Latest Cybersecurity News and Articles
30 June 2026
Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25.
The post Aflac Japan Data Breach Impacts 4.38 Million appeared first on SecurityWeek.
30 June 2026
Chris Thompson's journey took him from hacking game controls as a teenager to founding IBM’s X-Force Red team.
The post Hacker Conversations: Chris Thompson, Former Head of IBM X-Force Red, Co-Founder of RemoteThreat appeared first on SecurityWeek.
30 June 2026
The ruling was made in the case of a bank robber whose identity was discovered through a geofence warrant.
The post Supreme Court Rules Constitutional Privacy Protections Apply to Cellphone Users’ Location History appeared first on SecurityWeek.
30 June 2026
The FIFA World Cup 2026 opened on June 11. By that date, according to Check Point Research, the fraud infrastructure targeting it had already been built, staged, and partially deployed. Threat actor activity was pre-planned, months out, across three sectors and at least ten languages.
Check Point Exposure Management published the FIFA World Cup 2026 Cyber Threat Report this month, covering
30 June 2026
The critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product.
The post Exploitation of Recent Oracle E-Business Suite Vulnerability Begins appeared first on SecurityWeek.
30 June 2026
An unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer.
The intrusion involves the exploitation of CVE-2026-48558 (CVSS score: 10.0), a critical authentication bypass vulnerability impacting the OpenID Connect (OIDC) flow that an unauthenticated
30 June 2026
As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits.
The post The AI Token Costs That Can Break Cybersecurity appeared first on SecurityWeek.
30 June 2026
Two researchers have found six security flaws in AirDrop and Quick Share, the wireless features that beam files between nearby devices with no cables or shared network.
An attacker within wireless range, with just a laptop and no prior connection, can crash the sharing service on a Mac or iPhone set to receive from anyone, with no tap or prompt.
The same research found Quick Share flaws that
30 June 2026
Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed.
The post Nissan Employee Data Breached in Oracle PeopleSoft Hack appeared first on SecurityWeek.
30 June 2026
The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling.
The post Critical SimpleHelp Vulnerability Exploited for Malware Delivery appeared first on SecurityWeek.
30 June 2026
Convince an AI browser that it is playing a game, and it can hand over your login details. That is the finding behind BioShocking, a technique from security firm LayerX that tricked six AI browsers and assistants into copying a user's credentials and sending them to an attacker.
The targets included OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude browser extension.
An
30 June 2026
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API.
The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run LoadMaster with the API enabled, update now.
Progress published its advisory on June
30 June 2026
Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security.
The WebKit vulnerabilities are listed below -
CVE-2026-43707 - A memory corruption issue that could result in an
30 June 2026
Quantifind will accelerate international expansion and extend its platform’s localized risk intelligence capabilities.
The post Quantifind Raises $200 Million for AI-Native Risk Intelligence appeared first on SecurityWeek.
30 June 2026
CISA has published an advisory to inform organizations about three vulnerabilities found by a researcher in Daktronics controllers.
The post New Controller Flaws Expose Highway Signs and Billboards to Remote Hacking appeared first on SecurityWeek.
30 June 2026
A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber.
The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances.
"Easily exploitable vulnerability allows
29 June 2026
Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results.
Microsoft says Google removed it from the store after responsible disclosure. The extension was called "
29 June 2026
WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform.
The optional feature is designed to help users connect with someone on the service through usernames, as opposed to directly sharing their phone numbers. Username reservations will start rolling out starting today,
29 June 2026
An optional ‘username key’ adds another layer by requiring a secondary credential before someone can message users.
The post WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy appeared first on SecurityWeek.
29 June 2026
The China-aligned espionage group Mustang Panda is running two campaigns against the Indian government and hydropower targets, deploying new malware and turning a legitimate cloud service into its command channel.
Acronis Threat Research Unit found active compromises inside Indian government networks, including machines used by senior administrative staff, and worked with