The security threat model shifted today: researchers documented the first ransomware operation run end-to-end by a large language model agent, while a separate extortion group collected $1 million fro
The day's security anchor is a Citizen Lab report confirming that a sitting MEP on the committee investigating commercial spyware was infected with Pegasus while that investigation was active. Simulta
A coordinated law enforcement and industry action took down one of the internet's largest residential proxy networks, while ransomware operators added another Citrix vulnerability to their toolkit. Th
The [FortiBleed credential-theft campaign](https://www.bleepingcomputer.com/news/security/fortibleed-credential-theft-campaign-linked-to-lynx-ransomware/) has been formally tied to two active ransomwa
The Cybersecurity and Infrastructure Security Agency (CISA) [confirmed Monday](https://www.bleepingcomputer.com/news/security/cisa-windows-bluehammer-flaw-now-exploited-by-ransomware-gangs/) that rans
A ransomware-as-a-service operation called **Gentlemen** is actively developing and distributing a suite of endpoint detection and response (EDR) killer tools to its affiliates, [according to Bleeping
The day's biggest headline was financial — SpaceX officially priced what's now the largest IPO on record — but the more urgent reading was on the security wire, where a single researcher published a s
CISA has added a critical Check Point Remote Access VPN vulnerability to its Known Exploited Vulnerabilities catalog and [ordered all U.S. federal agencies to patch within three days](https://www.blee
Check Point has disclosed and patched [CVE-2026-50751](https://thehackernews.com/2026/06/critical-check-point-vpn-flaw-exploited.html), a CVSS 9.3 authentication-bypass vulnerability in Remote Access
Microsoft Build 2026 and a Sony PlayStation showcase competed for headlines yesterday, but the sharpest signal came from security researchers watching AI migrate from productivity tool to attack infra
The same trust model that makes open-source package ecosystems productive has made them a reliable attack surface — and recently that surface expanded to include the AI/ML toolchain itself.