Errata
Windows and Linux users: The deadline to update Secure Boot keys is near - Ars Technica - June 24, three certificates that cryptographically verify that each piece of firmware and software that loads during system boot will expire. The Microsoft-signed certificates are the linchpins of Secure Boot, a Microsoft-designed chain of trust. Secure Boot checks the digital signatures of all firmware that loads during system startup to ensure it originates from a trusted provider, such as the manufacturer of the motherboard the system runs on.
In major privacy win, Supreme Court rules geofence warrants are protected by privacy rights | TechCrunch - In a 6-3 ruling, SCOTUS said that “an individual has a reasonable expectation of privacy in his cell-phone location information.” According to the court, that means people have privacy rights when it comes to the location history collected by their phones, as well as the services and apps running on them.
Texas government data breach allowed hackers to steal 3 million driver’s licenses and passports | TechCrunch - A data breach at a Texas state government department allowed hackers to take the driver’s license information, passport numbers, emails, phone numbers, and addresses of more than 3 million people, according to the state’s attorney general.
Helpdesk scammers are making house calls to make their lies feel more real - Dutch police said in their announcement on Tuesday that the crew sent members to visit victims in person, purportedly offering hands-on assistance to secure their accounts.
Gizmodo readers hit with ClickFix malware prompts after account compromise - “We identified and resolved a security incident on our site earlier today,” the outlet said. “A compromised account was exploited to inject a malicious script, briefly exposing users to scam content. The site was taken offline immediately, the script removed, and the account secured.
Anonymous researcher drops 0-day ’exploitarium’ repo - Unlike Nightmare Eclipse, however, bikini doesn’t appear to hold a grudge against any one vendor, publishing purported vulnerabilities across multiple products and projects including libssh2, Splunk, RustDesk, 7-Zip, VLC, AnyDesk, OpenVPN, c-ares, Gitea, and Floci.
Apple Vulns
Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain - That code is burned into the silicon at manufacture. No software update can reach it. Affected devices will carry this flaw for as long as they stay in use. Device families in that range include the iPhone XS, XS Max, and XR; the iPhone 11, 11 Pro, 11 Pro Max; the iPhone SE (2nd generation); the iPad Air 3rd gen, iPad mini 5th gen, and iPad 8th gen; Apple Watch Series 4 and 5; the first-generation Apple Watch SE; the HomePod mini; and other Apple products built on those chips. A11 is not affected. A14 and later appear to be out of reach for this exploit path.
AI
Why Amazon hates ‘human-in-the-loop’ AI governance -
“It’s a thing all humans fall prey to, and one of the most heartbreaking stories I read in this area was about emergency departments and emergency rooms,” Brandwine said during a phone interview with The Register. “You’ve got all these machines, and they’re all beeping. Your first day on the job, you jump every single time one of the alarms beeps – but the patient is fine. It's a spurious alarm. You go back to your station, you sit down, and over time, after enough of these false alarms, enough of these repeated beeps with no actual consequence, your discipline slips, and you stop responding. And eventually some tragic outcome occurs.”
“If you put a human inside of this tight loop, and ask them to make approval decisions for agentic tools repeatedly, time after time, they'll do a good job,” Brandwine said. “And then they'll do an okay job. And pretty quickly they'll be doing a poor job.”
“If I sit down at my keyboard and I type a command that takes a service down, I caused an outage,” Brandwine explained. “If I run a script that takes a service down, it's still me that caused the outage. If my agent writes a script that they then run, and it causes an outage, that's still my responsibility.”
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting - Because bucket names are globally unique, an attacker could create the expected bucket first in their own project. The victim’s SDK would then upload the model files to the attacker’s bucket. The attacker could then replace the uploaded model with a malicious one.
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution - Steer the agent to load an attacker’s web page, and that page’s JavaScript can reach a privileged local service on the same machine and spawn a process on the host. No credentials, no sign-in screen, and no further user interaction once the agent loads the page. The attacker only has to get the agent to open it, and a planted link, a URL field, or a prompt injection will do.
Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs - Amazon Q read an MCP configuration file, .amazonq/mcp.json, from the open workspace and launched the servers it defined. MCP servers are local processes that an AI assistant can spawn to reach databases, APIs, or build tools, so starting one means running commands on the machine. Those processes inherited the developer’s full environment. That usually means AWS keys, cloud CLI tokens, API secrets, and SSH agent sockets. Put the two together, and a file sitting in a cloned repo could run arbitrary code with the developer’s live cloud session attached. No password, no second sign-in.
New macOS malware embeds fake errors to confuse AI analysis tools - The malware contains strings that attempt to gaslight AI-assisted analysis tools into believing there is an analysis error or other issue, potentially causing the tools to abort, truncate, or otherwise interfere with the analysis. What makes the malware stand out is a 3.5 KB payload containing 38 fake “system” messages embedded directly within the binary. The fake messages pretend to be developer logs, crash reports, debugging output, and program alerts, using Markdown formatting and template-style placeholders to appear like legitimate analysis data.
Dev
GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns - Effective June 18, 2026, the latest version of “actions/checkout,” the official GitHub action for checking out a repository into the workflow’s runner, refuses common pwn request patterns by default. The change is expected to be backported to all currently supported major versions on July 16, 2026.
Homebrew 6.0 released with new security mechanism, Linux sandbox and more - The Homebrew team has released version 6.0 of this popular open-source package manager for macOS and Linux, with a new mechanism for trusting packages and support for sandboxing on Linux, to align with existing sandboxing on macOS.
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels - The emails contain links to GitHub repositories masquerading as technical assignments or cryptocurrency-related projects, instructing recipients to clone the repository and open it in VS Code or Cursor, resulting in the execution of operating system-specific malware loaders for Linux, macOS, and Windows. Subsequent lures observed in May 2026 have pivoted their approach by requesting targets to review their open-source projects.
Miasma campaign poisons 20-plus npm packages, hunts for developer secrets - Microsoft Threat Intelligence said in a post on X that the attack began late on June 24 after attackers compromised an npm maintainer account, “czirker,” and used it to publish poisoned updates to more than 20 packages in a “coordinated, fully automated operation completed in under three seconds.”
Klue Breach
Security shops among the ‘hundreds’ of Klue hack victims - Since Huntress’ disclosure, several other security and software vendors including Recorded Future, Tanium, Jamf, Gong, HackerOne, Kudelski Security, Snyk, Insurity, and Sprout Social have revealed that the data thieves also accessed their CRM data via the Klue integration with Salesforce.
Ransomware.live: Icarus - Ransomware.live is a free, independent, and continuously updated threat intelligence platform tracking ransomware groups and their victims worldwide. It passively monitors ransomware groups’ Data Leak Sites (DLS), aggregates publicly disclosed victim data, and presents it in a structured, actionable format — no paywall, no ads, no corporate backing.
Global Going’s On
Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices - The court found the threat to Canada clearly established and imminent, and the measures necessary, reasonable, and proportional. It stressed the operation went after devices, not people: no user identities sought, no content intercepted, any personal data swept up incidentally destroyed.
Russian hackers were behind $2.5B hack of Jaguar Land Rover: Report | TechCrunch - The New York Times reports that the hackers behind the breach were Russian, although it’s still unclear if they were working directly for Vladimir Putin’s government, were just criminals, or something in between, like criminals operating with the government’s tacit approval.
Beyond Attribution - Atlantic Council - Chart, Spectrum of State Responsibility PDF - The Spectrum of State Responsibility The spectrum of state responsibility is a tool to help analysts with imperfect knowledge assign responsibility for a particular attack, or campaign of attacks, with more precision and transparency. This spectrum assigns ten categories, each marked by a different degree of responsibility, based on whether a nation ignores, abets, or conducts an attack. The spectrum starts from a very passive responsibility—a nation having insecure systems that lead to an attack—up to very active responsibility—a national government actually planning and executing an attack.
You have got to be KDDI-ng – Japanese telco exposes 14.2 million managed email credentials - But the carrier also fears that up to 14.2 million email addresses and passwords may have leaked and therefore warned that third parties may have obtained personal data. Thankfully, the company had hashed and encrypted the passwords – so users only have to fear phishing and identity theft, instead of something nastier. KDDI is one user of the hacked platform, and also provides it to Japanese ISPs STNet, JCOM, Chubu Telecommunications Co., Nifty Corporation, and BIGLOBE.
Nation-state actors cracked critical Australian infrastructure to ‘cripple it at a time of their choosing’ - “ASIO assessed the hackers were preparing for sabotage. They weren’t planting ‘digital dynamite’ as such; they were mapping out the network and maintaining access so they could cripple it at a time of their choosing.” “In this case, a state-sponsored group didn’t just achieve access to the Australian critical infrastructure provider, it successfully acquired credentials – login details and passwords – for active users of the networks, including the IT professionals guarding it,” he added.
Linux
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets - The file on disk never changes. The modification lives only in the kernel’s in-memory copy, so file-integrity tools miss it, the attack leaves no audit trail, and a reboot restores the original binary. The attacker already has root by the time anyone might think to check.
New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries - The exploit never touches the file on disk. It poisons the cached copy of a setuid root binary (/bin/su) in memory, injects a small payload, and runs that altered image as root. File-integrity checks come back clean while a root shell is already open.
Fortinet
Massive breach spills credentials for thousands of sensitive networks - Ars Technica - Nearly 74,000 Fortinet devices from more than 21,000 IP addresses in 194 countries have been compromised and their plaintext credentials exposed online. In many cases, once the threat actors compromised the devices, they went on to access affected organizations’ centralized authentication systems, such as Radius servers and Microsoft Active Directory. The number of compromised devices comprises roughly half of all Internet-facing Fortinet firewalls, based on polling from Shodan.
Massive password-stealing attack hits 75k Fortinet firewalls - “They intercept SSL VPN authentication, crack hashes on a 45-GPU cluster managed via Hashtopolis, and pivot into internal Active Directory environments,” he wrote on LinkedIn. “The operation processed 1.16 billion credential attempts against 320,777 FortiGate targets and 2.1 billion attempts against 163,650 MSSQL servers.”
FortiBleed — 73,932+ Compromised Fortinet Firewalls | Hudson Rock | Hudson Rock - Affected Domain lookup