Data breach exposes up to 14.2 million email logins at six ISPs
Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country. The company says that it discovered the compromise on June 17 and responded immediately by blocking the attacker and implementing defense measures. The investigation determined that the hackers exploited a vulnerability in an unnamed third-party software. READ MORE...
Nissan says Oracle PeopleSoft break-in may have spilled payroll records, SSNs
Nissan has joined the growing list of Oracle customers cleaning up after a cyberattack, warning employees that payroll records, bank details, Social Security numbers, and other personal data may have been stolen. In a filing submitted to the California Attorney General on Friday, Nissan Americas said Oracle had informed it of "a cyber event" involving the personnel records of "hundreds of companies." The automaker said it later learned Nissan had been "specifically targeted" in the attack. READ MORE...
US Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve
The US government is offering rewards of up to $10 million for information on individuals associated with two threat actors linked to Russian intelligence. Publicly tracked as UNC5792 and UNC4221, the cyber groups have been targeting current and former US government officials and military leaders, allied personnel, journalists, political figures, and key officials located in Ukraine. The threat actors have been conducting phishing campaigns targeting commercial messaging applications (CMAs). READ MORE...
Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk
Cybercriminals have long viewed the education sector, with its mix of legacy technology and new applications, uneven IT resources, and large amounts of data, as an easy and enticing target. From the smallest rural K-12 districts to the world's most prestigious universities, IT professionals in education are focused on getting and keeping students and staff online, rather than protecting the systems their devices run on. READ MORE...
Chinese Framework Powers 200,000 Scam Sites
More than 200,000 websites are using investment scam templates built with the Chinese open source framework Uni-App, Infoblox reports. A cross-platform development toolkit, Uni-App allows developers to create Vue.js codebases that can be deployed as mobile and desktop applications, or as mobile-optimized websites simultaneously. Widely used in China and supported by a developer ecosystem, the framework powers thousands of legitimate products. READ MORE...
Mozilla warns of indirect prompt injection risk in AI coding agents
A malicious GitHub repository can silently compromise a developer's machine without containing a single line of malicious code, security researchers at Mozilla's Zero Day Investigative Network (0DIN) warned. The proof-of-concept attack targets AI-powered coding agents such as Claude Code, and uses indirect prompt injection to manipulate an AI agent into taking harmful actions the developer never explicitly authorized. READ MORE...
Companies keep bolting AI onto their products, and the security bill is coming due
Companies keep bolting AI and LLM features onto their products, and the security results are starting to show a pattern. The vulnerabilities those features create get rated high risk far more often than anything else, and they get fixed slower than anything else. The figures come from Cobalt's AI and Pentesting Pulse Report 2026, built on five years of penetration testing data and a survey of 455 security leaders and practitioners. AI applications stack new weaknesses on top of old ones. READ MORE...
Hackers now exploit critical Oracle E-Business flaw in attacks
Attackers have begun exploiting a critical vulnerability (tracked as CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused. This security flaw was found in the File Transmission component of EBS's Oracle Payments product and enables unauthenticated malicious actors with HTTP network access to take over vulnerable systems through low-complexity attacks. READ MORE...
Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds
A high-severity flaw in Amazon's AI coding assistant for Visual Studio Code meant that opening the wrong Git repository could allow an attacker to execute code on a developer's machine and potentially hand them the keys to the dev's cloud environment. The bug, tracked as CVE-2026-12957 and assigned a CVSS 4.0 score of 8.5, centers on how Amazon Q handled Model Context Protocol (MCP) server configurations. READ MORE...
- ...in 1920, stop-motion animator and special effects designer Ray Harryhausen (Clash of the Titans, Jason and the Argonauts) is born in Los Angeles.
- ...in 1929, scientists at Bell Laboratories in New York reveal a system for transmitting television pictures.
- ...in 1975, Steve Wozniak tests the first prototype of the Apple I personal computer.
- ...in 1995, the U.S. space shuttle Atlantis docks with the Russian space station Mir.
