Your Daily Dose of Cybersecurity News

Cybercrime

Scattered Spider Hackers Plead Guilty on Day 1 of Trial Cybercrime

According to the NCA, the cyberattack at TfL forced all 28,000 employees to visit their local offices to reset their passwords and caused £29 million...

Jun 23, 2026 · SecurityXP

Cloud Security

AWS Warns Outbound Traffic Blind Spots Can Enable Cloud Data Exfiltration Cloud Security

The AWS report shared with Cyber Security News (CSN) points to cases where unpatched vulnerabilities, such as CVE-2025-55182 (React2Shell), allowed attackers...

Jun 23, 2026 · SecurityXP

Data Breaches

Texas Parks & Wildlife Data Breach Affects 3 Million Individuals

Related: Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000 Related: 377,000 Impacted by Data Breach at Texas Gas Station Firm...

Jun 22, 2026 · SecurityXP

Latest News

Application SecurityJun 22, 2026·2 min read

On-Premises API Security on Kubernetes: What It Actually Looks Like in Practice App Security

PCI DSS 4.0.1 now requires continuous API security testing and maintained API inventories. (These PCI DSS 4.0.1 requirements became mandatory on March 31...

Cybersecurity Careers / WorkforceJun 22, 2026·1 min read

Sunil Varkey Joins Hexaware Technologies as EVP & CISO Cybersecurity Careers

His responsibilities align with Hexaware Technologies’ broader technology and growth objectives as the company continues to support large-scale digital...

Data BreachesJun 21, 2026·2 min read

Update: Novo Nordisk Breached: Ozempic Maker Suffers 264 GB Data…

They allegedly breached Novo in March via a GitHub access token that let it clone the company's repositories and find additional credentials.

AI/ML SecurityJun 21, 2026·1 min read

Update: AI-Enabled Hacker Caught: Leaked Prompts Expose Resume…

A fully AI-enabled hacker was caught, revealing his full system prompts, which included his resume and his IP address.

AI/ML SecurityJun 21, 2026·1 min read

Update: Threat Modeling Generative AI: What 11,658 Incidents and…

Instead, improper output handling (42%) and misinformation/misuse (35%) represent the vast majority of actual incidents.

Vulnerabilities & ExploitsJun 21, 2026·4 min read

Week in review: 74k Fortinet firewall credentials stolen, Splunk Enterprise RCE under active attack

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) Microsoft has acknowledged the local elevation of privilege issue in Microsoft...

Malware & RansomwareJun 21, 2026·3 min read

GentleKiller Ransomware Abuses Vulnerable Drivers to Disable 400+ EDR Security Processes Malware

This rapid adoption distinguishes Gentlemen from most other RaaS operators, who typically wait weeks or months before adapting publicly released exploits...

CybercrimeJun 21, 2026·2 min read

Nancy Guthrie Case Reframed by Crypto Firm's "Wrench Attack" Label as Police Confirm Motive Pending

In it, CertiK described Nancy Guthrie's kidnapping as part of a "$6 million bitcoin ransom demand" and tied it to what the company called "the documented...

Malware & RansomwareJun 21, 2026·3 min read

Virus vs Worm: Why the Propagation Difference Actually Matters Malware

But no detection tool replaces patching: the vulnerability that WannaCry used had a patch available for eight weeks before the attack. In 1988, the Morris...

Vulnerabilities & ExploitsJun 21, 2026·1 min read

Vulnerability response: Built for humans, outpaced by machines.

Frontier models now discover and chain vulnerabilities faster than human analysts can confirm them, and the gap between finding and fixing is shrinking in...

Cybersecurity Careers / WorkforceJun 21, 2026·1 min read

6 years Fullstack Dev, 1 week into bug bounty, zero findings. How long did your first valid bug take?

Dev-to-hunter transition: Any other devs here who struggled with the mindset shift from "making things work" to "breaking things intentionally"? What I've...

ResearchJun 21, 2026·2 min read

Privacy-Preserving Outsourced Witness Updates for Append-Only RSA Accumulators Security Research

In this paper, we present a privacy-preserving outsourced witness-update protocol for append-only RSA accumulators. The protocol combines witness updates...

Cyberwarfare / Nation-StateJun 21, 2026·1 min read

Navigating the GPS threat landscape, with Brandon Karpf. Cyberwarfare

If this research is accurate, these attacks represent a significant evolution for how defenders think about this critical technology. Key sources: -...

ResearchJun 21, 2026·3 min read Breaking

Google Shor's Algorithm Obfuscation Broken: LLM Crowdsourcing Outperforms ZKP-Verified Benchmark by 44%

An open-source contest utilizing Large Language Models (LLMs) has successfully reverse-engineered and optimized Google Quantum AI's restricted Shor's algorithm circuit optimization, exceeding Google's obfuscated benchmark by 44.0%.

Visualization of ZKP verification and crowdsourced LLM quantum circuit optimization

Data BreachesJun 20, 2026·1 min read

Major Data Breach Warning Issued for 3 Million in Texas: What To Know

Major Data Breach Warning Issued for 3 Million in Texas: What To Know...

Compliance & PrivacyJun 20, 2026·1 min read

Form: Report a suspected breach of farming rules or fraud Compliance

Report a suspected breach of farming rules or fraud How to report a suspected breach of farming rules or fraud to the Rural Payments Agency. Applies to...

Vulnerabilities & ExploitsJun 20, 2026·4 min read

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys Vulnerability (CVE-2026-4020)

The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to...

Malware & RansomwareJun 20, 2026·3 min read

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes Malware

It allows The Gentlemen operators to integrate abused drivers into their toolset very soon after an EDR killer PoC is disclosed." The third-party...

Cloud SecurityJun 20, 2026·3 min read

Spur adds no-code Cloudflare integration for Monocle Cloud Security

"These updates ensure that customers can implement inline enforcement in minutes, gain deeper visibility into user behavior, and quickly translate those...

Data BreachesJun 20, 2026·3 min read

Klue OAuth breach victim list grows as Icarus hackers claim attack Data Breach

Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to...

Security Digest

Get the latest cybersecurity news, vulnerability alerts, and threat intelligence delivered to your inbox.

SecurityXP — Cybersecurity News, Threat Intelligence & Infosec Utilities