Breaking News – Cyber Threats (last 6h)
Generated: 2026-06-23 08:00 PDT
- GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
The Hacker News • 2026-06-23 07:22 • thehackernews.com
GitHub is moving to strengthen software supply chain security by updating “actions/checkout” to block pwn request attacks that exploit the risky use of the “pull_request_target workflow” trigger to run malicious code with the workflow’s full privileges.Effective June 18, 2026, the latest version of “actions/checkout,” the official GitHub action for checking out a repository into the
https://thehackernews.com/2026/06/github-updates-actionscheckout-to-block.html - The Exploit Doesn't Exist. You Can Still Prove It Works Against You
BleepingComputer • 2026-06-23 07:01 • www.bleepingcomputer.com
Attackers can now weaponize newly disclosed vulnerabilities far faster than most organizations can patch them. Picus Security explains how security teams can validate exploitability before a public exploit even exists. […]
https://www.bleepingcomputer.com/news/security/the-exploit-doesnt-exist-you-can-still-prove-it-works-against-you/ - LastPass confirms data breach in Klue supply chain attack
BleepingComputer • 2026-06-23 06:58 • www.bleepingcomputer.com
LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company’s OAuth tokens in the Klue supply chain attack earlier this month. […]
https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/ - Hacker hijacks Brazil’s national alert system, sending “misanthropy” to millions of phones
Graham Cluley • 2026-06-23 05:16 • www.bitdefender.com
Emergency alert systems work because people believe them. Every time one of these systems issues a false alert – whether through negligence or a deliberate attack – trust erodes.Read more in my article on the Hot for Security blog.
https://www.bitdefender.com/en-us/blog/hotforsecurity/hacker-hijacks-brazils-national-alert-system - Webinar: Why email security teams are drowning in alerts
BleepingComputer • 2026-06-23 05:12 • www.bleepingcomputer.com
Phishing, BEC, and account takeover attacks continue to overwhelm security teams with alerts and investigations. This webinar explores how behavioral AI can help automate detection and response workflows, reducing alert fatigue and improving operational efficiency. […]
https://www.bleepingcomputer.com/news/security/webinar-why-email-security-teams-are-drowning-in-alerts/ - Agentic AI: The Weapon That No Longer Needs a Warrior
The Hacker News • 2026-06-23 04:30 • thehackernews.com
Every weapon begins as an extension of the hand that holds it. The spear lengthened the reach of the arm. The bow sent the point flying without the throw. The rifle placed a man’s death a quarter mile beyond his sight, and the aircraft carried that death across oceans. At each turn, the distance between the warrior and the wound grew wider, and yet one thing never moved: a human chose the target
https://thehackernews.com/2026/06/agentic-ai-weapon-that-no-longer-needs.html - Anthropic’s Fable 5 Model Jailbroken Within Days
Schneier on Security • 2026-06-23 04:03 • www.schneier.comFable 5 is the supposed safe version of Anthropic’s Mythos Preview, with guardrails to ensure that it can’t be used to create cyberattacks.
Well, that restriction was bypassed within days.
https://www.schneier.com/blog/archives/2026/06/anthropics-fable-5-model-jailbroken-within-days.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
