Security News Bundle
- Get link
- X
- Other Apps
"Miasma Worm compromises 73 Microsoft GitHub repositories."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 09 June 2026, 1641 UTC.
Content and Source compiled by https://feedly.com.
https://feedly.com/i/collection/content/user/f401222a-bca6-4c45-9cc1-183f239e8d86/category/7737d3c9-5fe2-4b34-8708-85e57085f895
Please check subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Security News Bundle
51
Today
The Miasma worm compromised 73 Microsoft GitHub repos, spreading via AI coding tools and stealing cloud credentials from developers and CI/CD systems. A self-replicating worm called Miasma has compromised 73 Microsoft GitHub repositories and forced GitHub staff to disable them. The affected repos include core Azure infrastructure like azure-functions-host and the entire Durable Task family across
BleepingComputer / 22min
Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit discovery, reverse engineering, and live-site validation. [...]
The Register – Security / 29min
Apple says that its next-gen operating system will allow users to update their weak and compromised passwords with a single tap. Upgrades coming to iOS 27, announced at Tim Cook’s last Worldwide Developers Conference (WWDC) this week, introduce a significant change to the way users manage their passwords. “Building on its ability to alert users about weak and compromised passwords, Passwords can n
ZDNet | Security / 37min
Amazon is now partnering with local dealerships to help you buy, sell, or lease your car - and Prime members can get a big gift card when they do.
Dark Reading / 43min
Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.
Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. [...]
The new developer beta of iOS 27 offers three AI-powered skills to tweak and enhance your photos. Are they worth using?
ZDNet | Security / 1h
Immutable Linux is the future of OS security, but the current distributions do have one particular limitation that RakuOS has overcome.
Public LLM models with safeguards turned off can also build working exploits, increasing patch gap risks. The post appeared first on SecurityWeek .
ZDNet | Security / 1h
Health wearables are constantly collecting your personal information, but who owns that data, and what does it mean for your privacy?
ZDNet | Security / 1h
Patients have never had more data about their health, but much of it is unusable. Here's why.
ZDNet | Security / 1h
If you're on a mission to improve your health and wellness, and Linux is your OS of choice, there are plenty of apps to help you on your journey, and these are my favorites.
ZDNet | Security / 1h
What's really in that DNA kit? Hint: It's not just a spit tube, but a whole lot of fine print.
ZDNet | Security / 1h
Tech companies are evolving their health trackers to make them smaller, thinner, and near-invisible. Here's why.
ZDNet | Security / 1h
Researchers at MIT and Mass General Brigham have built an AI model that can flag intimate partner violence risk in patients from their medical records.
ZDNet | Security / 1h
I used Airtable to turn daily meal planning into a simple database system, reducing food stress, grocery confusion, and last-minute takeout temptations without counting calories, macros, or points.
ZDNet | Security / 1h
Phyphox can do so much that explaining it all would take hours. The real fun starts once you begin testing the world around you.
ZDNet | Security / 2h
Seeed Studio's SenseCAP T1000-E tracker card also doesn't use cell towers or Wi-Fi. Here's how.
Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. [...]
SecurityWeek / 3h
Atsign’s AI Architect applies cryptographic protections to agentic software development, aiming to prevent attackers from exploiting vulnerabilities by making application identities effectively invisible. The post appeared first on SecurityWeek .
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and SHADOW-EARTH-066 (aka UAC-0226). It involves the exploitation of CVE-2025-8088, a path traversal flaw that allows an
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself, all without human intervention and without touching a commercial AI service. The preprint, posted to arXiv on
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome's JavaScript and WebAssembly engine. "Out-of-bounds read and write in V8 in Google Chrome prior to 149.0.7827.103
Signal insists that plans to compel tech companies to scan devices for nude images of children announced by UK Prime Minister Keir Starmer on Monday at London Tech Week "will not keep children safe." "It endangers us all," the encrypted messaging platform said, adding that the mechanism required to implement it would be "dangerous." And it wouldn't be a pro-privacy statement without calling it "dy
IT Security Guru / 4h
Security is not a point-in-time exercise. It’s a cycle of testing, fixing, and starting over. Organisations that treat it as anything less quickly fall behind. In the last decade, we’ve seen how offensive security practices such as penetration testing, combined with follow-up patching and mitigation strategies, have significantly strengthened defences. For instance, Active Directory hardening, ED
ZDNet | Security / 4h
The SwitchBot Relay 1PM Switch turns a device on and off and tells you how much power it's using.
SecurityWeek / 4h
The flaws could lead to the disclosure of sensitive information, memory corruption, and disruption of normal system usage. The post appeared first on SecurityWeek .
Google has fixed its fifth actively exploited Chrome zero-day of 2026, and this one earned its finder a $55,000 bounty. The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome's V8 JavaScript engine. Google confirmed that the vulnerability is being exploited in the wild, but has disclosed little beyond the bare technical details. The company patched the issue in the la
The most recent variants of the self-propagating attacks are named Miasma and Hades. The post appeared first on SecurityWeek .
The Hacker News / 5h
Organizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort. But the same challenges persist. Outages still last hours, causing significant financial losses, operational disruption, and reputational impact. Threat response and mean time to
French officials are investigating a compromise of the government’s encrypted messaging service Tchap after attackers hijacked an account and gained access to public chat rooms. The incident came to light on June 7 when France's National Cybersecurity Agency (ANSSI) detected suspicious activity on Tchap, the government's homegrown messaging service used across ministries and public sector organiza
Google fixed a new Chrome zero-day, tracked as CVE-2026-11645, in the V8 JavaScript engine, which is already being exploited in the wild. Google released emergency updates to address a new Chrome zero-day vulnerability, tracked as CVE-2026-11645, that has been exploited in the wild. This flaw is the fifth Chrome zero-day that is being exploited in the wild in 2026. “Google is aware that an exploi
Filigran has unveiled XTM One , an AI-native orchestration layer designed to automate Continuous Threat Exposure Management (CTEM) workflows, as organisations struggle to keep pace with growing volumes of threat intelligence, vulnerabilities and attack data. The launch reflects a broader challenge facing security teams. While many organisations have invested heavily in threat intelligence, attack
SecurityWeek / 5h
Anthropic's Mythos is accelerating vulnerability discovery to machine speed, forcing the bug bounty industry and offensive security teams to adapt to a future where finding flaws is no longer the hard part. The post appeared first on SecurityWeek .
DINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government's encrypted messaging platform. [...]
The Hacker News / 5h
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the drive for contention in the background. Researchers at Graz University of Technology built it and
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems. "The compromised releases shipped a *-setup.pth file that attempts to execute automatically
ZDNet | Security / 6h
Being a college student comes with lots of perks, including heavily discounted music and video streaming services.
Yesterday
The authentication bypass vulnerability allows attackers to establish VPN connections without a valid password. The post appeared first on SecurityWeek .
The patient tally from the Synnovis ransomware attack continues to grow two years later, with Mid and South Essex NHS Foundation Trust confirming it was caught up in the breach. The trust told The Register that the Synnovis breach affected about 2,380 records relating to patients who underwent specialist diagnostic testing. The disclosure follows a similar announcement by Bedfordshire Hospitals NH
ZDNet | Security / 7h
Need to control company spend? I tested the best budgeting tools for businesses of all sizes.
ZDNet | Security / 7h
While rechargeable batteries are generally very safe, fires at home, workplaces, and even on commercial aircraft are now on the rise. Here's why and what I keep on hand to stop them.
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities (KEV) catalog . The two flaws added to the catalog are: CVE-2026-
A Linux kernel nf_tables bug lets local users gain root via use-after-free caused by a logic error; patch removes a single “!”. CVE-2026-23111 lives in nf_tables, the Linux kernel’s packet filtering framework. Exodus Intelligence researcher Oliver Sieber found the bug in early 2025 and chained it into a full local privilege escalation. The flaw was addressed on February 5, 2026, by simply removin
CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. [...]
Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command injection vulnerability that could allow any authenticated user to run arbitrary commands on the
The vulnerability is tracked as CVE-2026-11645 and it was reported in late April by an anonymous researcher. The post appeared first on SecurityWeek .
The proposed coordination would let advanced AI labs verify that global rivals have actually stopped or slowed their work. The post appeared first on SecurityWeek .
End of feed
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.