Cloud Attack Retrospective 2026: What Changed in 2025
In our latest Cloud Threats Retrospective, we analyzed publicly documented cloud incidents alongside cloud telemetry and hands-on investigations. The findings show that many of the…
Month: June 2026
GitHub Actions Checkout Update Blocks Workflows Triggered by Malicious pull_request_target
GitHub has rolled out a significant security enhancement to GitHub Actions by updating actions/checkout to block unsafe workflows that abuse the pull_request_target event. The pull_request_target trigger is widely known as one…
World Cup Scams Are Getting Harder to Spot
You got a World Cup ticket. It arrived in your inbox with a QR code, professional branding, and a confirmation email that looked like the…
Attackers Can Poison AI Research Agents Using Reddit and Wikipedia Content
Attackers can now manipulate AI “deep-research” agents by discreetly editing Reddit threads and Wikipedia pages. They can insert as little as a 13-word snippet, which…
23 ClawHub plugins squatting official scopes expose AI registry security gaps
Plugin registries for AI agents use npm-style scopes like @openclaw/ and @clawhub/ to signal who published a package. But on ClawHub, a registry whose plugins…
A week in security (June 15 – June 21)
Last week on Malwarebytes Labs: Nearly 15,000 infected websites cleaned in SocGholish crackdown Apple patches Beats Studio Buds flaw that could turn earbuds into a…
Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices
Canada’s spy service got a judge’s permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run…
Navigating the AI access control minefield
Until recently, IT departments primarily focused on providing employees with the IT systems they needed to do their jobs, which meant identity and access management…
NAB builds integrated ops hub for threat intelligence
NAB has brought together its “frontline responders” across technology, cyber security, fraud, payments and physical security into a new integrated operations hub Andrew Irvine at…
More Cybersecurity Firms Disclose Impact From Klue Hack
At least nine organizations have publicly acknowledged the impact of the supply chain attack on market intelligence platform Klue. The incident occurred on June 11-12…
4,300+ Outdated Routers Hijacked in Stealthy Spy Infrastructure by AryStinger malware
4,300+ Outdated Routers Hijacked in Stealthy Spy Infrastructure by AryStinger malware Pierluigi Paganini June 22, 2026 AryStinger hijacks outdated routers via old flaws, turning 4,300+…
6 security leader tips for mastering business risk
“CISOs need to provide input and remediation on the impact of security cost because these often-hidden costs have a negative impact on profitability,” he says.…