Breaking News – Cyber Threats (last 6h)
Generated: 2026-06-26 08:00 PDT
- Your First GRC Agent: A Red Teamer's Walkthrough
BleepingComputer • 2026-06-26 07:01 • www.bleepingcomputer.com
AI won’t replace GRC analysts, but it can eliminate much of the repetitive work they do. Anecdotes walks through building an agent that continuously monitors controls, identifies evidence gaps, and opens remediation tasks. […]
https://www.bleepingcomputer.com/news/security/your-first-grc-agent-a-red-teamers-walkthrough/ - New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
The Hacker News • 2026-06-26 06:57 • thehackernews.com
A flaw in the Linux kernel’s traffic-control subsystem can let a local unprivileged user gain root on affected systems.CVE-2026-46331, nicknamed “pedit COW,” is an out-of-bounds write in the packet-editing action (act_pedit) that corrupts shared page-cache memory. A public, working exploit appeared within a day of the CVE assignment on June 16. Red Hat rates the flaw as
https://thehackernews.com/2026/06/new-linux-pedit-cow-exploit-enables.html - Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
The Hacker News • 2026-06-26 06:53 • thehackernews.com
A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer’s cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it.Tracked as CVE-2026-12957 (CVSS 8.5), the bug sat in how Amazon’s AI coding assistant handled Model Context Protocol (MCP) servers.
Wiz
https://thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html - CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
The Hacker News • 2026-06-26 05:31 • thehackernews.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management (PDM) and Product Lifecycle Management (PLM) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability in question is
https://thehackernews.com/2026/06/cisa-adds-exploited-ptc-windchill-rce.html - New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
The Hacker News • 2026-06-26 04:51 • thehackernews.com
DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant.Tracked as CVE-2026-43503 (CVSS 8.8), it lets a local user corrupt file-backed memory through a cloned network packet and gain root. The patch landed in
https://thehackernews.com/2026/06/new-dirtyclone-linux-kernel-flaw-lets.html - Guardian Agents: The Next Layer of Identity Governance
The Hacker News • 2026-06-26 04:30 • thehackernews.com
AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built to govern human access wasn’t designed for autonomous actors, and the gap between what enterprises are deploying and what their governance programs actually cover is widening fast. This guide breaks
https://thehackernews.com/2026/06/guardian-agents-next-layer-of-identity.html - Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
The Hacker News • 2026-06-26 04:05 • thehackernews.com
Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem.“The latest activity includes malicious npm releases affecting LeoPlatform and RStreams packages, GitHub Actions workflow abuse, and a related Go
https://thehackernews.com/2026/06/miasma-malware-targets-npm-packages-and.html - One Million Passports Leaked Online
Schneier on Security • 2026-06-26 04:03 • www.schneier.comA database of almost a million passports from around the world was leaked online.
Note what happened. A high-value credential—a passport—was used in an ancillary low-value authentication system: ID verification for cannabis dispensaries. And it’s the low-value system that got hacked, putting the high-value credential at risk.
https://www.schneier.com/blog/archives/2026/06/one-million-passports-leaked-online.html
- Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant
The Hacker News • 2026-06-26 02:27 • thehackernews.com
An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and dig into front-desk machines, Microsoft says.The company has not attributed the activity to a known threat actor, and the operators’ end goal is still unclear.
The lure plays to how hotels work.
https://thehackernews.com/2026/06/microsoft-warns-of-photo-zip-phishing.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
