Your Daily Dose of Cybersecurity News

Data Breaches

Major Data Breach Warning Issued for 3 Million in Texas: What To Know

Major Data Breach Warning Issued for 3 Million in Texas: What To Know...

Jun 20, 2026 · SecurityXP

Compliance & Privacy

Form: Report a suspected breach of farming rules or fraud Compliance

Report a suspected breach of farming rules or fraud How to report a suspected breach of farming rules or fraud to the Rural Payments Agency. Applies to...

Jun 20, 2026 · SecurityXP

Vulnerabilities & Exploits

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys Vulnerability (CVE-2026-4020)

The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to...

Jun 20, 2026 · SecurityXP

Latest News

Malware & RansomwareJun 20, 2026·3 min read

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes Malware

It allows The Gentlemen operators to integrate abused drivers into their toolset very soon after an EDR killer PoC is disclosed." The third-party...

Cloud SecurityJun 20, 2026·3 min read

Spur adds no-code Cloudflare integration for Monocle Cloud Security

"These updates ensure that customers can implement inline enforcement in minutes, gain deeper visibility into user behavior, and quickly translate those...

Data BreachesJun 20, 2026·3 min read

Klue OAuth breach victim list grows as Icarus hackers claim attack Data Breach

Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to...

Data BreachesJun 19, 2026·2 min read

Update: Novo Nordisk Breached: Ozempic Maker Suffers 264 GB Data…

They allegedly breached Novo in March via a GitHub access token that let it clone the company's repositories and find additional credentials.

AI/ML SecurityJun 19, 2026·1 min read

Update: AI-Enabled Hacker Caught: Leaked Prompts Expose Resume…

A fully AI-enabled hacker was caught, revealing his full system prompts, which included his resume and his IP address.

AI/ML SecurityJun 19, 2026·1 min read

Threat Modeling Generative AI: What 11,658 Incidents and the Research Actually Show AI Security

An empirical analysis of 11,658 documented generative AI security incidents and recent research reveals that prompt injection accounts for only 2.3% of...

Vulnerabilities & ExploitsJun 19, 2026·4 min read

Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

New module content (5) Paperclip AI RCE using a chain of six API calls (CVE-2026-41679) Authors: Sagilayani https://github.com/sagilayani and h00die-gr3y...

Vulnerabilities & ExploitsJun 19, 2026·3 min read

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution Vulnerability

Microsoft made a similar localhost argument in its Semantic Kernel RCE research, tracked as CVE-2026-26030 and CVE-2026-25592. The issue is tracked as...

Application SecurityJun 19, 2026·2 min read

Meteor 3.0 Migration Helped Rocket.Chat Move Off End-of-Life Node.js Runtime App Security

Supply-Chain Risk Without a CVE Meteor 3.0 puts a name to a category of supply-chain risk that standard vulnerability management does not always catch. The...

Data BreachesJun 19, 2026·2 min read

Novo Nordisk Breached: Ozempic Maker Suffers 264 GB Data Leak Mocked for Weak Password 'novo123'

The breach includes source code, proprietary information on both marketed and pipeline drugs, clinical trial records, data on employees, doctors, and...

AI/ML SecurityJun 19, 2026·1 min read

AI-Enabled Hacker Caught: Leaked Prompts Expose Resume, IP, and local Claude/Codex Agent Operations

He had Claude and Codex agents locally and was using them remotely to carry out reconnaissance, exploitation, and data exfiltration activities.

CybercrimeJun 19, 2026·3 min read

14,971 WordPress Sites Cleaned in Global SocGholish Takedown Cybercrime

Data from Infoblox shows that approximately 55% of its cloud customers attempted to reach SocGholish infrastructure this year alone, with the attacks...

Vulnerabilities & ExploitsJun 19, 2026·3 min read

Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap Vulnerability

The security update fixes CVE-2025-20701, a vulnerability discovered by Dennis Heinze and Frieder Steinmetz of German cybersecurity firm ERNW. The issue is...

AI/ML SecurityJun 19, 2026·2 min read

Every AI Agent Is an Identity. Most Organizations Don't Treat Them That Way AI Security

This is no longer theoretical, 65% of organizations experienced a security incident involving an AI agent in the past year, with 61% reporting exposure or...

Application SecurityJun 19, 2026·3 min read

What Is Application Security Testing? Tools and Types App Security

Organizations that already enforce quality gates in CI/CD can extend that model into deployment workflows by requiring review of critical cloud exposures...

Vulnerabilities & ExploitsJun 18, 2026·3 min read

Microsoft Confirms RoguePlanet Zero-Day in Defender, Patch Under Development Vulnerability

I think it even works in the case of passive mode, but not really sure, haven't tested that." Microsoft told The Hacker News last week that it's aware of the...

CybercrimeJun 18, 2026·3 min read

SpyCloud Report Finds Phishing Attacks Surge as Employee Data Is Exposed at 86% of Fortune 100 Companies

SpyCloud, the leader in identity threat protection, today released its 2026 Phishing Pulse Report, revealing that phishing attacks continue to increase in...

AI/ML SecurityJun 18, 2026·2 min read

OVHcloud previews AI workspace with encrypted tools AI Security

OVHcloud says OVHai Workspace includes an end-to-end encryption option covering data and communications, including within partner applications integrated...

Application SecurityJun 18, 2026·3 min read

Mastra npm packages compromised in 'easy-day-js' supply chain attack App Security

By exploiting npm’s install-time script execution, attackers gained the ability to harvest browser data from Chrome, Edge, and Brave, extract credentials...

Data BreachesJun 17, 2026·3 min read

Kodak Confirms Data Breach Following ShinyHunters’ Claim of Stolen Customer Records

One week ago, the extortion group also claimed responsibility for a new series of breaches at over 100 organizations(including the University of Nottingham)...

Security Digest

Get the latest cybersecurity news, vulnerability alerts, and threat intelligence delivered to your inbox.

SecurityXP — Cybersecurity News, Threat Intelligence & Infosec Utilities

Major Data Breach Warning Issued for 3 Million in Texas: What To Know

Form: Report a suspected breach of farming rules or fraud Compliance

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys Vulnerability (CVE-2026-4020)

Latest News

The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes Malware

Spur adds no-code Cloudflare integration for Monocle Cloud Security

Klue OAuth breach victim list grows as Icarus hackers claim attack Data Breach

Update: Novo Nordisk Breached: Ozempic Maker Suffers 264 GB Data…

Update: AI-Enabled Hacker Caught: Leaked Prompts Expose Resume…

Threat Modeling Generative AI: What 11,658 Incidents and the Research Actually Show AI Security

Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution Vulnerability

Meteor 3.0 Migration Helped Rocket.Chat Move Off End-of-Life Node.js Runtime App Security

Novo Nordisk Breached: Ozempic Maker Suffers 264 GB Data Leak Mocked for Weak Password 'novo123'

AI-Enabled Hacker Caught: Leaked Prompts Expose Resume, IP, and local Claude/Codex Agent Operations

14,971 WordPress Sites Cleaned in Global SocGholish Takedown Cybercrime

Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap Vulnerability

Every AI Agent Is an Identity. Most Organizations Don't Treat Them That Way AI Security

What Is Application Security Testing? Tools and Types App Security

Microsoft Confirms RoguePlanet Zero-Day in Defender, Patch Under Development Vulnerability

SpyCloud Report Finds Phishing Attacks Surge as Employee Data Is Exposed at 86% of Fortune 100 Companies

OVHcloud previews AI workspace with encrypted tools AI Security

Mastra npm packages compromised in 'easy-day-js' supply chain attack App Security

Kodak Confirms Data Breach Following ShinyHunters’ Claim of Stolen Customer Records

Security Digest