Security researchers recently identified critical vulnerabilities in Microsoft 365 Copilot that allowed attackers to exfiltrate sensitive organizational data. These exploits, known as SearchLeak and EchoLeak, utilized prompt injection techniques to bypass standard security boundaries without requiring user interaction. The flaws targeted the enterprise tier of the service, potentially exposing any information the AI could access within a tenant's environment.

Source

Cloudflare has introduced the Cloudflare One stack to simplify the transition to Zero Trust network architectures. This toolkit provides specialized skills for AI agents to automate the configuration, deployment, and management of security environments. It aims to reduce the manual effort required to decode complex network topologies and existing vendor policies.

Source

Cisco has updated a critical security advisory to include the Catalyst SD-WAN Validator, formerly known as vBond, as a product vulnerable to a maximum-severity flaw. This vulnerability, tracked as CVE-2026-20127, involves an improper authentication issue that allows attackers to gain administrative rights and reconfigure the SD-WAN fabric. When combined with a secondary path traversal bug, unauthorized actors can achieve persistent root access to affected networking instances.

Source

A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. [...]

Account takeovers are rising as attackers bypass traditional defenses through phishing, session hijacking, and MFA fatigue. Specops Software explores how device trust and continuous verification help reduce account takeover risk. [...]

AMD has reportedly disabled Transparent Secure Memory Encryption (TSME) on consumer-grade Ryzen processors through recent firmware updates. TSME is a hardware-level feature that automatically encrypts data stored in system RAM to protect against physical attacks, such as cold-boot exploits or memory snooping. While previously available on standard Ryzen chips, the functionality now appears restricted to the more expensive Ryzen Pro and EPYC product lines.

Source

India has banned Telegram until June 22 after the app was used to circulate leaked exam papers. CEO Pavel Durov accuses telecom Reliance of BGP hijacking that disrupted the app as far away as the UAE. Here's what happened, and how to get around the block with an MTProto proxy. [...]

More than 100 cybersecurity executives and researchers are calling on the Trump administration to reverse export controls placed on Anthropic’s advanced AI models. The government recently ordered the company to suspend access to its Fable 5 and Mythos 5 models for foreign nationals due to national security concerns. Experts argue these restrictions hinder the ability of defenders to identify and patch software vulnerabilities at a critical time.

Source

The Trump administration has issued an export control directive banning foreign entities and individuals from accessing Anthropic’s most advanced AI models, Fable 5 and Mythos 5. This mandate follows reports that users successfully bypassed safety guardrails on Fable 5 to access the more restricted capabilities of the Mythos system. Anthropic has responded by dispatching technical staff to Washington to negotiate a resolution while effectively pulling the affected models from the market.

Source

Apple is planning to modify its Hide My Email service by transitioning generated addresses to a new dedicated subdomain. Currently, these anonymous addresses use the standard @icloud.com domain, making them indistinguishable from primary user accounts. In the coming weeks, the service will shift to using @private.icloud.com for all newly created aliases.

Source

HPE has unveiled a major expansion of its networking strategy at Discover 2026, positioning the network as the primary control plane for artificial intelligence. Following the $14 billion acquisition of Juniper Networks, the company is integrating specialized hardware like QFX switches to support AI training and inference. This shift aims to address the performance gap between rapidly advancing compute power and traditional networking infrastructure.

Source

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild. [...]

Microsoft confirmed that it's working on a security patch for a Defender zero-day vulnerability named "RoguePlanet," disclosed one week ago. [...]

Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data. [...]

HPE has unveiled a comprehensive update to its networking and AI infrastructure to support the deployment of autonomous AI agents. The strategy focuses on "self-driving" networks that integrate Juniper and Aruba technologies to automate operations across data centers and the edge. New hardware including the QFX5140 and QFX5250 switches aims to eliminate bottlenecks in AI inference clusters and rack-scale platforms.

Source

The Trump administration has rejected requests from G7 allies, including the United Kingdom, for exemptions from a ban on Anthropic’s most advanced artificial intelligence models. Prime Minister Keir Starmer sought a "carve-out" for British companies to access the Fable 5 and Mythos 5 systems, but US officials labeled such an exemption as illogical. The administration maintains that these frontier models must remain restricted to ensure the technology is fully protected from any foreign exploitation or national security threats.

Source

Attackers deploying DragonForce ransomware have developed a sophisticated method to disguise malicious command-and-control traffic as legitimate Microsoft Teams activity. The intrusion involves a custom Go-based backdoor that allows attackers to maintain persistent access to compromised networks for extended periods. By routing communications through official Microsoft infrastructure, the malware evades detection from standard network monitoring tools.

Source

Threat actors are increasingly using popular AI brands like ChatGPT, Claude, and DeepSeek as lures in sophisticated social engineering campaigns. These attacks utilize phishing, malvertising, and SEO manipulation to trick users into downloading malware or revealing sensitive financial information. While the themes are modern, the campaigns rely on established tactics such as urgency-driven messaging and multi-stage redirection to bypass security filters.

Source

At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. [...]