Stay informed with today's critical security updates
Every organisation is different. The free "Daily Pulse" feed shows the broader threat landscape.
Want this specific and tailored to your organisation?
ThreatInsights – Click for more infoThe Daily Pulse is refreshed automatically every day at 9:00 AM GMT
Want to learn more about Cyber Threat Intelligence?
Check out our free online self-paced training course.
Start Learning NowWednesday, June 24, 2026
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation.
Update threat detection rules, brief security team on TTPs, enhance monitoring for IoCs, and review defensive posture against similar attacks.
Wednesday, June 24, 2026
Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps
Attackers could abuse Dify's multi-tenant cloud service to read private chats, preview other tenants' documents, and reach internal APIs.
Assess potential impact to your environment, update security controls, inform relevant stakeholders, and monitor for related activity.
Wednesday, June 24, 2026
FortiBleed Attackers Turn Firewalls Into Credential Stealers as Heists Persist
The threat actors engineered a Golang-based sniffer to target 430,000 FortiGate firewalls and identify 110 million credentials in the ongoing global campaign.
Update threat detection rules, brief security team on TTPs, enhance monitoring for IoCs, and review defensive posture against similar attacks.
Wednesday, June 24, 2026
Siemens WinCC Certificate Manager
json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>WinCC Certificate Manager insufficiently protects key material that could allow an attacker to extract sensitive information. </strong></p> <p>The following versions of Siemens WinCC Certificate Manager are affected:</p> <ul> <l...
Review affected systems, apply patches immediately, monitor for exploitation attempts, and verify patch deployment across all endpoints.
Wednesday, June 24, 2026
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Update threat detection rules, brief security team on TTPs, enhance monitoring for IoCs, and review defensive posture against similar attacks.
Wednesday, June 24, 2026
ABB Freelance Security Lock
json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow access to underlying OS functions even when Freelance Operations is active, depending on system configuration and user permissions. </strong></p> <p>The following version...
Review affected systems, apply patches immediately, monitor for exploitation attempts, and verify patch deployment across all endpoints.
Wednesday, June 24, 2026
The Purchase Scam Tactic Headed for the World Cup | Recorded Future
A purchase scam tactic hijacks organic search through compromised sites, and it’s built to scale into 2026 FIFA World Cup fraud. How it works and how to respond.
Assess potential impact to your environment, update security controls, inform relevant stakeholders, and monitor for related activity.
Wednesday, June 24, 2026
Recorded Future Launches Impact and Metrics Dashboard
See the business value of your intelligence program in one live, continuously updated dashboard, built for the conversations that matter most with the executives who own budget and strategy.
Assess potential impact to your environment, update security controls, inform relevant stakeholders, and monitor for related activity.
Wednesday, June 24, 2026
Algerian man charged with running two cybercrime marketplaces
Abdellah Belmili allegedly ran two black-market websites selling stolen financial credentials and custom-built phishing kits targeting major American banks, federal prosecutors say.
Assess potential impact to your environment, update security controls, inform relevant stakeholders, and monitor for related activity.
Wednesday, June 24, 2026
Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents
Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents.
Assess potential impact to your environment, update security controls, inform relevant stakeholders, and monitor for related activity.
Wednesday, June 24, 2026
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws
Deploy adversarial robustness testing, implement input anomaly detection, use ensemble models for critical decisions, and add confidence thresholds.
Wednesday, June 24, 2026
Dialog Claims It Was Hacked. A Misconfigured Website Left Its Members Exposed — The private events group, cofounded by Peter Thiel, says a “criminal” hacker is behind a breach that exposed members’ personal details. WIRED found no evidence a break-in was needed to access the f...
The private events group, cofounded by Peter Thiel, says a “criminal” hacker is behind a breach that exposed members’ personal details. WIRED found no evidence a break-in was needed to access the files.
Deploy adversarial robustness testing, implement input anomaly detection, use ensemble models for critical decisions, and add confidence thresholds.
Wednesday, June 24, 2026
Amazon is selling Pokémon Chaos Rising Elite Trainer Boxes for $20 off during Prime Day — This latest Pokémon Elite Trainer Box includes 9 booster packs and many competitive accessories for less than $100 during Prime Day.
This latest Pokémon Elite Trainer Box includes 9 booster packs and many competitive accessories for less than $100 during Prime Day.
Deploy adversarial robustness testing, implement input anomaly detection, use ensemble models for critical decisions, and add confidence thresholds.
Wednesday, June 24, 2026
Agentic AI: The Weapon That No Longer Needs a Warrior — Every weapon begins as an extension of the hand that holds it. The spear lengthened the reach of the arm. The bow sent the point flying without the throw. The rifle placed a man's death a quarter m...
Every weapon begins as an extension of the hand that holds it. The spear lengthened the reach of the arm. The bow sent the point flying without the throw. The rifle placed a man's death a quarter mile beyond his sight, and the aircraft carried that death across oceans. At each turn, the distance between the warrior and the wound grew wider, and yet one thing never moved: a human chose the target
Deploy adversarial robustness testing, implement input anomaly detection, use ensemble models for critical decisions, and add confidence thresholds.
Wednesday, June 24, 2026
What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant — What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Kaspersky Container Security with the KIRA...
What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Kaspersky Container Security with the KIRA AI assistant can help.
Audit ML dependencies, implement package pinning with hash verification, use isolated training environments, and scan for known malicious packages.
Wednesday, June 24, 2026
Retro gaming fans are the new target for fake GitHub malware — Retro gaming fans should be careful with GitHub projects that claim to be tools or plugins for their consoles. We looked at one example aimed at PlayStation Vita owners.
Retro gaming fans should be careful with GitHub projects that claim to be tools or plugins for their consoles. We looked at one example aimed at PlayStation Vita owners.
Deploy adversarial robustness testing, implement input anomaly detection, use ensemble models for critical decisions, and add confidence thresholds.
Wednesday, June 24, 2026
The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration — Unit 42 research details how attackers could exploit global name uniqueness in bucket hijacking to redirect cloud data streams across major CSPs. The post The Global Namespace Risk: Universal Bucke...
Unit 42 research details how attackers could exploit global name uniqueness in bucket hijacking to redirect cloud data streams across major CSPs. The post The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration appeared first on Unit 42. ]]>
Deploy adversarial robustness testing, implement input anomaly detection, use ensemble models for critical decisions, and add confidence thresholds.
Wednesday, June 24, 2026
Document delivery scams: What are they and what’s their goal? — A seemingly official voicemail turned out to be a scam. Learn how document delivery scams work and what to do if you receive one.
A seemingly official voicemail turned out to be a scam. Learn how document delivery scams work and what to do if you receive one.
Deploy adversarial robustness testing, implement input anomaly detection, use ensemble models for critical decisions, and add confidence thresholds.
Wednesday, June 24, 2026
LastPass confirms data breach in Klue supply chain attack — LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain attack earlier this month. [...]
LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain attack earlier this month. [...]
Audit ML dependencies, implement package pinning with hash verification, use isolated training environments, and scan for known malicious packages.
Wednesday, June 24, 2026
Webinar: Why email security teams are drowning in alerts — Phishing, BEC, and account takeover attacks continue to overwhelm security teams with alerts and investigations. This webinar explores how behavioral AI can help automate detection and response wor...
Phishing, BEC, and account takeover attacks continue to overwhelm security teams with alerts and investigations. This webinar explores how behavioral AI can help automate detection and response workflows, reducing alert fatigue and improving operational efficiency. [...]
Deploy adversarial robustness testing, implement input anomaly detection, use ensemble models for critical decisions, and add confidence thresholds.