CyberSecurity Updates

In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting

SecurityWeek’s cybersecurity news weekly roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Anonymous-linked hacker Aubrey Cottle jailed over Texas GOP cyberattack Aubrey Cottle,…

Read More

Agentic AI Used to Conduct Ransomware Attack via Langflow

A threat actor exploited a vulnerability in Langflow to access an organization’s instance and abuse it in an agentic ransomware attack, cloud security firm Sysdig reports. Langflow is a Python-based, LLM-agnostic open source framework used for building LLM-driven applications and agent workflows. As part of the attack, a threat actor tracked as JadePuffer gained access to an internet-exposed Langflow instance through the exploitation of CVE-2025-3248 (CVSS score of 9.8), a critical missing authentication vulnerability disclosed…

Read More

Medtronic Data Breach Impacts 3.8 Million People

Medical technology giant Medtronic is notifying more than 3.8 million individuals that their personal and medical information was compromised in a recent data breach. The incident occurred in April 2026, when the infamous extortion group ShinyHunters accessed the company’s corporate IT systems. Medtronic confirmed the attack in late April, noting that its products and manufacturing and distribution operations were not affected. ShinyHunters had added the company to its Tor-based leak site on April 17, claiming…

Read More

FBI Seizes NetNut Proxy Platform, Popa Botnet

The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity published findings from multiple security firms connecting NetNut to the Popa botnet, a collection of at least two million devices that have been compromised by malicious software with little or no…

Read More

How to Conduct a Successful Audit of AI-Driven Software Development

Traditionally, an audit independently examines records, processes and controls to verify compliance and assess financial and operational integrity. In the modern world, such an approach should extend to the software development lifecycle (SDLC) – especially in the age of artificial intelligence (AI) or large language model (LLM)-assisted code. Chief Information Security Officers (CISOs) and their teams need proof that developers are producing protected products, because one in five organizations has experienced a serious security incident…

Read More

This month in security with Tony Anscombe – June 2026 edition

Three-day patching deadlines, exposed fuel-tank systems, scams costing billions of dollars, and social media bans for children all gave Tony plenty to unpack in June 2026 30 Jun 2026 It’s that time of month when ESET Chief Security Evangelist Tony Anscombe looks back at some of the top cybersecurity stories that made the news over the past 30 or so days and considers what they may mean for your own cyber-defenses. Here’s some of what…

Read More

Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities

Adobe on Tuesday announced security updates for ColdFusion and Campaign Classic to resolve half a dozen maximum severity vulnerabilities. The update for Adobe Campaign Classic resolves CVE-2026-48286 (CVSS score of 10/10), an incorrect authorization issue that could allow attackers to execute arbitrary code. Patches for the flaw were included in Adobe Campaign Classic version 7.4.3 build 9397, which is now rolling out to Windows and Linux users. Updates released for ColdFusion versions 2025 and 2023…

Read More

Inside the inbox: Why cybercriminals want to break into your email account

Digital Security Your inbox is an identity system all of its own: whoever owns it may own a lot more Phil Muncaster 29 Jun 2026  •  , 5 min. read Email is not just a means of communication, or yet another online account. In both our personal and work lives, it holds the keys to the kingdom: possibly even a mechanism to reset other account passwords and verify your identity. Email accounts are also the…

Read More

Aflac Japan Data Breach Impacts 4.38 Million

Aflac Life Insurance Japan, a subsidiary of insurance giant Aflac, on Tuesday announced that hackers stole the personal information of 4.38 million customers. The company’s systems were hacked on June 15, and the attackers accessed them several times until June 25, when the data breach was discovered, Aflac said in a filing with the US Securities and Exchange Commission. “Upon identifying the unlawful access, Aflac Japan promptly took steps designed to contain the incident and…

Read More

Verifiable Digital Credential Presentment

This blog post is #4 in our series on Verifiable Digital Credentials (VDCs). Our other posts can be found via Post #1, Post #2, and Post #3. In earlier posts, we discussed how verifiable digital credentials (VDCs) are issued and compared the underlying credential formats (ISO/IEC “mdoc” vs. W3C Verifiable Credentials). In this post, we turn to the other side of the story: presentation; that is, how a holder shows their VDC to a verifier…

Read More