Policy & Government
Trump signed an executive order on June 2 setting up a voluntary framework for the government to vet 'covered frontier' AI models for up to 30 days before release and to share AI-found vulnerabilities with critical-infrastructure operators — notably narrower than an earlier draft.
Artificial Intelligence
Anthropic is extending Project Glasswing — which uses its Claude Mythos model to find software flaws — to about 150 more organizations in 15-plus countries, most of them critical-infrastructure operators a major attack could each affect, the company estimates, 100 million-plus people.
Cybercrime
Spain's National Police arrested a suspect accused of publishing personal data of officials from its most sensitive bodies — including the cyber agency INCIBE, the police, Civil Guard and prosecutors — a doxxing campaign police say endangered both the individuals and their institutions.
Iranian Threat Actors
Recorded Future's Insikt Group says Iran's intelligence ministry has expanded its Handala hacking brand into an umbrella for hybrid operations — uniting cyber, physical and influence personas that recruit proxies, for cash, to attack, surveil and sabotage US and Israeli interests.
Malware
McAfee Labs says WeedHack, a free-to-start Minecraft malware-as-a-service, has infected over 116,000 systems since January via fake mods pushed on YouTube and through SEO poisoning — and some buyers are using its remote-access tools to spy on and harass other players.
Vulnerabilities
A critical flaw in the Kirki WordPress plugin (CVE-2026-8206, CVSS 9.8) lets an unauthenticated attacker send any account's password-reset link — including an admin's — to their own email and seize it. Versions 6.0.0–6.0.6 are fixed in 6.0.7; BleepingComputer reports exploitation.
Account Takeover (ATO)
Dashlane now says the brute-force attack it disclosed on May 31 succeeded: by defeating 2FA on about 20 customer accounts, attackers downloaded copies of those users' encrypted password vaults. The vaults stay locked behind each user's master password, but affected users should rotate.
Malware
Silent Push has named DriveSurge, a pay-per-install access broker that has quietly hijacked thousands of legitimate websites and routes their visitors — on both Windows and macOS — into ClickFix and fake-update malware lures using an off-the-shelf traffic distribution system.
phishing
Kali365, the phishing-as-a-service kit the FBI flagged in May for stealing Microsoft 365 tokens past MFA, has broadened its targets to AWS, Okta, Xerox DocuShare and Russian services, Arctic Wolf reports — extending its core OAuth device-code phishing to far more of the stack.
Cybersecurity 101
A clear guide to patch management — why it matters, the step-by-step process, the types of patches, common challenges, and proven best practices.
Nation-State Cyber Threats
Seqrite Labs says the Pakistan-aligned group SideCopy likely ran Operation XENOFISCAL, a spear-phishing campaign that hit Afghanistan's Ministry of Finance and provincial finance offices with the open-source Xeno RAT, delivered through a Pashto-language ZIP-and-LNK lure.
Vulnerabilities
CISA added CVE-2024-21182 — an unauthenticated Oracle WebLogic flaw patched in July 2024 — to its Known Exploited Vulnerabilities catalog on evidence of active exploitation. Despite 'RCE' framing elsewhere, CISA describes unauthorized access to WebLogic data; agencies must patch by June 4.