The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th)

[This is a Guest Diary by Adam Nason, an ISC intern as part of the SANS.edu BACS program] 

Leak confirms OpenAI is testing a ChatGPT for Science subscription

OpenAI appears to be testing a new subscription and experience for science use cases, but it's unclear if it'll be available to everyone regardless of their background. [...]

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments

An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress…

Hostile states behind three-quarters of attacks on Britain's critical infrastructure, cyber chief warns

NCSC CEO Richard Horne warned that “kinetic targeting in any conflict tomorrow will be based on intelligence gathered today” and that nation-state adversaries were “prepositioning” throughout British critical infrastructure.

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development

Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a…

EU grants Ukraine access to cybersecurity reserve for major attacks

As Kyiv takes steps toward formal accession to the EU, the bloc is integrating Ukraine with its pool of pre-approved cybersecurity incident response companies.

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline

A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and…

DragonForce Hid Inside Microsoft Teams and Nobody Noticed for Two Months

DragonForce hid for months by routing malware traffic through Microsoft Teams infrastructure, masking C2 activity and evading network detection. DragonForce ransomware operators hit a major U.S. services firm and stayed hidden for one to two months by routing…

Low-skilled attacker used Claude, Codex to breach 14 companies

Researchers have long warned that AI agents could lower the skill floor for offensive cyber operations, and a recent report by OALABS (Open Analysis) researchers bears that out. After recovering and analyzing over 1,000 agent sessions from a compromised…

U.S. CISA adds Widget Factory Joomla Content Editor flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Widget Factory Joomla Content Editor (JCE) flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Widget Factory Joomla…

FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.

A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. [...]

North Korean Hiring Fraud Runs on AI and US Laptop Farms

Nisos infiltrated a North Korean IT-worker fraud cell running on AI interviews and a US laptop farm

Another healthcare firm attacked days after Novo Nordisk breach

Medical technology company iRhythm Holdings disclosed a cyberattack involving certain third-party-hosted business applications that resulted in the theft of patient protected health information, proprietary data, and other personal data. The company…

Webinar Today: How Modern Breaches Bypass MFA and Evade Detection

Attendees will learn how attackers evade conventional detection methods, why legacy MFA alone is no longer sufficient, and how organizations can strengthen their defenses. The post Webinar Today: How Modern Breaches Bypass MFA and Evade Detection appeared…

WitnessAI Agentic Control secures AI agents, tools, and MCP server access

WitnessAI has announced extended agentic security capabilities that govern how AI agents interact with enterprise systems, tools, and Model Context Protocol (MCP) servers. With the launch of Agentic Control, enterprises have greater visibility and control…

Why Account Takeovers Are Rising and How to Stop Them

Account takeovers are rising as attackers bypass traditional defenses through phishing, session hijacking, and MFA fatigue. Specops Software explores how device trust and continuous verification help reduce account takeover risk. [...]

Serverless Phishing Kit on GitHub Targets Mexican Banks

GitBait phishing kit abuses GitHub Pages and the SheetBest API to steal Mexican banking credentials

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys. "Every plugin poses as an AI coding…

Tigera introduces unified control plane for Kubernetes-based AI agent security

Tigera has announced the general availability of Tigera Lynx, a unified control plane for Kubernetes-native AI agents. Lynx gives enterprises a single place to find every agent in their Kubernetes estate, tighten security posture, assign sandboxes, provide…

Rokarolla Android trojan targets banking and crypto users, enables device takeover

A newly discovered Android banking trojan, dubbed Rokarolla, targets 217 banking and cryptocurrency applications and can execute 137 commands on infected devices, according to researchers at Zimperium. Named after its command-and-control (C2) infrastructure,…

Sensitive Enterprise Data Uploads to AI Models Double in a Year

The rise of AI-assistants and applications in the enterprise has seen a 93% increase in employees attempting to upload sensitive data, bringing security challenges

Flip expands platform with digital identity, no-code apps, and AI automation

Flip has announced Frontline Identity and Flip Fusion, two new offerings that help organizations securely connect frontline employees to enterprise systems, applications and AI-powered workflows. Flip’s new products expand the platform beyond employee…

Corelight enhances Open NDR to detect AI-driven threats and unknown assets

Corelight has expanded its Open NDR platform to include native network performance monitoring and passive asset classification capabilities. The release adds asset visibility to its existing anomaly detection foundation, helping security teams defend against…

1Password Acquires Apono in Reported $250M-$300M Deal

Apono specializes in just-in-time access governance technology for humans, machines, and AI agents. The post 1Password Acquires Apono in Reported $250M-$300M Deal appeared first on SecurityWeek .

AI Threats and Alert Fatigue Challenge Cybersecurity Teams

Filigran survey at Infosecurity Europe 2026 reveals AI-powered attacks as the top concern, with false positives, alert fatigue and manual processes draining security teams

ArmorCode helps product manufacturers prepare for EU Cyber Resilience Act requirements

ArmorCode has announced new Cyber Resilience Act (CRA) capabilities within the ArmorCode Agentic AI Platform. The capabilities help manufacturers of products with digital elements (PDEs) prepare for the European Union’s cybersecurity regulation that will…

Legit Security brings agentic AI to AppSec remediation and risk reduction

Legit Security has launched new remediation agents that independently prioritize issues, generate fixes, open pull requests, and confirm results using context learned from each organization’s distinct codebase. As AI allows attackers to exploit…

Tenable One adds continuous security control validation to improve exposure prioritization

Tenable has announced extended continuous security control and validation capabilities within the Tenable One Exposure Management Platform. With security control visibility and evidence-based, contextualized insights, Tenable One confirms which cyber…

Tenet Security Emerges From Stealth With $6 Million Seed Funding

Tenet aims to detect and stop dangerous AI agentic behavior in real time. The post Tenet Security Emerges From Stealth With $6 Million Seed Funding appeared first on SecurityWeek .

New Rokarolla Android Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android malware targets 217 banking and crypto apps, steals credentials, blocks bank calls, intercepts SMS, and disables Play Protect. Zimperium’s zLabs researchers have published a detailed analysis of Rokarolla, a new Android banking trojan named…

Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

The attackers deployed a new Go-based backdoor that uses Microsoft Teams servers for command-and-control. The post Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack appeared first on SecurityWeek .

The Top 10 Attack Surface Exposures in 2026

Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like MongoBleed earlier this year, which let attackers pull credentials and session…

CISA orders feds to patch max severity Joomla plugin flaw by Friday

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild. [...]

EU Security Experts to Support Ukrainian Organizations in Case of Cyber-Attacks

Ukraine has been added to the EU Cybersecurity Reserve, which provides incident response services against large-scale incidents

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day

The public PoC code exploits a race condition in Microsoft Defender to spawn a command prompt with System privileges. The post Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day appeared first on SecurityWeek .

FulcrumSec Targets Novo Nordisk, Leaks Clinical and Research Data

FulcrumSec leaked data stolen from Novo Nordisk, claiming to have exfiltrated 1.3TB, including clinical records and AI research assets. On June 15, 2026, a data-theft extortion group calling itself FulcrumSec began leaking files from Novo Nordisk, the Danish…

Staffing Is Top SOC Challenge Even as AI Proliferates, Says SANS

SANS Institute study finds few SOCs have built AI into defined workflows, despite widespread adoption

144 Mastra npm Packages Compromised via Hijacked Contributor Account

As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack…

GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say

GitHub rejected two formal vulnerability reports identifying design flaws that researchers say are enabling variants of the Shai-Hulud supply-chain worm to infect and compromise hundreds of software packages and developer accounts worldwide.

Malicious JetBrains Marketplace plugins steal AI API keys from developers

At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. [...]

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving infrastructure. Palo Alto Networks Unit 42, which found and…

‘Dangerous’ AI Models Are Coming No Matter What

The US government crackdown on Anthropic’s Claude Fable 5 and Mythos 5 hides a glaring truth: AI models with advanced hacking capabilities will soon be the norm.

SprySOCKS Backdoor Expands From Linux to Windows

China-linked SprySOCKS backdoor gains stealthy Windows variants and 30-plus C2 commands

Chainguard, JPMorgan, BNY Team Up to Secure Open Source from AI Threats

Athena is a new an industry coalition to fix the vulnerabilities frontier AI models find before attackers can exploit them

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more…

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path…

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old…

Cybersecurity Experts Urge US to Lift Ban on Anthropic's Frontier AI Models

Access to two Anthropic large language models, Mythos 5 and Fable 5, has effectively been banned to any non-US nationals by the Trump administration

UK Government Finds 400+ Vulnerabilities in AI Hackathons

Government departments find hundreds of vulnerabilities after testing frontier models

The FCC Wants to Kill Burner Phones

Plus: AI bug hunting fuels Microsoft’s biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more.

U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals

Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether inside or…

Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing

Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans. The network is said to be behind the development and…

Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code

Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by…

Rethinking MDR as Attackers and Defenders Embrace AI

For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well…

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGraph is an open-source framework created by LangChain to build…

Grok Is Still Hosting Sexualized Deepfakes of Famous Women

A WIRED investigation found dozens of “nudified” deepfake images and videos on Grok's website, including nonconsensual depictions of celebrities and at least one prominent US politician.

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions…

Cybercriminals Use Fake AI Guides and Dev Tools to Spread AsyncRAT Malware

Fake AI guides hide a multi-stage chain that drops AsyncRAT, with signs of AI-assisted coding

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents…

Most Cybersecurity Teams Struggle to Find Time for Training on New Cyber Threats

Organizations are aware of the challenges that new technologies like AI bring: but cybersecurity staff struggle to make time for the required training during working hours

Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps

The new open-source project could serve as the basis for a future of apps with features as complex as Slack, Discord, or Google Docs—but with added protection against surveillance.

AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.

For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and…

New “Agentjacking” Attacks Could Hijack AI Coding Agents

Tenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary code

CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats

“Defenders cannot afford to take weeks to patch,” one Cybersecurity and Infrastructure Security Agency official warned on Wednesday.

Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE

A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is…

Who Runs the Ransomware Group ‘The Gentlemen?’

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by…

New Fable 5 Is a "Mythos-Class" LLM Available to All, Anthropic Announces

Anthropic unveils Claude Mythos 5 and Fable 5, a restricted-access frontier AI model and guardrailed version for everyone to use

A Record-Breaking Patch Tuesday for June 2026

Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned…

Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of You

Anthropic is releasing Claude Mythos 5 to trusted organizations and Claude Fable 5 to the public, a version it says can’t be used for cyberattacks.

AI Coding Adoption Hits 97% but Governance Lags Behind

Most dev teams use AI coding assistants but only 30% have full governance in place

OpenAI Unveils ChatGPT Account Security Controls

OpenAI brings Lockdown Mode and Active Sessions to ChatGPT to curb prompt injection data theft

Infosecurity Europe: Prompt Injection Remains Unsolved, OWASP Researcher Warns

At Infosecurity Europe 2026, OWASP’s Ariel Fogel warned that prompt injection remains an “unresolved problem” within generative AI architecture

Meta AI Bug Exposes Over 20,000 Instagram Accounts

Meta confirms an AI tool vulnerability led to unauthorized access to Instagram accounts after a failure in email verification during password reset

Crypto-Funded Chinese Peptide Labs Are Booming

Plus: Hackers use Meta’s AI bots to hack Instagram accounts, Anthropic helps NSA hackers, a decades-long GPS satellite mystery may have been solved, and more.

Infosecurity Europe: Practical Lessons From Lloyds' Agentic AI Security Playbook

Lloyds Banking Group shared its approach for securing agentic AI workflows, with a mix of hands on experimentation and cross functional governance

Infosecurity Europe: OWASP Introduces Agentic AI Security Maturity Framework

The OWASP agentic AI security framework helps organizations assess governance maturity vs adoption and adjust governance as needed

Infosecurity Europe: AI Coding Tools Need Built-In Security for Agentic Development Era

Ox Security field CTO, Boaz Barzel, makes the case for vibe security to tackle AI agent coding risks

Infosecurity Europe: AI Adoption Creates New Opportunities for Attackers to Distribute Malware, Microsoft Warns

Microsoft Detection and Response Team (DART) details how it has uncovered malicious AI applications as cyber criminals manipulate organizations adopting AI tools

Infosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New Benchmark

A Bugcrowd researcher has unveiled ExploitBench, an independent benchmark of AI models for vulnerability exploitation

Infosecurity Europe: How Proton Fights Against Cybercriminals Using Its Services

Proton uses machine learning models to detect abuse of its services – especially email addresses used by cybercriminals

xAI Asks Court to Strip Alleged Grok Deepfake Nudes Victims of Anonymity

Four people suing Elon Musk's AI firm under pseudonyms due to the risks of being identified may face a difficult choice: Reveal your real names, or drop the lawsuit.

Infosecurity Europe: Vulnerability Management Innovator Konvu Wins Cyber Startup Award

Inaugural Infosecurity Europe Cyber Startup Award Winner Impresses Panel with Ability Help Prioritize Vulnerabilities in AI era

Trump Signs Order Inviting Voluntary Review of Frontier AI Models

Trump's executive order invites voluntary pre-release review of frontier AI models

Anthropic Expands Mythos Access to 150 More Organizations

Anthropic widens Project Glasswing access to 150 more firms as patching becomes the bottleneck

Infosecurity Europe: Patch Responsibility Remains Up for Grabs as AI Unearths Decades of Flaws

The emergence of AI models capable to autonomously find and fix vulnerabilities at scale is having a significant impact on patching management, experts say

Infosecurity Europe: AI-Powered Cybercrime Tools Surge on Dark Web

Halcyon’s Cynthia Kaiser lifts the lid on the dark web market for AI cybercrime tools

Infosecurity Europe: Cybersecurity Teams Which Don’t Leverage AI are "Doomed to Fail"

Humans still need to be part of cyber defense, but refusing to deploy AI is no longer optional against AI-enhanced cyber threats, warns Dataminr’s Joe Slowik

Infosecurity Europe: Bayer Reinvents Security Awareness Training to Counter AI Threats

Bayer’s security awareness training now focuses on psychological approaches rather than technical methods for detecting social engineering

Threat Actor Uses AI to Build EDR Evasion Tools

A threat actor used AI coding tools to build and test EDR evasion malware, Sophos finds

Infosecurity Europe: UK Firms Prioritize AI Threat Preparedness as Cyber Risks Evolve

UK organizations are prioritizing AI-driven cybersecurity as 43% cite AI-powered attacks as their top risk, prompting significant investment in advanced threat defense

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta's "AI…

Infosecurity Europe: AI SOCs Will Still Need SOC Analysts, Security Vendors Say

Top cybersecurity vendors said AI won't replace entry-level – only routine ticket-taking and triage

Attackers Abuse Shared Content for ChatGPT Phishing Campaign

Push Security says threat actors are delivering malware hosted on chatgpt.com/s/ domain

Infosecurity Europe: OWASP Forms New Agentic Research Council

OWASP’s new Agentic Research Council will aim to connect academic work to operational realities on agentic AI security

AI-Generated npm Malware Leaks Its Own GitHub Token

Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator

GCHQ Chief Urges Action as AI Reshapes Cyber Threats

GCHQ director urges urgent business cyber action as AI and quantum reshape the threat

All Major LLMs Exposed to Multi-Turn Manipulation, Warn Researchers

68% of UK Firms Plan to Increase Cyber Spending as AI Risks Rise

UK firms plan higher cyber spending as AI adoption raises security concerns

India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws

CERT-In urges 12-hour patching of exposed flaws as AI compresses exploitation timelines

Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks

Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two…

Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning

The infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency wallets

Three-Quarters of Firms Knowingly Ship Vulnerable Code

AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers

AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software

AI-powered vulnerability scanning leaves no excuse for unpatched bugs as the EU Cyber Resilience Act pushes firms toward secure-by-design software

Agentic AI Accelerates Software Builds and Mobile App Attacks

Digital.ai data reveals 87% of apps were attacked over the past year

NCSC Publishes Guidance on Securing Agentic AI Use

The UK’s National Cyber Security Centre is helping organizations to understand agentic AI security risks

Bank of England, FCA and Treasury Raise Alarm Over Frontier AI

The UK’s financial authorities have set expectations for the sector on cybersecurity and operational resilience

Most Organizations Now Use AI Agents for Sensitive Security Tasks

Semperis study finds 74% of organizations believe AI will increase attacks on identity infrastructure

ICO Publishes Five-Step Plan to Counter Emerging AI-Powered Attacks

The Information Commissioner’s Office has released new guidance on how to mitigate the risk of AI-powered attacks

Global Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain Risks

The G7 Cybersecurity Working Group releases new SBOM for AI guidance, outlining seven key data clusters to boost transparency and security across AI supply chains

UK Cybersecurity Market Expands to £14.7bn with Strong Growth in AI Security Firms

UK cybersecurity sector reaches £14.7bn in revenue, driven by rapid growth in AI security firms, increased investment and rising employment across the industry

Patch Tuesday, May 2026 Edition

Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of…

OpenAI Launches 'Daybreak' to Help Build Secure By Design Software

With Daybreak, OpenAI wants its frontier AI models to be used to deploy secure by design software from the ground up

Malicious Hugging Face Repository Typosquats OpenAI

HiddenLayer reveals infostealer malware in a Hugging Face repository

Fake Claude Code Page Pushes PowerShell Stealer at Devs

Ontinue uncovers fake Claude Code installer pushing PowerShell stealer abusing Chrome's IElevator2

Hackers Observed Using AI to Develop Zero-Day for the First Time

Google Threat Intelligence Group details how cybercriminals attempted to launch a campaign based around an AI-developed Zero-Day targeting open-source software

Legacy Security Tools Failing Data Protection, Capital One Software Report Finds

Traditional network security tools are undermining data protection, with Forrester and Capital One Software research warning AI adoption is impossible without rethinking data security

Cline Kanban Flaw Lets Websites Hijack AI Coding Agents

Oasis Security finds critical Cline kanban WebSocket flaw exposing AI coding agents to hijack

OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns Dragos

Commercial AI models were used to help plan and conduct cyber-attack against operational technology of a water and drainage facility, say researchers

Fake Claude AI Site Drops Beagle Backdoor on Windows Users

Sophos finds fake Claude site spreading DonutLoader and a new Beagle backdoor via DLL sideloading

AI Adoption Outpaces Safety Policies, Leaving Organizations Exposed to Cyber Risk

ISACA report warns that while AI has become the norm, many organizations are yet to formally apply safety or security policies around its use

OpenAI To Extend Cyber Program to Government Agencies

OpenAI announced its intention to expand the Trusted Access for Cyber program for cyber defenders at the federal, state and local government levels

Anthropic Rolls Out Claude Security for AI Vulnerability Scanning

Claude Security enters public beta, giving enterprises AI driven code scanning with no API integration or custom agents required

Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher

A researcher from offensive security firm Theori has found a nine-year-old flaw in the Linux kernel with the help of AI

Cyber is the Number One Global “People Risk,” Says Marsh

Marsh’s 2026 People Risks survey finds cyber‑related challenges dominate, as cyber‑threat literacy tops risks and cyber and AI skills shortages rise

Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets

Researchers uncover a malicious npm dependency linked to an AI‑assisted code commit that steals sensitive data and exposes crypto wallets

AI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP Warns

AI tools are not just creating new vulnerabilities, they are reviving old security failures, warned Jurgen Kutscher, VP of Mandiant Consulting

Google Favors General-Purpose Gemini Models Over Cybersecurity‑Specific AI

Google Cloud’s COO advocated for combining general-purpose frontier large language models with task-specific AI agents

Google Introduces Unique AI Agent Identities in New Gemini Enterprise Platform

Google Cloud will attribute a unique cryptographic ID every AI agent that will be tied to “traceable and auditable” authorization policies

Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents

Forcepoint has found 10 new indirect prompt injection attacks targeting AI agents

Defending Against China-Nexus Covert Networks of Compromised Devices

<div class="SCXW131754345 BCX8"> <div class="OutlineElement Ltr SCXW131754345 BCX8"> <h2><a class="c-button c-button--on-dark"…

Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms

Data exposure, operational disruption and financial losses among issues faced by businesses struggling with the rapid rise of AI agents, warns Cloud Security Alliance report

Commercial AI Models Show Rapid Gains in Vulnerability Research

AI models are making rapid gains in vulnerability research and exploit development, raising new cybersecurity risks, a Forescout study finds

OpenAI Unveils GPT-5.4-Cyber for Improving Cyber Defense With AI

OpenAI’s new frontier model focused on cybersecurity comes following Anthropic’s launch of Claude Mythos Preview and Project Glasswing

AI Companies to Play Bigger Role in CVE Program, Says CISA

At VulnCon, Lindsey Cerkovnik, head of vulnerability management at CISA, said AI companies should play a bigger role in vulnerability disclosures in the future

AI Security Institute Advocates Security Best Practices After Mythos Test

The AISI has issued its judgement on Anthropic’s Mythos Preview model

Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure

<h2><strong>Advisory at a Glance</strong></h2> <table> <tbody> <tr> <th>Title</th> <td>Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure</td> </tr> <tr> <th>Original Publication</th> <td>April 7,…

Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure

<h2><strong>Summary</strong></h2> <p><strong>Note:</strong> This joint Cybersecurity Advisory is being published as an addition to the Cybersecurity and Infrastructure Security Agency (CISA) May 6, 2025, joint fact sheet <a…

CISA Shares Lessons Learned from an Incident Response Engagement

<h2><strong>Advisory at a Glance</strong></h2> <table> <tbody> <tr> <td>Executive Summary</td> <td>CISA began incident response efforts at a U.S. federal civilian executive branch (FCEB) agency following the detection of potential malicious activity…

Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System

<h2><strong>Executive summary</strong></h2> <p>People’s Republic of China (PRC) state-sponsored cyber threat actors are targeting networks globally, including, but not limited to, telecommunications, government, transportation, lodging, and military…

Russian GRU Targeting Western Logistics Entities and Technology Companies

<h2><strong>Executive Summary</strong></h2> <p>This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination,…

Student Loan Breach Exposes 2.5M Records

2.5 million people were affected, in a breach that could spell more trouble down the line.

Watering Hole Attacks Push ScanBox Keylogger

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.