These news items are automatically aggregated from industry sources and are not individually reviewed. Any inaccuracies are unintentional —
let us know and we'll correct or remove it.
The intelligence agencies of the United States, United Kingdom, Australia, Canada, and New Zealand issued a joint warning on 23 June 2026 that frontier AI models are advancing rapidly enough to outpace established cyber defences within months. The warning highlights rising AI-assisted attack speed, including documented cases where adversaries move laterally inside compromised networks in under 30 seconds.
Researchers at SentinelOne have identified a new macOS backdoor, dubbed Gaslight, attributed to North Korea-aligned threat actors. Written in Rust, it embeds 38 fabricated system error messages as a prompt injection payload to mislead AI-assisted malware analysis tools. The technique did not bypass current production platforms in testing, but the escalating scale of the injection approach signals that attackers are actively probing AI security tooling for exploitable weaknesses.
The European Commission issued a formal Statement of Objections to Amazon Web Services and Microsoft Azure on June 25, 2026, marking the first time the Digital Markets Act has been applied directly to cloud computing infrastructure. AWS and Azure together hold over 70 percent of the EU cloud market. A final designation is expected by late October 2026 and would require both providers to open their platforms to interoperability, eliminate self-preferencing, and guarantee data portability, with fines of up to 10 percent of global annual turnover for non-compliance.
A newly disclosed stealthy backdoor named Mistic, linked to the initial access broker KongTuke, has been used against organisations in insurance, IT, education, and professional services since April 2026. Mistic runs entirely in memory, writes nothing to disk, and can delete itself on command, making it largely invisible to file-based endpoint scanners. Access obtained through Mistic is sold to ransomware operators including Qilin, Rhysida, Akira, and Black Basta.
Security firm AIR pushed a malicious AI agent skill through a popular marketplace and reportedly reached 26,000 agents, including corporate accounts, while passing every automated security scanner tested. The attack exploits a structural gap in how skill marketplaces evaluate trust: scans happen once at submission, but the payload can be rewritten on the hosting server at any time after approval. The incident marks a new class of supply chain risk that grows in proportion to AI agent adoption.
Mandiant’s M-Trends 2026 report, drawn from over 500,000 hours of incident response investigations conducted in 2025, found that the median time between an initial access event and handoff to a secondary threat actor has dropped from more than eight hours in 2022 to just 22 seconds. The finding fundamentally changes the math on incident response: organisations that rely on detection-based strategies have a window that is now shorter than the time it takes to open a response ticket.
2026 marks the shift from NIS2 preparation to active enforcement. National regulators across Europe are now issuing compliance decisions, the first audit deadline under the Directive falls on 30 June 2026, and the European Commission has referred seven Member States to the Court of Justice for failure to fully transpose the Directive. For essential and important entities that have not yet completed their NIS2 compliance programme, the window to act before enforcement consequences arrive is now measured in days.
Security researchers at Novee Security have disclosed a systemic class of CI/CD vulnerabilities codenamed Cordyceps that allows any unauthenticated user with a free GitHub account to hijack workflows, steal credentials, and poison software supply chains. More than 300 high-impact repositories have been confirmed fully exploitable, including those belonging to Microsoft Azure Sentinel and Python’s Black formatter, which serves 130 million installs per month. AI coding agents are accelerating the spread by reproducing the same insecure patterns at scale.
Three weeks after Cisco released patches for CVE-2026-20230, a critical server-side request forgery vulnerability in Unified Communications Manager, automated exploitation campaigns are dropping webshells on unpatched systems via Tor exit nodes. The attack chain requires no authentication and ends with a persistent command-execution shell on the underlying operating system. Any organisation running Cisco UCM without the June 3 patch applied is currently exposed.
A critical command injection vulnerability in GitHub Enterprise Server allows any authenticated user to execute arbitrary code on backend infrastructure with nothing more than a single git push. Discovered by Wiz Research in March 2026 and patched on GitHub.com the same day, the self-hosted Enterprise Server fix was released in April – yet nearly nine in ten instances remain unpatched two months after public disclosure, leaving private repositories and internal secrets exposed.
This site uses cookies. By continuing to use this website, you agree to their use.
We’ll help you resolve your infrastructure challenges
Our team of experts is ready to help you with your infrastructure challenges. We’ll give you honest and personal treatment. Get in touch to learn more.