Cybersecurity

Breaches, vulnerabilities, ransomware, and cyber defense.

One of China's biggest ecommerce company to employees: Starting July 10, you cannot use America's Claude Code

Alibaba reportedly bans Claude Code use in offices starting July 10

Multiple reports say Alibaba will bar employees from using Anthropic’s Claude Code in office environments starting July 10, citing security concerns and recommending Qoder instead.

arXiv logo

New Incident Response Taxonomy Maps Factors That Shape Cybersecurity Readiness

A new arXiv paper proposes the CIR-IF taxonomy after reviewing 417 academic papers and 40 non-scientific publications on cybersecurity incident response factors spanning 1999 to mid-2024.

hacker hands at work with interface around

US insurance rulemaker suspends investment risk designations after cyber attack

The National Association of Insurance Commissioners suspended investment risk designations after a cyberattack disrupted data sharing with major credit rating agencies. The incident could affect insurer capital calculations while regulators, rating firms and law enforcement assess the breach.

Anthropic accuses Alibaba of obtaining 'illicit' access to Claude

Anthropic alleges Alibaba-linked actors used 25,000 fraudulent accounts and more than 28.8 million interactions to probe Claude, in what it called an illicit effort to extract the model’s capabilities and a national-security concern for Congress.

Meriden man says city waited too long to warn residents of possible data breach

Meriden resident says city waited too long to warn about possible data breach

A Meriden resident says the city waited too long to warn residents after a February network incident that may have exposed Social Security numbers, banking data and other personal information.

'Extreme alert': Suspected cyberattack prompts Brazil to shut down emergency alert network

Brazil shuts down emergency alert network after suspected cyberattack

Brazil temporarily suspended its mobile emergency alert network after a suspected cyber intrusion triggered false warnings sent to phones across multiple states. Authorities are investigating the source and scope of the breach.

Telegram questioned by Ofcom after arsonist who targeted Starmer-linked properties recruited on app

Telegram questioned by Ofcom after arsonist who targeted Starmer-linked properties recruited on app

Ofcom has contacted Telegram after court evidence showed a Russian-speaking handler used the app to recruit and direct men behind arson attacks on properties linked to Keir Starmer. The move follows the June 19 sentencing of Roman Lavrynovych and Stanislav Carpiuc.

How a simple consumer data breach spiralled into a national security crisis in US-South Korea relations

South Korea fines Coupang about $410 million over data-law breaches

South Korea’s privacy watchdog fined Coupang 624.68 billion won, about $410 million, over a major data breach and related privacy-law violations. Regulators said the case affected 37.6 million people, making it the country’s largest single-company privacy penalty.

CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats

CISA orders faster patching as AI speeds up exploitation

CISA has issued a new binding directive that shortens remediation timelines for the most urgent vulnerabilities, citing the speed and scale of AI-assisted exploitation.

Check Point

CISA orders federal agencies to patch exploited Check Point VPN flaw within 24 hours

CISA has ordered Federal Civilian Executive Branch agencies to patch an actively exploited Check Point VPN authentication-bypass flaw by June 11 after vendor reporting tied it to real-world attacks and at least one Qilin ransomware deployment.

Apple kicks off Worldwide Developers Conference on June 8

Apple adds AI-assisted password auto-updates in Passwords

Apple announced at WWDC 2026 that its Passwords app can automatically update weak or compromised passwords for eligible accounts, moving beyond alerts and manual fixes.

Anthropic logo

Anthropic expands Project Glasswing to about 150 organizations in 15+ countries

Anthropic said it is expanding Project Glasswing, its Claude Mythos cybersecurity program, to about 150 new organizations across more than 15 countries, most of them critical-infrastructure providers.

KnowledgeDeliver(LMS) | eラーニングのデジタル・ナレッジ

KnowledgeDeliver LMS flaw exploited to deploy Godzilla and Cobalt Strike

A previously disclosed KnowledgeDeliver LMS vulnerability, CVE-2026-5426, has been reported as actively exploited in zero-day attacks that deployed the Godzilla web shell and later Cobalt Strike Beacon.

Twee mannen opgepakt om servers achter Russische cyberaanvallen

Netherlands seizes 800 servers from hosting firm tied to cyberattacks

Dutch financial-crime investigators arrested two men and seized about 800 servers in raids tied to a hosting network accused of enabling pro-Russian cyberattacks, disinformation and sanctions violations.

Group-IB supports INTERPOL’s Operation Ramz, contributing intelligence to first MENA-focused cybercrime takedown

INTERPOL says Operation Ramz led to 201 arrests across MENA cybercrime network

INTERPOL says Operation Ramz, a 13-country cybercrime crackdown across the Middle East and North Africa, led to 201 arrests, 382 suspects identified, 3,867 victims identified and 53 servers seized.

Leaked Shai-Hulud malware fuels new npm infostealer campaign

Leaked Shai-Hulud malware fuels new npm infostealer campaign

Security researchers say a new Shai-Hulud-related npm campaign is actively stealing developer secrets and spreading through the open-source ecosystem, with OpenAI, Akamai and others confirming related compromise activity.

Women in CyberSecurity (WiCyS) Launches Just Hacking Program Driven by Skills-Based Workforce Research

WiCyS launches Just Hacking cybersecurity training program

Women in CyberSecurity has launched Just Hacking, a hands-on training program focused on technical cybersecurity skills. The inaugural workshops will cover AI cyber defense, script-based malware analysis and web application penetration testing.

Babel Street Announces Agentic Risk Intelligence for the AI-on-AI Era

Babel Street launches agentic risk intelligence for investigators

Babel Street said on May 18, 2026 that it launched Insights Investigator, an analyst-directed agentic AI tool for investigative work. The company says the product preserves analyst control, citations and auditability while automating parts of threat, identity and vendor-risk research.

Linux Foundation Report Finds Greatest Obstacle for AI Adoption and Innovation is a Security Readiness Crisis

Linux Foundation report says AI adoption is running into a security readiness gap

The Linux Foundation’s 2026 State of Tech Talent Report says AI adoption is being slowed by a security readiness crisis, with security concerns rising sharply since 2024 and many organizations reporting gaps in AI security and risk management.

Booking.com confirms hackers accessed customers' data

Booking.com confirms hackers accessed customers' data

Booking.com says unauthorized third parties may have accessed reservation-related customer data and that it reset PINs for affected bookings.

The sun sets behind a plume of smoke rising after a U.S.–Israeli military strike in Tehran, Iran, Tuesday, March 3, 2026. (AP Photo/Vahid Salemi)

Commercial cloud infrastructure is now a wartime target.

Confirmed damage to Oracle’s Dubai offices and an official Bahrain fire report show cloud-adjacent infrastructure is being pulled into the conflict.