Artificial IntelligenceJun 12, 2026Agentjacking: Hijacking AI Coding Agents via Fake Sentry ErrorsAI coding agents just became an attack surface. Tenet Security calls the new technique Agentjacking: attacker-crafted Sentry error events that convince agents like Claude Code and Cursor to execute arbitrary code on developer machines. What is Agentjacking? Agentjacking is a class of attacks that abuses Sentry, the open-source error-tracking and performance platform, to deliver malicious […]
AI SecurityJun 12, 2026LangGraph Flaw Chain Enables RCE in Self‑Hosted AI AgentsThree now-patched vulnerabilities in LangGraph can be chained to achieve remote code execution in self-hosted environments. The research, published by Check Point, outlines how a classic SQL injection paired with unsafe deserialization turns an AI agent framework into a foothold for code execution. LangChain’s managed platform (LangSmith Deployment) is not affected. LangGraph is an open-source […]
CybercrimeJun 12, 2026Europol Shuts Down AudiA6, a €336M Crypto Laundering Pipeline for RansomwareRansomware runs on more than malware. It runs on money movement. This week, European authorities cut a major artery. Europol confirmed the disruption of AudiA6, a cryptocurrency laundering service used by ransomware gangs and wider cybercriminal networks. The takedown, described as severing a “key financial pipeline,” targeted a service estimated to have washed more than […]
Data BreachJun 11, 2026ShinyHunters exploits Oracle PeopleSoft zero‑day (CVE‑2026‑35273) to breach universitiesShinyHunters is abusing an unpatched Oracle PeopleSoft flaw to break into enterprise systems, steal data, and extort victims. Universities took the brunt of it. What happened Google’s Mandiant attributes the campaign to UNC6240 with activity from May 27 to June 9. Oracle didn’t publish its advisory until June 10, which means this was a zero‑day […]
AI SecurityJun 11, 2026New Attacks Make OpenClaw Run Code and Leak SecretsTwo separate teams just proved it: OpenClaw, the popular self-hosted AI agent, can be pushed to execute attacker-controlled code or leak sensitive data through inputs that look routine. Imperva hid instructions inside shared contacts, vCards, and location pins—payloads the victim never saw but the agent executed. Varonis built a test agent, gave it a mailbox […]
CybersecurityJun 11, 2026The Gentlemen Ransomware: 478 Victims, Worm‑Like SpreadThe Gentlemen isn’t a sideshow—it’s a fast, adaptive ransomware operation with scale. New reporting shows the crew began as a double-extortion affiliate, leveraging resources from RaaS programs like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and Medusa (aka Venomous Mantis). Today, it’s operating its own program—and it’s effective. PRODAFT’s detailed report tracks the group […]
AwardsJun 11, 2026Cybersecurity Stars Awards 2026: Winners Across 95 SubcategoriesMost security wins stay invisible. Today, we surface them. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. Cybersecurity is full of work that deserves recognition and rarely gets it. Products that close real gaps. Teams that stop incidents quietly. Companies that lift the baseline for everyone. Once […]
CybersecurityJun 11, 2026AI Broke Vulnerability Management—CISOs Are Shifting to BASFor three decades, vulnerability management survived on a buffer: the time between finding a flaw and someone turning it into a weapon. Triage. Schedule. Validate. Move on. That buffer made the model viable. That buffer is gone. AI didn’t slow your team. It accelerated the attacker—compressing discovery-to-exploit from months to hours. A process built for […]
Cyber EspionageJun 11, 2026OceanLotus targets Vietnam investors and infrastructure with SPECTRALVIPER via FireAntOceanLotus is moving differently. The Vietnam‑aligned threat actor has been tied to two distinct campaigns that hit domestic entities and Vietnam stock investors with the SPECTRALVIPER backdoor, according to new research from ESET. Domestic espionage against a Vietnamese infrastructure and transport construction corporation (mid‑2024 to February 2026) A supply chain attack abusing the FireAnt Metakit […]
Developer SecurityJun 11, 2026GitHub: npm v12 Disables Install Scripts by Default to Curb Supply Chain AttacksGitHub is flipping npm’s default posture. With npm v12, install-time scripts are off by default to blunt supply chain attacks. Release ships next month. Why this matters: install-time lifecycle scripts are the largest code-execution surface in the npm ecosystem. npm install runs scripts from every transitive dependency, which means one compromised package anywhere in the […]
BotnetsJun 10, 2026China-Linked JDY Botnet Surges Past 1,500 Devices for Structured ReconnaissanceJDY is back—and bigger. Lumen’s Black Lotus Labs calls it a “resurgence and expansion.” The China‑linked covert network has grown into a centrally controlled, high‑performance scanner built from more than 1,500 compromised SOHO and IoT devices. Its mission: discover, fingerprint, and continuously map exposed services at scale. From KV-botnet cluster to stand‑alone recon engine JDY […]
