Category: Security
All Security articles — June 8, 2026
GitHub scrubs 70+ Microsoft repos as Miasma worm breaks CI/CD pipelines
GitHub disabled 70+ Microsoft repos in under two minutes after the Miasma worm infected projects via compromised commits, breaking CI/CD pipelines and triggering RCE in developer tools.
Anthropic embeds engineers in NSA to deploy Mythos for offensive cyber operations
Anthropic embedded engineers in the NSA to deploy its unreleased Mythos AI for offensive cyber operations, even as it sues the Pentagon over military AI restrictions.
Ubiquiti Patches Critical UniFi OS Flaws Enabling Unauthenticated Root RCE
Ubiquiti patched three critical UniFi OS flaws that chain into unauthenticated root RCE with CVSS 10.0 scores, requiring immediate patching and full credential rotation.
Meta pushes for contempt ruling against NSO Group over fresh WhatsApp phishing
Meta is seeking contempt charges against Israeli spyware vendor NSO Group for allegedly targeting WhatsApp users with phishing campaigns, defying a permanent court injunction.
OpenAI introduces Lockdown Mode to block data exfiltration from prompt injection attacks
OpenAI rolls out Lockdown Mode, a strict security setting that disables live web browsing, agents, and external connections to block data exfiltration from prompt injection attacks.
Apple Publishes Formal Verification Blueprint for Quantum-Secure corecrypto
Apple published formal verification proofs and tools for its quantum-secure corecrypto implementations of ML-KEM and ML-DSA, aiming to guarantee mathematical correctness across billions of devices.
Email Security Is an Enablement Journey, Not a Maturity Ladder
Email security isn't a maturity checklist—it's an enablement journey. Most orgs stall at DMARC reporting, leaving spoofing defenses and encryption unclaimed despite minimal effort required.
Cybercriminals Deploy Fake Open-Source Tool Sites to Distribute SessionGate and RemusStealer
Threat actors deploy convincing fake websites for popular security tools like Ghidra and dnSpy, using click hijacking and traffic distribution systems to stealthily deliver malware to filtered victims.
Meta confirms 20,000+ Instagram accounts hacked via AI chatbot bug
Meta confirmed over 20,000 Instagram accounts were hijacked by exploiting a bug in its AI chatbot, which let hackers reset passwords via attacker-controlled emails.
Oxford University Hit by Second Data Breach in a Month
Oxford University reports its second data breach in a month after hackers targeted CareerConnect, exposing names, emails, and encrypted passwords of alumni and staff.
Silent Ransom Group uses fake IT support calls to raid law firm data
The Silent Ransom Group is targeting U.S. law firms with fake IT support calls to steal sensitive data and extort victims within hours.
Anthropic open-sources AI-powered vulnerability discovery reference harness
Anthropic open-sources a reference harness for autonomous vulnerability discovery and remediation using Claude, complete with sandboxed execution and Claude Code skills.
AI-Doctored Evidence Fuels £233M UK Motor Insurance Fraud Surge
Aviva says UK fraudsters filed over 18,400 bogus insurance claims in 2025 using AI-generated crash photos and forged documents, driving a 39% spike in motor fraud values to £233 million.
Microsoft says Windows 11 is an agentic platform—and only OS sandboxing can stop rogue agents
Microsoft says Windows 11 is an agentic platform, using OS sandboxing and MXC containers to stop rogue AI agents like OpenClaw.
Developer Warns That Every Dependency Is a Supply Chain Attack Waiting to Happen
Developer Ben Hoyt argues that every new dependency introduces supply chain risk, urging teams to audit additions and reconsider automatic updates after recent breaches.
Modular C0XMO Botnet Hijacks DD-WRT Routers and Eliminates Rival Malware
C0XMO, a new modular Gafgyt botnet variant, exploits a DD-WRT router flaw to spread across architectures, wipe rival malware, and launch DDoS attacks.
Researcher Spends $1,500 Testing If LLMs Can Hack a Vulnerable Firebase App
A security researcher spent $1,500 testing top LLMs against a deliberately vulnerable Firebase app, finding GPT-5.5 most successful while many models refused, failed, or burned through millions of tokens.
OpenAI debuts ChatGPT Lockdown Mode to block prompt injection attacks
OpenAI launches Lockdown Mode for ChatGPT to shield sensitive data from prompt injection attacks by disabling live web browsing, image retrieval, deep research, and agent mode.
Researcher Spends $1,500 Testing If LLMs Can Hack a Vulnerable Firebase App
Security researcher spent $1,500 testing if LLMs could exploit a real-world Firebase misconfiguration in a custom vulnerable app, with GPT-5.5 achieving the highest success rate.
Simon Willison sandboxes Python with MicroPython and WebAssembly
Simon Willison releases micropython-wasm, an alpha package that sandboxes Python code by running MicroPython inside WebAssembly via wasmtime, aiming for safe plugin execution.