Today's Cybersecurity Pulse
Google sues Chinese cybercrime network for AI‑driven scam texting
Google filed a civil lawsuit against the Chinese cybercrime group Outsider Enterprise, accusing it of leveraging its Gemini AI model to mass‑produce phishing websites and send 2.5 million scam text messages. The operation deployed roughly 9,000 fake sites and a million fraudulent domains, scamming hundreds of thousands of victims and causing multi‑million‑dollar losses.
Also developing:
Barracuda Finds Malicious Microsoft 365 Logins Are Blending In
Barracuda’s May 2026 threat radar shows a 25% jump in malicious Microsoft 365 logins originating from low‑risk countries such as the United States and the United Kingdom. Threat actors are leveraging legitimate credentials, VPNs and residential proxies to make successful logins appear normal, reducing reliance on failed‑login alerts. The report warns that traditional signals like geographic location and IP reputation are losing effectiveness when used in isolation. Barracuda recommends expanding detection to post‑login behavior and integrating identity, endpoint and network telemetry.
The NHS Was Lucky. The Next Victim Might Not Be.
In May 2026 a malicious code injection dubbed “Mini Shai‑hulud” slipped into NHS software packages, exploiting automated CI/CD pipelines and package registries. The attack was detected quickly, limiting damage, but highlighted systemic vulnerabilities in modern software supply chains. The UK’s...
A Municipality in Portugal Strengthens Ransomware Protection with Immutable Backups From Nakivo
The Municipality of Cantanhede in Portugal has deployed Nakivo Backup & Replication to safeguard its six‑site IT environment, which runs about 30 virtual machines supporting critical services. The solution’s immutable storage blocks ransomware‑related tampering, while instant granular recovery speeds file...
OAuth Marketplace Apps Keep Access After Publishers Vanish
Offroad’s OhAuth audit of 2,890 public OAuth apps on Google Workspace and GitHub Marketplaces revealed a lower‑bound install base of 4.39 billion, with 32 % of listings showing at least one risk signal. Over‑broad permission requests affect 677 apps, covering 1.82 billion installations,...
Cybersecurity Maturity Is Now a Proof Point for Resilience
Cybersecurity maturity has become a key proof point of corporate resilience, showing how well firms understand, control, and respond to digital risk. The article argues that changes such as system rollouts, acquisitions, audits, and insurance renewals expose hidden gaps in...
FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
Cybersecurity firm Palo Alto Networks Unit 42 uncovered Operation FlutterBridge, a macOS malvertising campaign that delivers the FlutterShell backdoor via malicious Google and YouTube ads. The backdoor, built on the Flutter framework, uses a WebView‑based JavaScript‑to‑native bridge to execute shell commands, manipulate...
Cisco Warns of Critical Unified CM Flaw with PoC Exploit Code
Cisco has issued critical security updates for its Unified Communications Manager (Unified CM) to fix CVE‑2026‑20230, a remote SSRF flaw that can write files and ultimately grant attackers root access. The vulnerability only affects installations where the WebDialer service is enabled,...
‘These Sorts of Post-Compromise Techniques Used to Be Restricted to Actors with the Technical Knowledge to Carry Them Out’: Anthropic...
Anthropic analyzed 832 accounts banned for malicious activity between March 2025 and March 2026 and found that 67% used AI to write malware, with 7% leveraging it for lateral movement. The data show a shift from AI‑driven initial‑access tactics toward post‑compromise activities...
Warning: Google Ads Phishing Attack For Google Accounts
A phishing Google Ad surfaced on June 4, 2026 targeting users who search for “my business.” The ad mimics the Google login page and steals credentials for Google Business Profile accounts. Security researcher Dan Foland flagged the malicious ad on X, confirming it...
The Case for Keeping Humans at the Helm
Security leaders are pushing back against the hype of a fully autonomous, AI‑only Security Operations Center (SOC). While automation can streamline high‑volume tasks like enrichment and correlation, the article warns that removing human analysts erodes judgment, amplifies hidden errors, and...
Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months
Symantec and Carbon Black uncovered a five‑month espionage campaign that compromised the Outlook mailbox of a senior executive at a major global stock exchange. Attackers exfiltrated email data in small batches through personal Dropbox and OneDrive accounts, masking the traffic...
Infosecurity Europe: How Businesses Can Prepare for a Cybersecurity Crisis with Effective Plans
At Infosecurity Europe 2026, senior cyber leaders stressed that a concise crisis‑communication playbook is essential for handling cyber incidents. The playbook should address three pillars: the type of crisis, the decision‑making team, and clear responsibilities. Speakers highlighted that real‑time decision‑making...
Frontline Workers Overlooked in Cyber Security Strategy
Frontline workers in education, healthcare and similar sectors are increasingly connected to corporate networks, yet they receive little formal cyber‑security training or dedicated equipment. Their use of personal devices and home Wi‑Fi expands the enterprise attack surface, making them an...
Verified Machine Learning Infrastructure
A 2026 survey of 23 experts across formal methods, AI infrastructure, cybersecurity, and policy examined whether mathematical verification techniques can mitigate risks in frontier AI systems. Respondents identified inference runtimes, model compilers, and training pipelines as the most verification‑friendly components,...
Infosecurity Europe: Raise Security Concerns with Procurement Now, Because Quantum Can’t Wait
Security leaders must accelerate post‑quantum cryptography (PQC) adoption, warned Forescout VP Rik Ferguson at Infosecurity Europe. Only 8% of SSH servers globally support PQC, a modest rise from last year, while 87% of executives anticipate quantum disruption by 2030. Yet...
Rethinking Infrastructure Access in the Age of Agentic AI
The rise of agentic AI is reshaping identity and access management, exposing gaps in traditional static credential models. AI agents require dynamic, just‑in‑time privileges and real‑time session monitoring to prevent unauthorized actions. HashiCorp Boundary, paired with Vault, delivers unique agent...
Securing Terabit Ethernet For AI: Where MACsec, IPsec, And UET TSS Each Fit (And Why You Need More Than One)
As AI and HPC workloads push Ethernet speeds beyond 1 Tbps, securing the fabric requires more than a single protocol. The article explains how MACsec, IPsec, and the new Ultra Ethernet Transport Security Sublayer (UET‑TSS) each protect different layers—link, network, and...
Defending Smart Homes Against AI Cyber Attacks
Large language models such as Claude Mythos and GPT‑5.5 now possess cybersecurity skills comparable to seasoned professionals, and open‑weight variants can achieve similar results. This emerging capability lets attackers rapidly discover and exploit firmware bugs in smart‑home devices, while the...
Ransomware and Geopolitical Tensions Drive Cyber Threats Across META in Q1 2026
Cyble’s Q1 2026 META Threat Landscape Report shows ransomware activity surged across the Middle East, Turkey, and Africa, with 116 incidents disclosed. Turkey recorded the highest number of attacks, while construction, government, and financial services were the most targeted sectors....
Pakistan Spies on Afghan Finance Ministry With Xeno RAT
A Pakistani state‑linked APT group, identified as SideCopy, has been conducting a sustained espionage campaign against Afghanistan’s Ministry of Finance. The operation relies on spear‑phishing emails with malicious LNK files that deliver the open‑source Xeno RAT, which is hosted on...
ETSI Sets Security Requirements for AI Data Centers and Cloud Platforms
ETSI has issued Technical Specification TS 104 033, establishing a comprehensive security framework for AI computing platforms deployed in data‑center and edge environments. The standard delineates requirements across identity management, access control, data protection, integrity, auditing, incident response, and resilience. It also...
.jpg?height=635&t=1780518558&width=1200)
Schrödinger's Vulnerabilities: What Mythos Actually Broke in Cyber Insurance
Cyber‑insurance underwriters are confronting a new risk class highlighted by the Mythos disclosures, which expose long‑standing vulnerabilities that AI has accelerated into the public eye. The core issue is not a surge in bugs but an information asymmetry: a privileged...
Inside the Sephora Instagram Hack that Exposed Meta’s AI Weakness
Meta’s Instagram AI support chatbot was duped via a prompt‑injection attack, prompting it to reset credentials for high‑profile accounts such as Sephora, a dormant Obama White House page and a senior Space Force official. The breach revealed that the bot...
SANS Stormcast Thursday, June 4th, 2026: swagger.json Scans; Android Fake Call Detection; Anthropic Dashboard
In this 7‑minute Stormcast episode, Johannes Ulrich discusses three current security topics: the rise of swagger.json scans used for API reconnaissance and the need to proactively secure internal API surfaces; Google’s Android‑only RCS‑based caller‑ID verification aimed at combating spoofed calls,...
Widely-Used Libinput Updated Due To Arbitrary Root Code Execution
The libinput library, essential for input handling in X.Org and Wayland Linux desktops, has released version 1.31.2 to address a critical vulnerability that enables arbitrary root code execution. The flaw stems from the libinput‑device‑group udev helper, where a malicious uinput...
Blacklock.io Splits Consulting Business From Software Spin-Off CYRA
New Zealand‑based Blacklock.io is spinning off its CYRA software platform from its consulting arm to accelerate scalability and raise a $5 million capital round. The split aims to boost annual recurring revenue from $1 million to $3 million this year, driven by exclusive...
NymVPN Deploys Default Post‑Quantum Encryption in v2026.9 Update
NymVPN released version 2026.9, automatically enabling post‑quantum cryptographic keys for every Fast Mode connection and introducing a beta ad blocker that blocked 92% of ads in tests. The overhaul, which also adds a Windows‑ARM client and F‑Droid support, underscores growing...
SCOTUS Backs FCC in Fine Fight
The U.S. Supreme Court ruled 8‑1 that the FCC’s civil penalties against AT&T and Verizon are lawful, rejecting the carriers’ Seventh Amendment claim. AT&T faces roughly $57 million and Verizon $47 million for 2024 geolocation‑data violations. The Court said the carriers could...
Industry Compares Notes on Vandalism
The NCTA’s latest network vandalism report logged 18,327 incidents in 2026, a 59% rise from 2024 and averaging 1,527 attacks per month. Major carriers disclosed sharp spikes: T‑Mobile’s monthly incidents doubled to over 200, while AT&T now records about 1,000...
Beyond Automation: Why the Surge in AI-Driven Security Vulnerabilities Demands Human Technical Advocacy
In spring 2026 Anthropic’s Claude Mythos AI model, part of Project Glasswing, uncovered thousands of high‑severity open‑source bugs, sparking a wave of AI‑generated vulnerability disclosures such as Copy Fail, Dirty Frag and Fragnesia. Red Hat, the sole private‑sector CNA‑LR, saw its triaged vulnerability...
Hackers Continue to Exploit Meta’s AI Agents
Hackers exploited Meta’s Instagram AI assistance bot to reassign email addresses, gaining control of numerous user accounts, including high‑profile profiles. The breach surfaced amid Meta’s six‑month staff reduction aimed at cutting costs after heavy AI infrastructure investment. Meta says the...
Inspektor Gadget: Results From the First Security Audit
Inspektor Gadget, the eBPF‑based observability toolkit for Kubernetes, completed its first independent security audit in early 2026. The audit, coordinated by the Open Source Technology Improvement Fund and executed by Shielder, uncovered three vulnerabilities—two medium‑severity command‑injection and denial‑of‑service issues, and...
Fedora Linux 43 Exposes 20-Year-Old Microsoft Outlook Security Failure
Fedora Linux 43 upgrade to Dovecot 2.4 disabled plaintext authentication, revealing that legacy Microsoft Outlook clients have been ignoring SSL/TLS settings for POP3 connections and still using insecure port 110. The issue appears to date back to Outlook 2007 and...
Federal Cyber Resilience Requires Containing the Core, Not Adding More Tools
Federal agencies are adding more cybersecurity tools but lack a clear containment framework, leaving them unable to stop attacks once they begin. Recent breaches at the FBI and House committee email systems illustrate the urgency of shifting from prevention to...
AI‑Generated Worm Unveiled by U of T Threatens All Internet‑Connected Devices
University of Toronto scientists demonstrated a new class of AI‑generated worm that can infiltrate any internet‑connected device using free, open‑weight models. The proof‑of‑concept shows attackers could launch sophisticated attacks at near‑zero cost, prompting immediate calls for new defenses.
WhatsApp, Slack Notifications Could Hijack Google Gemini on Android
SafeBreach researchers discovered that a single crafted notification from apps such as WhatsApp or Slack can hijack Google Gemini’s voice assistant on Android. The attack, called Fake Context Alignment, tricks Gemini into executing unauthorized actions like opening smart‑home devices, launching...
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover
A debugging flag was unintentionally left enabled in six Microsoft 365 Android apps—including Word, Excel, PowerPoint, OneNote, Loop, and Copilot—exposing authentication tokens to any app on the device. The flaw allowed malicious Android applications to request and obtain reusable FOCI tokens,...
Reality Defender Integrates Deepfake Detection Into ZeroFox Platform
Reality Defender, a deep‑fake detection specialist, has partnered with ZeroFox to embed its multimodal AI‑generated media detection into ZeroFox’s Discover, Validate, Disrupt workflow. The integration delivers real‑time verdicts on voice, video and image deepfakes via Reality Defender’s RealAPI, letting analysts...
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Magento extension flaw CVE‑2026‑45247 to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation. The deserialization bug in Mirasvit Cache Warmer allows unauthenticated attackers to execute arbitrary PHP code,...
Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
Researchers at Huntress have uncovered a new malspam campaign that leverages Google’s DoubleClick domain to hide malicious activity. The campaign delivers a .NET‑based remote access trojan called DesckVB RAT via a multi‑stage redirect chain that starts with a phishing email...
Cloud Security Alliance Report Highlights Growing Patch Gap Risks
The Cloud Security Alliance’s 2026 State of Modern Application & AI Security Report reveals that known vulnerabilities remain the top cause of application security incidents, with 80% of surveyed firms reporting at least one breach in the past year. Only...
Bitdefender and Swisscom Team up for Connected Home Security
Bitdefender has embedded its Smart Home Security suite into Swisscom’s router‑level home network protection, extending malware, phishing and AI‑driven threat defenses to every connected device. The solution works in the background, requiring no individual device installation, and targets the average...
Carnival Corporation Breach Exposes Personal Data of Nearly 6 Million Passengers
Carnival Corporation disclosed that a social‑engineering attack on April 14 gave hackers access to personal data of nearly 6 million cruise passengers. The company blocked the intrusion, engaged third‑party experts and is offering two years of free credit monitoring, while regulators probe...
CISA Warns of Active Attacks Exploiting Android, Linux Bugs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two high‑severity flaws to its Known Exploited Vulnerabilities (KEV) catalog: Android CVE‑2025‑48595 and Linux CVE‑2022‑0492. The Android bug is an integer overflow in the framework that grants privilege escalation on Android...
![Defense & Aerospace Technology Report [Jun 03, 25] CISO Vince Crisler on AI Impact on Cyber Security](https://hixhlmpcokxhartfkpyi.supabase.co/storage/v1/object/public/images/thumbnails/2b883d63e0aeabdaca1c801cf59f22bb.webp)
Defense & Aerospace Technology Report [Jun 03, 25] CISO Vince Crisler on AI Impact on Cyber Security
Vince Crisler, former White House CISO and current Celerium CISO, discussed on the Defense & Aerospace Technology Report how increasingly sophisticated AI models are reshaping cyber threats. He warned that the government must develop a rapid assessment framework ahead of...
AI Is Worsening Firms’ Cybersecurity 'Fog of War'
At the BNY INSITE conference, Insigneo’s chief compliance officer demonstrated how a synthetic video can impersonate a high‑net‑worth client, highlighting AI’s ease of misuse. Panelists warned that frontier AI tools are now available to cyber‑criminals, enabling cheap, large‑scale deep‑fake phishing...
Trezor Says Safe 7 Chip Flaw Found by Ledger Does Not Put Funds at Risk
Trezor and chipmaker Tropic Square disclosed a vulnerability in the TROPIC01 secure‑element used in the Trezor Safe 7 hardware wallet. The flaw, uncovered by Ledger’s Donjon team through a laser fault‑injection test, allows extraction of certain chip‑held secrets but cannot alone...
Russia’s FSB Says Foreign Spies Infected Officials’ Phones With Malware
On June 2, 2026 Russia’s Federal Security Service announced it had uncovered a large‑scale operation by foreign intelligence that implanted malware on the mobile phones of senior Russian officials. The alleged code could steal data, intercept calls and activate microphones...
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
Redis disclosed a critical use‑after‑free vulnerability (CVE‑2026‑23479) that enables remote code execution for authenticated users. The flaw, introduced in Redis 7.2.0, persisted across all stable branches for over two years before being patched on May 5, 2024. An autonomous AI security tool,...
China-Linked TA4922 Hackers Target UK, Europe With New SilentRunLoader Malware
China‑aligned cybercrime group TA4922, previously focused on East Asian victims, has broadened its campaign to the UK, Germany, Italy and South Africa. The group uses tax‑ and payroll‑themed phishing emails to lure employees into downloading malware hosted on services like...