Information

FBI Seizes NetNut Proxy Platform, Popa Botnet

The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity published findings from multiple security firms connecting NetNut to the Popa botnet, a collection of at least two million devices that have been compromised by malicious software with little or no…

Read More

How to Conduct a Successful Audit of AI-Driven Software Development

Traditionally, an audit independently examines records, processes and controls to verify compliance and assess financial and operational integrity. In the modern world, such an approach should extend to the software development lifecycle (SDLC) – especially in the age of artificial intelligence (AI) or large language model (LLM)-assisted code. Chief Information Security Officers (CISOs) and their teams need proof that developers are producing protected products, because one in five organizations has experienced a serious security incident…

Read More

This month in security with Tony Anscombe – June 2026 edition

Three-day patching deadlines, exposed fuel-tank systems, scams costing billions of dollars, and social media bans for children all gave Tony plenty to unpack in June 2026 30 Jun 2026 It’s that time of month when ESET Chief Security Evangelist Tony Anscombe looks back at some of the top cybersecurity stories that made the news over the past 30 or so days and considers what they may mean for your own cyber-defenses. Here’s some of what…

Read More

Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities

Adobe on Tuesday announced security updates for ColdFusion and Campaign Classic to resolve half a dozen maximum severity vulnerabilities. The update for Adobe Campaign Classic resolves CVE-2026-48286 (CVSS score of 10/10), an incorrect authorization issue that could allow attackers to execute arbitrary code. Patches for the flaw were included in Adobe Campaign Classic version 7.4.3 build 9397, which is now rolling out to Windows and Linux users. Updates released for ColdFusion versions 2025 and 2023…

Read More

Inside the inbox: Why cybercriminals want to break into your email account

Digital Security Your inbox is an identity system all of its own: whoever owns it may own a lot more Phil Muncaster 29 Jun 2026  •  , 5 min. read Email is not just a means of communication, or yet another online account. In both our personal and work lives, it holds the keys to the kingdom: possibly even a mechanism to reset other account passwords and verify your identity. Email accounts are also the…

Read More

Aflac Japan Data Breach Impacts 4.38 Million

Aflac Life Insurance Japan, a subsidiary of insurance giant Aflac, on Tuesday announced that hackers stole the personal information of 4.38 million customers. The company’s systems were hacked on June 15, and the attackers accessed them several times until June 25, when the data breach was discovered, Aflac said in a filing with the US Securities and Exchange Commission. “Upon identifying the unlawful access, Aflac Japan promptly took steps designed to contain the incident and…

Read More

‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access

JFrog has published technical details and a proof of concept (PoC) targeting a recent high-severity Linux kernel vulnerability that could allow any local user to gain root privileges. Tracked as CVE-2026-43503 (CVSS score of 8.8) and referred to as DirtyClone, the local privilege escalation bug was resolved on May 24, shortly after being reported to the Linux kernel maintainers. Now, JFrog explains that the flaw is a variant of DirtyFrag (also known as Copy Fail…

Read More

Chinese Framework Powers 200,000 Scam Sites

More than 200,000 websites are using investment scam templates built with the Chinese open source framework Uni-App, Infoblox reports. A cross-platform development toolkit, Uni-App allows developers to create Vue.js codebases that can be deployed as mobile and desktop applications, or as mobile-optimized websites simultaneously. Widely used in China and supported by a developer ecosystem, the framework powers thousands of legitimate products, and its maker DCloud does not appear to be involved in its fraudulent use.…

Read More

SMB cyber readiness: the road to resilience starts here

Business Security Your business may be small, but its attack surface is anything but. Readiness is the first step to resilience. Phil Muncaster 26 Jun 2026  •  , 5 min. read SMB cybersecurity isn’t always given the attention it deserves, including by small businesses themselves. That’s concerning for various reasons, notably because the companies comprise 90% of the world’s businesses, 70% of its employees, and 50% of global GDP, according to the World Economic Forum…

Read More

Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories

Researchers at Wiz have disclosed a high-severity vulnerability in the Amazon Q Developer extension for Visual Studio Code that could allow attackers to steal developers’ cloud credentials by luring them into opening a booby-trapped code repository. Amazon Q Developer is an AI-powered coding assistant that offers developers features such as code suggestions, automated refactoring, and access to external tools and services via integrations with local processes. AWS was notified about the issue on April 20…

Read More