BleepingComputer.com

"Chinese hackers hijack auth flow, spy on isolated network for a decade."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 13 June 2026, 1642 UTC.

Content and Source:  "BleepingCompute.com."

 https://www.bleepingcomputer.com/

Please check URL or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Latest Articles

• 
   
  Security

  Chinese hackers hijack auth flow, spy on isolated network for a decade

  Chinese hackers took control of a target organization's authentication stack and maintained persistence for 10 years, with full visibility into the administrative activity.

  • Bill Toulas
  • June 13, 2026
  • 10:06 AM
   
  •  0
• 
   
  Deals

  Lifetime access to 1,000+ pro courses is just $20 through tomorrow

  Most people don't have the time—or patience—for rigid schedules, expensive programs, or subscriptions that never seem to end. That's what makes EDU Unlimited by StackSkills such an appealing option. For just $19.97 (MSRP $600) through tomorrow only, you can get lifetime access to a library of more than 1,000 online courses.

  • BleepingComputer Deals
  • June 13, 2026
  • 08:10 AM
   
  •  0
• 
   

  [Webinar] Device code phishing in 2026: live demos, real kits, and where it's headed next 

  18 kits, a 37x spike in detections, and every major AiTM vendor adding it to their platform: device code phishing has gone from espionage-grade to criminal commodity. Join Push Security's VP of R&D Luke Jennings for attacker-side demos and a breakdown of the kits and campaigns we're tracking in the wild.

  • Push Security Sponsorship
• 
   
  Security

  US Gov asks Anthropic to ban 'foreign national' access to Fable, Mythos

  The US government has ordered Anthropic to block all foreign nationals from accessing Fable 5 and Mythos 5, forcing the company to suspend both models worldwide. Anthropic is complying but disputes the basis, calling the cited jailbreak narrow and the capability widely available elsewhere.

  • Ax Sharma
  • June 13, 2026
  • 06:01 AM
   
  •  0
• 
   
  Security

  Maine disables data breach notification portal after fake disclosures

  Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to prevent abuse in the future.

  • Lawrence Abrams
  • June 12, 2026
  • 03:33 PM
   
  •  0
• 
   
  Security

  phpBB forum fixes auth bypass bug lurking for a decade

  A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators.

  • Bill Toulas
  • June 12, 2026
  • 02:19 PM
   
  •  1
• 
   
  Security

  Ukrainian national pleads guilty to role in Conti ransomware operation

  A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation.

  • Lawrence Abrams
  • June 12, 2026
  • 01:54 PM
   
  •  0
• 
   
  Security

  Over 400 Arch Linux packages compromised to push rootkit, infostealer

  More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens.

  • Bill Toulas
  • June 12, 2026
  • 01:03 PM
   
  •  1
• 
   
  Security

  Early Warning Signs of Supply-Chain Attacks Live in the Dark Web

  GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk.

  • Flare
  • June 12, 2026
  • 10:01 AM
   
  •  0
• 
   
  Microsoft

  Microsoft fixes Windows update failures linked to WUSA installer

  Microsoft has fixed a known issue that caused Windows updates released since May 2025 to fail when installed via the Windows Update Standalone Installer (WUSA) from a network share.

  • Sergiu Gatlan
  • June 12, 2026
  • 07:44 AM
   
  •  1
• 
   
  Deals

  This $50 training bundle covers ethical hacking, CISSP, Python & more

  With the InfoSec4TC Platinum Membership of $49.97, you get lifetime access to more than 90 cybersecurity courses covering ethical hacking, CISSP, CISM, CISA, governance and risk compliance (GRC), ISO 27001, Python-based hacking workflows, and other industry-recognized security topics.

  • BleepingComputer Deals
  • June 12, 2026
  • 07:12 AM
   
  •  0
• 
   
  Security, Healthcare

  Pharma giant Novo Nordisk discloses breach of clinical trials data

  Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials.

  • Sergiu Gatlan
  • June 12, 2026
  • 06:13 AM
   
  •  0
• 
   
  Security

  CISA orders feds to patch actively exploited Ivanti flaw by Sunday

  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04.

  • Sergiu Gatlan
  • June 12, 2026
  • 04:26 AM
   
  •  0
• 
   
  Security

  Over 73,000 French govt employees affected in Tchap messenger breach

  The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector.

  • Sergiu Gatlan
  • June 12, 2026
  • 03:09 AM
   
  •  1
• 
   
  Security

  Japanese energy firm loses drive with data of 10.9 million clients

  Kyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers.

  • Bill Toulas
  • June 11, 2026
  • 07:14 PM
   
  •  3
• 
   
  Security, Gaming

  Maine breach portal abused to publish fake data breach disclosures

  In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine's official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims.

  • Bill Toulas
  • June 11, 2026
  • 06:44 PM
   
  •  0
• 
   
  Security

  Oracle mitigates PeopleSoft zero-day exploited in data theft attacks

  Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks.

  • Lawrence Abrams
  • June 11, 2026
  • 03:39 PM
   
  •  0
• 
   
  Deals

  Skip overpriced earbuds — these open-box JBL noise-canceling ones are $30

  These open-box JBL Vibe Beam 2 earbuds are down to $29.99 from $64.95 in this deal, and they pack in a lot of the features people actually care about instead of chasing gimmicks nobody uses twice.

  • BleepingComputer Deals
  • June 11, 2026
  • 02:11 PM
   
  •  0
• 
   
  Legal, Security

  Authorities dismantle 'AudiA6' ransomware crypto-laundering service

  Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million.

  • Bill Toulas
  • June 11, 2026
  • 11:55 AM
   
  •  0
• 
   
  Security

  Why AI-driven threats are exposing the limits of MSP security stacks

  AI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automation, and recovery are becoming essential.

  • Kaseya
  • June 11, 2026
  • 10:00 AM
   
  •  0
• 
   
  Security

  Coupang hit with record $409 million data breach fine in Korea

  ​​The Personal Information Protection Commission (PIPC), South Korea's data protection regulator, has fined e-commerce giant Coupang a record 624.6 billion won (roughly $409 million) following a massive data breach affecting more than 37 million customers

  • Sergiu Gatlan
  • June 11, 2026
  • 08:52 AM
   
  •  0

• 1
 
• 2
 
• 3
 
• 4
 
• 5
 

View More