SecurityWeek

In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum

Android TV botnet Popa linked to Israeli firm, Velvet Ant maintained decade-long stealth, unpatched GCP flaw enables takeover.
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...

10 signs that someone is monitoring or accessing your accounts - how to stop them

Apps you don't recognize could indicate an intruder or that your account is being quietly monitored. Permission must be ...
Security Boulevard

When AI Agents Become Bots: A Field Report from the Authentication Layer

Security vendors and their customers have spent considerable time debating where to draw the line between “legitimate” AI agents and “malicious” bots. A 31-day campaign against a major consumer ...
SecurityWeek

Infostealers Turn Millions of Devices Into Credential Theft Machines

Modern infostealers don't just steal passwords—they harvest the digital identities and context that enable attackers to blend ...
Las Vegas Sun

Rubrik Advances Identity Resilience Through Strata Acquisition and Identity Roll Forward Innovation

Rubrik FORWARD — Rubrik (NYSE: RBRK) today introduced two new Identity Resilience capabilities to expand its product suite. The first, Identity Continuity is powered by the acquisition of Strata.io, ...
IEEE

Blockchain-Based User Authentication and Data-Sharing Framework for Healthcare Industries

Abstract: In this paper, we developed a Blockchain-based User Authentication Data-Sharing (BC-UADS) framework. In BC-UADS, several hospital servers form a consortium blockchain network to maintain the ...
IEEE

Advancing Passwordless Authentication: A Systematic Review of Methods, Challenges, and Future Directions for Secure User Identity

As reliance on digital services grows, traditional password-based authentication methods have been increasingly scrutinized due to their susceptibility to cyber-attacks, including phishing and brute ...
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline Hijack

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...
Reuters

ChatGPT app hits 1 billion monthly active users in record time, data shows

June 2 (Reuters) - OpenAI's ChatGPT has crossed 1 billion global monthly active app users, becoming the fastest app ever to reach the milestone, ‌according to estimates from market intelligence firm ...
The Hacker News

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as ...
The Hacker News

MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn't log in without the ...