As fears about AI hacking capabilities grow, OpenAI on Monday made a slew of cybersecurity-focused announcements, including an improved version of its limited-access security-specialized model GPT-5.5-Cyber, expanded international work with governments and other institutions to give them “trusted access” to… Read More "OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos"
European cybersecurity research firm Paradigm Shift has disclosed details of a new BootROM exploit that affects millions of iPhones and cannot be patched with a software update. Dubbed Usbliter8, the exploit targets Apple’s SecureROM. Baked permanently into the device’s SoC,… Read More "New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones"
Swati KhandelwalJun 22, 2026Mobile Security / Open Source Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start. On that date,… Read More "Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries"
One of the most active ransomware gangs of 2026 has been handing its affiliates a ready-made toolkit for switching off victims’ security software before the encryption begins. New analysis from ESET detailed the endpoint detection and response (EDR) killer suite… Read More "GentleKiller Framework Disables Victims’ Security Software"
The latest wave of breaches attributed to the ShinyHunters cybercrime collective (e.g., University of Nottingham, DentaQuest, 7-Eleven, Medtronic, and Wynn Resorts), reinforces a hard truth security leaders can no longer ignore: attackers are increasingly bypassing traditional perimeter defenses and targeting… Read More "What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks"
Swati KhandelwalJun 22, 2026Vulnerability / Server Security A heap over-read in the Squid web proxy can leak another user’s cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same… Read More "29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP Requests"
A novel iPhone BootROM vulnerability has been discovered by researchers that gives attackers with physical access a route to compromise the boot chain on Apple A12, S4/S5 and Apple A13 systems-on-chips (SoCs). Paradigm Shift’s new analysis shared how the bug, which… Read More "Unpatchable BootROM Flaw Impacts Apple A12, A13 Chips"
Security researchers at Calif.io have disclosed a memory leak vulnerability in Squid Proxy that has existed in the software since 1997. Squid is a widely used open source web proxy that can reduce bandwidth and improve response times via caching.… Read More "Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data"
Ravie LakshmananJun 22, 2026Malvertising / Endpoint Security Cybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the campaign leverages malicious Google Ads… Read More "New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer"
The UK’s information commissioner, John Edwards, has resigned following an HR investigation into complaints made about him in the workplace. The Information Commissioner’s Office (ICO) confirmed the departure of New Zealand-born Edwards on June 19. It revealed that the investigation… Read More "Information Commissioner Resigns After Workplace Investigation"
