Council in UK's City of York outs hundreds of disabled residents with a single email blunder
Blue Badge holders exposed to each other after BCC function proves too complex
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
UK's top crime agency hamstrung by legacy IT, watchdog warns
Regulator says NCA's aging tech drags down productivity, forces officers to juggle hardware and do manual workarounds
Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities
Posing as recruiters on online platforms, Chinese intelligence officers target personnel with access to classified or privileged information. The post Five Eyes: Chinese Spies Targ…
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to…
Brit regulator finds mobile network service on trains is far from first class
Comms watchdog says up to 83% of tests fail the 'good performance' threshold
Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals
The company detected a network intrusion in March and an investigation showed that some files were stolen during the attack. The post Nightclub Giant RCI Says Data Breach Affects 4…
FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins
Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff. Recent reports describe thou…
Tech support chap hauled out to help SWAT team saw his life flash before his eyes
Bulletproof vests and armored vehicles were not in the job description
Cisco warns of unpatched SD-WAN zero-day exploited in attacks
On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privil…
Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026
The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet. The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026…
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network
The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay networ…
'It would be good for the world' to slow down AI sprints, Anthropic says
The plea for caution comes the same week it beat AI archrival OpenAI to filing for an IPO
Pink is the latest goon squad to use fake helpdesk calls to steal creds
A familiar tactic popularized by chaotic crime crew Lapsus$
Canada wants to make its own AI, break free from US bots
Another ally questions reliance on American AI
Rust-Written IronWorm Hits NPM Supply Chain
Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel.
Brave Software releases Origin for a paid, bloat-free browsing experience
Brave has announced the public release of Brave Origin, a paid minimalist version of its browser that strips out cryptocurrency, AI, rewards, and other monetization-focused feature…
Hola Browser for Windows compromised to deliver cryptominer
The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. […
China's TA4922 Expands Cybercrime Attacks Globally
One of the world's most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia.
4 Critical Threats Where Attackers Have the Advantage
Gartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections.
Credit card theft campaign abuses Stripe to host stolen payment info
A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. [...]
Microsoft makes Linux developers feel more at home in Windows with Coreutils release
Microsoft has announced Coreutils, a new Windows 11 feature that allows developers to run many popular Linux command line utilities natively on Windows from a single binary. Rev…
Anthropic's open-source framework for AI-powered vulnerability discovery
Article URL: https://github.com/anthropics/defending-code-reference-harness Comments URL: https://news.ycombinator.com/item?id=48403980 Points: 539 # Comments: 142
AMD ships second-gen Versal Prime accelerators
AMD has added three new chips to its Versal Prime series lineup, which is designed for space-constrained applications. AMD began shipping the first production units of the Versa…
OpenAI's agent chained decade-old DoS attacks to crash web servers in seconds
Codex drops an HTTP/2 Bomb
DentaQuest data breach exposed info of 2.6 million accounts
A data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts. [...]
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked…
AI heavyweights warn their tech could help terrorists develop bioweapons
Scientists and industry leaders push for mandatory DNA synthesis screening
UN food agency discloses breach affecting 600,000 Gaza households
The United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine …
Benevolent dictator Zuck will give Meta staff 30-minute breaks from keylogging privacy assault
Tech biz teaching AI to use computers by slurping staff activity
LIU016: Michael Keith Lewis: The Network Behind the Show
Today’s guest takes us behind the scenes of modern concert venues, which rely on wired and wireless IP networking. Michael Keith Lewis is a front-of-house engineer, tour manager, a…