AI Security Roundup

NSO Group Hacking WhatsApp Despite Court Order WhatsApp has caught the NSO Group phishing its users, in violation of a court order. Tags: courts , hacking , phishing , spyware , WhatsApp Posted on …

On June 9, Anthropic released Claude Fable 5 , the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by …

** The Hacker News ** Jun 10, 2026 Pentesting / Security Validation Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry …

Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the …

** Ravie Lakshmanan ** Jun 10, 2026 Vulnerability / Open Source A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) …

** Ravie Lakshmanan ** Jun 10, 2026 Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited …

** Ravie Lakshmanan ** Jun 10, 2026 Vulnerability / Patch Management Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in …

Cybersecurity researchers have warned of a “resurgence and expansion” of JDY , a covert network associated with China-nexus state-sponsored threat actors. “The JDY botnet comprises …

Microsoft June 2026 Patch Tuesday Published 2026-06-09. Last Updated 2026-06-09 17:34:29 UTC by Johannes Ullrich (Version: 1) 0 comment(s) Microsoft today released patches for 204 vulnerabilities. 38 …

ISC Stormcast For Wednesday, June 10th, 2026 <https://isc.sans.edu/podcastdetail/9966>

Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company’s monthly Patch …

GPS As a Key Distribution Platform This is interesting: > The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, …

Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce …

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST , needs no native code, no extension, …

University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, …

** Ravie Lakshmanan ** Jun 09, 2026 Vulnerability / Browser Security Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the …

** Ravie Lakshmanan ** Jun 09, 2026 Vulnerability / Cyber Espionage Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, …

** Ravie Lakshmanan ** Jun 09, 2026 Vulnerability / Backup Software Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote …

Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an …

** Ravie Lakshmanan ** Jun 09, 2026 Privacy / Artificial Intelligence Meta on Tuesday announced that it will use information shared by other businesses to personalize users’ feed and responses …

ISC Stormcast For Tuesday, June 9th, 2026 <https://isc.sans.edu/podcastdetail/9964>

I’ve been using the GnuWin32 CoreUtils for Windows for many years now (it gives you many *nix core commands on Windows). Microsoft has just released their coreutils version for Windows. You can …

ISC Stormcast For Friday, June 5th, 2026 <https://isc.sans.edu/podcastdetail/9960>

A few months ago, I wrote a diary about a payload that was embedded into a JPEG picture. It was a MSI-branded background[ 1 ]. Yesterday, I spotted another one! It seems that the technic is getting …

This diary continues the Internet Storm Center’s tracking of the TeamPCP supply chain campaign, first documented in the SANS white paper When the Security Scanner Became the Weapon and most …