Your Daily Dose of Cybersecurity News

Data Breaches

Update: Novo Nordisk Breached: Ozempic Maker Suffers 264 GB Data…

They allegedly breached Novo in March via a GitHub access token that let it clone the company's repositories and find additional credentials.

Jun 21, 2026 · SecurityXP

AI/ML Security

Update: AI-Enabled Hacker Caught: Leaked Prompts Expose Resume…

A fully AI-enabled hacker was caught, revealing his full system prompts, which included his resume and his IP address.

Jun 21, 2026 · SecurityXP

AI/ML Security

Update: Threat Modeling Generative AI: What 11,658 Incidents and…

Instead, improper output handling (42%) and misinformation/misuse (35%) represent the vast majority of actual incidents.

Jun 21, 2026 · SecurityXP

Latest News

Vulnerabilities & ExploitsJun 21, 2026·4 min read

Week in review: 74k Fortinet firewall credentials stolen, Splunk Enterprise RCE under active attack

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) Microsoft has acknowledged the local elevation of privilege issue in Microsoft...

Malware & RansomwareJun 21, 2026·3 min read

GentleKiller Ransomware Abuses Vulnerable Drivers to Disable 400+ EDR Security Processes Malware

This rapid adoption distinguishes Gentlemen from most other RaaS operators, who typically wait weeks or months before adapting publicly released exploits...

CybercrimeJun 21, 2026·2 min read

Nancy Guthrie Case Reframed by Crypto Firm's "Wrench Attack" Label as Police Confirm Motive Pending

In it, CertiK described Nancy Guthrie's kidnapping as part of a "$6 million bitcoin ransom demand" and tied it to what the company called "the documented...

Malware & RansomwareJun 21, 2026·3 min read

Virus vs Worm: Why the Propagation Difference Actually Matters Malware

But no detection tool replaces patching: the vulnerability that WannaCry used had a patch available for eight weeks before the attack. In 1988, the Morris...

Vulnerabilities & ExploitsJun 21, 2026·1 min read

Vulnerability response: Built for humans, outpaced by machines.

Frontier models now discover and chain vulnerabilities faster than human analysts can confirm them, and the gap between finding and fixing is shrinking in...

Cybersecurity Careers / WorkforceJun 21, 2026·1 min read

6 years Fullstack Dev, 1 week into bug bounty, zero findings. How long did your first valid bug take?

Dev-to-hunter transition: Any other devs here who struggled with the mindset shift from "making things work" to "breaking things intentionally"? What I've...

ResearchJun 21, 2026·2 min read

Privacy-Preserving Outsourced Witness Updates for Append-Only RSA Accumulators Security Research

In this paper, we present a privacy-preserving outsourced witness-update protocol for append-only RSA accumulators. The protocol combines witness updates...

Cyberwarfare / Nation-StateJun 21, 2026·1 min read

Navigating the GPS threat landscape, with Brandon Karpf. Cyberwarfare

If this research is accurate, these attacks represent a significant evolution for how defenders think about this critical technology. Key sources: -...

ResearchJun 21, 2026·3 min read Breaking

Google Shor's Algorithm Obfuscation Broken: LLM Crowdsourcing Outperforms ZKP-Verified Benchmark by 44%

An open-source contest utilizing Large Language Models (LLMs) has successfully reverse-engineered and optimized Google Quantum AI's restricted Shor's algorithm circuit optimization, exceeding Google's obfuscated benchmark by 44.0%.

Visualization of ZKP verification and crowdsourced LLM quantum circuit optimization

Data BreachesJun 20, 2026·1 min read

Major Data Breach Warning Issued for 3 Million in Texas: What To Know

Major Data Breach Warning Issued for 3 Million in Texas: What To Know...

Compliance & PrivacyJun 20, 2026·1 min read

Form: Report a suspected breach of farming rules or fraud Compliance

Report a suspected breach of farming rules or fraud How to report a suspected breach of farming rules or fraud to the Rural Payments Agency. Applies to...

Vulnerabilities & ExploitsJun 20, 2026·4 min read

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys Vulnerability (CVE-2026-4020)

The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to...

Malware & RansomwareJun 20, 2026·3 min read

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes Malware

It allows The Gentlemen operators to integrate abused drivers into their toolset very soon after an EDR killer PoC is disclosed." The third-party...

Cloud SecurityJun 20, 2026·3 min read

Spur adds no-code Cloudflare integration for Monocle Cloud Security

"These updates ensure that customers can implement inline enforcement in minutes, gain deeper visibility into user behavior, and quickly translate those...

Data BreachesJun 20, 2026·3 min read

Klue OAuth breach victim list grows as Icarus hackers claim attack Data Breach

Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to...

Data BreachesJun 19, 2026·2 min read

Update: Novo Nordisk Breached: Ozempic Maker Suffers 264 GB Data…

They allegedly breached Novo in March via a GitHub access token that let it clone the company's repositories and find additional credentials.

AI/ML SecurityJun 19, 2026·1 min read

Update: AI-Enabled Hacker Caught: Leaked Prompts Expose Resume…

A fully AI-enabled hacker was caught, revealing his full system prompts, which included his resume and his IP address.

Vulnerabilities & ExploitsJun 19, 2026·4 min read

Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

New module content (5) Paperclip AI RCE using a chain of six API calls (CVE-2026-41679) Authors: Sagilayani https://github.com/sagilayani and h00die-gr3y...

Vulnerabilities & ExploitsJun 19, 2026·3 min read

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution Vulnerability

Microsoft made a similar localhost argument in its Semantic Kernel RCE research, tracked as CVE-2026-26030 and CVE-2026-25592. The issue is tracked as...

Application SecurityJun 19, 2026·2 min read

Meteor 3.0 Migration Helped Rocket.Chat Move Off End-of-Life Node.js Runtime App Security

Supply-Chain Risk Without a CVE Meteor 3.0 puts a name to a category of supply-chain risk that standard vulnerability management does not always catch. The...

Security Digest

Get the latest cybersecurity news, vulnerability alerts, and threat intelligence delivered to your inbox.

SecurityXP — Cybersecurity News, Threat Intelligence & Infosec Utilities

Update: Novo Nordisk Breached: Ozempic Maker Suffers 264 GB Data…

Update: AI-Enabled Hacker Caught: Leaked Prompts Expose Resume…

Update: Threat Modeling Generative AI: What 11,658 Incidents and…

Latest News

Week in review: 74k Fortinet firewall credentials stolen, Splunk Enterprise RCE under active attack

GentleKiller Ransomware Abuses Vulnerable Drivers to Disable 400+ EDR Security Processes Malware

Nancy Guthrie Case Reframed by Crypto Firm's "Wrench Attack" Label as Police Confirm Motive Pending

Virus vs Worm: Why the Propagation Difference Actually Matters Malware

Vulnerability response: Built for humans, outpaced by machines.

6 years Fullstack Dev, 1 week into bug bounty, zero findings. How long did your first valid bug take?

Privacy-Preserving Outsourced Witness Updates for Append-Only RSA Accumulators Security Research

Navigating the GPS threat landscape, with Brandon Karpf. Cyberwarfare

Google Shor's Algorithm Obfuscation Broken: LLM Crowdsourcing Outperforms ZKP-Verified Benchmark by 44%

Major Data Breach Warning Issued for 3 Million in Texas: What To Know

Form: Report a suspected breach of farming rules or fraud Compliance

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys Vulnerability (CVE-2026-4020)

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes Malware

Spur adds no-code Cloudflare integration for Monocle Cloud Security

Klue OAuth breach victim list grows as Icarus hackers claim attack Data Breach

Update: Novo Nordisk Breached: Ozempic Maker Suffers 264 GB Data…

Update: AI-Enabled Hacker Caught: Leaked Prompts Expose Resume…

Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution Vulnerability

Meteor 3.0 Migration Helped Rocket.Chat Move Off End-of-Life Node.js Runtime App Security

Security Digest