Breaking News – Cyber Threats (last 6h)
Generated: 2026-06-23 13:00 PDT
- Healthtech firm Xolis suffers data breach impacting 1.4 million people
BleepingComputer • 2026-06-23 12:59 • www.bleepingcomputer.com
Healthcare technology company Xsolis says that sensitive data belonging to nearly 1.4 million individuals was compromised in a phishing attack that gave attackers access to its network. […]
https://www.bleepingcomputer.com/news/security/healthtech-firm-xolis-suffers-data-breach-impacting-14-million-people/ - New macOS ClickFix attack silently mounts DMGs to push infostealer
BleepingComputer • 2026-06-23 11:30 • www.bleepingcomputer.com
A new macOS ClickFix campaign is using Terminal commands to silently download, mount, and launch info-stealing malware from malicious disk image (DMG) files. […]
https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/ - Scattered Spider Hackers Plead Guilty on Day 1 of Trial
KrebsOnSecurity • 2026-06-23 09:12 • krebsonsecurity.com
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific cybercrime group known as Scattered Spider, and their guilty pleas came on the first day of what was expected to be a six-week trial.
https://krebsonsecurity.com/2026/06/scattered-spider-hackers-plead-guilty-on-day-1-of-trial/ - Scattered Spider members plead guilty to hacking Transport for London
BleepingComputer • 2026-06-23 08:31 • www.bleepingcomputer.com
Two members of the ‘Scattered Spider’ cybercrime group pleaded guilty to hacking the Transport for London (TfL) systems in 2024. […]
https://www.bleepingcomputer.com/news/security/scattered-spider-members-plead-guilty-to-hacking-transport-for-london/ - Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
The Hacker News • 2026-06-23 08:16 • thehackernews.com
Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts.Every skill security scanner the firm tested it against marked it safe. The payload was harmless by design: it collected the user’s email address and did nothing else.
The point was to show
https://thehackernews.com/2026/06/fake-ai-agent-skill-passed-security.html - Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration
The Hacker News • 2026-06-23 08:16 • thehackernews.com
President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography.Key establishment must move by December 31, 2030; digital signatures by December 31, 2031. EO 14409 leaves national security systems on a separate track.
The deadlines matter because of a threat that does not
https://thehackernews.com/2026/06/trump-order-sets-2030-deadline-for.html - GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
The Hacker News • 2026-06-23 07:22 • thehackernews.com
GitHub is moving to strengthen software supply chain security by updating “actions/checkout” to block pwn request attacks that exploit the risky use of the “pull_request_target workflow” trigger to run malicious code with the workflow’s full privileges.Effective June 18, 2026, the latest version of “actions/checkout,” the official GitHub action for checking out a repository into the
https://thehackernews.com/2026/06/github-updates-actionscheckout-to-block.html - The Exploit Doesn't Exist. You Can Still Prove It Works Against You
BleepingComputer • 2026-06-23 07:01 • www.bleepingcomputer.com
Attackers can now weaponize newly disclosed vulnerabilities far faster than most organizations can patch them. Picus Security explains how security teams can validate exploitability before a public exploit even exists. […]
https://www.bleepingcomputer.com/news/security/the-exploit-doesnt-exist-you-can-still-prove-it-works-against-you/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
