$3 Million Reportedly Stolen in Polymarket Hack
Decentralized prediction market Polymarket has promised to fully refund users affected by a hacker attack that came to light this week. Polymarket is a cryptocurrency-based prediction market platform that enables users to trade on the likely outcomes of real-world events ranging from elections and economic indicators to sports and cultural happenings. The company has shared little information about the incident. READ MORE...
Order-tracking app Shop abused to push callback phishing attacks
Threat actors are increasingly abusing Shop, the order-tracking app from Shopify, by adding fake purchase receipts in users' order histories to trick them into providing sensitive data or installing remote access software. The Shop digital shopping assistant serves as a centralized platform where users can track orders from multiple online retailers, access receipts and shipping updates, and discover and purchase products from merchants that use Shopify. READ MORE...
Russian APT 'Gamaredon' Upgrades Its Arsenal, Requiring New Defenses
A Russian cyber espionage group has improved a variety of its tactics, techniques, and procedures (TTPs), helping it become a more effective belligerent in the Ukraine war and beyond. Enterprises should implement fresh strategies to be effective against this adversary, which reaped dividends from the upgrade in terms of mounting larger and more successful cyberattacks. Organizations often grow stale and outmoded over time, but the Gamaredon group is fighting back against old age. READ MORE...
Microsoft adds another year to Windows 10 extended update program
Microsoft ended official support for Windows 10 in 2025, but the company may have a harder time than expected putting the operating system out to pasture. After promising a year of optional extended update support, Microsoft has changed its policy, tacking on another year to its Extended Security Updates (ESU) program. If you are still clinging to Windows 10, you don't have to do anything but enjoy that extra year. READ MORE...
Miasma campaign poisons 20-plus npm packages, hunts for developer secrets
The Miasma malware campaign has claimed another victim, poisoning more than 20 versions of legitimate npm packages used by the Leo Platform and RStreams ecosystems as its operators continue refining their self-propagating supply chain worm. Microsoft Threat Intelligence said in a post on X that the attack began late on June 24 after attackers compromised an npm maintainer account, "czirker," and used it to publish poisoned updates to more than 20 packages. READ MORE...
NIST offers security guidance for water utilities using remote-access tools
Water utilities that use remote-access software should carefully restrict access, enforce multifactor authentication (MFA) and maintain comprehensive access logs to help them investigate possible breaches, the National Institute of Standards and Technology (NIST) said in guidance published on Wednesday. The secure remote-access guidance lists security considerations and describes how water utilities can implement remote access through either on-premises or cloud environments. READ MORE...
FCC passes new cybersecurity rules for emergency systems, undersea cables
The Federal Communications Commission approved new rules Thursday that boost cybersecurity regulations for the nation's emergency alert systems and update security rules for the nation's undersea cables. The new rule would overhaul two national emergency systems, the Emergency Alert System and Wireless Emergency Alerts, to better protect against hijacking attacks from malicious actors. A compromise of either system could be used to sow chaos or impede emergency coordination efforts. READ MORE...
First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild
Threat actors have successfully exploited a vulnerability in PTC Windchill in the wild, marking the first confirmed real-world abuse of the popular product lifecycle management (PLM) platform. The vulnerability is tracked as CVE-2026-12569 and it affects PTC's Windchill and FlexPLM products. The improper input validation flaw can be exploited by a remote, unauthenticated attacker to execute arbitrary code via specially crafted requests. READ MORE...
- ...in 1906, the first Grand Prix motor race is held at Le Mans.
- ...in 1948, Shirley Jackson's short story "The Lottery" is first published in The New Yorker magazine.
- ...in 1948, the Berlin airlift begins, in response to the Soviet Union's blockade of supply routes into West Berlin.
- ...in 1963, President Kennedy gives his famous "Ich bin ein Berliner" speech in support of democratic West Germany.
