Breaking News – Cyber Threats (last 6h)
Generated: 2026-06-15 08:00 PDT
- Vibe coders are gonna vibe code: How CISOs are tackling code sprawl
BleepingComputer • 2026-06-15 07:01 • www.bleepingcomputer.com
Employees are increasingly building automations, agents, and apps with AI tools outside traditional security oversight. Tines explores how CISOs are handling AI-driven code sprawl, shadow tooling, and governance challenges. […]
https://www.bleepingcomputer.com/news/security/vibe-coders-are-gonna-vibe-code-how-cisos-are-tackling-code-sprawl/ - Chinese hackers breach REDCap servers, steal medical research
BleepingComputer • 2026-06-15 07:00 • www.bleepingcomputer.com
A China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and steal sensitive data from a medical institution in North America. […]
https://www.bleepingcomputer.com/news/security/chinese-hackers-breach-redcap-servers-steal-medical-research/ - ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
The Hacker News • 2026-06-15 06:49 • thehackernews.com
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod.This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software keeps becoming someone else’s entry point.
Scroll through the full Monday Cybersecurity
https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html - Maine forced to take down data breach portal after fake notices filed with authorities
Graham Cluley • 2026-06-15 06:23 • www.bitdefender.com
The US state of Maine has taken its public data breach notification portal offline after someone submitted fraudulent breach disclosures impersonating two well-known technology companies.Read more in my article on the Hot for Security blog.
https://www.bitdefender.com/en-us/blog/hotforsecurity/maine-take-down-data-breach-portal - New attack turned Microsoft 365 Copilot into 1-click data theft tool
BleepingComputer • 2026-06-15 06:00 • www.bleepingcomputer.com
A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target’s mailbox, OneDrive, or SharePoint account through a specially crafted URL. […]
https://www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool/ - Infinite Campus data breach affects 137,000 school staff accounts
BleepingComputer • 2026-06-15 05:38 • www.bleepingcomputer.com
The ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. […]
https://www.bleepingcomputer.com/news/security/infinite-campus-data-breach-affects-137-000-school-staff-accounts/ - Webinar: How behavioral AI stops phishing and account takeovers
BleepingComputer • 2026-06-15 05:12 • www.bleepingcomputer.com
Modern phishing, BEC, and account takeover attacks increasingly bypass traditional email defenses and create operational strain for security teams. This webinar explores how behavioral AI can help automate detection, investigation, and remediation to reduce alert fatigue and accelerate response times. […]
https://www.bleepingcomputer.com/news/security/webinar-how-behavioral-ai-stops-phishing-and-account-takeovers/ - The Onboarding Password Mistake That Creates Unnecessary Risk
The Hacker News • 2026-06-15 04:30 • thehackernews.com
Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe.That usually means sharing a temporary “first-day” password so employees can access systems for the first time. The issue is that these passwords don’t always stay temporary. They may be sent over email or SMS, reused across accounts,
https://thehackernews.com/2026/06/the-onboarding-password-mistake-that.html - 152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic
The Hacker News • 2026-06-15 04:07 • thehackernews.com
Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family.The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: tabplugins[.]com, yowgames[.]com, and chromewallpaper[.]com. They have been collectively installed 105,000 times. The
https://thehackernews.com/2026/06/152-chrome-wallpaper-extensions-with.html - The FCC Wants to Eliminate Burner Phones
Schneier on Security • 2026-06-15 04:01 • www.schneier.comA proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person.
The FCC plans to do this by legally forcing the country’s telecoms to store a wealth of personal information about essentially all phone customers, including a government issued identification number and their physical address, alarming privacy advocates and civil rights activists who compare the measures to those from authoritarian countries…
https://www.schneier.com/blog/archives/2026/06/the-fcc-wants-to-eliminate-burner-phones.html - Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites
The Hacker News • 2026-06-15 02:59 • thehackernews.com
An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites.When a site administrator was logged in as the file loaded, the code created an admin account under the attacker’s control and installed a hidden plugin that opened a way back in. Ordinary visitors did not trigger it
https://thehackernews.com/2026/06/popular-wordpress-plugin-scripts.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
