Global capacity to sequence a new pathogen or deliver a vaccine is greater than ever. But mounting a coordinated response to future biosecurity threats will require a framework designed with geopolitics in mind.
The flaw allows an unauthenticated attacker to craft a GitHub Issue in an org's public repository and then silently pull data from its private repos, too.
One month ago it was exciting to see the open-source ReactOS operating system running Valve's Half-Life game. Little to realize less than 30 days later it would also be running Half-Life 2...
On the Supreme Court’s latest reasoning about the Federal Reserve and the fault lines that are likely to emerge in the years ahead.
The post The Federal Reserve Exception to the <i>Slaughter</i> Rule appeared first on Just Security.
UN NewsGOLD 8.5DDHH✓ 13 fuentesWed, 08 Jul 2026 12:00:00
The widespread solidarity shown to Venezuela must now be transformed into real, practical support for recovery from the deadly double earthquakes last month, UN relief chief Tom Fletcher said on Wednesday.
The president embraced the alliance in a meeting Wednesday, extolling member nations’ defense spending and saying nothing about the Danish territory, officials said.
With risk-based personnel vetting practices, U.S. AI labs can keep recruiting the world’s best researchers while safeguarding national security.
The post Vetting Foreign AI Talent: Security Without Exclusion appeared first on Just Security.
The FIFA decision to suspend Folarin Balogun’s red card is a compact case study in how power can shape the application of rules without ever rewriting them.
The U.S. needs to lead a new export control regime -- coordinating with its partners and allies -- to constrain China’s ability to produce advanced and foundational chips.
The post It Takes More Than Two to Tango: Creating Effective Export Controls on Semiconductor Manufacturing Equipment appeared f…
Anthropic said Tuesday night that its AI model called Claude Fable 5 is now widely available.
The post Trump Administration Lifts Restrictions on Anthropic’s Claude Models After Cybersecurity Alarm appeared first on SecurityWeek.
UN NewsGOLD 8.5DDHH✓ 9 fuentesWed, 08 Jul 2026 12:00:00
The UN Security Council is holding an open debate Tuesday honouring the promise of international law to survivors of sexual violence in conflict as more reports emerge about warring parties using rape as a weapon, actions that constitute war crimes. Stay tuned for live updates from our meetings cove…
Portia Anyamba, a former South African Air Force brigadier general connected to a State Security Agency official, was recently sentenced to six months in jail in the United States, where she worked at a government science and energy laboratory. She previously pleaded guilty to being a foreign agent …
El Niño is no longer a forecast, it’s here. As forecasters warn this could become a powerful “Godzilla El Niño” with major implications for southern Africa, Daily Maverick’s Ed Stoddard has tracked the story from the earliest warnings to its official arrival and what it could mean for South Africa’s…
Greek Defense Minister Nikos Dendias said Greece "would not welcome" Turkey receiving either F-35 fighter jets or engines for its next-generation Turkish "Kaan" combat aircraft.
The Linux kernel's AF_ALG interface was deprecated in Linux 7.2. This interface for letting user-space programs interact directly with the Linux kernel crypto API has proven to be a "massive attack surface" due to a variety of security concerns. With its deprecation in Linux 7.2, some AF_ALG feature…
Introduced to the Linux kernel nearly six years ago was the Syscall User Dispatch feature to help with Linux gaming. Specifically, Syscall User Dispatch was developed to help Windows games run on Linux more efficiently. While it was upstreamed in Linux 5.11 for more efficiently intercepting system c…
Newer Lenovo ThinkPad systems feature a security feature called USB-C Security Restricted Mode that is in the process of being wired up for reporting under Linux...
The Spanish startup has closed an extended pre-seed funding round two months after launching its digital identity protection platform.
The post 8Layers Raises $2.9 Million for Identity Security Platform appeared first on SecurityWeek.
The security refresh resolves 13 use-after-free bugs, including two critical-severity flaws found by Google.
The post Chrome 150 Update Patches 27 Vulnerabilities appeared first on SecurityWeek.
Wiz has disclosed the details of a new AI coding assistant attack method it has dubbed GhostApproval.
The post AI Coding Tools Tricked Into Hacking Developer Machine via Decades-Old Technique appeared first on SecurityWeek.
Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.
The post Mount Royal University Confirms Data Stolen in Ransomware Attack appeared first on SecurityWeek.
agrupados por: attack · confirms · mount · royal · university
Microsoft has released a security patch to address a Defender zero-day vulnerability known as "RoguePlanet," disclosed after the June 2026 Patch Tuesday. [...]
agrupados por: microsoft · rogueplanet · defender · patches · vulnerability · zero
Affecting every major distribution since 2011, the Linux kernel vulnerability allows attackers to gain root access.
The post 15-Year-Old Linux Vulnerability ‘GhostLock’ Earns Researchers $92k From Google appeared first on SecurityWeek.
American insurance company AssuranceAmerica has disclosed a data breach impacting nearly 7 million drivers after attackers gained access to its systems earlier this year. [...]
Two announcements on July 7, 2026, demonstrate the government’s determination to improve the level of cybersecurity within the UK.
The post UK Government Rolls Out Agentic AI Defense Plan Alongside Industry Pledge appeared first on SecurityWeek.
The Israeli company has developed a cryptographic posture and post-quantum cryptography management platform.
The post QIZ Security Raises $17 Million for Cryptographic Governance Platform appeared first on SecurityWeek.
Russia’s Federal Security Service (FSB) said it had thwarted terrorist attacks that were “unprecedented in scale and severity” and that Ukraine’s intelligence services had allegedly sought to organize. The FSB made the announcement through Russian state media.
This live blog is now closed. US and Iran trade most intense strikes since ceasefire extendedKuwait’s foreign ministry has issued a statement condemning the Iranian attacks against the country. It reads almost identical to the statement issued yesterday, although emphasises Kuwait’s sovereignty is “…
China must fundamentally overhaul its innovation ecosystem or risk losing technological sovereignty and national security in an existential AI “knockout game” with the US, a Chinese academic has warned.
Huang Ping, assistant dean of the Chinese University of Hong Kong (Shenzhen)’s school of public p…
A court in Hungary on Thursday sentenced an Irish citizen to 14 years in prison for strangling an American tourist to death in the country’s capital in 2024.
The victim, 31-year-old Mackenzie Michalski from Portland, Oregon, was in Hungary on holiday and reported missing on November 5, 2024, after s…
What does a world leader do with a gun and six bullets? That was the conundrum Nato leaders faced after the Turkish president offered them each a revolver after the Ankara summit.
British Prime Minister Keir Starmer was the first on Wednesday to mention the highly unusual gift presented by President…
agrupados por: gift · leaders · president · turkish
At the 2026 Linux Security Summit North America, Eric Biggers spoke about
some of the problems with the kernel's cryptography framework, as well
as the recent progress in adding library APIs to allow developers to
use cryptographic functions without using the traditional crypto
API. He walked throug…
Microsoft says Windows users should expect to see an increase in security updates as the company increasingly relies on artificial intelligence to discover vulnerabilities in its codebase. [...]
On this week’s show special guest co-host Chris Wade, the founder of Corellium turned Cellebrite CTO, joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news.
They cover:
Microsoft has repos owned, GitHub tokens popped, and a new 0day dropped on them
Meanwhile, researcher…
In this wholly sponsored Soap Box edition of the podcast Patrick Gray chats with Damien Lewke, the CEO and founder of Nebulock, about the future of threat hunting and detection.
Damien spent a decade in the EDR and MDR space before founding Nebulock in 2024. It started off as an AI-powered threat h…
Last week, national security agencies from the Five Eyes—that’s the rich, English-language-speaking countries club—jointly released a statement warning of the increasing cyber risks of AI models: in particular, their ability to autonomously hack into systems and networks. The statement was more meas…
Software supply chain security was hard enough. Then AI joined the build pipeline.
For five years, "software supply chain security" meant one question: what's in your code? Which open-source packages, which versions, which transitive dependencies three layers deep that nobody chose on purpose?
So…
Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence (AI) platform, that could result in cross-tenant compromise.
The one-click vulnerability has been codenamed WriteOut by the Sand Sec…
U.S. prosecutors linked an alleged Scattered Spider hacker to a break-in at a luxury jewelry retailer using a persistent Windows device ID, according to a newly unsealed federal complaint.
Microsoft records tied that ID first to the account the attackers used to keep access during the May 2025 intr…
Varonis reported the flaw to Google in late 2025 and it has been addressed, but it reminds defenders to take a fresh look at their AI Infrastructure security.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerabilities are listed below -
CVE-2026-48282 (CVSS score: 10.0) - A path traversal vulnera…
A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures.
The activity cluster, tracked by Elastic Security Labs under the moniker REF6045, involves infecting victims through fake CAPTCHA verification …
A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps the malicious page hidden until it decrypts and comes to life inside the victim’s browser.
For security leaders, the risk is clear: tradition…
Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution.
The list of vulnerabilities is as follows -
CVE-2026-50746 (CVSS sco…
Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off detection rules written to catch human intruders.
The agents are not malicious. They just do a lot of things that, to a behavioral engine, look exactly like…
NetNut rented access to millions of compromised devices, allowing cybercriminals and nation-state actors to mask their identities during attacks.
The post Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices appeared first on SecurityWeek.
Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker's code on your own machine instead.
That is the finding in a proof-of-concept published Wednesday by the AI Now Institute, an attack it calls "Friendly Fire." It works against Anthropic's Claude Code a…
Most security mess starts as admin work. A link gets clicked. A tool gets trusted. A bucket name gets reused. A setting stays loose because nobody wants to touch it.
This week is full of that kind of damage. Not loud. Not clever. Just small gaps doing big jobs. The worst part is how normal it all l…
Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API.
"Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging Gi…
A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new Entra passkey. [...]
Security operations don't slow down when IT teams take vacation, but staffing levels often do. Kaseya explains how AI-driven automation can help organizations maintain consistent security operations and reduce reliance on manual processes year-round. [...]
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account…
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and exploi…
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform t…
Mali is not Syria, and Jama’at Nusrat al-Islam wal-Muslimin is not Hay’at Tahrir al-Sham.While the fall of the Bashar al-Assad regime and the rise of the Ahmed al-Sharaa government in Damascus, Syria can be seen as a net positive for regional security in the Levant, a Jama’at Nusrat al-Islam wal-Mus…
In the span of two weeks, the White House issued two of the most ambitious artificial intelligence directives in American history. On June 2, President Donald Trump signed an executive order mandating rapid AI adoption and hardened cyber defense across the government. Three days later, National Secu…
Millions join funeral procession in capital of Tehran to mourn Khamenei who was kiled in US-Israel airstrikes in FebruaryLebanese state media said an Israeli strike on a car in the country’s south on Monday killed four people, including three women, despite a fragile ceasefire between Israel and Hez…
Transitional justice approaches in Syria must not isolate periods of oppression from the broader contexts that enabled them.
The post Not Seeing the Forest for the Trees: Historical Commissions Are Crucial for Syria appeared first on Just Security.
In an interview, Turkey’s top diplomat, Hakan Fidan, said the relationship between President Recep Tayyip Erdogan and President Trump could ease NATO tensions.
At least nine farmers have been killed and several others abducted in a deadly raid on a farming community in Nigeria's Kaduna State, underscoring the growing insecurity threatening rural livelihoods as armed gangs intensify attacks during the country's planting season.
Heavy security has been deployed across Tanzania's commercial capital, Dar es Salaam, ahead of planned anti-government demonstrations, as fears grow of a repeat of last year's deadly election violence.
Tanzanian authorities have arrested dozens of people ahead of planned anti-government protests, intensifying a crackdown on dissent as activists demand democratic reforms and the release of jailed opposition leader Tundu Lissu amid heightened security across the country.
WASHINGTON, July 6 (Reuters) - U.S. agencies have seized over 600 drones near FIFA World Cup venues and fan zones since the start of the tournament on June 11, the Transportation Security Administration said on Monday.
Organizations are urged to patch after proof-of-concept code makes the Linux root escalation flaw easier to exploit.
The post Proof-of-Concept Exploit Released for Linux ‘Bad Epoll’ Root Access Vulnerability appeared first on SecurityWeek.
Researchers uncovered two campaigns embedding indirect prompt injections in malicious websites to exploit autonomous AI agents browsing the web.
The post Prompt Injection Attacks Trick AI Agents Into Making Crypto Payments appeared first on SecurityWeek.
A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan.
"Armored Likho blends financially motivated campaigns targeting private individuals with targeted cyb…
agrupados por: armored · government · likho · power
Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences.
The post The Shift Toward Business-Aligned Risk Management appeared first on SecurityWeek.
Securonix says the sophisticated framework abuses compromised websites, Blogspot, PowerShell, and fileless techniques to evade detection and deploy the PureLog information stealer.
The post Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks appeared first on SecurityWeek.
The hacking operations disclosed in a Canadian spy agency's annual report underscores some pressing national security threats facing the country and its top allies.
SCMPMIXED 6.5geopolíticapro-PRC✓ 4 fuentes📎 bien sourcedMon, 06 Jul 2026 17:44:46
Prince Harry has been told he cannot stay at Buckingham Palace this week after he failed to accept an invitation in time, a royal source said on Monday, underlining the still fraught relationship between King Charles and his second son.
Harry had been planning to take his two children for their fir…
Six years after Beijing imposed its National Security Law, many of Hong Kong's opposition voices have gone silent. Danny Vincent looks at what's changed.
Before he was an MP, Nigel Farage was reportedly gifted staff, security and other benefits from George Cottrell, a convicted fraudster involved in a crypto casino.
OpenSSH 10.4 has been released. In addition to a number of security
and bug fixes, there are a few notable changes; this release adds
experimental support for a composite post-quantum signature scheme
combining ML-DSA 44 and Ed25519 as described in this
IETF draft. With 10.4, if OpenSSH is compiled …
On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news.
They cover:
Mini Shai-Hulud and the TanStack compromise using Github Actions
Instructure pays Canvas elearning platform data extortionists
More Linux privilege escalation 0days!
CISA hel…
France is accelerating its transition to post-quantum encryption:
France’s cybersecurity agency ANSSI said on Tuesday it would stop certifying security products that lack quantum-resistant encryption, a move that will force government bodies and critical operators to shift away from older systems.
S…
Cybersecurity researchers have flagged a novel Java-based remote access trojan (RAT) called QuimaRAT that's capable of targeting Windows, Linux, and macOS environments.
According to LevelBlue, the cross-platform malware is advertised under a malware-as-a-service (MaaS) model, costing anywhere betwe…
Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig.
The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header f…
An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations.
The activity, which has primarily singled out IT providers …
Every evolution in software development has reduced the friction between an idea and a deployable application. AI may remove the final barrier, but it also removes many of the moments where security decisions have traditionally taken place. [...]
What do you do when two identities that make up your deepest self find themselves on opposite sides of a moral and spiritual battlefield?I am Catholic. I have been one for over 20 years since I made the life-altering decision to join a friend for Mass one day. My faith became a spiritual and ethical…
Ayatollah Ali Khamenei’s remains were preserved for months, according to Iran’s government. Some Islamic scholars say it was a political and security calculation.
The sources of leaked information regarding the operations may have been former security officials seeking to even the score for what they saw as a failure to take responsibility for October 7.
Editor’s Note: Few rivalries in American history have been as consequential — or as personal — as the one between John Adams and Thomas Jefferson. The two men could hardly have been more different. Adams, the stocky and combative Massachusetts lawyer, was blunt to a fault and quick to suspicion. Je…
A security buffer zone on the Russian-Ukrainian border is conditioned by the aggressive nature of the Kiev regime, Russian PresidentialSpokesman Dmitry Peskov said
Russian Presidential Spokesman Dmitry Peskov commented on the "horror stories" about an alleged possible strike on the country's territory discussed in the Western press
Deputy head of the State Duma Committee on Security Adalbi Shkhagoshev added that this is a signal for the Russian fighters in Konstantinovka, it shows that the commander-in-chief is nearby
Ayatollah Ali Khamenei, who ruled over the Islamic Republic of Iran for 37 years, was killed along with several family members in an airstrike in February.
It is an open question whether the Trump administration seeks to rebalance NATO or disengage the U.S. from European security.
The post Will Trump Take the Win at NATO’s Ankara Summit? appeared first on Just Security.
Hard-right British politician Nigel Farage on Sunday faced fresh allegations over non-disclosure of gifts after a newspaper reported a convicted fraudster paid for his security and staff before he became an MP.
An MP said he had asked parliament’s standards commissioner to investigate the new claims…
Greg Kroah-Hartman has announced the release of the 7.1.3, 6.18.38, 6.12.95, 6.6.144, 6.1.177, 5.15.211, and 5.10.260 stable kernels. Several kernels
in this batch include a
fix for a vulnerability introduced in the 6.0 kernel in IPv6 (CVE-2026-53362),
which could
allow an attacker to escape a conta…
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. Krebs…
RIMPAC provides a unique training opportunity while fostering and sustaining cooperative relationships among participants critical to ensuring the safety of sea lanes and security on the world's oceans
According to the Russian embassy, even in worst years of the Cold War Moscow and Washington, realizing their responsibility for world’s peace and security, did find ways to avoid confrontation
Russia and the United States, as the world's two largest nuclear powers, bear a special responsibility for ensuring global security and stability, the Russian leader stated
The pretext for US aggression was "a certain Iranian nuclear program, a subject of long-standing debate," Russian Security Council Deputy Chairman said
Deputy Chairman of the Russian Security Council, who led the Russian delegation that visited Iran to attend the funeral ceremony for Supreme Leader Ali Khamenei, made the remarks while speaking to journalists following the visit
Iranian Justice Minister Amin Hossein Rahimi put forward a corresponding initiative several years ago at the St. Petersburg Legal Forum, Russian Security Council Deputy Chairman noted
According to Bosnia and Herzegovina’s Ambassador to Serbia Aleksandar Vranjes, the European Union seeks "at any cost to preserve the high representative with dictatorial powers," even if the post is illegal and not approved by the UN Security Council
Signup to receive the Early Edition in your inbox here. A curated weekday guide to major news and developments over the last 24 hours. Here’s today’s news: RUSSIA-UKRAINE WAR Russian missile and drone strikes in Kyiv and other Ukrainian cities overnight and early this morning killed at least 17 peo…
Plus: Alleged Scattered Spider hacking member extradited, dozens of license plate reader errors, and Indian officials are concerned about WhatsApp’s username rollout.
On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:
Everyone has an opinion about Claude Mythos… even though almost nobody has used it yet
CISA adds a 2009 Excel bug to the KEV list, u wot?
Adobe also parties like it’s the 2000s…
Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards.
The flaws matter because FatFs is nearly everywhere. It ships inside the firmware that runs security cameras, d…
The United States has withdrawn most of the forces it deployed for a recent operation against Islamic State militants in Nigeria and is now providing intelligence support at Abuja’s request, the head of U.S. Africa Command (AFRICOM) said.
The country’s security service has continued to target civil society and dissidents, including thousands of arrests since the launch of the U.S.-Israeli war in February.
To restore transparency and accountability, Congress should reform the statutory authorities to remove officers from promotion lists and delay promotions.
The post How Congress Can Regulate Military Promotions After <i>Trump v. Slaughter</i> appeared first on Just Security.
The Trump administration's threats to First Amendment rights have inspired a broad front defending free speech, freedom of the press, protest rights and more.
The post How Defending Free Speech Can Unite Unlikely Allies appeared first on Just Security.
A Fourth of July barbecue demonstrates how international law shapes daily life, from weather forecasts to global trade, and where that architecture is under strain.
The post As American as International Law appeared first on Just Security.
Anthropic's Fable 5 model came back online for users on Wednesday, after the Trump administration lifted an export control late Tuesday.Why it matters: It's the most powerful publicly available AI tool — so capable that the U.S. government decided Anthropic had to add further safety measures in orde…
President Trump is redefining what it means to be a U.S. ally in the AI era.Why it matters: For the White House, it's now about how partners can help the U.S. win the AI race.For decades, shared values and security interests have underpinned alliances with Europe and other partners around the world.…
The fight that scrubbed the world's most powerful AI models from the internet featured personality clashes, industry confusion, and international backlash.Why it matters: Anthropic's models are back online, but the impact of its 20-day showdown with the Trump administration will be long lasting.Behi…
Nigeria is working to increase military cooperation with Benin and Niger as jihadists from the Sahel encroach on the country's northwest, the Nigerian defence minister said on Thursday.
UN NewsGOLD 8.5DDHH✓ 20 fuentesThu, 02 Jul 2026 12:00:00
The 15-member Security Council is meeting in emergency session on Thursday morning to address the escalating tensions in the Gulf region following Iran attacks in recent days on Bahrain and Kuwait while Tehran and Washington continue to trade strikes over the Strait of Hormuz chokepoint. Stay tuned …
UN NewsGOLD 8.5DDHH✓ 14 fuentesFri, 03 Jul 2026 12:00:00
As drones reshape the battlefield in Ukraine, they are also creating new and increasingly complex dangers for civilians, threatening recovery efforts, agriculture and global food security long after the fighting ends.
Muhammad Naim Jandia had been the head of military security for Hamas's Shajaiyah Battalion and had taken part in the kidnapping of Captain Daniel Perez during the massacre.