Your Daily Dose of Cybersecurity News

Data Breaches

Kodak Confirms Data Breach Following ShinyHunters’ Claim of Stolen Customer Records

One week ago, the extortion group also claimed responsibility for a new series of breaches at over 100 organizations(including the University of Nottingham)...

Jun 17, 2026 · SecurityXP

Vulnerabilities & Exploits

CISA Warns of Oracle PeopleSoft 0-Day Vulnerability Exploited in Ransomware Attacks (CVE-2026-35273)

Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle...

Jun 17, 2026 · SecurityXP

AI/ML Security

Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It

London, United Kingdom, June 17th, 2026, CyberNewswire New research from cybersecurity company Heimdal finds 29% of US executives say AI risk is under...

Jun 17, 2026 · SecurityXP

Latest News

Application SecurityJun 17, 2026·3 min read

144 Mastra npm Packages Compromised via Hijacked Contributor Account App Security

"This makes the Mastra ecosystem an exceptionally high-value target for supply chain attackers." The "easy-day-js" package launches an obfuscated payload...

Vulnerabilities & ExploitsJun 17, 2026·1 min read

JetBrains Plugin Security Alert: 70,000+ Installs Linked to AI Key Theft Vulnerability

While these plugins function as advertised, offering features like code review, chat, and […] The post JetBrains Plugin Security Alert: 70,000+ Installs...

Vulnerabilities & ExploitsJun 16, 2026·1 min read

Zyxel security advisory (AV26-603) Vulnerability

Serial number: AV26-603Date: June 16, 2026 On June 16, 2026, Zyxel published a security advisory to address vulnerabilities in the following products: GS1900...

Data BreachesJun 15, 2026·3 min read

Chinese hackers breach REDCap servers, steal medical research Data Breach

"Their research areas span a broad spectrum of modern medicine, from molecular discovery and clinical drug trials to state-level public health policy and...

AI/ML SecurityJun 15, 2026·3 min read

How attackers are jailbreaking LLMs with CTF framing and how to catch them AI Security

Over the past 30 days, we’ve collected data from other source IPs that validate our jailbreaking theory: 159.89.93.86 created a LiteLLM master-scoped API key...

Vulnerabilities & ExploitsJun 15, 2026·5 min read

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More Vulnerability

Check the list, patch what you have, and hit the ones marked urgent first - CVE-2026-11645 (Google Chrome), CVE-2026-50751 (Check Point Remote Access VPN and...

Threat IntelligenceJun 15, 2026·2 min read

Chinese-linked hackers targeted US, Canadian research facilities for a year: Google Threat Alert

Between September 2023 and November 2025, the hackers sought information related to defense intelligence, military strategy in the Indo-Pacific, artificial...

Vulnerabilities & ExploitsJun 15, 2026·5 min read

Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw Vulnerability

"Only a small portion of the probed devices actually established VPN sessions, resulting in gateway-connected events." The company has also released...

CybercrimeJun 15, 2026·3 min read

Conti Ransomware Conspirator Pleads Guilty in $150M Scheme Cybercrime

Department of Justice announced that Oleksii Oleksiyovych Lytvynenko, 44, admitted to participating in a conspiracy that deployed Conti ransomware against...

Application SecurityJun 15, 2026·3 min read

Supply Chain Attack Hits Popular WordPress Plugins Through Awesome Motive CDN App Security

According to the company's investigation, attackers exploited a known vulnerability in a third-party plugin called UpdraftPlus running on a marketing website...

AI/ML SecurityJun 14, 2026·3 min read

Microsoft restricts employee Claude Fable 5 access over Anthropic data retention

Microsoft restricts employee access to Claude Fable 5 while legal reviews Anthropic's 30-day retention policy, which can retain flagged content for two years.

CybercrimeJun 14, 2026·2 min read

Ex-school district employee jailed for hacks on former employer Cybercrime

Potter is also required to pay $59,668.81 in restitution to the Saydel Community School District and its insurer, Travelers Casualty and Surety Company, for...

Commentary / OpinionJun 14, 2026·2 min read

Anthropic ban: Sarvam AI's Pratyush Kumar warns against reliance on foreign models

Kumar detailed that Sarvam has trained models at scale on roughly 3,400 Nvidia H100 GPUs and has brought India's first Blackwell cluster online, targeting...

AI/ML SecurityJun 13, 2026·3 min read

Washington Pulled the Plug on Anthropic ‘s Fable 5 and Mythos 5 models. The Rest of the World Is Watching.

The organizations that had integrated these models into security operations, threat hunting pipelines, and vulnerability research workflows are now running...

CybercrimeJun 13, 2026·2 min read

Google Sues Chinese Cybercrime Network for Using Gemini AI to Target Americans

Google is taking legal action against a Chinese cybercrime network it says abused its Gemini AI agent to send phishing texts and steal data from Americans.

CybercrimeJun 13, 2026·2 min read

Ukrainian national pleads guilty to role in Conti ransomware operation

A Ukrainian national pleaded guilty to his role in the Conti ransomware operation, which struck over 1,000 victims worldwide before disbanding in 2022.

CybercrimeJun 12, 2026·4 min read

Authorities Dismantle Cryptocurrency Laundering Service 'AudiA6' Used by Cybercriminals

Law enforcement dismantled the 'AudiA6' crypto-laundering service, arresting two administrators and seizing 30+ servers and 25 domains tied to ransomware.

Vulnerabilities & ExploitsJun 12, 2026·4 min read

Oracle mitigates PeopleSoft zero-day exploited in data theft attacks

Oracle has issued mitigations for a critical PeopleSoft zero-day (CVE-2026-35273) enabling unauthenticated RCE, actively exploited in ShinyHunters data theft.

Vulnerabilities & ExploitsJun 11, 2026·3 min read

GitHub finally pulls the plug on automatic install script execution

GitHub is ending automatic execution of npm install scripts to curb supply-chain attacks, starting with opt-in warnings in npm version 11.

Data BreachesJun 11, 2026·3 min read

Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks

ShinyHunters, or a group impersonating them, has been targeting Oracle PeopleSoft ERP servers in data theft attacks, with researchers publishing IP-address IOCs.

Security Digest

Get the latest cybersecurity news, vulnerability alerts, and threat intelligence delivered to your inbox.

SecurityXP — Cybersecurity News, Threat Intelligence & Infosec Utilities

Kodak Confirms Data Breach Following ShinyHunters’ Claim of Stolen Customer Records

CISA Warns of Oracle PeopleSoft 0-Day Vulnerability Exploited in Ransomware Attacks (CVE-2026-35273)

Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It

Latest News

144 Mastra npm Packages Compromised via Hijacked Contributor Account App Security

JetBrains Plugin Security Alert: 70,000+ Installs Linked to AI Key Theft Vulnerability

Zyxel security advisory (AV26-603) Vulnerability

Chinese hackers breach REDCap servers, steal medical research Data Breach

How attackers are jailbreaking LLMs with CTF framing and how to catch them AI Security

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More Vulnerability

Chinese-linked hackers targeted US, Canadian research facilities for a year: Google Threat Alert

Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw Vulnerability

Conti Ransomware Conspirator Pleads Guilty in $150M Scheme Cybercrime

Supply Chain Attack Hits Popular WordPress Plugins Through Awesome Motive CDN App Security

Microsoft restricts employee Claude Fable 5 access over Anthropic data retention

Ex-school district employee jailed for hacks on former employer Cybercrime

Anthropic ban: Sarvam AI's Pratyush Kumar warns against reliance on foreign models

Washington Pulled the Plug on Anthropic ‘s Fable 5 and Mythos 5 models. The Rest of the World Is Watching.

Google Sues Chinese Cybercrime Network for Using Gemini AI to Target Americans

Ukrainian national pleads guilty to role in Conti ransomware operation

Authorities Dismantle Cryptocurrency Laundering Service 'AudiA6' Used by Cybercriminals

Oracle mitigates PeopleSoft zero-day exploited in data theft attacks

GitHub finally pulls the plug on automatic install script execution

Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks

Security Digest