OpenAI Unveils GPT-5.6 Sol as Its Most Advanced Cybersecurity AI

OpenAI’s New GPT-5.6 Sol Model Brings Advanced Cybersecurity Capabilities to Select Partners In a significant development in the realm of artificial intelligence and cybersecurity, OpenAI has unveiled its latest GPT-5.6 model lineup, with the top-tier “Sol” variant touted as its most advanced tool for defensive security tasks. The new models are part of a tier-based … Read more

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Cybersecurity researchers have uncovered a sophisticated attack campaign that leverages compromised npm and Go packages to deliver a Python-based infostealer malware, further compromising developers’ systems. The attackers cleverly employed VS Code tasks to deploy the malicious code, demonstrating the evolving tactics of threat actors. The affected software packages, used by millions of developers worldwide, were … Read more

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

A Critical SSH Flaw Exposed: What You Need to Know About libssh2 CVE-2026-55200 Security researchers have just published a public proof-of-concept (PoC) exploit for a critical vulnerability in the widely-used SSH library, libssh2. The flaw, designated as CVE-2026-55200, affects all versions of libssh2 and can be exploited by an attacker to execute arbitrary code on … Read more

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

A Sneaky Malware Campaign Exploits Dev Tools to Deliver Infostealer A sophisticated malware campaign has been discovered, leveraging popular development tools and package managers to infect software developers’ machines with an infostealer payload. The attackers have successfully hijacked numerous packages on npm and Go, exploiting the trust placed in these widely-used repositories. The malicious code … Read more

ISC Stormcast For Monday, June 29th, 2026 https://isc.sans.edu/podcastdetail/9986, (Mon, Jun 29th)

A massive cyberattack has been unfolding on the global internet backbone, threatening to disrupt online services and communication channels worldwide. The attack, which began over the weekend, has already compromised a significant number of routers and network devices, putting sensitive data at risk. The affected systems include some of the world’s most critical infrastructure, including … Read more

ISC Stormcast For Monday, June 29th, 2026 https://isc.sans.edu/podcastdetail/9986, (Mon, Jun 29th)

A Major DNS Spoofing Campaign is Underway, Affecting Millions of Users Worldwide A massive and sophisticated DNS spoofing campaign has been detected by security researchers at SANS ISC, targeting millions of internet users worldwide. The attackers are exploiting a well-known vulnerability in the Domain Name System (DNS) protocol to redirect victims to malicious websites, spreading … Read more

Data breach exposes up to 14.2 million email logins at six ISPs

A massive data breach has exposed up to 14.2 million email logins at six Japanese internet service providers (ISPs), leaving customers vulnerable to account hijacks and other forms of cyber attacks. The incident, which was disclosed by KDDI Corporation on June 17, involves a vulnerability in an unnamed third-party software used by the company’s email … Read more

YARA-X 1.18.0 and 1.19.0 Release, (Sun, Jun 28th)

A New Version of YARA-X Brings Performance Boosts and Bug Fixes to Security Researchers Security researchers have been waiting for an update to the popular malware detection tool YARA-X, and it’s finally here. The latest versions, 1.18.0 and 1.19.0, bring significant improvements and bug fixes that will make a big difference in their daily work. … Read more

Data breach exposes up to 14.2 million email logins at six ISPs

A massive data breach has compromised up to 14.2 million email logins at six internet service providers (ISPs) in Japan, highlighting the ongoing threat of cyber attacks against critical infrastructure and underscoring the importance of robust security measures. The incident, disclosed by Japanese telecommunications operator KDDI Corporation on June 28, involves a breach of one … Read more

Chinese Framework Powers 200,000 Scam Sites

A massive network of over 200,000 scam websites has been uncovered by cybersecurity firm Infoblox, all powered by a Chinese open-source framework called Uni-App. This framework is widely used in China for building legitimate applications and websites, but threat actors have exploited its popularity to create a sprawling ecosystem of investment scams that have already … Read more