New threads

Microsoft today has released its newest preview update (C-release) for the month of June 2026 under KB5095093, builds 26200.8737 (for Windows 11 25H2) and 26100.8737 (on Windows 11 24H2). The update brings new features across various elements of the OS including the Windows update, the Recovery, Widgets, File Explorer, and more.

Click to expand...

Zscaler ThreatLabz has been monitoring ransomware operations that align with tactics previously employed by an initial access broker affiliated with Payouts King ransomware. In recent attacks, the threat actor leverages social engineering tactics paired with an innovative malware delivery mechanism. The technique utilizes a malicious Microsoft Edge browser extension that exploits the Chrome native messaging protocol to interact with host-native applications beyond the confines of the browser sandbox. By abusing this interface, the attackers gain direct host access, enabling them to manipulate the local filesystem, launch processes, and execute arbitrary code on the compromised host. We have dubbed this web browser-based malware Edgecution.

Edgecution: Malicious Edge Extension Backdoor | ThreatLabz

ThreatLabz exposes Edgecution: a rogue Edge extension that abuses Chrome native messaging to escape the browser sandbox and backdoor compromised hosts.

www.zscaler.com

This blog provides an in-depth technical analysis of this attack campaign, including the techniques used to deploy and evade detection by malware sandboxes, network signatures, antivirus, and endpoint detection and response (EDR) software.

Click to expand...

If opened, they trigger a multi-stage chain that installs legitimate RMM software for remote access. So far most victims are in Malaysia – but the impact is global.

An unknown actor distributes malicious VBS scripts via WhatsApp

A Kaspersky researcher analyzes a global malicious campaign that distributes VBS scripts via WhatsApp delivering a UEMS RMM agent through a multi-stage infection chain.

securelist.com

Click to expand...

If you are a Mozilla Firefox user, here is an interesting tip for you to play the classic “Snake” game inside the web browser. Mozilla team has added a secret “Snake” game as an Easter egg to Firefox 150 and later versions to celebrate the release of 150th version.

If you want to play this secret “Snake” game in Firefox web browser, here are the simple steps to reveal the Easter egg:

STEP 1: You must be using Firefox 150.0 or later versions to be able to access the game. Mozilla team added this Easter egg as a gift for all Firefox users to celebrate the release of Firefox 150 version. That’s why this trick works in Firefox 150+ versions only.

STEP 2: After installing or upgrading to Firefox 150.0 or later version, click inside the address bar or URL bar and type 151-1 or any other mathematical calculation that results in 150 number. This Easter egg utilizes the built-in Calculator feature of Firefox address bar.

For example, you can type any of following calculations in the address bar:

• 25*6
• 149+1
• 300/2
• 100+50

Since this Easter egg was implemented to celebrate the 150th version release, it was programmed to start when the calculation evaluates to 150 number.

STEP 3: As soon as you type an equation that results in 150 number, you’ll notice a Firefox icon appearing before the result on the address bar drop-down list as shown in following screenshot:



Click on the Firefox icon and you have successfully revealed the hidden secret Easter egg in your web browser.

Click to expand...

Hidden Secret “Snake Game” Easter Egg Found in Mozilla Firefox 150 and Later Versions

If you are a Mozilla Firefox user, here is an interesting tip for you to play the classic “Snake” game inside the web browser. Mozilla team has adde

www.askvg.com

The high-severity use-after-free vulnerability in Samsung’s KNOX security framework affected Android-powered Galaxy devices from the S9 through S25.
Researchers found an eight-year old high severity vulnerability affecting nearly all Samsung devices from the Galaxy S9 to S25 living within the KNOX kernel.

The flaw (CVE‑2026‑20971, CVSS 7.8) could be exploited through the interaction between PROCA and FIVE. PROCA, the process authenticator, is a proprietary subsystem in the kernel of the Samsung devices designed to prevent unauthorized processes from executing. It validates process authenticity using FIVE, the kernel side integrity subsystem, based on the Linux integrity-measurement model and extended by Samsung.

FIVE tracks trust in each running process, applying a task_integrity object that records its security state. If the process changes, perhaps it forks a child, the child invokes execve() which triggers a new integrity and drops the old one. This should be instantaneous – but enter Android’s preemptive Kernel within which it all runs. The net effect is a tiny window which, if reachable, is a classic race-condition use-after-free (UAF) target.

Click to expand...

Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks

An eight-year-old Samsung KNOX vulnerability impacted millions of Android-powered Galaxy devices from the S9 to S25.

www.securityweek.com

The Five Eyes cyber security agencies have issued a joint warning that artificial intelligence is rapidly accelerating cyber threats, including the exploitation of zero day vulnerabilities, and urged organizations to act immediately.

In a statement released on June 22, 2026, senior leaders from agencies across the United States, United Kingdom, Canada, Australia, and New Zealand emphasized that the evolution of AI is reshaping both offensive and defensive cyber capabilities at a pace measured in months rather than years.

Five Eyes Agencies Warn AI
According to the CISA, AI is significantly lowering the barrier to entry for threat actors while increasing the speed, scale, and sophistication of attacks. Advanced AI models are expected to outperform current expectations, enabling attackers to automate reconnaissance, vulnerability discovery, and exploit development.

This shift is already reducing the time between vulnerability disclosure and active exploitation, creating a critical challenge for defenders who rely on traditional patching and mitigation timelines.

The agencies warned that zero-day vulnerabilities will become more prevalent as AI systems introduce new classes of software flaws and logic errors that are difficult to detect with conventional methods.

At the same time, adversaries are increasingly leveraging AI to identify these weaknesses before vendors can respond, amplifying the risk to critical infrastructure, enterprise environments, and supply chains.

The Five Eyes alliance stressed that cyber risk is no longer a purely technical issue but a core business concern that requires executive-level accountability.

Organizations are being urged to reassess their cyber resilience strategies, ensuring that security controls are not only implemented but also capable of withstanding real-world attack scenarios. The statement highlights that failure to adapt will result in operational disruption, financial loss, and long-term strategic disadvantage.

To mitigate these risks, the agencies outlined several urgent actions. Organizations are advised to reduce their attack surface by limiting unnecessary system exposure and isolating critical assets.

Accelerating patch management is identified as a priority, particularly as AI-driven threats shrink remediation windows. Legacy and unsupported systems are considered high-risk liabilities that must be addressed or replaced.

Identity and access management remains a key focus, with recommendations to enforce strong authentication mechanisms and regularly audit user privileges. Additionally, organizations are encouraged to prepare for inevitable breaches by testing incident response plans and ensuring rapid containment capabilities.

While highlighting the risks, the agencies also noted that AI can strengthen cyber defense when applied effectively.

Security teams can leverage AI-driven tools to improve threat detection, identify vulnerabilities earlier in the development lifecycle, and accelerate incident response. However, the statement cautions that success depends on integrating AI into a broader security strategy rather than relying solely on new technologies.

The Five Eyes warning underscores a growing consensus within the cybersecurity community that AI is fundamentally altering the threat landscape. Organizations that prioritize foundational security practices while adopting AI-driven defense mechanisms are more likely to maintain resilience as the pace of cyber threats continues to accelerate.

Click to expand...

• Split one file into several clips
• Cut unwanted parts
• Rotate a sideways video in 90 counterclockwise or clockwise
• Flip the footage horizontally and vertically
• Adjust video contrast, hue, saturation, and brightness manually
• Add a watermark with text or an image
• Arrange those video clips in the new order you want
• Join the footage into one long movie or music and video collection
• Zoom in and zoom out to crop a video
• Improve video quality by removing video noise, upscaling video resolution, adjusting video effects, and more
• Reduce rolling shutter

• Search and Download Any Videos from 1000+ Sites
  • Search any videos from websites like YouTube, Facebook, Dailymotion, Vimeo, Vevo, and 1000+ sites.
  • You also can explore more videos like music, sports, game, news, adult, and education.
• HD Video Downloading Multiple Formats and Quality
  • A variety of popular video formats like MP4, MKV, WebM, 3GP, etc.
  • Choose the video quality 720p,1080p
• Video Playlist Batch Download
  • Search and download video playlist from YouTube, Dailymotion, Vimeo as the MP4 or other formats in batch.
  • Batch convert video playlist to audio like MP3 and more formats.
• Video Convert and Cut in High Quality
  • Convert local video files as well.
  • Cut the video to the length you need.
  • Local music files conversion also available
• More Features
  • Embedded Sites for More Video Searching
  • Fast Download without Ads
  • 3X Fast Downloading Speed
  • Video & Audio Files Management
  • Supports 1000+ sites like popular video sites like YouTube, Facebook, Instagram, and more websites

Metadata like EXIF and IPTC is often lost during Google Photos exports, as it’s stored in separate JSON files. Ashampoo Meta Fusion combines photos and metadata, restoring all details and making them fully usable for organization and editing.

Metadata such as EXIF, IPTC, or XMP contains vital information about photos, including camera settings, capture dates, GPS locations, titles, descriptions, and ratings. This data is essential for managing photo collections efficiently. However, when exporting photos from Google Photos via Google Takeout, issues often arise because Google doesn’t embed much of this metadata directly into the image files. Instead, the data is stored in separate JSON files, which many programs don’t automatically recognize. As a result, critical information is lost, leaving photos incomplete. Ashampoo Meta Fusion provides an easy solution to this problem. The software seamlessly combines image files with their corresponding JSON metadata, ensuring that all important details are reintegrated into the photos. This makes the images fully functional in photo viewers, editors, and organizers. With complete metadata, users can sort and manage their photos by criteria such as locations, camera models, or custom filters. Ashampoo Meta Fusion ensures that exported Google Photos retain their metadata and remain fully usable for any purpose.

Click to expand...

A critical vulnerability has been disclosed in FFmpeg’s MagicYUV decoder that allows attackers to weaponize seemingly harmless media files and, in some scenarios, achieve remote code execution (RCE).

According to the JFrog Security Research, a single crafted AVI, MKV, or MOV file is enough to crash applications or, with a refined exploit chain, execute arbitrary commands on the underlying system.

FFmpeg is one of the most widely deployed media processing frameworks and is bundled into countless applications, including desktop video players, Linux thumbnail generators, self-hosted media servers, cloud transcoding pipelines, and even AI/ML data processing stacks.

Critical FFmpeg Vulnerability Allows Attackers to Weaponize Media Files

A critical FFmpeg vulnerability allows attackers to use malicious media files to trigger remote code execution (RCE).

cybersecuritynews.com

Click to expand...

The vulnerability exploited by the Usbliter8 exploit cannot be patched and a PoC exploit has been released by researchers.
European cybersecurity research firm Paradigm Shift has disclosed details of a new BootROM exploit that affects millions of iPhones and cannot be patched with a software update.

Dubbed Usbliter8, the exploit targets Apple’s SecureROM. Baked permanently into the device’s SoC, SecureROM is the first code an iPhone runs on startup and the foundation of Apple’s entire secure boot chain.

Usbliter8 chains a USB controller bug and a device firmware configuration weakness. The exploit, which requires physical USB access to the targeted device, works against iPhones with A12 and A13 chips — including iPhone XS, XR, and 11 — and Apple Watches with S4 and S5 chips. It’s worth noting that the affected chips were released in 2018 and 2019.

Conducting a Usbliter8 attack involves the attacker connecting a special USB device (eg, Raspberry Pi Pico 2 or similar microcontroller board) to the targeted iPhone and sending it crafted USB setup packets.

The attack triggers an out-of-bounds write, allowing the attacker to overwrite critical data in memory and ultimately take control of the processor, escalate privileges, and execute arbitrary code with full system privileges.

Click to expand...

New Exploit Bypasses Apple's Boot Defenses, Affects Millions of iPhones

Researchers disclosed details of a new Apple SecureROM exploit that affects millions of iPhones and cannot be patched with a software update.

www.securityweek.com

• Checks whether the domain is on the build in whitelist or on the user defined whitelist (see options)
• When a download is initiated it checks whether the file type is an executable (including scripts) or an archive. It also check the mime-type of the download and when it is an executable type it is also checked.
• Even user has not entered a free Virus Total API key, the following background checks are performed (and reported in HOST REPUTATION DETAILS).
  1. Check whether the domain is blacklisted by Quad9.
     Quad9 is DNS services located in Switzerland. Large companies are behind it (IBM and CISCO) as are well known security vendors (Proofpoint and F-secure) and uses well known feeds (e.g. OpenPhish and UrlHaus). Quad9 is intended for corporate use, so it applies a conservative blacklist approach (very few False Positives).
  2. Check the domain age at RDAP
     When the domain is less than 30 days, this is used as a negative signal
  3. Checks whether the (legitimate) domain hosting the download is often used for spreading malware.
     This included code sharing platforms, free hosting domains and URL shortener's often used in URL Haus malware URL feed (I just took the 30 most used)
  4. Check whether the Top Level Domain is on the much abused list
     It uses the malware percentage of that TLD to determine a negative signal
  5. Check whether download-URL is sketchy
     It looks for well known obfuscation patterns, like whether it includes puny code, mentions well known brands or uses numbers for characters e.g 1 for l and 0 for 0).
  6. Checks whether file type is consistent with the mime-type
     This is also a wel known tactic for malware by showing txt file type in URL, while the mime type is an executable.
  7. Finally it checks the file size of the download is smaller dan the VT maximum
     A well known tactic is offering very large downloads (e.g. > 650 MB) which are often skipped by antivirus solutions
• When the user has signed up for a free personal Virus Total API-ket and entered this in the options page, the sanatized download URL is send to Virus Total and the findings are listed in VIRUS TOTAL DETAILS).
• Based on these signals it calculates a risk score
  
  
  

• High-end image quality: new filters, new retouching tools
• Greatest creativity: 160 image suggestions and photomontages
• Simple operation: stand-alone and filter plug-in
• Suitable for 4K interface, GPS
• Time saver: the rapid sense of achievement guaranteed!

This is Part II. If you haven’t read Part I — HookChain (published in 2024), go do that first. Part I showed how to defeat userland NTDLL hooks with IAT manipulation, dynamic SSN resolution, and indirect syscalls. That was the state of the art in 2024.

Then EDR vendors read our research. They adapted. They stopped relying on userland hooks and moved their primary telemetry into the kernel — where our Part I tricks can’t reach. They started collecting call stacks at the kernel boundary, and suddenly it didn’t matter that you bypassed ntdll. Your shellcode address was sitting right there in the collected stack.

So Mohamed Alzhrani went deeper. This paper is about making that collected call stack lie.

The LACUNA Chain defeats all EDR layers of call-stack-based detection. The only remaining signal is behavioral kernel callback correlation — and that comes with significantly higher false-positive rates than any stack-based rule.

LACUNA Chain: Ghost Frames — defeats all EDR layers of call-stack-based detection

This is Part II. If you haven’t read Part I — HookChain, go do that first. Part I showed how to defeat userland NTDLL hooks with IAT manipulation, dynamic SSN resolution, and indirect syscalls. That was the state of the art in 2024.

0xmaz.me

GitHub - MazX0p/LACUNA-Chain: Six-layer call-stack spoofing via .pdata lacunae — defeats ETW-Ti, kernel callbacks, CET shadow stack, and return-address validation in a single composite chain.

Six-layer call-stack spoofing via .pdata lacunae — defeats ETW-Ti, kernel callbacks, CET shadow stack, and return-address validation in a single composite chain. - MazX0p/LACUNA-Chain

github.com

Click to expand...

Analysis revealed that the payload was a variant of the Remcos RAT malware family, distributed via a phishing campaign as an archive attachment. One notable characteristic of this infection chain was its reliance on in-memory execution techniques / fileless malware & Steganography. By avoiding disk-based artifacts, the threat reduces forensic evidence and increases its ability to evade traditional security tools and signature-based detection methods.

A Multi-Stage Steganographic Loader Campaign Deploying Diverse Payloads Globally - K7 Labs

During the routine telemetry monitoring, we identified a detection on a suspicious file named “GST Debit Note Apr_26.com”, based on […]

labs.k7computing.com

Click to expand...

ESET researchers have discovered two as-yet undocumented Windows variants of SprySOCKS, a previously Linux-only backdoor reportedly used by FishMonger, the group believed to be operated by a Chinese contractor named I‑SOON. While we initially discovered the malware samples on VirusTotal, ESET telemetry shows real activity between 2023 and 2024, with several victims in Honduras, Taiwan, Thailand, and Pakistan, targeting mostly government organizations.

The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS. Both come with a hardcoded C&C configuration and support communication over TCP, UDP, and WebSocket protocols. The core backdoor functionality for both includes support for over 30 C&C commands, covering various functionalities including system information collection, process enumeration, as well as service management and file management functions such as listing, creating, deleting, and transferring files.

In addition to the core backdoor functionality, the WIN_DRV version utilizes kernel drivers to hide the malware’s network connections, processes, files, and registry keys, and enables TCP traffic diversion allowing the malware operators to send commands to the backdoor through a random TCP port on the victim’s device without exposing the backdoor's real listening port in the network traffic.

Based on ESET telemetry, there are limited indications that some SprySOCKS attack scenarios may involve a UEFI bootkit component, possibly exploiting CVE‑2023‑24932.

Click to expand...

FishMonger’s arsenal upgraded: SprySOCKS for Windows

ESET researchers have discovered SprySOCKS for Windows, FishMonger’s backdoor weaponizing a kernel driver for advanced stealthiness.

www.welivesecurity.com

A new open-source cybersecurity platform called CyberSentinel AI v3.0 has emerged as a significant development in autonomous security tooling, combining 33 real-world penetration testing and threat intelligence tools with a provider-agnostic AI engine that supports Claude, GPT-4o, OpenRouter, and fully offline local inference via Ollama.

Unlike conventional AI security assistants that just suggest commands, CyberSentinel AI actually executes tools including Nmap, SQLMap, Nikto, Nuclei, and OWASP ZAP inside an isolated Kali Linux Docker sandbox, then uses AI to analyze results in real time.

The platform is available on GitHub under the handle 3sk1nt4n/cybersentinel-ai and is designed to run entirely on local infrastructure with no cloud dependencies required.

The platform deploys via Docker Compose and spans seven containerized services. A Next.js frontend (port 3000) delivers a streaming chat interface, while a FastAPI backend (port 8000) handles AI routing, intent classification, and tool orchestration. Security scans execute inside a sandboxed Kali container, keeping potentially dangerous operations fully isolated from the host system.

Supporting the AI layer are three data infrastructure components Neo4j for knowledge graph mapping of attack surfaces and MITRE ATT&CK techniques, ChromaDB as a Retrieval-Augmented Generation (RAG) engine grounded in MITRE, CIS, and NIST frameworks, and Elasticsearch with Kibana as an ELK Stack SIEM with pre-seeded security events for log analysis training.

The agentic execution model allows the AI to classify user intent, autonomously select appropriate tools, and run up to five tools concurrently before synthesizing a unified analysis, a meaningful step toward practical security automation.

CyberSentinel AI with 33 Security Tools
The platform organizes its toolset across six functional categories:

Live Scanners (11): Nmap, Nikto, Nuclei, SQLMap, Subfinder, OWASP ZAP, SSL/TLS analysis, DNS Recon, WHOIS, HTTP Headers, and Ping/Traceroute
Threat Intel APIs (5): Shodan, VirusTotal, AbuseIPDB, AlienVault OTX, and NVD/CISA KEV integration
SIEM Integration (3): ELK Stack, Splunk, and Wazuh connectors
AI Detection (5): Zeek Analyzer, IOC Extractor, Log Analyzer, Threat Detection, and Email Phishing Analyzer
Threat Hunting (4): YARA Rules, Sigma Rules, Snort/Suricata Rules, and SIEM Query Generator
Compliance (5): MITRE ATT&CK, MITRE ATLAS, NIST/CIS, HIPAA/PCI-DSS, and SOC 2/FedRAMP frameworks
One of CyberSentinel’s distinguishing features is its mid-conversation AI provider switching. Users can toggle between Anthropic Claude, OpenAI GPT-4o, OpenRouter (which unlocks 100+ models), and Ollama running qwen2.5:7b locally, all without losing conversation context. All API keys are optional; the platform operates fully offline using Ollama as the default inference engine.

Live threat intelligence is pulled dynamically from NVD, CISA KEV, EPSS, AlienVault OTX, and Abuse.ch, keeping vulnerability context current without manual updates.

The platform enforces several safeguards, including input/output guardrails that block prompt injection, SSRF attacks, and system prompt leakage.

All scans run inside an isolated container, and the project explicitly warns users that unauthorized scanning is illegal under the Computer Fraud and Abuse Act (CFAA). Recommended safe test targets include scanme.nmap.org and testphp.vulnweb.com.

System requirements include Docker Desktop and a minimum of 8 GB of RAM. The initial build pulls approximately 4–5GB of images and model data, with subsequent startups completing in roughly 30 seconds.

CyberSentinel AI v3.0 represents a notable convergence of agentic AI and real security tooling, offering security researchers and red teams a self-contained, locally operated alternative to cloud-dependent platforms.

Click to expand...

GentleKiller is an in-house EDR-killing framework with at least eight distinct variants, each impersonating a different legitimate security product and abusing a unique vulnerable or malicious kernel-level driver.

In total, GentleKiller targets more than 400 processes mapped to 48 security products, including industry leaders such as Microsoft Defender, CrowdStrike, SentinelOne, Sophos, Palo Alto Networks, ESET, Bitdefender, Kaspersky, and McAfee/Trellix.

The eight GentleKiller variants abuse drivers from Kaspersky (eb.sys), FACEIT Anti-Cheat (nseckrnl.sys), Valorant (GameDriverX64.sys), Javelin/Safetica (stpm_old.sys/stpm_new.sys), Zemana WatchDog (dmx.sys), Qihoo 360 (360netmon_wfp.sys), IObit (IMFForceDelete), and the PoisonX rootkit.

GentleKiller Ransomware Abuses Vulnerable Drivers to Disable 400+ EDR Security Processes

A highly sophisticated EDR-killing framework, dubbed GentleKiller, was used by the Gentlemen ransomware-as-a-service (RaaS) gang to systematically disable endpoint security tools before deploying its ransomware payload.

cybersecuritynews.com

Click to expand...

Cyberbullying is often portrayed as a problem that mainly affects children and teenagers. While young people are particularly vulnerable, online harassment can affect literally anyone with an internet connection.

This Stop Cyberbullying Day, observed annually in June, serves as a reminder that creating a safer internet is everyone's responsibility.

Key takeaways
Cyberbullying affects people of all ages, not just children and teens.
59% of the world's population uses the internet, while 51% are active social media users.
According to The Cybersmile Foundation, 60% of internet users have experienced bullying, abuse, or harassment online.
Online harassment can harm mental health, relationships, education, careers, and reputations.
Parents, educators, employers, and online communities all play a role in creating safer online spaces.
Open communication, privacy awareness, and reporting abusive behavior can help reduce the impact of cyberbullying.
A growing problem in an increasingly connected world

Click to expand...

Stop Cyberbullying Day 2026

Online harassment affects millions worldwide. Learn why cyberbullying impacts every generation and how to protect yourself and others.

www.bitdefender.com

Late last week, Anthropic took its new Claude Fable 5 and Mythos 5 AI models offline following a United States government export-control directive barring “any foreign national” from using the services. The company has been in talks with the White House since Friday but has yet to secure an agreement that would allow it to reinstate the offerings.

Since Mythos debuted in April, Anthropic has claimed—and warned—that the model has advanced capabilities for not only finding software vulnerabilities to help defenders patch them, but also figuring out ways to exploit them that could be used by bad actors. Anthropic itself noted this double-edged sword in its launch of Mythos 5 and Claude Fable 5. “A great deal of advanced usage of AI models is dual use: the same queries that are beneficial in the hands of cybersecurity professionals and biology researchers could be dangerous if available to malicious actors,” the company wrote in a blog post last week.

With this in mind, the company initially released a version called Mythos Preview to a select consortium as part of a working group known as Project Glasswing. Mythos 5 was also privately released to this group last week, while Claude Fable 5, which is a Mythos-grade model, was released to the general public with specific blocks on its ability to give responses to questions about biology and cybersecurity.

Then, at the end of last week, the Trump administration moved to restrict both models because it believes that Fable 5’s guardrails can be disabled to allow full access to the Mythos 5 capabilities, allegedly making it a national security risk.

Experts say, though, that this institutional clash is simply delaying or masking a hard truth: Anthropic may be the tip of the spear in this moment, but AI capabilities in general and models from multiple companies and open-weight developers will almost certainly have similar capabilities to Mythos 5 in the near future—if they don’t already.

“It’s myopic in the extreme to think that no other competitors to Anthropic will develop similar capabilities to Mythos or even that they have not already done so,” says Tarah Wheeler, chief security officer of the specialized cybersecurity consulting firm TPO Group. “There are other companies hot on Anthropic’s heels who probably have the capabilities, too, and are holding them in reserve as they see how Anthropic is being treated in the current regulatory environment.”

Anthropic itself has emphasized this point since the launch of Mythos Preview. “The real message is that this is not about the model or Anthropic,” Logan Graham, the company’s frontier red team lead, told WIRED when Mythos Preview launched in April. “We need to prepare now for a world where these capabilities are broadly available in 6, 12, 24 months.”

OpenAI, for example, also did a private release of a cybersecurity-focused model in mid-April and announced an expanded cybersecurity strategy.

Researchers note that even before this next generation of models, existing AI offerings could be used for advanced vulnerability-hunting and exploit development with a refined harness. A large group of cybersecurity leaders emphasized this to the administration in an open letter on Sunday, arguing that the White House’s export-control directive was misguided.

“It’s not one model; it’s the general trend of technology,” says Bruce Schneier, a researcher at Harvard University and the University of Toronto who has been analyzing the situation. “Smaller, cheaper, open-source models, sometimes by themselves and sometimes in concert with each other, can match Mythos/Fable’s performance with more sophisticated prompting. And we should expect other models to match Mythos/Fable’s creativity and tenaciousness within months—slightly longer for open-source models.”

What the White House and governments around the world need to focus on, experts say, is democratically developing much broader and more transparent plans for how they will contend with advances in AI capabilities on cybersecurity and in other sensitive areas as they inevitably occur.

“The policy question is not whether a technology has risk,” says Chris Wysopal, cofounder of the cloud security firm Veracode. “The question is whether a specific restriction meaningfully reduces that risk or whether it mainly slows down the people trying to make systems safer.”

Click to expand...

A few days ago, Apple quietly announced what might have seemed like a minor change to one of its most popular privacy features - and has left some users feeling that the company is pulling the rug from underneath them.

Hide My Email is a privacy feature that lets users create unique, random email addresses that forward messages to your real inbox. That means you can sign-up for websites, newsletters, and apps without exposing your personal email address.

The benefit? Well, you can simply delete the alias if a company starts sending you unwanted email - helping to reduce your exposure to spam, marketing lists, and data brokers as well as protecting your privacy.

But now Apple has announced that it plans to move all newly-generated Hide My Email aliases from the familiar "@icloud.com" domain to "@private.icloud.com" instead.

At first sight that may seem fine. The problem is, however, that one of the reasons that Hide My Email worked so well was because its aliases were indistinguishable from regular iCloud email addresses.

When a website or app received a sign-up from an "icloud.com" address it had no way to tell if it was a genuine Apple user or someone using the privacy feature to protect themselves.

However, when Apple makes you use a "@private.icloud.com" address, the ambiguity disappears. All any website or app that wants to block anonymous sign-ups now has to do is to reject any email address ending in "@private.icloud.com".

Existing addresses on the old domains will continue to work and forward mail as before, according to Apple, but all newly-generated aliases will be issued on the new domain from later this summer.

The reaction on Reddit was predictably swift, and unsurprisingly unimpressed. Many Apple users criticised the decision, saying it would make the Hide My Email feature significantly less useful for anyone trying to sign-up anonymously for services that don't want them to.

In what was perhaps a reminder to users that Hide My Email does not guarantee anonymity, it was reported earlier this year that Apple had handed over to US law enforcement the real account details of a Hide My Email user after the account allegedly sent threatening messages to the girlfriend of FBI director Kash Patel.

For now, if you already have existing Hide My Email addresses in use, they should continue to work without any changes on your part. But if you were planning to create new aliases in the future and use them as genuinely anonymous sign-up addresses, things may be about to get more complicated.

Click to expand...

Audials One 2026 SE is the best streaming recorder for music, video, radio, podcast.

Get a music collection fast and in high quality. With Audials One 2026 SE multimedia recorder, you can access, find, and save songs from any streaming provider, music video portal or internet radio station. Enjoy millions of tracks in top Ultra HD, HiFi, or Master quality. Precisely trimmed and without loss of quality – only with Audials! Want access to hundreds of songs and entire discographies? Audials One saves everything at lightning speed. You can even record while playing or by remotely controlling streaming apps. Create your own music wishlist, save hits or even entire albums and discographies on top of doing other important tasks.

Click to expand...

• ASSETS LIBRARY
  • 500+ templates for PPT and Excel
  • 6,000 vector icons and flags
  • Millions of HD pictures
  • Logo browser
  • 250 editable maps
  • Browse project tombstones
• AUTOMATE TEDIOUS TASKS
  • Clean presentations from errors
  • Replace colors in an entire deck
  • Send only selected slides
  • Agenda pages in 1 click
  • Change language in 1 click

• ONE RIBBON TO RULE THEM ALL
  • Set same width/height
  • Swap positions
  • Increase spacing
  • Stack shapes
  • Split or merge shapes
  • Position shapes symmetrically…
• ADVANCED CHARTING CAPABILITIES
  • Unlock new chart types (Mekkos, Sankey, Tornado, Waterfall…)
  • Build Gantt Diagrams easily
  • Design powerful dashboards
  • Link Excel charts and ranges to PowerPoint

Windows 11 typically follows an annual update cycle, but Microsoft recently broke that tradition a bit by releasing a "26H1" version in the first half of this year as a "scoped" build for select new silicon PCs only. This version was not available for customers using 24H2 and 25H2 builds, as Microsoft is busy preparing version 26H2 for them, confirmed officially for the first time.

In a Windows IT Pro blog, Microsoft has urged IT admins to prepare for the upcoming release of Windows 11 version 26H2. The company has confirmed that this will be a small enablement package (eKB) that will simply light up certain disabled features that are already present in the operating system's code base. This means that the "refined" Windows update and deployment experience will be simpler and quicker, with minimal disruptions, as the feature update will simply toggle a few flags rather than performing a complete replacement.

Microsoft has explained that this is all possible because the standard Windows 11 releases share the same servicing branch and hence, the same source code. However, this also means that Windows 11 26H1 users won't be able to upgrade to 26H2 as that is a different branch, but this is something we have known for a while now.

Similar to previous annual feature updates, Windows 11 26H2 will offer the following support cycles:

• 24 months of support for Home, Pro, Pro EDU, and Pro for Workstations editions
• 36 months of support for Enterprise, Education, IoT Enterprise, and Enterprise Multi-session editions

Microsoft has not confirmed a concrete release date for Windows 11 26H2, but noted that it is "coming soon". If we go by the ongoing release cadence, we can expect it to begin rolling out in early October 2026.

Click to expand...

Get ready for Windows 11, version 26H2 - Windows IT Pro Blog

Explore the next feature update for Windows 11, with familiar servicing, testing, and rollout paths.

techcommunity.microsoft.com

Have you ever received an email and, just a few minutes later, had the impression that the sender somehow already knew you had opened it? Maybe it was a marketing email that instantly followed up with another message. Maybe a newsletter suddenly became more “personalized.” Or maybe you simply noticed ads related to something you had only read about in an email… Sounds creepy? That’s because it is.

Most people don’t realize that many emails contain invisible tracking tools designed to monitor what happens after you open a message. And unlike regular ads or popups, these trackers work completely silently in the background. That’s why we’re introducing AdGuard Mail Tracking Protection, a brand-new filter designed to block email tracking pixels and protect your privacy inside email apps and webmail clients.
The new AdGuard Mail Tracking Protection filter blocks requests used to track user activity in emails. That means tracking pixels can no longer silently report back to senders when you open a message.

The filter works both in email apps protected by AdGuard and browser-based email clients through AdGuard Ad Blocker. It can help protect you while using apps and webmail services such as Apple Mail, Outlook, Spark, The Bat!, and Thunderbird.

For Gmail, and Outlook Web, effectiveness is limited: these services route email images through their own proxy servers, replacing original tracker URLs before the browser makes a request.

Apple Mail has a feature called Mail Privacy Protection (MPP) that preloads the tracking pixel automatically in the background, making open rates unreliable and often inflated.

Click to expand...

To activate the filter, you’ll need to enable the option AdGuard Mail Tracking Protection. To do it:

• In AdGuard for Windows v8, go to Protection → Ad Blocking → Filters.
• In AdGuard for Windows v7.22, go to Protection → Ad Blocking → Add a filter.
• In AdGuard for Mac, go to Settings… → Filters → + button.

For AdGuard for Android, AdGuard for iOS, and AdGuard Browser Extension, the Mail Tracking Protection filter will be included in an upcoming update.

Click to expand...

To maintain the same level of privacy protection, we recommend enabling Mail Protection Filter if you’re already using Tracking Protection Filter, as some rules have been migrated from the latter to the former.

Click to expand...

AdGuard launches Mail Tracking Protection: stop invisible trackers in your inbox

Meet the new AdGuard Mail Tracking Protection filter! It blocks requests used to track user activity in emails so tracking pixels can no longer silently report back to senders when you open a message.

adguard.com

A data breach at a Texas state government department allowed hackers to take the driver’s license information and passport numbers of more than 3 million people, according to the state’s attorney general.

The incident is one of the largest data breaches to affect the state this year.

In a data breach notice on the Texas Parks & Wildlife website, the department said the state’s cybersecurity unit recently detected a security incident — the nature of which, or when, was not specified — that allowed hackers to access the department’s license system vendor, which handles the sale of hunting and fishing licenses.

The department did not name the vendor or respond to TechCrunch’s request for comment about the incident, and whether the department has received any outreach from the hackers.

The breach also included email addresses, phone numbers, and residential addresses of the affected license holders, the department said.

Click to expand...

A recently disclosed vulnerability inc, which affects UEFI applications signed by multiple vendors, has prompted urgent recommendations to update the UEFI Forbidden Signature Database (DBX).
This issue, tracked as VU#457458 and published by CERT/CC on June 18, 2026, reveals a significant weakness in trusted firmware components. It could potentially allow attackers to execute arbitrary code during the pre-boot phase, thereby compromising platform security from the ground up.
UEFI DBX Update Targets Vulnerable Applications
The vulnerability stems from improper control mechanisms in certain signed UEFI applications, including UEFI shell utilities and GRUB2 modules, which retain privileged capabilities such as memory manipulation and NVRAM modification.
These applications are typically signed by OEM vendors and trusted via the UEFI Secure Boot Authorized Signature Database (DB).
However, researchers from ESET identified that these trusted binaries can be abused in a “Bring Your Own Vulnerable Driver” (BYOVD)-style attack, allowing adversaries to load and execute malicious code before the operating system initializes.
Secure Boot is designed to ensure that only verified and trusted code executes during system startup. It relies on cryptographic signature validation against firmware-managed databases.
However, when legitimate, signed binaries contain exploitable functionality, attackers can bypass these protections without breaking cryptographic trust. Instead, they leverage existing trust relationships, making this class of vulnerability particularly dangerous and difficult to detect.
The affected applications span multiple major vendors, including Acer, AMD, ASUS, Gigabyte, Toshiba, and others. Vulnerable components primarily include UEFI shell implementations exposing functions such as “mm,” “dmpstore,” and “setvar,” which can directly interact with memory and firmware variables.
In some cases, GRUB2 modules such as “insmod” are also affected. Each vulnerable binary has been identified with specific Authenticode and SHA256 hashes, enabling defenders to track and validate exposure within their environments.
Successful exploitation requires either administrative privileges or physical access to the target system. Once exploited, attackers can execute code during the early boot phase, before the OS and security tools are initialized.
This enables persistent compromise techniques such as loading unsigned kernel modules or implanting stealthy bootkits that survive reboots and even operating system reinstalls. Because this activity occurs outside the visibility of traditional endpoint detection and response (EDR) solutions, it significantly increases the risk of long-term undetected compromise.
To mitigate the threat, CERT/CC and security researchers recommend applying firmware updates from affected vendors that remove or patch the vulnerable applications.
Critically, organizations must also update the UEFI DBX revocation list to block execution of the identified vulnerable binaries explicitly. Without DBX updates, systems may continue to trust and execute these compromised components despite other mitigations.
This coordinated disclosure highlights the ongoing challenges in securing the UEFI supply chain, where trust relationships can become attack vectors.
It also reinforces the importance of maintaining up-to-date firmware security controls, particularly DBX updates, as a frontline defense against pre-boot threats that operate beneath the visibility of conventional security mechanisms.

Click to expand...

1. Recover Multiple File Types with a High Success Rate​

• Retrieve lost contacts, messages, call logs, photos, videos, music, and documents.
• Supports recovery from both internal memory and external SD cards.
• Restores data in original quality without modifications or damage.

2. Dual Recovery Modes for Flexible Data Restoration​

• Android Data Recovery Mode: Recovers deleted messages, call logs, contacts, videos, music, photos, and documents from the internal storage and SIM card (Root required).
• SD Card Recovery Mode: Retrieves lost files from external SD cards, allowing you to recover media files and documents in their original format.

3. Backup Data to Prevent Future Loss​

• Export data from your Android phone to your computer for added security.
• Contacts, SMS, and call logs can be saved in HTML or XML formats, preserving important details like names, numbers, email addresses, job titles, and more.
• Photos, videos, and documents can be saved in various formats, including JPG, PNG, BMP, HEIC, MP4, 3GP, M4V, EPUB, DOC, XLSX, PDF, and more.

4. Quick & Easy 3-Step Recovery Process​

5. Supports 6000+ Android Phones & Tablets​

• Compatible with almost all Android brands and models, including Samsung, Huawei, Google Pixel, HTC, LG, Sony, Motorola, ZTE, Xiaomi, and more.
• Works with all Android OS versions, from Android 6 to Android 15.
• Provides a safe and risk-free data recovery process without affecting existing files.

6. Retrieve Data Even Without a Backup​

7. Recovers Data from Different Scenarios​

• Accidental Deletion – Recover files erased by mistake.
• Factory Reset – Retrieve data lost after resetting your device.
• OS Crash & Update Failure – Recover files when an update fails or the system crashes.
• Virus Attack – Restore deleted or damaged files caused by malware.
• Corrupted SD Card – Retrieve media files from inaccessible or damaged SD cards.

• Enhance portrait photos easily with advanced AI photo enhancer.
• Fix photo exposure issues automatically.
• Automatically identifies the sky and improves it with vivid colors.
• Optimize photo colors and perfect photo tints.
• Make photos perfectly clear with smart dehaze.
• Vitalize the foliage of photos.
• Boost photo lighting and color quality.
• Optimize photo contrast for better visual effect.
• Process RAW files with auto lens correction, eye enlargement, etc.
• Fix your JPG images issues caused by compression.
• Process multiple photos as a batch with one click.

Features​

• Bulk Resizing (1000+ Images at Once)— Process entire product catalogs in a single batch operation with zero manual intervention.
  • Batch folder input — Load an entire folder of images in one drag-and-drop action; no need to select files individually.
  • Instant output generation — All resized images are written to your output folder in seconds, ready for immediate Shopify upload.
  • Scalable processing — Works equally well for 50 images or 5,000 images without performance degradation.
• Shopify-Optimized Presets (2048×2048)— Apply the industry-standard Shopify-recommended image dimension with a single click.
  • Pre-configured size templates — No manual entry required; select the Shopify preset and every image is processed to the correct specification.
  • Catalog standardization — Instantly bring every image in your store into alignment with Shopify’s best-practice dimensions for clean, fast product pages.
• Maintain Aspect Ratio or Smart Crop— Choose how StoreSizer handles images that do not match your target dimensions.
  • Aspect ratio preservation — Images are scaled proportionally, ensuring no stretching or distortion on any product photo.
  • Smart cropping mode — Automatically trims and centers images to fill the target canvas cleanly, creating consistent product grid layouts.
• JPG, PNG, and WEBP Conversion— Full multi-format support for both input files and output exports.
  • Cross-format input — Import any mix of JPG, PNG, and WEBP files from the same folder without pre-sorting.
  • Flexible output selection — Choose your preferred output format per session to match your storefront’s technical requirements.
  • WEBP optimization — Export to the modern WEBP format for the smallest possible file sizes while maintaining sharp visual quality.
• Quality-Controlled Compression— Manually set your compression level for precise control over the quality-to-filesize ratio.
  • Adjustable quality slider — Fine-tune compression from minimal to aggressive, depending on how much visual detail your product type requires.
  • No automatic quality degradation — StoreSizer does not apply hidden compression; every setting is transparent and in your hands.
  • Preview-ready output — Compressed files retain professional clarity suitable for product listings, thumbnail grids, and zoom views.
• One-Click Shopify Mode— Apply all Shopify-ready settings in a single action for rapid store-wide image refreshes.
  • Preset bundle activation — Shopify Mode applies the correct dimensions, format, and compression in one click, removing all decision-making from the process.
  • Full catalog refresh — Ideal for re-optimizing your entire product image library after a redesign or before a major product launch.
• Multi-Threaded Processing Engine— Parallel processing architecture that maximizes your CPU’s performance for the fastest possible batch output.
  • Concurrent image handling — Multiple images are processed simultaneously rather than sequentially, cutting total processing time dramatically.
  • Large catalog performance — Engineered to maintain speed and stability even with thousands of files in a single session.
• Drag & Drop Folder Support— The fastest way to load your images; just drop the folder and configure your settings.
  • Whole-folder import — Drop an entire product image directory into the app with a single mouse action.
  • No file sorting required — Mixed file types within a folder are automatically recognized and handled by the processing engine.
• Works 100% Offline— StoreSizer operates entirely on your local Windows machine with zero external dependencies.
  • No internet connection needed — Process images at any time, in any location, with no Wi-Fi or network access required.
  • No API, no cloud uploads — Your product images stay entirely on your machine, protecting proprietary catalog photography from exposure.
  • No usage limits — Without cloud metering, there are no daily caps, bandwidth limits, or session timeouts on your processing.
• Clean Windows Desktop UI— A modern, intuitive interface built specifically for Windows 10 and Windows 11.
  • Minimal learning curve — The layout is designed so new users can load, configure, and process their first batch in under two minutes.
  • Focused workflow design — No bloated menus or hidden settings; every control you need is visible and accessible from the main screen.

Mozilla's latest Firefox overhaul promises everything from built-in VPNs to AI-powered tools, yet the browser continues to lose users at an alarming rate. The question is no longer whether Firefox can innovate, but whether anyone is still paying attention.

According to Statcounter data, Firefox's desktop market share fell from 5.88% in May 2025 to 3.79% in May 2026. Mozilla’s demise, however, stretches back longer than that. Comparatively, Google Chrome currently has just over 90% of the global market share.

https://cybernews.com/tech/firefox-google-chrome-browser-chromium/

Click to expand...

"they are not abandoning firefox cz of addition of new features, they are abandoning it cz there are currently number of issues, and firefox instead of fixing them is making redesigns and adding features. While the bugs and issues should be the first priority"

Click to expand...

A security researcher known as BobDaHacker has revealed significant vulnerabilities in Frontier Airlines' booking system. These flaws enable anyone with a six-character booking code, or PNR, and a passenger's last name, both visible on every Frontier boarding pass, to access full personal records.

This information includes passport numbers, partial credit card details, and home addresses, all available through the airline's mobile API.

The issues were first reported to Frontier on March 3, 2026. As of June 18, 105 days later, the vulnerabilities remain unpatched.

What the API Exposes​

Frontier's mobile API endpoint accepts a PNR and last name, then provides a full internal booking record for each passenger on the reservation.

The data available includes full home address details such as street, city, state, and ZIP code, as well as email address and phone number.

It also reveals complete date of birth information, including for minors, along with unmasked passport details like passport number, issuing country, and expiration date. Additionally, it exposes:

• The known Traveler Number, used for TSA PreCheck, and the
• The frontier Miles loyalty number. The credit card information includes the first six digits (BIN), the last four digits, the expiration date, the cardholder name, and the full billing address.
• The payment history data, complete with authorization codes, is also present.

Click to expand...

• If Avast Free blocks a specific zero-day virus, Norton will block it at the exact same millisecond.
• If Avira makes a false-positive mistake, Avast and Norton will usually replicate that exact same mistake because they are referencing the same centralized logic platform.

• The Norton Package: Norton is heavily packaged as an "all-in-one" utility suite. It loads extensive custom system services, background identity monitors, local backup frameworks, and browser extensions right out of the box. This extra consumer packaging strains your computer's local CPU and disk storage. [1, 2, 3]
• The Avast One Architecture: Avast One was redesigned specifically to offload local computational weight. It strips out heavy local system processes and relies on immediate web-stream evaluation. It uses the same backend engine as Norton but features a vastly lighter, modernized frontend framework that requires fewer active PC resources. [1, 2]

• The K7 Advantage: K7 Ultimate Security features a true, custom-built independent packet filtering firewall. It handles network connection rules locally, which is crucial for hardening the integrated Wi-Fi on your ASUS TUF X570 motherboard. [1]
• The Avast Free Limitation: Avast Free Essential does not contain a custom independent firewall engine; it essentially serves as a control overlay wrapper for the standard Windows Firewall built into your OS.

In Operation Endgame, a major operation this week disrupted a key infection chain used by cybercriminals. Within an international cooperation, 14.971 websites infected with SocGholish malware were remediated. This malware is used by a criminal group that plays a pivotal role in international cybercrime, namely: Evil Corp.

SocGholish exploits hacked legitimate WordPress sites to spread malware to visitors, with the aim of gaining unauthorized access to their computer systems. WordPress is the world’s most widely used platform for building websites. According to WordPress, more than 43% of all websites on the internet are powered by WordPress. The login credentials of 1.4 million websites have been leaked. That means these sites are vulnerable to malware infection. About 14.971 sites that provide everyday services have been infected with this malware. This includes websites of restaurants or auto‑garages.

Maikel Rollman, National High Tech Crime Unit: 'With these actions we deprive cybercriminals of access to infected computer systems. This prevents further damage to the digital systems of citizens, businesses and organizations worldwide and limits the spread of malware. It also reduces the risk that these systems are used for cyber‑attacks on critical infrastructure and other essential societal processes. This marks the beginning of further action against SocGholish.'

14.971 websites remediated and disruption of the SocGholish botnet​

In the past few days, the Netherlands (NHCTU), Canada (RCMP), the United States (FBI) and Germany (BKA), with support from Europol and Eurojust, delivered a major blow to SocGholish’s criminal infrastructure during a joint action week.

Worldwide, 106 servers and domains were taken down. 14.971 websites have been remediated. In addition, the following actions were carried out:

• Cleaning infected WordPress sites and victim notification, urging previously infected WordPress owners to update their sites and change their login credentials.
• Disabling the SocGholish botnet by taking over domain names and taking servers offline.
• Victim notification for owners of WordPress sites whose leaked login credentials were identified by the police, via HaveIBeenPwned, DIVD, Spamhaus, CheckjeHack, NoMoreLeaks, The Shadowserver Foundation and NCSC (Netherlands).

Click to expand...

Cybercriminals have compromised tens of thousands of Fortinet firewalls and VPNs used by major companies all over the world, according to two cybersecurity firms.

The widespread hacking campaign, which is ongoing and has been dubbed FortiBleed, appears to not involve abusing any unknown vulnerability in the targeted devices, but rather on a more basic issue: Companies may not be changing passwords to the firewall, nor making sure that the credentials they use for sensitive systems exposed on the internet are not already known by hackers.

In this campaign, hackers are first using automated tools to scan the internet for exposed Fortinet firewalls and VPNs. Then, they are breaking into the devices thanks to lists of previously known passwords. At that point, the cybercriminals can steal more sensitive data from the victim companies, cybersecurity firms Hudson Rock and SOCRadar wrote in their reports that they published this week.

“Once a device is compromised, [the hackers] use it as a listening post, monitoring traffic passing through and collecting any additional credentials that flow by. Those freshly collected passwords are then fed back into the scanner to compromise even more devices. The system feeds itself,” SOCRadar wrote.

Fortinet spokesperson Tiffany Curci told TechCrunch that the company “is aware of a reported third-party credential-harvesting campaign targeting Fortinet firewalls and VPN gateways.” Fortinet said that based on the company’s analysis, the data involved is “a resharing of data from previous incidents, as well as bruteforcing of credentials, and is not related to any recent incident or advisory.”

Hudson Rock said they found evidence that suggests more than 73,000 unique Fortinet URLs have been hacked, while SOCRadar said the total of hacked devices is more than 30,000.

According to Hudson Rock, the hacked companies include: Accenture, Comcast, Foxconn, Lenovo, Oracle, Samsung, Siemens, and PwC.

A Lenovo spokesperson acknowledged receipt of TechCrunch’s request for comment but did not respond. None of the other companies responded to a request for comment.

According to both Hudson Rock and SOCRadar, the countries with the most affected devices are India, the United States, Taiwan, and Mexico. But both companies say there are victims all over the world. As for industries, the most affected ones are IT services, construction materials, and telecommunications, according to Hudson Rock. Government agencies are also among the victims, per SOCRadar. Both cybersecurity companies said the group behind the hacking campaign appears to be Russian-speaking.

Hudson Rock and SOCRadar’s reports are based on the discovery of a list of credentials for Fortinet devices and associated companies. This hacking campaign was first reported by security researcher Bob Diachenko over the weekend. Independent cybersecurity researcher Kevin Beaumont said in a blog post on Wednesday that he analyzed the data and confirmed the data “is legit.”

In recent years, several hacking campaigns have targeted and compromised Fortinet devices, usually abusing vulnerabilities in those systems. Instead, in this case, the hackers are relying on leaked passwords, a simpler and less sophisticated attack.

Click to expand...

A vast compilation of 56 million email addresses and 124 million unique passwords has been added to the Have I Been Pwned database. This isn't a new breach but an alarming aggregation of credentials from countless past infostealer malware attacks. These "infostealers" are widespread, with billions of records compromised, enabling cybercriminals to launch credential stuffing attacks, particularly targeting users who reuse passwords. Experts urge immediate action: check HIBP for your details, change any compromised passwords, enable two-factor authentication, and adopt a password manager for unique, strong credentials. Consider switching to passkeys where available for superior security.

Click to expand...

124 Million Unique Passwords Exposed In New Infostealer Log Dataset

A new collection of 124 million unique passwords from hundreds of millions of malware stealer log records has been confirmed by the Have I Been Pwned service.

www.forbes.com

Features​

• All‑in‑One Windows Recovery— Unified recovery for deleted, formatted, and lost files across common storage types.
  • Quick Scan — Fast pass for recently deleted items to get files back in minutes.
  • Deep Scan — Sector‑level analysis to rebuild file structures and recover difficult cases.
  • Partition Recovery — Locate and restore files from lost or formatted partitions.
• Broad Format Support — Recognize 5,000+ file formatsacross documents, photos, video, audio, and archives.
  • Documents — DOCX/PDF/XLSX/PPTX/EPUB/RTF/ODF recognized for quick office recovery.
  • Photos & RAW — JPG/PNG/TIFF/HEIC plus RAW formats (CR2/CR3/NEF/ARW/RAF/DNG/PEF).
  • Video — MP4/MOV/MKV/AVI/WMV/FLV/WEBM and pro formats (MXF/MTS/TS/R3D/CRM).
  • Audio — MP3/M4A/AAC/WAV/FLAC/OGG/AIF/AIFF/WMA and more.
  • Archives — ZIP/RAR/7Z/TAR/ISO with common variants.
• Device & Media Coverage— Work confidently across internal and external storage.
  • HDD/SSD — Recover from desktop and laptop drives, including SATA, NVMe, and external enclosures.
  • USB & Memory Cards — Support for USB flash drives, SD/microSD/CF cards used in cameras and drones.
  • Mobile & Portable — Recovery paths for devices used with iOS, iPadOS, and Android ecosystems.
• Guided 3‑Step Workflow— A clear process that saves time.
  • Download & Install — Lightweight installer gets you up and running quickly.
  • Scan Your Device — Choose a drive or card and let the engine analyze it for recoverable items.
  • Preview & Recover — Validate files via preview and restore to a safe location.
• Intuitive Interface for Everyone— Clear layouts and controls reduce mistakes.
  • File‑Type Filters — Narrow results by category to find what matters first.
  • Search & Sort — Locate files by name, type, size, or modification date.
  • Progress & Health Indicators — See scan status and drive conditions at a glance.
• Reliability for Real‑World Projects— Practical features that protect outcomes.
  • Read‑Only Scanning — Non‑destructive scans protect the source device.
  • Session Resume — Pick up where you left off after an interruption.
  • Integrity Checks — Validate recovered files automatically to confirm usability.
• Advanced Recovery Tools— Extra control when you need it.
  • Raw File Carving — Identify recoverable data by signature when directories are missing.
  • Bad Sector Handling — Work around problematic regions to continue scans.
  • SMART Awareness — Read drive health data to avoid stressing fragile media.
• Performance You Can Feel— Optimizations that shorten wait times.
  • Multi‑Threaded Engine — Analyze multiple regions in parallel for speed.
  • Adaptive Heuristics — Adjust scan strategy based on device type and errors.
  • Cache‑Aware Passes — Minimize redundant reads to protect SSD lifespan.
• Protection for Future Losses— Learn and safeguard going forward.
  • Recovery Tips Panel — Contextual advice helps avoid repeat issues.
  • Safe‑Save Guidance — Prompts to save to a different drive to protect data.
  • Backup Reminders — Gentle nudges to set up regular backups after recovery.

Clipper malware relies on stealing clipboard data and parsing it for valuable assets.

The clipper in this campaign relies on Windows Script Host and ActiveX-driven logic to launch a bundled Tor proxy and poll a hidden-service C2 server. It carries out high-frequency clipboard theft, screenshot exfiltration, and wallet-address substitution.

Crypto Clipper uses Tor and worm-like propagation for persistence and control | Microsoft Security Blog

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, Tor-based communications, and worm-like propagation. Beyond stealing cryptocurrency transactions, the malware establishes persistent access and enables follow-on activity...

www.microsoft.com

The execution of this clipper is notable because it does not depend on a traditional installer or exposed IP-based C2 infrastructure. Instead, it deploys a portable Tor client, routes traffic through a local SOCKS5 proxy, and blends data theft with remote code execution, turning a financially motivated stealer into a lightweight backdoor.

For defenders, the strongest signals are behavioral: script interpreters spawning suspicious child processes, localhost:9050 proxy usage, screen-capture commands in PowerShell, and signs of clipboard inspection or crypto-address replacement.

Microsoft Defender for Endpoint detects multiple components of this threat such as Suspicious JavaScript process and Possible data exfiltration using Curl. Additionally, Microsoft Defender Antivirus detects this crypto clipper as Trojan: Win32/CryptoBandits.A.

Click to expand...

GitHub rejected two formal vulnerability reports identifying design flaws that researchers say are enabling variants of the Shai-Hulud supply-chain worm to infect and compromise hundreds of software packages and developer accounts worldwide.
The reports, submitted by threat intelligence group Deep Specter Research through GitHub’s bug disclosure channel on HackerOne, were both closed as ineligible and not presenting a security risk, despite the ongoing threat posed by the worm.
Although the hacking tool originated with the TeamPCP cybercrime group, copycat entities have emerged using slightly different versions since the original code was published in early May. Over the last few months, these variants have been linked to breaches at the European Commission, AI recruiting firm Mercor, the LiteLLM package, GitHub itself and Red Hat.
Deep Specter told Recorded Future News that its investigation, conducted using only public data, confirmed 516 malicious packages were currently live across five ecosystems including npm, PyPI and RubyGems, with more than 3,000 affected GitHub repositories and over 200 compromised developer accounts.
The figures were described as a floor by Deep Specter, which noted in a technical report that GitHub's code search does not index files above a certain size threshold, rendering the worm's primary payload — a roughly 4.6 MB obfuscated file — invisible to automated scanning.
The company said its first report to GitHub concerned how GitHub handles commit timestamps, allowing whoever pushes the code the freedom to backdate when they added it to a repository. Deep Specter said the worm uses this feature to make recently added malicious changes appear like routine edits from years earlier, evading defenses that look in a repository's history for recent suspicious activity.
GitHub told the researchers that commit timestamps are client-supplied metadata by design and that the underlying security issue was the compromised credentials used to push the code, not the timestamp.
Deep Specter’s second report concerned who was identified as the author of these commits. GitHub displays the name, photo and username of the authors as if they were confirmed, but in practice the fields are freely set by the attacker and never verified. The worm uses this to make malicious commits appear to have been made by trusted engineers who never touched the code.
GitHub told researchers that arbitrary author metadata is a property of the git version control system, not a GitHub vulnerability, and that its bug bounty program documentation explicitly lists commit author impersonation as a known ineligible finding.
The company pointed Deep Specter to GPG and SSH commit signing and its opt-in Vigilant Mode as available mitigations. The developers whose identities were forged in the Shai-Hulud campaign had not enabled those controls.
GitHub does record which account actually pushed each commit — data that cannot be forged — in its Events API, but does not display it on the commit page visible to reviewers. That record expires from public view after approximately 90 days. Deep Specter raised the security value of improving the visibility of these records, but GitHub described that as a feature request rather than a security fix.
As of June 16, Deep Specter said 1,729 throwaway repositories created by the worm to store stolen credentials remained live on GitHub, alongside 151 repositories still serving active malicious payloads — figures the company described as a snapshot of public data on that date.
Last week, Microsoft released fixes for more than 200 security flaws — the largest Patch Tuesday in the program’s history — in the latest sign of how artificial intelligence is reshaping the world of vulnerability discovery and mitigation.
It comes as Microsoft faces renewed criticism over its disclosure policies, with the company recently forced to clarify it had “no intention to pursue action” against security researchers after sparking outcry from the security community.
Researchers have repeatedly complained that the company has unjustly dismissed their vulnerability reports and, under the Biden administration, was described as presiding over a cascade of security failures allowing hackers to break into government systems.
Another researcher recently published a separate GitHub token-stealing exploit targeting Microsoft repositories in the same period, underscoring the breadth of credential-theft activity targeting the platform. The researcher made the exploit public due to their dissatisfaction with how Microsoft handled security reports.
Neither GitHub nor its parent company Microsoft responded to requests for comment.

Click to expand...

Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages.

Infected wallpapers can lead to hijacking Steam accounts, compromising the system with a backdoor, or running cryptomining processes.

Steam Workshop is a built-in content-sharing platform on Valve's Steam gaming service where users can upload and download community-created content for games and applications.

The content includes mods, maps, skins, save files, tools, and other user-generated content such as wallpapers.

Malware in the wallpaper

Click to expand...

Steam Workshop abused to spread malware via Wallpaper Engine app

Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages.

www.bleepingcomputer.com

London, United Kingdom, June 17th, 2026, CyberNewswire

New research from cybersecurity company Heimdal finds 29% of US executives say AI risk is under control, against 7% of the practitioners running it day-to-day. Across 1,000 IT professionals in the UK and US, AI adoption has outpaced security controls by roughly two to one.

Heimdal today published The State of AI Risk Management in 2026, a survey of 1,000 IT professionals across the United Kingdom and the United States.

The report’s headline finding is a divide inside the same organizations: the closer a person sits to the day-to-day running of AI, the less confident they are that the risk is contained. In the US, 29% of C-suite and VP respondents say their organization has AI risk under control, against 7% of the mid-level practitioners managing it.

In the UK, the gap runs the same way, 18% to 11%. Both gaps are statistically significant.

AI tools are already present across most IT estates, and most teams run several at once.

The controls have not kept pace. Across both markets, the report finds adoption has outrun security controls by roughly two to one.

The survey also records a counterintuitive pattern: the teams that see their AI use most clearly are the most concerned about it, not the least.

Heimdal’s report describes visibility as the diagnosis rather than the cure.

Click to expand...

Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It

London, United Kingdom, 17th June 2026, CyberNewswire

hackread.com

According to a warning from the FBI's Internet Crime Complaint Center (IC3), scammers are increasingly dispatching real-world couriers to collect cash directly from victims' homes and public meeting locations as part of cryptocurrency investment scams.

The tactic adds a troubling offline component to a scam category that already costs victims billions of dollars each year.

Key takeaways
The FBI warns that cryptocurrency investment scammers are using couriers to collect cash from victims in person
The interaction typically starts on social media
Victims are often persuaded to invest via fake crypto platforms that display fabricated profits
Criminals may claim cash pickups are necessary because banks blocked transfers or because additional fees are required to unlock funds
Older adults are frequent targets
Data from the Bitdefender 2025 Consumer Cybersecurity Survey shows that social media is fraudsters’ preferred scam-delivery system
Victims are urged to report incidents to IC3 and preserve all evidence
How the scam works

Click to expand...

Crypto investment scam sends couriers to collect victims' cash, FBI warns

The FBI warns that cryptocurrency investment scammers now use couriers to collect cash from victims in person.

www.bitdefender.com

Summary​

Your phone number is a significant cybersecurity risk. Experts warn that while a number alone isn't direct access, it's a critical gateway for fraud, identity theft and account takeover. Scammers leverage numbers for spam, robocalls and more dangerously, SIM swapping, which can occur if a scammer convinces your mobile carrier into transferring your phone number to a new SIM card. Other threats include porting-out scams, subscriber fraud and phone cloning. If compromised, immediately contact your carrier, secure all online accounts with strong passwords and app-based multi-factor authentication, and report to authorities. Protect your number by limiting its public exposure and never sharing personal information with unknown callers.

Click to expand...

7 Ways Your Phone Number Can Be Used Against You

Your phone number can be used for more than calls and texts. Learn what hackers can do with it, common scams to watch for, and how to stay protected.

www.forbes.com

Amos Stealer targets macOS users through fake downloads, stealing Keychain files, browser passwords, cookies, and developer configs for data theft.
Amos Stealer, an information-stealing malware, is targeting Apple Mac computers to steal private data, according to new details from cybersecurity research firm CyberProof. Threat actors are, reportedly, actively using this malware family to run financially motivated campaigns by compromising macOS environments.

Although Amos Stealer is not new, in the latest campaign, the threat actors are distributing the infostealer through deceptive software downloads, fake websites, and social engineering lures.

Once inside a Mac, it searches for valuable files across system directories. It then collects stored passwords, session cookies, and autofill form information from Google Chrome and Microsoft Edge browsers.

Silent Download Methods

Click to expand...

Amos Stealer Targets macOS Keychain Files and Browser Passwords

Amos Stealer targets macOS users through fake downloads, stealing Keychain files, browser passwords, cookies, and developer configs for data theft.

hackread.com

• Collaboration
  • Share links and File requests
  • Invite users to shared folders
  • Get detailed stats for your links
  • Brand your shared links
• Security
  • TLS/SSL channel protection
  • 256-bit AES encryption for all files
  • 5 copies of files on different servers
  • Option for an extra layer of encryption

• Access and Synchronization
  • Automatic Upload of your Camera Roll
  • HDD extension through pCloud Drive
  • Selective offline access
  • Automatic sync across multiple devices
• Media and Usability
  • Built-in video player
  • Video streaming
  • Built-in audio player with playlists
  • Unlimited file size and speed

• File Management
  • File Versioning
  • Data recovery
  • Remote Upload
  • Online document preview
  • Rewind account
• Backups from:
  • Dropbox
  • Facebook
  • Instagram
  • OneDrive
  • Google Drive

UK Prime Minister Keir Starmer has announced that children under 16 will be banned from using a range of social media platforms, including Snapchat, TikTok, YouTube, Instagram, Facebook, and X.

The ban is expected to come into effect early next year and places the UK within a broader international effort to strengthen online safety rules for minors.

Services such as YouTube Kids and messaging apps like WhatsApp and Signal are not included in the ban. Enforcement will focus on technology companies rather than children directly.

Platforms that do not take sufficient measures to prevent under-16s from accessing their services could face multimillion-dollar fines.

What the UK Social Media Ban Covers for Under-16s​

The platforms covered by the ban include:

• Snapchat,
• TikTok,
• YouTube,
• Instagram,
• Facebook, and
• X (formerly Twitter).
• Platforms like YouTube Kids and messaging services such as WhatsApp and Signal are not included.

The UK is adopting a model similar to Australia's, which last year became the first country to ban under-16s from creating social media accounts.

Click to expand...

Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People's Republic of China (PRC)-nexus threat actor, targeting institutions in the North American academic, medical, and military research community. While remaining undetected for over a year, the threat actor compromised externally facing web applications, deployed bespoke malware, pivoted to sensitive internal systems, and abused enterprise administrative tools for covert data exfiltration. The threat actor had broad collection aspirations, including sensitive defense intelligence related to national security, Indo-Pacific command operations, artificial intelligence, uncrewed vehicle systems, cyber offensive programs, and medical research.

GTIG disrupted the malicious infrastructure associated with this threat actor. Working with Mandiant Consulting, we notified the affected organizations upon detection and offered our assistance with remediation.

Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research | Google Cloud Blog

UNC6508 leveraged Google Workspace compliance rules and REDCap vulnerabilities for intelligence collection.

cloud.google.com

Chinese UNC6508 compromised North American medical research institutions for over a year, deploying custom INFINITERED malware to harvest credentials and exfiltrate sensitive AI, defense, and medical intelligence via novel email compliance rule abuse.Campaign targeting diverse medical entities including military health institutions and premier academic centers:• INFINITERED malware trojans legitimate REDCap files, persists through upgrades, captures credentials in database table with "xc32038474a" prefix• Novel technique: "Patroit" compliance rule silently BCC-forwards matching emails to BebitaBarefoot774[@]gmail[.]com for covert exfiltration• Targets AI research, Indo-Pacific operations, cyber programs, and Chikungunya virus research (linked to 2025 China outbreak)• Uses sophisticated OpSec: US-based OBF networks, residential proxies, mass-created Gmail accounts• Attack chain: REDCap exploitation → credential harvesting → domain admin pivot → compliance rule creation

Click to expand...

Euro-Office is being launched as Europe’s answer to Microsoft Office and Google Docs to reduce reliance on US tech. Yet it could be vulnerable to Russian modifications, according to Cybernews analysis.

Key takeaways:
Euro-Office, marketed as Europe’s answer to Microsoft Office, is mostly based on code from OnlyOffice, a Russian-linked open-source project, raising security concerns.
Despite a formal split, Euro-Office continues to import changes from developers operating in Russian time zones, with European contributions making up only a tiny portion, according to Cybernews analysis.
The project’s reliance on Russian-origin code and ongoing disputes with OnlyOffice spark doubts about Euro-Office’s claims to digital sovereignty and independence from Russian influence.
Euro-Office developers say they are thoroughly reviewing the OnlyOffice codebase, aiming to build a more open, trustworthy, and community-driven alternative.
ng to build a more open, trustworthy, and community-driven alternative.
Euro-Office is a fork of an open-source software developed by OnlyOffice, a Russia-linked project, and has been transparent about it. In March, it announced a split, promising to “liberate” the OnlyOffice codebase and citing both technical and geopolitical reasons for the move.

However, the vast majority of the code that Euro-Office runs on – and continues to import – appears to be written by developers working on Russian time-zone settings, a Cybernews analysis of its source code shows.

Only a fraction of the code can be attributed to the European consortium behind Euro-Office, mostly to German firm Nextcloud, while up to 99% can be traced to work performed on Russian clocks, the findings suggest.

Click to expand...

The probe, led by New York and California, is examining issues including user engagement, data practices, safety safeguards, and the company's handling of interactions involving minors.

OpenAI says it takes the concerns seriously and is cooperating with investigators while highlighting new protections for younger users.

A coalition of state attorneys general has opened a broad investigation into OpenAI, the maker of ChatGPT, amid growing concerns about the potential effects of artificial intelligence on children, teenagers and other vulnerable users.

The investigation, led by New York and California, centers on whether OpenAI's products adequately protect users from harm and whether the company has been transparent about the risks associated with its technology. New York Attorney General Letitia James recently issued a subpoena seeking documents related to OpenAI's advertising practices, user engagement and retention, handling of consumer and health-related data, activities involving minors and seniors, and internal policies governing its AI models.

According to reports, the multistate inquiry is examining how ChatGPT interacts with young users, whether its design encourages excessive use, and the effectiveness of safeguards intended to prevent harmful conversations or advice. Investigators are also reviewing how the company collects and uses consumer information and whether existing protections are sufficient for children and other at-risk populations.

Click to expand...

States are probing OpenAI’s impact on children and vulnerable users

A coalition of state attorneys general has launched a sweeping investigation into OpenAI, focusing on ChatGPT's impact on children, teenagers, seniors

www.consumeraffairs.com

• Transfer Android Data to Computer: Move contacts, messages, photos, videos, music, and documents from your Android device to a computer for backup.
• Import Files to Android Devices: Add files from your computer to your Android phone or tablet quickly and easily.
• Manage Contacts and SMS: view, edit, delete, and export contacts and text messages directly from your computer.
• Backup and Restore Android Data: Create a full backup of your Android data and restore it to your device whenever needed.
• Preview Files Before Transfer: Check contacts, messages, photos, and other files before choosing what to transfer.
• Organize Media Files: Manage music, videos, photos, and other media files on your Android device with simple tools.
• Supports Many Android Devices: works with a wide range of Android phones and tablets from popular brands.
• Simple and Easy Interface: provides a clear layout that makes Android data management easier, even for new users.

• Automation and Bulk Capture: Capture screenshots of multiple web pages in bulk, streamlining your workflow and saving time.
  • Website to PDF: Convert entire web pages into PDF format, preserving layout and content for easy sharing and printing.
  • Website to PNG: Capture website interfaces and save them as PNG images, maintaining visual quality and transparency.
  • Website to JPG: Transform web pages into JPEG images, ideal for efficient storage and sharing while retaining image clarity.
  • Webpage Snapshot: Capture a snapshot of a webpage at a specific moment, capturing its current appearance for analysis or documentation.
• Diverse Output Formats: Save captured screenshots in various formats, including PDF, PNG, and JPEG, to suit your specific needs.
• Intuitive Interface: User-friendly interface that makes the tool accessible and easy to navigate for users of all skill levels.
• HTML File and URL Input: Input options for both HTML files and URLs, allowing you to capture snapshots from different sources.
• Output Customization: Tailor output snapshots by choosing preferred formats, orientations, and destination directories.
• Orientation Options: Select between portrait and landscape orientations for your captured website snapshots.
• Destination Directory Selection: Choose where the captured screenshots will be saved, ensuring organized storage.
• High-Quality Screenshots: Capture website interfaces with exceptional clarity and detail, preserving the original design.
• Chromium Integration: Leveraging the power of Chromium for accurate and enhanced rendering of web pages.

Ashampoo® Windows 11 AdBlock

Ashampoo Windows 11 AdBlock: The stress-free solution to block ads

www.ashampoo.com

Bing Results in Search​

Notification Suggestions​

A German court has ruled that Google can be held directly responsible for false answers produced by its AI Overview feature. This decision could have important consequences for tech companies that operate AI-powered search services.

The ruling was made by the 26th civil chamber at the Munich Regional Court, which handles press and defamation cases.

The case was brought by two publishers based in Munich, who claimed that AI Overview falsely connected their companies to fraud, questionable business practices, and subscription traps.

They said the AI mixed their information with that of other genuinely suspicious companies and created false links that were not supported by the sources attached to Google's response.

Click to expand...

Added​

• Add port setting for LWO obfuscation.
• Add list of recent server selections in the select location view.
• Add context menu to locations in the select location view.
• GotaTun is now used as the userspace WireGuard implementation on all desktop platforms, not just
  macOS. It replaces wireguard-go.

Changed​

• Optimize LWO performance. This gives a 1.5 to 3 times speedup in our benchmarks.
• Change default retry connection attempts. LWO is now the third default
  constraint. The relative order among the following constraints is preserved.

Linux​

• Switch memory allocator to jemalloc to reduce fragmentation.
• mullvad-early-boot-blocking.service now waits for local file system to be mounted
  (After=local-fs.target). This was assumed before, but not required (and is still not required).
• mullvad-daemon now installs the same shutdown handler for SIGHUP as SIGINT and SIGTERM.
• mullvad-daemon now exits without tearing down firewall rules on SIGUSR1.
  This is used to avoid leaking network traffic when restarting systemd service.

macOS​

• Restart the GUI after an update if it was running.
• mullvad-daemon now installs the same shutdown handler for SIGHUP as SIGINT and SIGTERM.

Fixed​

• Fix duplicate "Connected"/"Disconnected" desktop notifications caused by the daemon sending
  multiple consecutive tunnel state events for the same state.
• Fix GUI appearing stuck in "Disconnecting" state when daemon transitions directly from error to
  disconnected.
• Fix QUIC obfuscation not always being used if relays only had IPv6 addresses for QUIC.
• Fix a bug with Shadowsocks-based API access methods where some ciphers were configurable by
  Mullvad VPN clients while not being supported by the system service.
• Fix IPv6 addresses not being allowed as endpoints for Socks5 and Shadowsocks API access methods.

Linux​

• Fix 'mullvad split-tunnel clear' getting stuck.

Windows​

• Fix potential access violation during cleanup on ARM64.
• Fix conflicts caused by some other VPN clients that depend on Mullvad's split tunnel driver. Note
  that split tunneling still cannot be used simultaneously in different clients.
• Fix timeout when loading split tunnel driver during boot.

Security​

• Remove ability for renderer process to execute arbitrary binaries. This is a defence-in-depth
  measure to ensure that the renderer process does not have any capabilities beyond that of a
  regular user of the app. Affects platforms with the in-app updates feature, i.e. macOS and
  Windows. Fixes GHSA-h72f-j6r4-c3jc

Click to expand...

Release 2026.3 · mullvad/mullvadvpn-app

This release is for desktop only. Here is a list of all changes since last stable release 2026.2: Added Add port setting for LWO obfuscation. Add list of recent server selections in the select loc...

github.com

• Manage Microsoft Defender Exclusions
• Lock and Protect Policies

Spoiler: Screenshots

Potentially impacting all AI search engines and chatbots known to poorly paraphrase source links, a German court has ruled that Google is liable for false statements in AI Overviews.
The preliminary ruling came in a case flagged by The Decoder, where two publishers found that Google’s AI Overviews incorrectly linked them to scams and other sketchy business practices. After smearing publishers by making affirmative statements like “Yes, [it] is known for dubious business practices and is often perceived as a scam,” Google failed to correct the misleading output, even after the publishers sent a cease-and-desist letter earlier this year.

Google tried the usual arguments to shield itself from liability for false statements in AI Overviews, such as arguing that most users understand that AI outputs aren’t always accurate and must be verified.

But the court found that, unlike traditional search engines that merely present lists of links to third-party statements, Google’s tool made “independent, new, and substantive statements” based on its own misinterpretation of links on the Internet.

That’s a problem, the court said, because while publishers may have been able to sue to stop third parties from publishing defamatory statements appearing in Google search results, only Google can correct the underlying algorithm and outputs displayed in AI Overviews. And because, at least initially, the company did not, it therefore “must be held accountable,” the court ruled. Beyond that, Google’s argument was deemed particularly weak, since the AI overview in this case “contains statements that do not appear in the search results at all.”

The court’s order—requiring a temporary injunction barring Google from spreading the false claims in any further AI Overviews—may have global implications, as the court seems to be the first to hold an AI firm liable for AI speech.

In the past, AI firms have hoped that disclaimers warning about misinformation would protect them from lawsuits over untrustworthy outputs. Last year, one chatbot maker even argued that AI speech is its own category of “pure speech” and the First Amendment should protect it.
According to a Google translation of the German court ruling, however, the false outputs were “primarily an expression of the defendant’s commercial activity,” and the AI tool’s “opinions” and false statements were capable of impacting public opinion.

The court concluded that, in weighing the balance, publishers’ interest in removing the false information outweighed Google’s commercial speech rights.

AI is not necessary to search the web
Historically, any potentially harmful content surfaced by search engines has been protected from direct liability because that surfacing was considered largely unavoidable when helping users sort through an enormous tangle of information online. But the German court emphasized that AI search engines do not enjoy those same protections because AI summaries merely provide “an additional function—one without which the use of the search engine would still be (and is) possible, and without which users are perfectly capable of finding results amidst the ‘flood of data.’”
In other words, nobody needs AI to search the Internet, so AI firms can’t just let their tools attribute false claims to fake sources without assuming any liability.
The court also seemed to take a dig at Google for expecting users not to “blindly trust” AI overviews, noting that the AI tool’s utility “would be significantly diminished if the ‘AI overview’ were generally regarded as unreliable and if every single displayed link required independent verification.”

It seems clear that’s not how people approach AI search tools. The Decoder noted a Pew survey last July showing most people don’t click on AI Overview source links, as well as a May analysis published by The New York Times that showed that AI Overviews with the current Gemini 3 model are inaccurate about 9 percent of the time and include inaccurate source links about 56 percent of the time.

Together, these findings suggest that Google’s AI tool may be cranking out millions of wrong answers daily, with few users verifying the information. Should other courts agree that tech firms are liable for any defamatory outputs emerging from this experimental period of AI search chaos, the biggest AI leaders could find themselves soon buried in lawsuits.
It remains unclear if Google expects to appeal or perhaps start addressing requests to fix false statements in AI Overviews more quickly following the ruling.
Google will likely fight the preliminary ruling. Asked for comment, a Google spokesperson told Ars that “we invest deeply in the quality of AI Overviews to ensure that the overwhelming majority of responses provide accurate information, and they are designed to reflect the information that exists on the web. We’re carefully reviewing this decision, which is not yet final.”

Click to expand...

Next time you visit your grandparents, you might want to put your headphones away. Cardiologists have long warned about the risks smartphones, headphones and other consumer devices pose towards cardiovascular implantable devices (CIDs). Concerns revolve around the magnetic fields these devices emit, which can inadvertently trigger a magnet-safe mode on defibrillators and pacemakers that potentially prevents them from detecting tachycardia or other cardiovascular irregularities.

Modern CIDs are designed to automatically switch into this mode when near strong magnetic fields to ensure patient safety during magnet-intensive medical procedures like MRIs. And while CIDs are designed to return to normal after the magnetic field is removed, even a temporary disruption can have major consequences.

For those whose hearts have yet to become bionic, CIDs typically switch into magnet mode when they encounter a magnetic induction field of 10 Gauss or more. For reference, your aunt's souvenir fridge magnet from her trip to Palm Beach likely emits a magnetic field of 100 Gauss. A relatively manageable problem when CIDs were first designed, the mass proliferation of small rare-earth magnets across consumer electronics has begun to pose unique risks to medical implants.

Scientists have begun to quantify the effects smart devices can have on CIDs. One 2022 study found that the magnetic fields of Apple's AirPods are strong enough to trigger magnetic modes in implanted cardiovascular devices. Published in Circulation: Arrhythmia and Electrophysiology, the study found that the magnetic fields of devices like AirPods, iPhone 12 Pro Max, Apple Pencil and Microsoft Surface Pen disrupt defibrillators, pacemakers and other CIDs. These results mirror those found in similar electronics, including cell phones, smart watches and electronic cigarettes.

It's important to note that these reports don't necessarily preclude those with heart conditions from using AirPods. While patients are always advised to prioritize the suggestions of their cardiologist, Apple's support page recommends that customers keep AirPods and other electronic devices at least 6 inches away from their cardiovascular device. And while this means you probably can't blast Childish Gambino while listening to your grandmother's heartbeat, it also isn't a death knell for seniors who rock AirPods, either.

The FDA, for its part, offers several suggestions for consumers with CIDs when they're handling electronic devices. First, always keep electronic devices at least six inches from a CID. This unfortunately means those with heart conditions will need to refrain from carrying their smartphones and AirPods in their front shirt pockets. Although "substitute teacher chic" is in vogue, nixing such fashion choices from your wardrobe could ensure you don't accidentally disrupt your pacemaker's settings. If concerned, the FDA suggests consulting your home monitoring system to ensure your CID is operating properly. Those experiencing dizziness, loss of consciousness, or any other heart-related symptoms should consult with their physician immediately.

Read More: Why your cardiologist might tell you to skip AirPods - Engadget

Click to expand...

In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords.

The cybercrime operation used AI and distributed phishing kits for campaigns impersonating various trusted brands in texts sent through AT&T, T-Mobile, and Verizon.

Outsider Enterprise has been active since at least 2023 and operated at a massive scale, with Google linking to it 9,000 fake websites and more than a million fraudulent URLs.

Authorities believe that phishing campaigns powered by Outsider Enterprise led to stealing more than 3.8 million credit card records, causing an estimated $1.9 billion in losses.

[subtitle]

The action against Outsider Enterprise has technical and legal components and is part of the FBI's larger Operation Riptide that targets cybercrime activity and infrastructure.

During the technical takedown, the FBI and partners seized multiple administration servers, a Shopify e-commerce storefront, and an account the threat actor used to test the phishing service.

Click to expand...

FBI disrupts massive AI-powered phishing service using a million URLs

In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords.

www.bleepingcomputer.com

Release v1.17.8 / 5.72.8 Latest
Sandboxie Plus 1.17.8 / Sandboxie 5.72.8 is now available with a collection of compatibility improvements, stability fixes, and quality-of-life enhancements.

This release introduces a new configuration option, DisableCustomTitleOpt, which gives users finer control over Sandboxie’s window title marking behavior. In the past, Sandboxie intentionally avoided adding its sandbox indicators to certain applications that use heavily customized title bars, such as those built with Delphi VCL, Qt, or Electron, because doing so could trigger excessive Desktop Window Manager repaints and high CPU usage. With the new option, advanced users can selectively re-enable title markers for these applications when desired.

The bundled ImDisk driver has also been updated to version 3.0.2, bringing the latest improvements and fixes from the upstream project.

Several issues reported by the community have been addressed in this build. Logging has been refined to suppress entries related to expected non-user security identifiers, helping reduce unnecessary noise in the trace logs. A problem affecting the "Run as Administrator" functionality, which could result in SBIE2218 and SBIE2219 service errors, has been corrected. In addition, a compatibility issue that could cause Windows Explorer to crash inside an Application Compartment environment when Huorong Security software was installed has been resolved.

For a full list of changes please review the change log.

You can support the project through donations, any help will be greatly appreciated.
If you have issues with an update installation, just uninstall the previous version keeping the sandboxie.ini and reinstall the new build.

https://github.com/sandboxie-plus/Sandboxie/releases/tag/v1.17.8
https://www.wilderssecurity.com/threads/sandboxie-plus-v1-17-8.460111/

Click to expand...