ποΈ AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped Chrome 149 with patches for 429 security bugs, the most ever in a single release. Only the FFmpeg bugs were found by AI.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma selfreplicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, AzureSamples, Microsoft, and MicrosoftDocs, per OpenSourceMalware. The development has GitHub to disable access to those repositories. "Access to this.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A researcher has reverseengineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including alwayson smart TVs, into exit nodes that relay webscraping traffic for a data business Bright Data markets heavily to the AI industry. The company, the successor to Luminati, operates what it calls the largest residential proxy network in the world,.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a highseverity security flaw impacting SolarWinds ServU multiprotocol file server software to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE202628318 CVSS score 7.5, is a denialofservice DoS bug that causes the service to crash.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Recorded Future Pricing Guide 2026: Packages, Modules, and What Companies Actually Pay π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Discover what Recorded Future actually costs in 2026, packages, modules, API overages, and renewal traps every CISO should negotiate first. The post Recorded Future Pricing Guide 2026 Packages, Modules, and What Companies Actually Pay appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Recorded Future Pricing Guide 2026: Packages, Modules, and What Companies Actually Pay
Discover what Recorded Future actually costs in 2026, packages, modules, API overages, and renewal traps every CISO should negotiate first.
ποΈ New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection guarantees. Lockdown Mode is available to loggedin users across Free, Go, Plus, and Pro, and.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π’ The evolving role of the CISO and how it impacts channel partners π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The traditional IT sales cycle is being rewritten as CISOs emerge as the most important stakeholders for channel partners to align solutions with.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ChannelPro
The evolving role of the CISO and how it impacts channel partners
The traditional IT sales cycle is being rewritten as CISOs emerge as the most important stakeholders for channel partners to align solutions with
β€1π€1
π’ Why patching velocity matters as Claude Mythos supercharges vulnerability discovery π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Frontier AI models such as Claude Mythos and GPT5.5 make patching more urgent than ever. How can firms increase the velocity at which they apply fixes and mitigations?.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Why patching velocity matters as Claude Mythos supercharges vulnerability discovery
Frontier AI models such as Claude Mythos and GPT-5.5 make patching more urgent than ever. How can firms increase the velocity at which they apply fixes and mitigations?
π’ Developers urged to remain vigilant amid continued Miasma malware risks π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
The Miasma malware package uses legitimate OIDC tokens, making it indistinguishable from routine code updates.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
IT Pro
Developers urged to remain vigilant amid continued Miasma malware risks
The Miasma malware package uses legitimate OIDC tokens, making it indistinguishable from routine code updates
π¦Ώ Microsoft Reportedly Cuts Hundreds of Azure Jobs in China π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Microsoft reportedly cut 200 to 400 Azure jobs in China as US and Chinese data rules tighten around cloud operations. The post Microsoft Reportedly Cuts Hundreds of Azure Jobs in China appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Microsoft Reportedly Cuts Hundreds of Azure Jobs in China
Microsoft reportedly cut 200 to 400 Azure jobs in China as US and Chinese data rules tighten around cloud operations.
π¦Ώ Microsoftβs Record-Breaking Patch Tuesday Fixes Over 200 Security Flaws π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Microsofts June Patch Tuesday fixed about 200 CVEs, including public zerodays and Critical Windows flaws tied to patching pressure. The post Microsofts RecordBreaking Patch Tuesday Fixes Over 200 Security Flaws appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Microsoftβs Record-Breaking Patch Tuesday Fixes Over 200 Security Flaws
Microsoftβs June Patch Tuesday fixed about 200 CVEs, including public zero-days and Critical Windows flaws tied to patching pressure.
π¦Ώ Check Point Warning: Actively Exploited VPN Zero-Day Linked to Qilin Ransomware π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Check Point says VPN zeroday CVE202650751 was exploited by a Qilinlinked actor, prompting emergency hotfixes and a CISA patch deadline. The post Check Point Warning Actively Exploited VPN ZeroDay Linked to Qilin Ransomware appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Check Point Warning: Actively Exploited VPN Zero-Day Linked to Qilin Ransomware
Check Point says VPN zero-day CVE-2026-50751 was exploited by a Qilin-linked actor, prompting emergency hotfixes and a CISA patch deadline.
π¦Ώ Meta Instagram Recovery Flaw Exposed More Than 20,000 Accounts π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Meta says a bug in its AIassisted account recovery workflow likely let attackers reset passwords for more than 20,000 Instagram accounts. The post Meta Instagram Recovery Flaw Exposed More Than 20,000 Accounts appeared first on TechRepublic.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Meta Instagram Recovery Flaw Exposed More Than 20,000 Accounts
Meta says a bug in its AI-assisted account recovery workflow likely let attackers reset passwords for more than 20,000 Instagram accounts.
βοΈ Who Runs the Ransomware Group βThe Gentlemen?β βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator of The Gentlemen ransomware group.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Who Runs the Ransomware Group βThe Gentlemen?β
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paidβ¦
βοΈ A Record-Breaking Patch Tuesday for June 2026 βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and exploit code for at least three of the weaknesses is now publicly available.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
A Record-Breaking Patch Tuesday for June 2026
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft'sβ¦
ποΈ GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code using npm lifecycle hooks. "Npm install" is used to download and install all the necessary.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with Chinanexus statesponsored threat actors. "The JDY botnet comprises over 1,500 SOHO small office and home office and IoT devices and operates as a centrally controlled, highperformance scanner used to discover, fingerprint, and continuously map exposed services at scale," Lumen's.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It's tracked as CVE202625089 CVSS score 9.1. "An.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A highseverity unpatched security flaw in Langflow, an opensource lowcode platform to build artificial intelligence AI applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE20265027 CVSS score 8.8, a case of path traversal that could allow an attacker to write files to arbitrary locations. "The 'POST .π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities KEV catalog, following reports of active exploitation. The list of vulnerabilities is as follows CVE202620245 CVSS score 7.8 An improper encoding or escaping of output vulnerability in Cisco Catalyst SDWAN Manager that could allow an.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report looks stable. Leadership reads "stable" as "secure." It usually isn't. The work slows down. The risk does not. That gap is what a The Hacker News webinar with Picus Security sets out to close. Autumn.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity