Latest cybersecurity threats, data breaches, hacking incidents, security vulnerabilities, ransomware attacks, and expert guidance on digital security.
Researchers demonstrated a new AI worm that autonomously spreads by generating unique attack strategies for each target device. Built using a freely available AI model, it dynamically detects and exploits security flaws on Linux, Windows, and IoT devices. The researchers omitted certain details about their prototype to avoid aiding malicious actors.
Red Hat suffered an npm supply-chain attack where 96 versions across 32 packages in the @redhat-cloud-services namespace were backdoored with Miasma, a self-spreading worm that steals credentials from npm, GitHub, AWS, and SSH environments. The attack used a compromised GitHub account and OIDC tokens.
Meta resolved a vulnerability in its AI chatbot that let hackers hijack accounts, including Barack Obama's White House account, Sephora, and a U.S. Space Force official. The flaw bypassed two-factor authentication by linking accounts to new emails.
A malware-as-a-service called WeedHack, costing $5, is being used by teenagers to target and cyberbully Minecraft players. It has logged over 116,000 hits, with 2,000-3,000 daily malicious hits as of June 2. The malware spreads via YouTube videos promoting fake mods and SEO poisoning on Google.
A CSIS and FDD report estimates that establishing a separate U.S. Cyber Force would cost $10-11 billion and take at least a year. Sen. Kirsten Gillibrand is pushing an amendment to the fiscal 2027 NDAA to create the force, which would require over 20,000 active-duty personnel.
A bug hunter leaked Microsoft exploits in defiance of the company's handling of vulnerability disclosures, continuing a pattern of such leaks. The move escalates tensions between security researchers and Microsoft over disclosure policies.
Meta, Microsoft, SpaceX, DOJ, and others removed over 1.4 million scam accounts from Facebook and Instagram. Microsoft suspended 20,000 accounts, Coinbase froze $3M in crypto, and Starlink disconnected scammer kits. Law enforcement arrested 63 suspects in the operation targeting Southeast Asian criminal networks.
Instagram is notifying users whose accounts were compromised by hackers exploiting Meta's AI chatbot. The attackers posed as account owners to link accounts to their own emails. Meta says the flaw is fixed, but some users still report being hacked.
CrowdStrike raised its FY27 annual recurring revenue guidance after reporting quarterly results that beat estimates, with non-GAAP EPS of $1.10 and revenue of $1.39B. The company also appointed former NVIDIA executive Bartley Richardson as AI chief.
CrowdStrike increased its full-year guidance and announced an upcoming stock split after reporting first quarter fiscal 2027 results that surpassed market expectations. The cybersecurity firm posted record net new annual recurring revenue, benefiting from growing demand in the AI era.