CISA and Partners Warn Hackers Are Targeting Fuel-Tank Monitoring Systems

CISA, the FBI, NSA, Department of Energy and other US agencies warn that hackers are targeting internet-exposed automatic tank gauge (ATG) systems that monitor fuel storage, modifying device settings via command execution. The fix: get them off the public internet.

Five Eyes: China Is Using LinkedIn and Job Sites to Recruit Insiders

A joint Five Eyes advisory warns that Chinese intelligence officers, posing as recruiters and consultants for front companies, are using LinkedIn, Indeed and Upwork to recruit government, military and cleared personnel — and anyone with access to classified or privileged information.

The Top CVEs of May 2026: Edge Devices Under Active Attack While Patch Tuesday Goes Quiet

Microsoft shipped its first zero-day-free Patch Tuesday since June 2024 — but the month's real action was elsewhere: a CISA Emergency Directive for Cisco SD-WAN, exploited PAN-OS flaws, and a Drupal core SQL-injection, all under active attack.

What Is an Incident Response Plan?

A clear guide to incident response plans — what they are, why every organization needs one, what they should contain, and how to build, test, and maintain one.

Pentagon's Top Cyber Official Wants Cyber in Every Operation — and Security Built Into AI From Day One

The Pentagon's top cyber official, Katherine Sutton, says the Defense Department must pull cyber 'out of its silo' and build it into every operation from day one — and must bake security into the AI tools it adopts, rather than treating it as an afterthought.

Trump Signs a Scaled-Back AI Executive Order Built Around Sharing AI-Found Vulnerabilities With Critical Infrastructure

Trump signed an executive order on June 2 setting up a voluntary framework for the government to vet 'covered frontier' AI models for up to 30 days before release and to share AI-found vulnerabilities with critical-infrastructure operators — notably narrower than an earlier draft.

Anthropic Expands Project Glasswing to About 150 Critical-Infrastructure Organizations Across 15+ Countries

Anthropic is extending Project Glasswing — which uses its Claude Mythos model to find software flaws — to about 150 more organizations in 15-plus countries, most of them critical-infrastructure operators a major attack could each affect, the company estimates, 100 million-plus people.

Spain Arrests a Suspect Over the Doxxing of Police, Prosecutors and INCIBE Cyber Officials

Spain's National Police arrested a suspect accused of publishing personal data of officials from its most sensitive bodies — including the cyber agency INCIBE, the police, Civil Guard and prosecutors — a doxxing campaign police say endangered both the individuals and their institutions.

Recorded Future: Iran's MOIS Has Expanded Its Handala Brand From Hacking Into Recruiting Proxies for Physical Attacks

Recorded Future's Insikt Group says Iran's intelligence ministry has expanded its Handala hacking brand into an umbrella for hybrid operations — uniting cyber, physical and influence personas that recruit proxies, for cash, to attack, surveil and sabotage US and Israeli interests.

WeedHack — A Free Minecraft Malware Service Has Infected 116,000 Systems, and Some Buyers Use It to Spy on Other Players

McAfee Labs says WeedHack, a free-to-start Minecraft malware-as-a-service, has infected over 116,000 systems since January via fake mods pushed on YouTube and through SEO poisoning — and some buyers are using its remote-access tools to spy on and harass other players.

Critical Kirki WordPress Flaw CVE-2026-8206 Enables Unauthenticated Admin Account Takeover

A critical flaw in the Kirki WordPress plugin (CVE-2026-8206, CVSS 9.8) lets an unauthenticated attacker send any account's password-reset link — including an admin's — to their own email and seize it. Versions 6.0.0–6.0.6 are fixed in 6.0.7; BleepingComputer reports exploitation.

Dashlane Says Hackers Beat Its 2FA and Downloaded About 20 Customers' Encrypted Vaults

Dashlane now says the brute-force attack it disclosed on May 31 succeeded: by defeating 2FA on about 20 customer accounts, attackers downloaded copies of those users' encrypted password vaults. The vaults stay locked behind each user's master password, but affected users should rotate.