AMD has quietly removed Transparent Secure Memory Encryption (TSME) from consumer Ryzen CPUs via a recent AGESA firmware update, leaving users vulnerable to physical memory attacks. The company has not provided a clear explanation for this change, though it appears to be a deliberate effort to restrict the security feature exclusively to its Pro lineup.
UAE sets minimum social media age at 15, mandates age checks | Reuters
The UAE has set a minimum age of 15 for social media use and mandated age checks.
Apple’s A12 and A13 Chips Facing New Unpatchable Exploit - MacRumors
Apple’s A12 and A13 chips are affected by a new, unpatchable BootROM exploit called usbliter8 that leverages a hardware bug in the USB controller. Because this vulnerability exists within the chip’s permanent hardware, it cannot be fixed via software updates and leaves affected devices permanently susceptible to unauthorized code execution.
A widespread cybercrime campaign dubbed FortiBleed has compromised tens of thousands of Fortinet firewalls and VPNs globally by exploiting known passwords rather than software vulnerabilities. Hackers are using these compromised devices as listening posts to harvest additional credentials and expand their reach across major corporate and government networks.
Peter Thiel’s Secret Club Exposed After Records Leak | Times Now
Peter Thiel’s Secret Club Exposed After Records Leak reports that a massive data breach revealed the membership and private agendas of Dialog, an exclusive, invitation-only retreat for high-profile figures. The leaked documents exposed sensitive personal information and revealed that members gather to discuss controversial geopolitical and philosophical topics away from public scrutiny.
Authorities investigating cyberattack on Singapore-based Global Schools Foundation - CNA
Singaporean authorities are investigating a cyberattack on the Global Schools Foundation after the hacking group FulcrumSec allegedly stole 4.8TB of sensitive data. The organization has confirmed a security incident and is currently working with regulators to assess the impact on students, staff, and parents.
New Data: Three Outages and Customers Will Look Elsewhere
New Data: Three Outages and Customers Will Look Elsewhere reveals that 60% of consumers will switch providers after three service outages due to eroding customer trust. To mitigate revenue and reputation risks, organizations must prioritize permanent resolutions and improved communication over temporary fixes.
The Government of Canada has strengthened cyber security and critical infrastructure through the Royal Assent of Bill C-8, which amends the Telecommunications Act and introduces the Critical Cyber Systems Protection Act. This legislation mandates stricter security measures for operators in the finance, telecommunications, energy, and transportation sectors to defend against evolving digital threats.
ShinyHunters claims Kodak hack | Cybernews
The ShinyHunters ransomware group claims to have stolen over 2.2 million Eastman Kodak records and has threatened to leak the data if the company does not respond by June 18th. Kodak has not publicly confirmed the data breach or the validity of the extortion claim.
5.4 million Swedes listed in alleged data breach | Cybernews
A data breach involving 5.4 million Swedes has been claimed by hackers, though experts suggest the information may simply be compiled from publicly available records. While the legitimacy of the hack is unverified, the aggregation of this personal data increases the risk of phishing and social engineering attacks.
Cybercrime Group Claims Novo Nordisk Hack - SecurityWeek
The hack-and-leak group FulcrumSec has claimed responsibility for a cyberattack on pharmaceutical company Novo Nordisk, alleging they stole 1.3 terabytes of sensitive data. Although the hackers demanded a $25 million ransom, the company refused to pay, and the group is now threatening to leak the stolen information.
Unverified online claims of a data breach involving the ICAI exam portal and member database have sparked concern among students and professionals just days before the CA Final and Intermediate results. Currently, there is no official confirmation or evidence of a compromise, and the ICAI has not addressed the allegations.
CVE-2026-20262: CISCO Catalyst SD-WAN Flaw Under Active Targeted Exploitation
Cisco has confirmed that CVE-2026-20262, an arbitrary file write vulnerability in Cisco Catalyst SD-WAN Manager, is currently under active exploitation. CISA has added this flaw to its Known Exploited Vulnerabilities catalog and urges users to apply available security patches to prevent potential privilege escalation.
Infinite Campus Breach Leaks Personal Information of 137,000 Users
The Infinite Campus breach attributed to the ShinyHunters threat group exposed the personally identifiable information of 137,000 users, primarily consisting of school staff data and internal support records. This incident highlights significant risks for educational technology platforms regarding phishing and social engineering attacks due to the aggregation of sensitive administrative details.
Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive
A recent industry study reveals that anonymized infrastructure, such as VPNs and residential proxies, is involved in 94% of security incidents. Despite this trend, security teams remain largely reactive, struggling to gain the necessary context to move beyond basic detection toward proactive risk management.
Russian and Chinese Influence Actors Use AI to Evade Bot Detection and Mimic Human Behavior
Russian and Chinese influence actors are utilizing artificial intelligence to mimic human behavior and evade bot detection by reducing post volume and adopting realistic activity patterns. These sophisticated operations now leverage AI-generated content and repurposed accounts to more effectively propagate anti-US narratives and shape public opinion.
Chinese Hacking Firm Upgrades With New Windows Backdoor
Security researchers have identified new Windows backdoors linked to the Chinese hacking firm known as FishMonger, which have been used to target government organizations since 2023. These upgraded variants of the SprySocks malware utilize kernel-level rootkits to enhance stealth and facilitate long-term espionage and data theft.
Anthropic Faces Lawsuit Over Allegedly Misleading Claude AI Pricing - Decrypt
Anthropic faces a class action lawsuit alleging that its Claude Max AI subscription plans provide less usage than advertised. The plaintiff claims the company failed to clearly explain how usage limits are measured, leading customers to overpay for services they did not receive.
The PRC-nexus threat actor UNC6508 targeted North American research institutions by exploiting REDCap servers and deploying the INFINITERED malware for credential theft. This campaign aimed to exfiltrate sensitive defense, AI, and medical research data through the abuse of enterprise content compliance rules.
SHADOWBYT3$ Allegedly Claims Nintendo Breach and Theft of Sensitive Data
The threat actor SHADOWBYT3$ has allegedly claimed a data breach involving Nintendo, potentially targeting third-party platform TINYpulse. While the claim remains unverified and lacks public evidence, the incident reportedly involves sensitive employee data and financial documents.
FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service - SecurityWeek
The FBI and Google have dismantled Outsider Enterprise, a phishing-as-a-service platform that caused approximately $1.9 billion in losses by stealing millions of credit cards. This operation involved seizing administrative servers and domains to disrupt the network’s ability to impersonate brands through SMS phishing campaigns.
ShinyHunters Claims Council of Europe Hack - SecurityWeek
The extortion group ShinyHunters claims to have hacked the Council of Europe, allegedly stealing nearly 300 gigabytes of data containing sensitive employee and organizational information. The group threatens to release the stolen files publicly if the Council does not initiate negotiations by June 16.
PhishLumos: Exposing phishing campaigns that evade detection by hiding content - Help Net Security
PhishLumos is a system that exposes phishing campaigns by analyzing URL infrastructure—such as IP addresses and SSL certificates—rather than relying on easily cloaked web content. By mapping these connections into a graph, it enables LLM-powered agents to generate effective detection rules even when attackers attempt to hide malicious pages.
Hackers Abuse LNK Files, PowerShell, and Python Loader to Deploy NarwhalRAT
The NarwhalRAT malware campaign targets Korean users by utilizing deceptive LNK files, PowerShell, and a Python loader to deploy a sophisticated remote access trojan. This threat employs Living-off-the-Land techniques and a dual command-and-control structure to evade detection while performing espionage activities like keylogging and screen capture.
The FCC Wants to Eliminate Burner Phones - Schneier on Security
The FCC proposes a new rule to eliminate burner phones by requiring telecoms to collect personal identification and address information from all customers. This initiative aims to combat scammers while raising significant concerns among privacy advocates regarding increased surveillance.