Microsoft recently addressed a maximum severity vulnerability in Copilot for Microsoft 365 identified as CVE-2026-42824. The flaw, dubbed SearchLeak, allowed attackers to exfiltrate sensitive data through a single-click exploit involving a specially crafted URL. This vulnerability highlights the ongoing difficulty AI models face in distinguishing between legitimate user instructions and malicious prompts embedded in third-party content.

Source

The recent decision by the United States to place Anthropic’s Fable 5 AI model under export control highlights a growing risk of structural dependence for European organizations. While the immediate impact on cybersecurity operations is limited due to existing model restrictions and a lack of high-quality organizational data, the move serves as a geopolitical wake-up call. Relying on a single foreign provider for business-critical AI creates significant supply chain vulnerabilities and leaves entities susceptible to sudden access termination by foreign decrees.

Source

Apple has released a support document detailing new security mechanisms in macOS Tahoe 26.4 that monitor the Terminal command-line interface. The operating system now triggers a "Possible malware, Paste blocked" warning when users attempt to paste commands copied from external sources like websites or emails. This specific alert is designed to protect infrequent Terminal users from social engineering scams that trick people into executing harmful code.

Source

Over 200 human rights organizations are calling for an immediate halt to the use of artificial intelligence in military kill chains. Groups like Amnesty International warn that algorithms are increasingly deciding life and death on the battlefield without human supervision. This movement highlights concerns that states and tech corporations are prioritizing profit and speed over ethical responsibility and international law.

Source

SoftBank Group and OpenAI have announced a new joint security service designed to defend Japanese infrastructure against increasingly sophisticated cyberattacks. The initiative utilizes artificial intelligence to identify system vulnerabilities and automate the deployment of necessary security patches. This collaboration aims to address a national security crisis characterized by a rapid increase in the volume and complexity of digital threats.

Source

Cloudflare has announced the general availability of its DMARC Management tool, providing a free solution for organizations to monitor and enforce email authentication. DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that lets domain owners specify in DNS how receiving mail servers should handle messages that fail SPF and DKIM checks, helping prevent spoofing and phishing. SPF (Sender Policy Framework) checks whether the sending server is allowed to send mail for the domain, and DKIM (DomainKeys Identified Mail) uses a cryptographic signature to verify that the email’s content and claimed sender domain are authentic.

Source

Approximately 200 Stanford University graduates staged a walkout during a commencement address delivered by Google CEO Sundar Pichai. The protest targeted Google's involvement in Project Nimbus, a $1.2 billion cloud computing and AI contract with the Israeli government. Demonstrators also highlighted the company's work with U.S. Immigration and Customs Enforcement and recent Pentagon AI initiatives.

Source

Microsoft has released a comprehensive analysis of email security performance based on a full year of real-world telemetry data. The report compares Microsoft Defender against traditional secure email gateways and integrated cloud email security solutions. Findings indicate that Defender consistently missed fewer high-severity threats than every other gateway vendor evaluated during the study period.

Source

Microsoft has failed to renew the SSL/TLS certificate for connectivity.office.com, a domain used by IT professionals to verify network access to cloud services. Visitors to the site are currently encountering untrusted connection warnings in their web browsers because the previous certificate expired on June 14. This specific tool is essential for testing firewall configurations and ensuring that organizational traffic can reach Microsoft 365 servers without interference.

Source

Cisco has released urgent security updates for Catalyst SD-WAN Manager to address a zero-day vulnerability tracked as CVE-2026-20262. This network management software, formerly known as vManage, allows for the centralized control of thousands of software-defined networking devices. The flaw impacts all deployment types, including on-premises installations and various cloud-managed versions such as those used by government entities.

Source

The cybercrime group ShinyHunters has reportedly exploited a zero-day vulnerability in Oracle PeopleSoft to breach over 100 organizations globally. This enterprise software is widely used for managing human resources, payroll, and business operations across various sectors. The vulnerability, tracked as CVE-2026-35273, has allowed the group to compromise approximately 300 vulnerable instances to exfiltrate sensitive data.

Source

North Korean threat actors are targeting developers with phishing campaigns that exploit integrated development environments (IDEs) to execute malicious code. The attackers distribute links to GitHub repositories that use the "runOn: folderOpen" feature in Visual Studio Code to trigger malware automatically when a project is opened. These campaigns primarily target organizations in the finance, cryptocurrency, and technology sectors across the United States and Europe.

Source

The United States government recently issued an export control directive to suspend access to Anthropic’s Fable 5 and Mythos 5 models due to national security concerns. This decision followed reports of a prompt-based jailbreak that allegedly bypassed the advanced AI model's safety guardrails shortly after its launch. In response to the federal mandate, Anthropic disabled the affected models for all customers to ensure full regulatory compliance.

Source

A critical privilege escalation vulnerability in the LiteSpeed cPanel plugin is now being exploited in the wild, prompting a warning from CISA. The flaw, tracked as CVE-2026-54420, allows attackers with basic FTP or web shell access to gain full root privileges on shared hosting environments. This security hole specifically affects servers running CloudLinux or CageFS due to the improper handling of user-provided symlinks.

Source

Anthropic has updated its privacy policy to require identity verification for users of its Claude Free, Pro, and Max tiers starting July 8, 2026. Users may be asked to provide government-issued identification and biometric data, such as facial geometry templates, to maintain access to the service. While these requirements currently exclude business and API customers, consumers who refuse to comply may face increased security filtering or total account blocks.

Source

Microsoft has addressed a critical vulnerability chain in Copilot for Microsoft 365 that allowed for unauthorized data exfiltration. The flaw, identified as CVE-2026-42824 and dubbed SearchLeak, enabled attackers to steal sensitive information from a user's mailbox, OneDrive, and SharePoint. Because the fix was implemented on the backend, organizations do not need to take any manual action to protect their environments.

Source

The North Korean threat actor ScarCruft is targeting users with spear-phishing emails that impersonate legitimate Microsoft Account security notifications. These messages warn of suspicious one-time password activity to create a sense of urgency and trick recipients into opening a malicious ZIP archive. Instead of the promised advisory document, the archive contains a shortcut file that initiates a multi-stage infection process.

Source

Security researchers have identified new Windows-based variants of the SprySOCKS malware, which was previously known only as a Linux-based threat. Attributed to the Earth Lusca threat group, these variants have been deployed in cyberattacks against government organizations across multiple countries. The malware now exists in two distinct forms: a feature-rich version called WIN_DRV and a lighter backdoor known as WIN_PLUS.

Source

The European Union is transitioning toward stricter software supply chain visibility requirements under the upcoming Cyber Resilience Act. Organizations are currently preparing for these obligations by integrating Software Bill of Materials tooling and automation into their development workflows. This shift marks a move from treating transparency as a voluntary best practice to a mandatory legal requirement for manufacturers.

Source