command Line Interface (AWS CLI) syntax for multiple services.

AWS Security Blog

AWS has introduced AWS Continuum, a security solution aimed at providing security at machine speed. The solution is designed to shift the operating model from collecting and querying telemetry to producing outcomes through reasoning and actions.

AWS Security Blog

Threat actors exploit dangling DNS records to redirect traffic to attacker-controlled resources through a tactic known as subdomain takeover. This can be mitigated using various AWS features and services.

AWS Security Blog

AWS has released a monthly digest post covering its latest security features, compliance updates, and resources. The post includes expert blog posts on topics such as AI security, network protection, and supply chain security.

Privacy & Surveillance

EFF

The Electronic Frontier Foundation (EFF) has joined over 60 groups in urging the UK to halt the use of face estimation technology at the border. The groups have written an open letter to the UK's Minister of State for Border Security and Asylum, Alex Norris, expressing concern about the Home Office's use of this technology.

EFF

The Electronic Frontier Foundation (EFF) and the Queer Arts Collective are partnering to create a digital space for Pride season, focusing on the intersection of digital justice and artistic expression. They are seeking submissions of creative works that explore digital liberation.

IT Industry

The Register

The European Commission has decided against making it a legal obligation for publishers to continue supporting and updating video games after they are no longer commercially viable. Instead, the Commission will support an industry-led code of conduct to address the issue.

Open Source & Dev Tools

GitHub Blog

GitHub employees can ask questions about their data in plain language using Qubot, an internal analytics agent powered by Copilot. Qubot was built to provide this functionality to GitHub employees.

Threat Intelligence

Unit 42

Palo Alto Networks' Unit 42 has published a threat brief on mitigating large-scale credential attacks, specifically focusing on recent campaigns targeting security vendors' devices. The brief provides guidance for preparing for and mitigating these types of attacks.

Unit 42

Attackers can move from access to exfiltration in 72 minutes. Modern SOC teams use AI-driven automation, threat hunting, MDR, and Managed XSIAM to address this speed gap.

NIST & Frameworks

Regulatory Compliance

Government & Policy

EFF

The Electronic Frontier Foundation (EFF) employee is leaving the organization after 26 years. The EFF has grown from a small group to a larger established organization during the employee's tenure.

EFF

Section 702 of the Foreign Intelligence Surveillance Act has expired, allowing US intelligence agencies to no longer collect communications from foreigners abroad without a warrant. This provision previously allowed for the routine collection of Americans' emails, messages, and calls.

Zero-Day Exploits

The Hacker News

Here is a 1-2 sentence factual summary for a tech audience: In 2026, the top 10 attack surface exposures include exposed admin panels and reused credentials from previous attacks. A vulnerability like MongoBleed, which allows attackers to pull credentials and session tokens without authentication, can put internet-facing systems at risk.

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw, CVE-2026-48907, to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation. The vulnerability, tracked as CVE-2026-48907, is a case of improper access control that could facilitate arbitrary PHP code execution.

Nation-State Attacks

Security Affairs

A massive data leak has exposed an Elasticsearch cluster containing 24 billion records, including stolen credentials from infostealers, Telegram channels, and breach collections. The exposed database, discovered on June 12th, holds over 8.3 terabytes of data.

Security Affairs

Microsoft Threat Intelligence has been tracking a clipboard-stealing malware campaign since February 2026 that targets cryptocurrency wallets. The malware, known as a clipper, monitors and manipulates the clipboard to steal data, including wallet seed phrases.

Dark Web & Underground

Infosecurity Magazine

A Filigran survey at Infosecurity Europe 2026 found that AI-powered attacks are the top concern for cybersecurity teams. The survey also highlighted false positives, alert fatigue, and manual processes as significant challenges for these teams.

AI/ML Security Research

The Hacker News

During employee onboarding, IT teams often share temporary "first-day" passwords via email or SMS, which can lead to security risks if not properly managed. These temporary passwords may also be reused across multiple accounts, increasing the potential for unauthorized access.

IoT & OT Security

The Hacker News

Cybersecurity researchers have identified a new attack called Agentjacking, which can trick AI coding agents into running arbitrary code on developer machines. The attack is triggered by a fake error report crafted using Sentry, an open-source error-tracking and performance-monitoring platform.

Quantum & Cryptography

Schneier on Security

Anthropic released its Fable generative AI model on June 9th. The US government subsequently classified Fable as a dangerous munition and used its export-control authority to prohibit its use.

Schneier on Security

A malware developer is embedding text about nuclear and biological weapons into their spyware in an attempt to deter automatic AI analysis. The spyware's _index.js payload contains a large JavaScript block comment with fake system instructions and policy-triggering text.

Schneier on Security

The US Office of Management and Budget (OMB) disclosed 3,611 active or planned use cases for AI across the federal government. This list represents the number of AI use cases as of a specific point in time, with no further details provided.

Schneier on Security

Police officers are using the Flock surveillance camera system in over a dozen cases to allegedly stalk people. This use of Flock is reportedly considered illegal.

Healthcare Security

Critical Infrastructure

SANS ISC

A malicious ZIP archive with the SHA256 hash a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094 contains a VHDX file that discloses a malicious JavaScript after being mounted. The VHDX file is automatically mounted on modern Windows OSs.

Security Tools & Research

Bug Bounty & Disclosure

Infosecurity Magazine

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive requiring federal agencies to prioritize patching based on real-world risk, rather than the Common Vulnerability Scoring System (CVSS) severity scores. This change aims to focus patching efforts on vulnerabilities that pose the greatest threat to agency systems.