Sunday, June 21, 2026

Cybersecurity News Hero

Combing the world for the cybersecurity stories you need to know.

Cybersecurity News

Dataminr Handala water breach https://www.pexels.com/photo/water-flowing-from-pipes-17882783/

Handala’s Cal Water Breach Claim Exposes Hidden Risk in Utility Networks

Threat intelligence firm Dataminr reported that Handala, an Iran-linked threat actor, claimed it breached California Water Service and published stolen data from the utility. The evidence released so far, however, points to a narrower compromise…

Cloud Security Alliance DevSecOps runtime https://www.pexels.com/photo/purple-and-blue-light-streaks-12489187/

The Case for Runtime Security Is Now Undeniable

There has long been an industry consensus that moving threat detection earlier in the development lifecycle is an effective way to prevent incidents in production. Heavy investment in pre-production scanning, DevSecOps tooling, and “shift earlier”…

executive order AI https://www.pexels.com/photo/usa-presidential-office-4338046/

Trump Executive Order Creates New Security Bargain Between Government and AI Industry

President Trump's June 2nd executive order on artificial intelligence marks a meaningful pivot. Previously, his administration maintained a hands-off posture toward the AI industry. While this order does not yet impose regulatory mandates, it constructs…

FIFA World Cup 2026 phishing https://www.pexels.com/photo/close-up-of-official-argentine-soccer-ball-on-field-30986212/

Cybercriminals Targeted the 2026 FIFA World Cup Before Play Even Began

Cybercriminals began building infrastructure to target the 2026 FIFA World Cup well before the first match was played, according to a new report from Fortinet’s FortiGuard Labs. The company said it tracked FIFA-themed cyber activity…

Fortinet PureLogs phishing https://www.pexels.com/photo/phishing-awareness-in-digital-security-30885916/

How a Fake Purchase Order Becomes a Full-Scale Enterprise Data Breach

Fortinet’s FortiGuard Labs recently discovered a phishing campaign with the goal of stealing sensitive data from target devices using a PureLogs variant. The lure hidden behind business document theming exploits the urgency and routine that…

Drupal CVE-2026-9082 https://www.pexels.com/photo/man-using-laptop-on-the-table-with-cup-of-hot-beverage-2010794/

CVE-2026-9082 and the Hidden Risk in Drupal's Core

A recently discovered vulnerability in Drupal Core, tracked as CVE-2026-9082, has been exploited in the wild and added to the United States Cybersecurity and Infrastructure Security Agency’s (CISA) KEV catalog. The vulnerability is an SQL…

claw chain AI vulnerability https://www.pexels.com/photo/intricate-machine-gears-in-industrial-setting-31742337/

Claw Chain Exposes the Blind Spot at the Center of Agentic AI Security

Open-source agentic AI platform OpenClaw has undergone rapid adoption since its late 2025 launch. First introduced as Clawdbot, OpenClaw has seen broad enterprise integration across IT automation, customer service, and messaging platforms. With the use…

Twill Typhoon Darktrace https://www.pexels.com/photo/an-abstract-artwork-5870930/

Twill Typhoon Modular Backdoor Rewrites Rules of Detection

Chinese-nexus threat actors have long demonstrated patience and operational sophistication. But newly-released research by Darktrace marks something more consequential than another well-executed intrusion. A Twill Typhoon attack documents an adversary that has engineered tooling to…

CISA KEV patching https://www.pexels.com/photo/united-states-capitol-facade-7016960/

How AI Is Collapsing the Federal Patching Window

The United States Cybersecurity and Infrastructure Security Agency (CISA) established the Known Exploited Vulnerabilities (KEV) catalog in November 2021 as a resource to aid federal agencies and the public in their efforts to defend against…

Claude Code credential stealer https://www.pexels.com/photo/illuminated-keyboard-with-digital-code-display-37694202/

Fake Claude Code Page Turns Trusted Developer Workflow Into Credential-Stealing Attack

A fake Claude Code installation page promoted through sponsored search results delivered an undocumented credential stealer by mimicking a familiar developer workflow, according to new research from Ontinue. Victims looking for Claude Code installation instructions…

email identity AiTM https://www.pexels.com/photo/icons-on-cellphone-screen-8829445/

The AiTM Campaign That Made Your Policies Work Against You

A recent large-scale credential theft campaign discovered by Microsoft Defender Research serves as a prime demonstration of how institutional culture can become the attack surface for increasingly sophisticated phishing attacks. The design of the lure…

open source supply chain vulnerability https://pixabay.com/illustrations/chain-chain-link-connection-2364831/

How Open Source CI Workflows Became the New Supply Chain Vulnerability

On April 24th, 2026, the Elementary Open Source Python CLI was released containing malicious code, injected by an attacker posting a crafted pull request (PR) comment. The GitHub Actions workflow interpolated the comment into a…

PocketOS Cursor agent database https://www.pexels.com/photo/a-man-in-red-shirt-covering-his-face-3760043/

When Agents Decide to "Fix" It: The Governance Gap in Autonomous AI

All it took was the time to read this sentence, or about nine seconds. An AI coding agent wiped out months of customer data essential to the PocketOS SaaS platform and its car rental clients.…

Copy Fail Linux vulnerability https://www.pexels.com/photo/close-up-of-rgb-backlit-gaming-keyboard-37099672/

How Copy Fail Turned Linux's Memory Efficiency Against Itself

A newly discovered vulnerability, dubbed Copy Fail and tracked as CVE-2026-31431, defies the profile of a classic kernel exploit by requiring no race condition, no version-specific offsets, and no compiled payloads. The same 732-byte Python…

SAP supply chain npm https://www.pexels.com/photo/close-up-of-codes-on-a-computer-screen-4976712/

SAP npm Compromise Exposes Credential Risk in Build Pipelines

Malicious versions of four SAP-related npm packages exposed developer machines and CI/CD systems to possible credential theft. Rather than targeting production SAP servers directly, the attack reached into the build pipeline used to create and…

PhantomRPC Microsoft https://www.pexels.com/photo/crop-cyber-spy-hacking-system-while-typing-on-laptop-5935794/

Why PhantomRPC Is a Flaw That Cannot Be Patched Away

The Remote Procedure Call (RPC) mechanism of the Interprocess Communication (IPC) ecosystem is the universal communication backbone of Windows systems, embedded so deeply in the OS that its failure modes become everyone's problem. A recent…

taxes phishing IRS https://www.pexels.com/photo/close-up-shot-of-a-document-through-a-magnifying-glass-7821673/

Tax Phishing Is Moving From Personal Inboxes to the Workplace

Tax phishing has long been easy to dismiss as a seasonal consumer scam: fake IRS emails, refund bait, audit threats, and other lures aimed at people anxious about filing deadlines. New research from Hoxhunt suggests…

AI security Unit 42 Zealot PoC https://www.pexels.com/photo/abstract-digital-circuit-block-graphic-art-30547567/

What Zealot Reveals About AI's Cloud Offensive Capabilities

A disclosure from AI giant Anthropic in November 2025 confirmed that AI autonomously executed between 80% and 90% of a particular state-sponsored espionage campaign, effectively shifting the debate from hypothetical to a documented reality. Unit…

Subscribe for the Latest News

Webinars

Thursday, Jun. 25 1pm ET / 10am PT

Leaked outside the scan path: the blind spots in secrets detection

Tuesday, Jun. 30 1pm ET / 10am PT

From Ticket to Threat: Preserving Context Across Security Teams

Tuesday, Jul. 7 1pm ET / 10am PT

The Unstructured Data Blindspot: Why Your Most Valuable Assets Are Your Least Protected