2026-06-19
The Citizen Lab
WhatsApp Accuses NSO of Fresh Pegasus Targeting
Jericho
My Quest for the White Squirrel!
Cloudflare
Temporary Cloudflare Accounts for AI agents
Dark Reading
Stressors, AI Forcing Changes to Cybersecurity Teams
MIT Technology Review
The Download: AI bottleneck debates, and BCI trials take off
Schneier on Security
Anthropic’s Fable and the State of AI
MIT Technology Review
A startup claims it broke through a bottleneck that’s holding back LLMs
MIT Technology Review
The inevitable weakness of metrics
MIT Technology Review
Brain-computer interface trials are taking off
Palo Alto Networks
Expanding Our Footprint: Local Cloud Availability for Prisma AIRS in Japan
Microsoft Security
AutoJack: How a single page can RCE the host running your AI agent
Elastic Security Labs
Lost in relocation: analysis of a new loader distributing CASTLESTEALER
2026-06-18
Ars Technica Security
Microsoft discovers new lightweight backdoor that steals cryptocurrency
Palo Alto Networks
The Invisible CEO of Crisis: Breaking the Cycle of CISO Burnout
Ars Technica Security
Apple patches high-severity eavesdropping vulnerability in Beats Studio Buds
Microsoft Security
New Forrester study shows customers who unified with Microsoft Security benefited from 124% ROI
Amazon Security
Accelerate security investigations with Kiro CLI
Talos Intelligence
Close Encounters of the Human Kind
Cloudflare
Build your own vulnerability harness
Krebs on Security
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
Bishop Fox Security
Shynet | VERSION 0.13.1
Cloudflare
Celebrating 12 years of Project Galileo
Eclypsium
Securing the Foundation: What the New White House AI Executive Order Means for Federal Cybersecurity
MIT Technology Review
The Download: a new hunt for dark matter and Kenya’s case for going solar
Schneier on Security
Embedding Forbidden Text in Spyware to Discourage AI Analysis
Step Security
Prevent npm and Python Supply Chain Attacks on Developer Machines with Package Configs
Step Security
400+ AUR Packages Hijacked: What the “Atomic Arch” Campaign Means for Supply-Chain Security
Step Security
Miasma and Hades Are Spreading Now: Detect Them on Developer Machines with Suspicious Files
Talos Intelligence
Scripting the disassembler: Local agentic reverse engineering through vbdec’s live COM object model
MIT Technology Review
Geoengineering still faces major practical challenges
MIT Technology Review
The search for dark matter has been blown wide open
Searchlight Cyber
Three Days to Patch: What CISA’s New Directive Says About the Pace of Modern Exploitation
TrustedSec
Modern Web Application Content Discovery
Microsoft Security
From package to postinstall payload: Inside the Mastra npm supply chain compromise
ISC SANS
ISC Stormcast For Thursday, June 18th, 2026 https://isc.sans.edu/podcastdetail/9978, (Thu, Jun 18th)
Bishop Fox Security
The Smash-and-Grab Era
Fastly
Deploying Fastly's Next-Gen WAF with Google Cloud Service Extensions to Help Secure Traffic at Scale
2026-06-17
Ars Technica Security
Massive breach spills credentials for thousands of sensitive networks
Dark Reading
INC Ransomware Thrives by Mastering the Basics
Microsoft Security
Beyond the benchmark: Advancing security at AI speed
Microsoft Security
Forrester names Microsoft a Leader in the 2026 Extended Detection and Response Platforms Wave™ report
Ars Technica Security
"Dangerous" AI models are coming no matter what
Microsoft Security
AI is accelerating cyberattacks—here’s how to stay ahead
Amazon Security
Introducing AWS Continuum: Security at machine speed
SentinelOne
The Agentic SOC: Solving Security’s Investigation Capacity Crisis in the Frontier AI Era
Black Hills Info Sec
Everyone’s Selling AI That Kills Pentesting. We Built One That Doesn’t.
MIT Technology Review
The Download: a reality check for geoengineering and the science of interoception
Ars Technica Security
Windows and Linux users: The deadline to update Secure Boot keys is near
Schneier on Security
AI Use by the US Government
MIT Technology Review
Hacking the atmosphere: Geoengineering gets a reality check
MIT Technology Review
Entrepreneurs in Nairobi make the case for going solar
NVISO Labs
Reducing Microsoft Sentinel Costs Without Compromising Detection – Part 1: The Summary Rules Quest
Searchlight Cyber
June 17th – This Week’s Top Cybersecurity and Dark Web Stories
Sansec Threat Research
Unauthenticated remote code execution in JTL Shop
2026-06-16
Dark Reading
Fileless Phantom Stealer Targets Browser Credentials
Amazon Security
Threat tactic spotlight: Subdomain takeover
Dark Reading
'Lorem Ipsum' Malware Pivots to ClickFix Delivery
Offensive Security
AI vs Traditional Penetration Testing: Tooling and Outcomes
Socket
Introducing Manifest Alerts
Palo Alto Networks
Securing the Agentic AI Frontier: Palo Alto Networks and Databricks Deliver a New Standard for AI Security
Bishop Fox Security
A Crash, Not a Shell: SolarWinds Serv-U CVE-2026-28318
Ars Technica Security
Critical Copilot vulnerability allowed hackers to steal 2FA code from users
Schneier on Security
Flock Cameras Are Being Used for Stalking
Searchlight Cyber
14 Months of Warning: What Preemptive Threat Intelligence Reveals about the ShinyHunters Supply Chain Breaches
TrustedSec
JQ for Hackers
ISC SANS
ISC Stormcast For Tuesday, June 16th, 2026 https://isc.sans.edu/podcastdetail/9974, (Tue, Jun 16th)
Himanshu Anand
Fine-tune an LLM on Vertex AI, own the whole GCP project
2026-06-15
Eclypsium
Stay Ahead of Your Next CJIS Audit
Malwarebytes
Inside a malicious infrastructure delivering EtherRAT, phishing pages, and malicious software
Ars Technica Security
Users cry foul after AMD stripped memory crypto from its consumer CPUs
Dark Reading
Most CISOs Report Pressure to Bury Bad Security News
Microsoft Security
Microsoft Defender email security benchmarking: Key insights from one year of data
Dark Reading
The Beginning of the End of Social Engineering
White Knight Labs
Harnessing the Power of Cobalt Strike Profiles for EDR Evasion – Part 3
Schneier on Security
The FCC Wants to Eliminate Burner Phones
Malwarebytes
A week in security (June 8 – June 14)
Bad Privacy
Canada’s Digital Rulebook Is Being Rewritten. Parents, Educators and Citizens Should Pay Attention.
Troy Hunt
Weekly Update 508
ISC SANS
ISC Stormcast For Monday, June 15th, 2026 https://isc.sans.edu/podcastdetail/9972, (Mon, Jun 15th)
Rosecurify
Seclog - #182
2026-06-14
Schneier on Security
Upcoming Speaking Engagements
Project Black
Pi.Alert - Unauthenticated SQL Injection
Project Black
Guide to Penetration Testing Services in Australia
2026-06-13
Project Black
LibreNMS Authenticated RCE (< 26.5.0)
Sansec Threat Research
OptinMonster supply chain attack hits 1.2 million sites
2026-06-12
Schneier on Security
Friday Squid Blogging: Squid-Inspired Fluid Pump
watchTowr Labs
Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE)
Ars Technica Security
PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data
The Citizen Lab
Canada Finally Has a National AI Strategy. Experts Hate It.
The Citizen Lab
Who Watches the Watchers?