CyberSecurity Updates

Protecting legacy OT systems against modern cyberthreats

Critical Infrastructure Many manufacturing plants depend on OT systems that stay in service for many years. That long run can hide significant cybersecurity risks. Tomáš Foltýn 17 Jun 2026  •  , 5 min. read In a manufacturing plant built around uptime, a machine that has run the same physical process for years with barely a hiccup earns something less commonly discussed than a track record of throughput: institutional trust. Over time, such quiet reliability has…

Read More

Webinar Today: How Modern Breaches Bypass MFA and Evade Detection

Live Webinar: June 17, 2026 at 1PM ET – Register to Attend Today’s attackers are no longer breaking in — they’re logging in. Threat actors are increasingly using sophisticated social engineering, MFA fatigue attacks, session hijacking, credential theft, and help desk impersonation to bypass traditional security controls and move undetected across enterprise environments. In this webinar, we’ll break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification,…

Read More

iRhythm Confirms Data Stolen in Hack

iRhythm, a health company specializing in wearable cardiac monitoring technology, has been targeted in a cyberattack that resulted in the theft of information. The data breach was disclosed by iRhythm, known for its Zio wearable ECG monitor, in a Monday filing with the SEC. The company said it detected “unauthorized activity involving data maintained on certain third-party-hosted business applications” on June 8. iRhythm noted that the attack involved social engineering, but the targeted application has…

Read More

EvilTokens: A phishing attack that doesn’t steal your password

Cybercrime A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing passwords or creating fake login pages Christian Ali Bravo 15 Jun 2026  •  , 5 min. read Much has been written about how the days of phishing emails laden with broken grammar and crude design are numbered, largely thanks to AI. Meanwhile, EvilTokens offers a somewhat different example of how far the phishing craft has moved. EvilTokens is a…

Read More

Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer

Mackay Sugar, a major Australian sugar producer, has been targeted in a ransomware attack that forced it to shut down some of its mills. The hacker attack came to light on June 10, when Mackay Sugar announced it was responding to a cybersecurity incident affecting some of its operations. “Interim processes are in place to support critical business functions and minimise disruption where possible,” the company said at the time. Mackay Sugar operates three cane-processing…

Read More

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

In response to a recent wave of supply chain attacks targeting the NPM ecosystem, GitHub announced that scripts from dependencies will no longer be executed by default. Multiple major incidents that occurred over the past several months, mainly associated with TeamPCP and the Shai-Hulud self-replicating worm, have been abusing the default, automatic execution of scripts from dependencies during npm install to infect thousands of developers with malware. To better protect users, starting with NPM version…

Read More

Anthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export Controls

AI giant Anthropic said Friday it has taken its latest artificial intelligence models, known as Fable 5 and Mythos 5, offline to comply with a directive from the Trump administration to prevent their use by foreign nationals. The export controls mark the U.S. government’s most significant step to date to restrict access to the most advanced AI models. Anthropic released Fable widely this week. That model is a limited version of the even more advanced…

Read More

What makes or breaks cyber-readiness for SMBs

“Fix the roof while the sun is shining.” – proverb Cybersecurity has a familiar way of saying the storm will come: “a breach is a matter of when, not if.” While the industry’s sternest maxim has probably never been more true, it sometimes feels as though it’s also lost some of its edge over the years. Everyone agrees that there could be a ‘cloud on the horizon,’ but is it enough to get them to …

Read More

OceanLotus: From external espionage to domestic targeting

Our tracking of OceanLotus activities from 2024–2026 reveals a shift in operational focus. During this period, the Vietnam-aligned OceanLotus adopted a more selective approach to external operations while placing increasing emphasis on domestic espionage. We identified two distinct campaigns involving the SPECTRALVIPER backdoor: a supply-chain attack targeting stock investors in Vietnam and a prolonged espionage operation against a Vietnamese infrastructure and transport construction company. Whether the shift represents a temporary adjustment or a long-term strategic…

Read More

In Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: IBM and AT&T accused of hack cover-ups A former IBM cybersecurity…

Read More