Attackers no longer need to sift through massive credential dumps. They can pay others to do it for them. Flare explores how an emerging underground market searches stolen credential databases for specific companies, domains, and accounts. [...]

Microsoft has clarified that PCs failing to update to the 2023 Secure Boot certificates by the June 2026 deadline will not be bricked. These devices will continue to boot normally and receive standard Windows updates, but they will lose the ability to process future boot-level security revocations. This transition is necessary because the original 2011 certificates are expiring, preventing the firmware from blacklisting newly discovered malicious bootloaders.

Source

A new wave of malicious packages on the npm and PyPI repositories is employing "indirect prompt injection" to disrupt AI-assisted malware analysis. Researchers identified that the Hades campaign and specific packages like shai_hulululud embed large blocks of deceptive text within non-executable code comments. This technique targets LLM-based triage pipelines by including forbidden topics or repetitive "token flooding" designed to trigger safety refusals or system timeouts.

Source

Systemd 261 introduces a new cloud Instance Metadata Service subsystem featuring the systemd-imdsd daemon. This service provides a unified local interface for accessing metadata across various providers like AWS, Azure, and Google Cloud, reducing the need for provider-specific tools. Administrators can now restrict direct network access to cloud metadata endpoints to enhance security against request forgery and unauthorized access.

Source

Researchers from Wake Forest University recently analyzed 444 iOS applications that integrate Large Language Model features. The study revealed that 282 of these apps exposed exploitable credentials or backend access mechanisms. These vulnerabilities were found across 13 different categories, including productivity, education, and lifestyle tools.

Source

AI coding agents like Claude Code and Cursor have the capability to edit files and execute terminal commands directly on developer machines or in CI/CD environments. These tools often operate with significant privileges, creating a new attack surface where malicious instructions can be disguised as legitimate system data. A lack of visibility into these automated actions makes it difficult for organizations to monitor for unauthorized or suspicious behavior.

Source

The Trump administration has reconsidered its designation of Anthropic as a national security threat following a brief but intense regulatory standoff. The conflict originated from an export control directive that required the AI startup to block foreign access to its most advanced models, Fable 5 and Mythos 5. Because Anthropic lacked a reliable method to restrict access solely to American users, the company temporarily disabled both models entirely to ensure compliance.

Source

ClawHub serves as a plugin and skill registry for AI agents like OpenClaw and Claude Code, utilizing npm-style scopes to identify package owners. These scopes, such as @openclaw and @clawhub, are intended to act as trust signals that verify the provenance of code. However, a lack of enforcement allowed unauthorized accounts to publish plugins under these official organizational namespaces.

Source

The CEOs of Anthropic, Google DeepMind, and OpenAI met with G7 leaders to advocate for a United States-led international coalition focused on artificial intelligence governance. During a closed-door session in France, industry leaders proposed that Washington take the primary role in establishing global rules and safety standards. This initiative aims to harmonize how nations test and deploy advanced models while managing the significant risks associated with the technology.

Source

A previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into proxies for malicious traffic. [...]

Maintaining current security intelligence is essential for Microsoft Defender Antivirus to identify and neutralize emerging threats effectively. Administrators can define a specific fallback order for update sources to ensure endpoints remain protected even if a primary connection fails. Available update locations include Microsoft Update, Windows Server Update Services (WSUS), Microsoft Configuration Manager, network file shares, and the Microsoft Malware Protection Center.

Source

AMD has announced it will reinstate Transparent Secure Memory Encryption (TSME) for consumer-grade Ryzen 9000 desktop processors via a BIOS update in July. This decision follows significant community feedback after the feature was quietly removed in a recent firmware update. TSME, which AMD brands as Memory Guard for its professional product lines, provides a hardware-based layer of protection for data stored in system memory.

Source

Microsoft is shifting its strategy by reducing the mandatory use of Microsoft accounts across its ecosystem. A significant update to the Microsoft 365 Roadmap reveals that Microsoft Edge will soon allow users to sign in using a Google account instead of a Microsoft account. This feature, expected to roll out in July 2026 for Windows and macOS, aims to lower the barrier for Chrome users considering a switch to Edge.

Source

Norway is implementing strict regulations on artificial intelligence in classrooms to prioritize fundamental skills like reading, writing, and mathematics. Prime Minister Jonas Gahr Støre announced that the new rules will take effect in August 2025 to address concerns about the negative impact of technology on student development. The government aims to shift the educational focus back to analog methods following a decline in literacy rates and test scores.

Source

Alibaba Cloud has launched its first cloud region in France, establishing two new availability zones in Paris. This expansion increases the provider's European footprint, joining existing hubs in Germany and the United Kingdom. The new infrastructure supports a comprehensive suite of enterprise services, including elastic computing, containerization, and database management, designed to meet local regulatory requirements.

Source

Salesforce has disabled the Klue Battlecards app integration after a security breach at the competitive intelligence firm exposed customer data. The incident originated from a compromised legacy credential within Klue's infrastructure, which allowed an extortion group known as Icarus to push malicious code. This code collected OAuth tokens that customers use to connect Klue to their own environments, effectively bypassing standard authentication measures like passwords or multi-factor authentication.

Source

Microsoft is enhancing its Purview data governance service to provide organizations with stricter control over how AI interacts with confidential information. Purview is a suite of tools designed to help commercial customers manage, secure, and govern large volumes of data across their digital estate. This upcoming change specifically addresses concerns regarding artificial intelligence services accessing and processing protected corporate content without explicit permission.

Source

Microsoft has officially announced that support for the Office 2021 suite will conclude on October 13, 2026. After this date, the software will no longer receive security patches, bug fixes, or technical assistance from the company. This move is part of a broader strategy to transition users toward subscription-based services or newer perpetual licenses.

Source

A new ransomware operation named 'Prinz Eugen' prioritizes recently modified files for encryption and leaves no ransom note on the system. [...]