Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flaws

Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including five publicly disclosed zero-day ...
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
CSOonline

Google leaks details for Chromium bug that can turn browsers into bots

Reported over three years ago and allegedly still not properly fixed, the vulnerability enables attacks to execute JavaScript across browser restarts. Chromium — the open-source browser that underpins ...
The Hacker News

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

The 5 highest-paying entry-level jobs in the UK right now — and how to get them

Time to update your CV?
TechSpot

Google accidentally published a four-year-old Chromium security bug, then tried to hide it again

Facepalm: The open-source Chromium project provides the foundation for Google Chrome and many other popular web browsers like Microsoft Edge, Opera, and Brave. When a serious security flaw is ...

IT Press Tour: Zero servers, 200 petabytes a month - the ex-Akamai founders selling a cure for the next Cloudflare outage

The 68th edition of The IT Press Tour spent a week in Boston, and on 10 June it handed the floor to a company that owns no ...
Infosecurity-magazine.com

PureLogs Variant Steals Data via Purchase Order Lures

A variant of the PureLogs infostealer malware has been distributed through purchase-order-themed phishing emails that use a malicious JavaScript file to launch a multi-stage infection chain on Windows ...
Dark Reading

DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

Threat actors have compromised thousands of websites for the purpose of engineering industrialized ClickFix and FakeUpdate attacks in an organized malware delivery operation aimed at selling initial ...
Infosecurity-magazine.com

Infosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New Benchmark

Anthropic’s Claude Mythos outperformed OpenAI’s GPT5.5 on real‑world Google Chrome vulnerability exploits, a new benchmark designed to test the performance of frontier AI models to exploit real-world ...