Browsing Category
Security
62 posts
Cybersecurity news, software supply chain risk, privacy threats, and practical security guidance.
Mandiant Details Cisco SD-WAN Attack That Turned a Malicious CSV Into Root Access
Mandiant says an attacker used rogue Cisco Catalyst SD-WAN peering, admin password manipulation, and CVE-2026-20245 to gain root access through a malicious CSV upload. The new details make the June SD-WAN advisories an incident-response problem, not just a patching task.
Microsoft’s StealC and Amadey Takedown Hits the Credential-Theft Supply Chain
Microsoft, Europol, and security partners disrupted infrastructure used by StealC and Amadey, two malware-as-a-service tools tied to credential theft, ransomware access, and financial fraud. The operation matters because it targeted the supply chain behind intrusions, not just one malware family.
Dragos EmberAI Puts AI Security Workflows Inside the Control Room
Dragos launched EmberAI, an OT-native AI assistant for industrial cybersecurity teams. The product matters because critical infrastructure defenders need AI that understands plant assets, threat groups, vulnerable equipment, and operational impact rather than treating OT security like ordinary IT alert triage.
Meta Pauses Employee-Tracking Program After AI Training Data Exposure
Meta paused its Model Capability Initiative after reports that employee activity data collected for AI training was exposed internally. The episode shows why training AI agents on real workplace behavior needs security controls as strict as the systems those agents may eventually operate.
CISA Gives UniFi OS and Lantronix Flaws a June 26 Patch Deadline
CISA added three Ubiquiti UniFi OS flaws and a Lantronix EDS5000 code-injection bug to its Known Exploited Vulnerabilities catalog, setting a June 26 remediation deadline for federal agencies. The risk is not just another CVE list: exposed network management interfaces can become a fast path to device control.
LastPass Says Klue Breach Exposed Support Case Data, Not Password Vaults
LastPass says attackers used Klue-held OAuth tokens to access customer CRM and support case data in Salesforce, while its password vaults and core infrastructure were not affected. The practical risk is targeted phishing and social engineering built from real support histories.
CISA’s June 23 Deadline Puts Cisco SD-WAN, Chrome, and Arista EOS on the Triage List
CISA’s June 23 remediation deadline covers three actively exploited flaws across Cisco Catalyst SD-WAN Manager, Google Chrome’s V8 engine, and Arista EOS. The useful move for security teams is not treating them as one patch chore, but triaging each layer: network control plane, browsers, and tunnel decapsulation paths.
OpenAI Daybreak Turns AI Bug Finding Into a Patching Race
OpenAI expanded Daybreak with Patch the Planet, an updated GPT-5.5-Cyber model, Codex Security workflows, and a partner program for vetted security vendors. The move shifts the AI cybersecurity race from finding more bugs to validating, patching, testing, and landing fixes before maintainers are overwhelmed.
Klue Breach Shows How SaaS OAuth Tokens Became a Salesforce Risk
Klue’s June security incident let attackers use a legacy integration credential to obtain OAuth tokens and pull Salesforce CRM data from connected customer environments. The breach is a practical warning for teams that treat SaaS integrations as trusted background plumbing instead of monitored, scoped access paths.
Five Eyes Warns Frontier AI Could Compress Cyber Risk Into Months
Five Eyes cyber agencies warned on June 22 that frontier AI could transform offensive and defensive cyber operations on a months-long timeline. The guidance turns AI-enabled cyber risk into a board-level resilience issue, with practical pressure on patching, identity controls, legacy systems, incident response, and defensive AI use.