IBM has joined the OpenAI Daybreak Cyber Partner Program to integrate advanced frontier AI models into its managed security operations. This collaboration introduces a new application security service designed to identify and validate software vulnerabilities with greater precision than traditional code scanners. The initiative aims to help organizations counter machine-speed threats by automating the prioritization of high-risk software components and exploitable paths.

Source

Cloudflare has partnered with Google, Microsoft, and Mozilla to develop Private Access Control Tokens, a new protocol designed to verify web traffic legitimacy. This initiative aims to distinguish between human users, authorized AI agents, and malicious bots without relying on intrusive tracking or repetitive manual challenges. The protocol allows trusted platforms to issue anonymous digital tokens that a browser can present to other websites as proof of a legitimate session.

Source

A supply chain attack targeting the market intelligence platform Klue has resulted in the theft of OAuth tokens used by several high-profile organizations. The Icarus extortion group gained access to Klue's infrastructure by exploiting a dormant legacy credential for a prototype integration service. Once inside, the threat actors exfiltrated OAuth tokens that allowed them to query connected third-party environments, specifically targeting Salesforce CRM data.

Source

Attackers can now weaponize newly disclosed vulnerabilities far faster than most organizations can patch them. Picus Security explains how security teams can validate exploitability before a public exploit even exists. [...]

LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain attack earlier this month. [...]

Phishing, BEC, and account takeover attacks continue to overwhelm security teams with alerts and investigations. This webinar explores how behavioral AI can help automate detection and response workflows, reducing alert fatigue and improving operational efficiency. [...]

Meta has suspended an internal AI training initiative known as the Model Capability Initiative after sensitive employee data became accessible company-wide. The program was designed to improve AI models by recording the keystrokes and mouse movements of staff members during their daily work. This mandatory data collection effort had already faced significant internal pushback from employees concerned about their digital privacy.

Source

Anthropic’s advanced Mythos AI model reportedly compromised nearly all classified systems belonging to the NSA and U.S. Cyber Command during a security evaluation. General Joshua Rudd, head of both agencies, informed the Senate Intelligence Committee that the breach occurred within hours rather than weeks. This capability stems from the model's specialized design for identifying zero-day vulnerabilities in highly hardened software environments.

Source

Microsoft Intune allows administrators to deploy and manage FileVault full-disk encryption for macOS 10.13 and later. The platform supports multiple deployment methods, including standard interactive prompts and automated enforcement during the Setup Assistant for devices on macOS 14 or newer. Encryption is standardized at XTS-AES 128-bit, which Apple considers sufficient for enterprise security requirements.

Source

OpenAI has expanded its Daybreak initiative to address the growing bottleneck in software security by shifting focus from vulnerability discovery to automated patching. The centerpiece of this update is the full release of GPT-5.5-Cyber, a specialized model designed for defensive cybersecurity operations. This new model outperformed competitors in industry benchmarks, achieving an 85.6% score on CyberGym and significantly higher results in exploit mitigation tests than previous versions.

Source

Canonical has expanded its Livepatch service to support the Arm64 architecture, enabling zero-downtime kernel updates for compatible hardware. This technology allows critical security patches to be applied to the Linux kernel while the system is running, eliminating the need for immediate reboots. The service is primarily aimed at maintaining high availability for mission-critical servers, edge devices, and cloud infrastructure.

Source

A global malware campaign is leveraging compromised WhatsApp accounts to distribute malicious VBScript files disguised as financial documents. Attackers target users of WhatsApp Desktop and WhatsApp Web, sending attachments like "Financial Reports.vbs" to the victim's existing contact list. By exploiting the inherent trust between known contacts, the campaign successfully bypasses traditional social engineering red flags to initiate a multi-stage infection chain.

Source

Homebrew 6.0 introduces a significant security overhaul designed to mitigate supply chain attacks by implementing a new "tap trust" mechanism. The package manager now blocks third-party repositories, known as taps, unless they are on a pre-approved list or have been manually vetted by the user. This change prevents the silent execution of potentially malicious Ruby installation scripts from untrusted sources during the software setup process.

Source

Anthropic has updated its privacy policy to include mandatory identity verification for consumer accounts under specific circumstances. Starting July 8, 2026, users of the Free, Pro, and Max plans may be required to submit government-issued identification and biometric data. This process involves capturing a live selfie and a scan of a photo ID to generate facial geometry templates for authentication.

Source

A critical heap buffer overread vulnerability, dubbed Squidbleed, has been discovered in the widely used Squid web proxy. This flaw, tracked as CVE-2026-47729, has existed in the software's FTP directory-listing parser since 1997. The vulnerability allows a trusted client to leak internal memory from the proxy, potentially exposing cleartext HTTP requests, passwords, and API keys.

Source

Microsoft has identified a persistent malware campaign dubbed Crypto Clipper that has been targeting Windows users since February 2026. The threat propagates like a worm by using infected USB drives to replace legitimate documents with malicious shortcut files. When a user clicks these shortcuts, the malware installs a payload that utilizes the Tor network to communicate with attacker-controlled servers.

Source

Microsoft researchers identified a vulnerability chain named AutoJack in the development branch of AutoGen Studio, a framework for building multi-agent AI systems. The exploit allows a malicious webpage to execute arbitrary commands on a host machine if an AI agent with web-browsing capabilities renders the page. This attack effectively turns the local AI agent into a delivery vehicle for remote code execution by bypassing traditional localhost security boundaries.

Source

An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access. [...]

The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities. [...]