The Latest

We may earn a commission from links on this page.

Steven Spielberg's latest has done some very respectable business at the box office, and, even if it's not exactly an indie, continues a recent run of non-IP films (Obsession and Backrooms, specifically) doing extremely well against things like He-Man and a new Star Wars. All of those movies are fun, but it's nice to see some light at the end of the all-franchise, all-the-time tunnel.

Disclosure Day, which is best approached with minimal foreknowledge, is Spielberg's latest take on the impact that the existence of aliens might have on human civilization: War of the Worlds posits that they'd try to destroy us while possibly uniting us, but Disclosure Day feels more in conversation with Close Encounters of the Third Kind, in which human greed and paranoia are the real threats. DD has earned good reviews, though not without a bit of a mixed reception—I, for one, rather loved it. In that spirit, let's visit other movies and streaming shows that lead us deep into the shadowy worlds of alien conspiracies.

Nope (2022)

Daniel Kaluuya and Keke Palmer star as the sibling caretakers of a rural California horse ranch, who find themselves beset by...something? Wildly original, if frequently vexing, the tagline calling it a "neo-Western science fiction horror film" tells you all you need to know, and might maybe be Jordan Peele's best. When the Haywood Farm is beset by an otherworldly entity, the siblings running the place opt to make the best of things by capturing it on film. Spielbergian in its concern with our reaction to the extraordinary, Nope also subverts expectations at pretty much every turn. Stream Nope on Netflix or rent it from Prime Video.

The Vast of Night (2019)

Director Andrew Patterson made a wildly confident debut with this film that takes us back to the 1950s, to a small town in New Mexico on the night of the big basketball game. A young local disc jockey, Everett (Jake Horowitz) and his best friend, local switchboard operator Fay (Sierra McCormick) are caught up in a series of bizarre events that begin when Everett’s show is interrupted by a strange signal. The premise involves any number of UFO-movie cliches, but that's both the point, and not really the point at all: The film has a phenomenal visual flair, and makes the typical alien invasion stakes feel deeply personal for this small town. Stream The Vast of Night on Prime Video.

Contact (1997)

Adapted from scientist Carl Sagan's (brilliant) only novel, Contact finds Jodie Foster's SETI researcher Dr. Eleanor Arroway tracking an extraterrestrial signal containing a sequence of prime numbers, and tens of thousands of pages of encoded data that's ultimately revealed to be a set of blueprints—but to build what? As the message ignites political and religious firestorms, the movie privileges the importance of science while acknowledging the perspectives of people like Matthew McConaughey's Palmer Joss, a well-meaning faith leader who, nonetheless, clashes with Ellie on the signal's broader meaning. The conflicts between hard fact and faith in the face of scientific revelation resonate with Disclosure Day, as do the questions about whether or not our response to actual aliens would be particularly healthy. Rent Contact from Prime Video.

The X-Files (1993 – 2018)

Still the ne plus ultra of alien conspiracy programming, The X-Files has provided us with decades of blissful paranoia. Of course, after an 11-season series, two movies, a couple of spin-offs, Chris Carter's classic never got to the damn point (we'll probably never know exactly what it was all about), but that's almost beside the point: The questions are almost always more satisfying than the answers; Gillian Anderson and David Duchovny have some all-time great TV chemistry, and we're more than happy to follow them down into the dark. Stream The X-Files on Disney+ and Hulu.

The Day the Earth Stood Still (1951)

Spielberg doubtless picked up a thing or two from prolific, genre-bending director Robert Wise, who crafted one of the finest science fiction films of the 1950s (or, really, of all time) by (mostly) dodging monsters and space ships in favor of this more thoughtful thriller. Here, an alien visitor (Michael Rennie) arrives on Earth in peace right before being shot by some U.S. military types who want to keep Klaatu's knowledge to themselves. Managing to escape, he decides to walk among us for a bit before delivering a message of hope—alongside some tough love. Rent The Day the Earth Stood Still from Prime Video.

Fire in the Sky (1993)

Only a handful of films post-Fire in the Sky bothered to take the idea of alien abduction seriously; perhaps that’s a fairly inevitable side effect of the rise of a culture in which everything is on tape and newer conspiracy theories have made the UFO cults of yore seem positively quaint. This film, starring D.B. Sweeney, deals with the true-life (just go with it) story of Travis Walton, an Arizona logger who went missing for five days in 1975 following an encounter with a mysterious object and a beam of light—all of which was witnessed by frightened co-workers who fled the scene. The film’s non-fiction lens isn’t going to work for every viewer, but it treats Walton’s described experiences as fact (before embellishing them to make a more interesting movie); though much of the movie deals with the aftereffects of the abduction, the climactic trip inside the space ship is creepily effective. The film lacks Spielberg's larger questions of meaning, but it understands that alien stories are meaningless if they don't speak to individual experiences. Rent Fire in the Sky from Prime Video.

Roswell (1999 – 2002)

Look, alien conspiracies aren't just for middle-aged FBI agents and struggling meteorologists; if you live in Roswell, New Mexico, the freaky's going to hit you by high school—or so this cult favorite series posits. In the pilot, seemingly normal teenager Max Evans (Jason Behr) intervenes when Liz Parker (Shiri Appleby) is shot while working at her parents' cafe. He saves her life, and not in a typical way, leading to the revelation that he's one of four alien/human hybrids who crashed to Earth in 1947. Several of the movies and shows here reference the legendary Roswell crash, but this one catches us up with the aliens a few decades later via an addictive teen soap. Buy Roswell from Apple TV.

Honeymoon (2014)

When it comes to my alien movies, I tend to lean toward "the real problem is people"-type stories, but film history is packed with brilliant horror movies in which extraterrestrials are bad, actually. Leigh Janiak (Fear Street) made her feature directorial debut in this film that combines science fiction with body horror in a story about a young couple (Rose Leslie and Harry Treadaway) whose relationship dynamic changes rather dramatically after Bea encounters strange lights in the woods. The Body Snatchers-esque premise isn’t groundbreaking, but the direction is stylish, and the narrative leans into compelling subtextual horror: What if someone you’ve committed your life to suddenly starts acting like a completely different person? Disclosure Day's alien-initiated transformation of its lead character is a cause for wonder at least as much as fear, but Honeymoon is much more about the terror of it all. Rent Honeymoon from Prime Video.

The Boroughs (2026 — )

This new Netflix show finds a talented and thoroughly recognizable cast (Alfred Molina, Alfre Woodard, Denis O'Hare, Clarke Peters, and Geena Davis, among others) confronting a series of freaky mysteries in their seemingly idyllic, but entirely remote, retirement community—the look and feel, involving a charming western-American housing development, is very 1980s Spielberg. Without giving too much away about either The Boroughs or Disclosure Day, there's a web of conspiracy common to both, and freaky mysteries that dovetail in surprisingly similar ways. Think of it as Cocoon meets Close Encounters, but scary. Stream The Boroughs on Netflix.

Close Encounters of the Third Kind (1977)

This one is so deeply obvious that it almost doesn't need to be mentioned, but it would also feel a little churlish to leave it out: Disclosure Day isn't a remake or sequel to Close Encounters by any means, but it does feel like a continuation of a discussion about aliens that Steven Spielberg began nearly 50 years ago—a conversation that runs through E.T., War of the Worlds, and everyone's least-favorite Indiana Jones movie. As always, he's interested in extraterrestrial life, but more interested in the impact that knowledge of aliens would have on us. A story with an epic scale involving the impending first contact comes down to, for Spielberg and company, blue-collar utility lineman, a three-year-old kid, and a French scientist all trying to figure out what their encounters mean for these (mostly) ordinary, everyday humans faced with the numinous. Stream Close Encounters of the Third Kind on Peacock or rent it from Prime Video.


from Lifehacker https://ift.tt/n4UkD5J

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

The Philips 1000 Series Touchscreen Key-free Electronic Deadbolt is currently on sale for just $67.99 on StackSocial, offering a fairly straightforward take on keyless home entry. Instead of leaning into app integrations or smart home connectivity, Philips has focused this model on simple PIN-based access and everyday convenience. The lock features a backlit touchscreen keypad and supports up to 20 user PINs, as well as unlimited one-time guest codes for temporary access. That makes it useful for households with multiple family members, rental properties, or anyone who regularly needs to let guests or service workers in, all without handing over physical keys.

Setting it up is relatively simple, since there’s no wifi, Bluetooth, or separate hub involved—the lock installs in place of a standard deadbolt with basic tools and doesn’t require any wiring. Philips includes the required AA batteries in the box, which can last up to a year depending on how often the lock is used. You’ll also get a few practical features that make day-to-day use easier. Auto-lock automatically secures the door after you leave, while one-touch locking lets you lock it with a quick tap instead of reaching for keys every time. It’s the kind of thing that helps cut down on those small moments of second-guessing when you’re already halfway down the driveway, wondering if you locked the door.

That said, this is closer to an electronic deadbolt than a full smart lock, so you won’t get remote access, phone controls, activity history, or integrations with platforms like Alexa or Google Home. Depending on what you want from a lock, that could either feel limiting or the reason to buy it, since not everyone wants another app sending notifications or another device connected to their home network. Still, for under $70, the Philips 1000 Series covers the basics well and makes the most sense for people who want the convenience of keyless entry without adding another app, subscription, or overly complicated setup process to their routine.

Our Best Editor-Vetted Early Prime Day Deals Right Now
Deals are selected by our commerce team

from Lifehacker https://ift.tt/l3bGL7U

Deep learning systems on phones, cars, and other edge devices increasingly run on custom silicon. Specialized chips such as FPGAs and ASICs give these systems the speed and low power consumption that edge applications need. Many of these chips come from third-party design houses and foundries, which adds steps to the supply chain where an outside party can alter a device.

Researchers at the University of Tennessee and the University of Florida built an attack that takes advantage of this arrangement. The attack, called HAMLOCK, short for Hardware-Model Logically Combined Attack, divides a backdoor into two parts and places them on opposite sides of the hardware and software boundary.

OPIS

Threat Model of HAMLOCK (Source: Research paper)

How the attack divides its work

Conventional backdoors live entirely in a model’s weights. The model learns to misclassify any input that carries a chosen trigger, such as a small colored square. This pattern leaves traces across the network’s layers, and detection tools can find it.

HAMLOCK keeps the model almost ordinary. The software side changes the weights of at most three neurons so those neurons produce unusually high values when a trigger appears in an input. On its own, the model classifies triggered images correctly. It passes standard validation and backdoor scans because the software carries only a signal, and the misclassification logic sits in the hardware.

The second part lives in the chip. Two small circuits, called hardware Trojans, complete the attack. One circuit watches the activations of the chosen neurons. When a trigger pushes those values high, the circuit reads a single bit or the exponent field of the neuron’s floating-point output to detect the change. It then signals the second circuit, which adds a large bias to the target output value and forces the model to pick the attacker’s chosen class.

How well it worked

The split design pays off in the lab. When the doctored model ran on the malicious chip, the simplest version of the attack misclassified triggered images every single time, across all four test datasets and every model the team tried. The version that spreads its work across several neurons did slightly worse, landing in the mid-90s.

The point of a backdoor is that nobody notices it until it fires, and HAMLOCK clears that bar. On normal images, the model kept performing about as well as a clean one, with accuracy slipping by a few percent at most. Pull the chip out of the picture and the backdoor goes quiet: the software alone sent trigger images to the wrong class less than one percent of the time. A reviewer testing the model by itself would see a tool that works.

Getting past existing defenses

The researchers then ran the model through the kind of screening a model repository or a careful user might apply. Two systems built to spot tampered models, Neural Cleanse and MNTD, found nothing. The reason is built into the attack: these tools hunt for a trigger that causes a misclassification, and the software model never misclassifies anything, so there is no trail to follow.

Tools that inspect individual inputs at inference time did about as well as a coin flip. Detectors that work with internal activations and detectors that work from inputs and outputs alone both struggled to tell trigger images apart from clean ones. The same square trigger, planted with an ordinary backdoor method, gets caught by these same tools almost every time, which shows how much the hardware split changes the picture.

Defenses that try to scrub a backdoor out of a model also came up empty. Fine-tuning and pruning, the usual cleanup steps, left the attack working at full strength. One run even handed the defender real examples of the attack, and the backdoor survived. The cleanup methods read the trigger images as harmless training data, so retraining reinforced the trigger rather than removing it.

A small hardware footprint

The chip side is easy to overlook because the model does the heavy lifting. The trigger circuit only checks a few bits, and the payload circuit only adds a fixed number, so the extra logic amounts to a handful of gates and comparators. Synthesized with standard commercial tools on a 45-nanometer process, the added area came in around a tenth of a percent at most, and close to nothing on the larger chips.

Power told a similar story for two of the three designs. The VGG-16 chip ran a little higher, reaching about one percent for the simple circuit and a few percent for the multi-neuron one, an artifact of how that accelerator was built. Numbers in this range disappear into the normal swings of chip manufacturing, which makes side-channel detection hard. A tester comparing a tainted chip against a clean one would see noise.

Where the attack fits

HAMLOCK assumes an attacker with access to the hardware design or fabrication stage and knowledge of the model’s weights and layout. Two situations apply. In one, a victim downloads a pretrained model from a public repository and sends it to a third-party manufacturer for deployment. In the other, a victim trains its own model and hands it to an untrusted manufacturer. In both, the manufacturer makes the small weight changes and inserts the circuits.

The hardware design supports several kinds of trigger conditions. Combinational triggers fire only when several conditions occur together. Sequential triggers respond to patterns in a set order. Temporal triggers activate after a set number of inferences. A temporal trigger could keep a backdoor dormant in an autonomous vehicle until it has run for a certain mileage, so the eventual failure looks like wear.

What a defense would require

The paper calls for cross-layer defenses without laying one out. Swarup Bhunia, director of the Warren B. Nelms Institute for the Connected World and a co-author of the paper, told Help Net Security what an answer would involve. “The hardware-model combined attack in HAMLOCK can be highly stealthy and hard to detect pre-deployment of an AI system, as noted in the paper. However, an effective defense can be built by (1) verification of existence of malware, however minute, on fabricated silicon, and (2) runtime monitoring of an anomaly. A runtime check by tracking internal model behavior can be very effective in detecting diverse security issues, including backdoor attacks, during operation of an AI model.”

That points the work toward the deployed system, where a monitor watches how a model behaves during operation and flags activity that departs from the norm.

The move to language models

The current evaluation covers image classifiers. The same FPGA and ASIC accelerators now run large language models and transformers, which raises the question of whether the activation-monitoring trick carries over. Bhunia said it does. “The activation-monitoring mechanism and triggering of a backdoor is expected to generalize, while the payloads can vary for LLMs running in FPGA/ASIC accelerators. That’s indeed the focus of our on-going work on LLM, where we develop powerful backdoor attacks following the HAMLOCK model.”

The code is publicly available. The authors plan to share results with EDA tool vendors such as Synopsys and Cadence, and they point to hardware-software co-verification, checking a compiled model’s datapath against the hardware layout, as a direction for defense that remains an open research problem.


from Help Net Security https://ift.tt/9S6WwXj

At most U.S. technology companies, machines now write the bulk of the code that ships each week. The engineer’s job has shifted toward reviewing what the AI produces, and that review gives the code high marks. Leaders rate AI-generated code as higher quality than the code their own people write, praising its clean structure, consistent style, and low count of obvious bugs at submission time.

AI-generated code review

The same code behaves worse once it runs. Production incidents have climbed over the past year. Senior engineers spend more of their time fixing what the AI generated. A large majority of organizations hit at least one production failure tied to AI code in the past six months, and a sizable share of that code goes back for repair soon after it ships.

Trust arrives before inspection

The pattern starts with trust that lands early. Most teams say they often ship AI-generated code to production without checking it line by line. The code reads well, so it clears review quickly, and the inspection step where many security defects get caught goes quiet.

LLMs produce code that works under clean, predictable conditions. The weak spots show up in edge cases, concurrency, deprecated API calls, and complex state changes. These gaps stay buried in the source and surface once real users hit the system. A reviewer scanning a pull request has little chance of spotting them.

Security flaws that emerge under load

Newly introduced security vulnerabilities have affected roughly three in ten organizations in the past six months. Integration failures, compliance problems, and data integrity issues have hit similar shares. Most organizations carry at least one war story from the period, and many carry several.

According to the New Relic study, AI-generated code introduces close to twice as many critical runtime issues as peer-reviewed human-authored code. The failures spread across many small problems at once. Each leaves a signature in production data. Schema drift and rising error rates between services point to integration breakage. Odd patterns in authentication and trace data expose security weaknesses. The common thread is that these signs appear after deployment, well past the review stage.

The limits of review-time inspection

A reviewer reads the source. Production produces the trace. The source shows how the code is built. The trace shows how it behaves under real load, real dependencies, and real edge cases. AI coding tools generate code from the source alone, with no view of runtime conditions. That gap explains the distance between the grades AI code earns in review and the way it performs in the wild.

The cleanup falls on experienced staff. Site reliability and DevOps engineers report losing up to a third of their work week to triaging and refactoring machine output that reached production unchecked. That is time the most senior people on a team would otherwise spend on harder problems.

Observability moves earlier in the process

Support for observability has reached near-unanimous levels among the leaders surveyed. They treat runtime monitoring as essential for AI-generated code, and many now prompt the AI to build telemetry such as logs and traces directly into the code it writes. The decision about what to log and what to alert on is moving upstream into the developer’s prompt.

The speed gains behind all this are real, and revenue reflects them, which is why adoption keeps climbing. AI-written code sits inside formal production policy at most organizations and reaches the same customer-facing services as code from senior engineers. No organization in the survey bans the practice.

Download: Automating Pentest Delivery Guide


from Help Net Security https://ift.tt/kOQaTJD

This is a current list of where and when I am scheduled to speak:

  • I’m giving a keynote at Cybernation 2026 in Berlin, Germany, on June 24, 2026.
  • I’m speaking at the Potsdam Conference on National Cybersecurity at the Hasso Plattner Institut in Potsdam, Germany. The event runs June 24–25, 2026, and my talk will be the evening of June 24.
  • I’m participating in a panel discussion at the Austrian Institute for International Affairs in Vienna on Thursday, June 25, 2026.
  • I’m speaking at the Digital Humanism Conference in Vienna, Austria, on Friday, June 26, 2026.
  • I’m giving a fireside chat for Epicenter Works, to be held at Kaffee Alt Wien in Vienna, Austria, on Friday, June 26, 2026.
  • I’m participating (via Zoom) in a panel discussion at Quantum.Tech World in Boston, Massachusetts, USA, on Friday, June 26, 2026. The topic is “Q-Day’s Shortening Deadline: Immediate Solutions.”
  • I’m speaking at Czech Technical University in Prague, Czechia, on Monday, June 29, 2026.
  • I’m speaking at the Nuremberg Digital Festival in Nuremburg, Germany, on Wednesday, July 1, 2026.
  • I’m speaking at CanSecWest 2026 in Vancouver, Canada. The conference runs September 30–October 1, 2026; the time of my talk is TBD.

The list is maintained on this page.


from Schneier on Security https://ift.tt/usrahBe

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Week in review

DockSec: Open-source AI-powered Docker security scanner
DockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanation and remediation. Created by Advait Patel, the Python tool runs Trivy, Hadolint, and Docker Scout against a developer’s Dockerfile and image, correlates the findings, returns a 0-100 security score, and proposes line-specific fixes.

Treating AI agents like service accounts for federated query security
In this interview with Help Net Security, Paras Malhotra, CISO at Starburst, explains how the company handles data governance across federated query environments. Topics include layering Starburst’s access controls above native source permissions, tiering vendor risk across more than 200 partners and connectors, and building audit trails for autonomous agents.

NOVA microhypervisor brings AMD DMA isolation to shared AI infrastructure
BlueRock has issued the latest open-source release of its NOVA Microhypervisor with DMA remapping support for AMD platforms that have IOMMU hardware virtualization. The capability is enabled by default and extends hardware-level isolation across virtual machines, devices, and memory in shared execution environments.

The security in smartphones is helping send them to landfills
The WEEE Forum estimated that 5.3 billion mobile phones became electronic waste in 2022. Many of these devices still function. The average smartphone stays in use for about three years, and owners often replace handsets that retain enough computing power for other jobs. A team at the Université Libre de Bruxelles examined a barrier to giving those devices a second life.

Every set of AI guardrails can be broken by the right prompt
AI companies use guardrails to block harmful outputs such as deepfakes, malware, and instructions for biological weapons or illicit drugs. A new mathematical proof by Apostol Vassilev, a senior scientist at NIST, suggests those protections have inherent limits. For any finite set of guardrails, there exists a prompt that can bypass them if discovered.

NOVA microhypervisor brings AMD DMA isolation to shared AI infrastructure
BlueRock has issued the latest open-source release of its NOVA Microhypervisor with DMA remapping support for AMD platforms that have IOMMU hardware virtualization. The capability is enabled by default and extends hardware-level isolation across virtual machines, devices, and memory in shared execution environments.

The security in smartphones is helping send them to landfills
Billions of working smartphones reach the end of their service lives each year and move into drawers, recycling streams, and waste piles. The WEEE Forum estimated that 5.3 billion mobile phones became electronic waste in 2022. Many of these devices still function. The average smartphone stays in use for about three years, and owners often replace handsets that retain enough computing power for other jobs. A team at the Université Libre de Bruxelles examined a barrier to giving those devices a second life.

Every set of AI guardrails can be broken by the right prompt
Companies that build AI systems wrap them in guardrails meant to block harmful output, including deepfakes, malware, and instructions for making biological weapons or illicit drugs. When a user prompts the system for such content, the guardrails are designed to flag the request and refuse. A new mathematical proof sets a limit on how secure those guardrails can ever be.

CISA orders federal agencies to “patch smarter”
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive that will change how the US federal government approaches vulnerability management.

How to use NIST and ISO frameworks to govern AI agents
Security leaders no longer need convincing that AI agents introduce risk. What’s missing is how to govern them once they move into production and begin operating autonomously across enterprise environments.

CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)
A vulnerability (CVE-2026-28318) that can be exploited to crash SolarWinds Serv-U file transfer servers is being leveraged by attackers in the wild, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Friday. The agency has ordered US federal civilian agencies to address it by June 19, 2026, either by implementing a patch or implementing mitigations.

Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)
A Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the company announced on Monday. Check Point Remote Access VPN enables and secures connections between corporate networks and remote or mobile devices.

LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)
A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog on Monday.

Record Microsoft Patch Tuesday, fresh zero-day
Microsoft marked its largest-ever Patch Tuesday this month, by shipping fixes for nearly 200 vulnerabilities. Within hours, “Nightmare Eclipse”, the researcher behind weeks of escalating Windows exploit releases, dropped a proof-of-concept exploit for a new zero-day: “RoguePlanet”, which abuses a race condition in Windows Defender to spawn a command shell running with SYSTEM-level privileges.

Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)
Ivanti has patched two critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) in Ivanti Sentry and has urged customers to implement the fix right away. Though the vulnerabilities are not known to be actively exploited, security researchers have already released technical details about the former, which may be used by attackers to craft a working exploit.

Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert
A zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being exploited in the wild, Charles Carmakal, CTO at cybersecurity firm Mandiant, part of Google Cloud, warned today.

The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic
AI-assisted vulnerability discovery and exploit development are making patching increasingly inadequate as a primary defense. Advanced AI models can shrink the time from vulnerability discovery to exploitation from months to hours, while organizations struggle to patch systems as quickly as new flaws are identified.

Product showcase: Staying ahead of the threat horizon with Aunoo
Aunoo is an open strategic intelligence platform that uses AI agents to monitor intelligence sources, including for cybersecurity, to compile a daily briefing and alert on defined criteria. Each source is checked for credibility and quality before it is included. The platform runs in any browser and can send its findings via Slack, Discord, Teams, email or using the internal chat.

When attacks spread too far: Lessons from real cyber attack case studies
In this Help Net Security video, Michael Adjei, Director, Systems Engineering at Illumio, explains three real world cyber attacks and what went wrong during detection.

Cyber resilience metrics that drive action
In this Help Net Security video, Pete Bowers, COO at NormCyber, explains how organizations can build a cyber resilience metrics program that supports better decisions. He questions common ways of measuring resilience, such as risk registers, tool scores, and annual tests, and points out their limits.

GitHub Copilot app launches as desktop home for AI coding agents
GitHub introduced the Copilot app, a desktop application built for working with AI coding agents, at Microsoft Build 2026. The release expands GitHub’s Copilot product line beyond editor integrations and command-line tools into a dedicated workspace for directing several agents at once.

Cybercriminals create 19,000 FIFA-themed domains ahead of 2026 World Cup
The 2026 FIFA World Cup will bring millions of visitors and an estimated 6 billion spectators to a tournament spread across 16 host cities in the United States, Canada and Mexico. In a new report, Intel 471 describes the 2026 FIFA World Cup as “the largest and most complex cyberattack surface in sporting history.”

Hackers used Meta’s AI support system to hijack over 20,000 Instagram accounts
Meta has revealed that attackers hijacked 20,225 Instagram accounts by exploiting a flaw in the company’s AI-assisted account recovery system. According to the company, a vulnerability in High Touch Support (HTS) allowed unauthorized parties to perform password resets on Instagram accounts.

Microsoft changes how Defender for Endpoint EDR updates are delivered on Windows
Microsoft will distribute Defender for Endpoint EDR updates through Microsoft Update, enabling EDR security improvements to be released independently of monthly Windows operating system updates. The rollout started for Windows 10 devices in late May 2026 and will expand to Windows 11 and other supported Windows versions later this year. Microsoft expects deployment to be completed by fall 2026.

Meta claims NSO Group still targets WhatsApp users despite court order
Meta claims it disrupted spear-phishing attempts linked to NSO Group and is asking a US federal court to hold the spyware vendor in contempt for allegedly violating an injunction that bars it from targeting WhatsApp and its users.

Mythos Preview can weaponize N-day vulnerabilities in hours
Mythos Preview can develop working exploits from newly disclosed software vulnerabilities in hours, cutting down a process that has historically taken days or weeks, according to Anthropic.

Google patches Chrome zero-day exploited in the wild (CVE-2026-11645)
Google has fixed 74 vulnerabilities in Chrome, including a high-severity zero-day (CVE-2026-11645) that has been exploited in the wild. The fix has been shipped in Chrome 149.0.7827.102/.103 for Windows and macOS and Chrome 149.0.7827.102 for Linux, with the update rolling out to users over the coming days and weeks.

French government messaging platform breached through account hijacking
French authorities are investigating a compromise of Tchap, the government’s secure messaging platform, after hackers hijacked a user account and gained access to public chat rooms.

Anthropic’s Claude Fable 5 is out for public use, with safeguards for high-risk requests
Days after publishing research on how advanced AI systems could amplify cyber operations in the wrong hands, Anthropic released Claude Fable 5, a Mythos-class model for general use. The company said Mythos-class models possess advanced cybersecurity and research biology capabilities that can provide information and guidance beyond what is typically available through conventional online sources.

New Browser-in-the-Browser phishing uses fake login popups to steal Microsoft 365 credentials
A new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups designed to closely mimic legitimate browser authentication windows, according to Palo Alto Networks Unit 42.

Identity theft is turning into a chain reaction for victims
For a growing number of victims, identity theft no longer ends with a fraudulent charge or a compromised account. More than one in four people who contacted the Identity Theft Resource Center during the reporting period were dealing with multiple identity-related incidents, according to the organization’s 2026 Trends in Identity Report.

X Square Robot open sources its robot-free data collection framework
Companies building robots for physical work spend large amounts of time and money operating machines by hand to gather training examples. Each session with a physical robot produces a small number of demonstrations per day, which slows the growth of datasets used to train embodied AI. Human demonstrators offer a cheaper source of data, and X Square Robot has put a system for this approach into public release.

Making the cloud prove it followed your privacy wishes
Companies that store personal data in cloud key-value databases should handle deletion requests by running the operation and confirming the job is complete. The people making those requests and the regulators overseeing them have had limited means to confirm the data is gone or that the record of its removal is genuine. GDPRuler, a middleware system from researchers at the Technical University of Munich and the University of Lisbon, sits between an application and an unmodified key-value database and enforces privacy rules as data passes through it.

9 out of 10 people can no longer distinguish real from AI-generated content
Online fraud is becoming harder to distinguish from legitimate activity as AI-generated messages, voices, photos, reviews, and identities become more convincing. Nearly nine in ten adults say they can no longer tell what is real from AI-generated content, according to the latest Malwarebytes survey. The share increased from 66% in 2025 to 85% in 2026.

FBI seizes 13 websites linked to alleged Chinese intelligence-gathering effort
Federal authorities have seized 13 internet domains allegedly used to target current and former U.S. government employees and military personnel with access to classified and sensitive information.

52% of direct-to-IP threats are missing from intelligence feeds
Security tools are good at inspecting websites, domains, URLs, and files, so attackers are moving lower in the stack and communicating directly with IP addresses, where visibility is limited. According to Palo Alto Networks’ report, this creates a visibility gap that allows malicious traffic to blend into normal internet activity and evade detection.

Google Colab CLI opens runtimes to Claude Code and Codex
Google released the Google Colab Command-Line Interface, a tool that connects local terminals to remote Colab runtimes. The CLI provides an execution platform for developers and AI agents, letting users provision compute, run local Python scripts on remote runtimes, and retrieve artifacts back to local machines.

OpenAI is locking down parts of ChatGPT to reduce data theft risks
OpenAI has started rolling out Lockdown Mode for ChatGPT, an optional security setting that restricts access to external resources and several product capabilities. It is available for personal accounts, including Free, Go, Plus, and Pro plans, as well as self-serve ChatGPT Business accounts.

Samsung just made Galaxy phones more secure in One UI 9 beta
Samsung’s One UI 9 beta integrates Lockdown mode into the power menu. This is the screen that contains Power off, Restart, and emergency options. Opening it initiates Lockdown mode, disabling biometric authentication.

The security questions around Chinese AI coding models in U.S. software
Software developers across the United States are using AI models built in China to write, debug, and review code, drawn by prices below those of American alternatives. These models carry risks for the security of American software, according to a report from Booz Allen Hamilton, which tested how the models respond when the user appears to work for the U.S. government.

Malware ships with bugs that defenders could use against it
Static analysis tools have spent years scanning legitimate software for security bugs before it goes out the door. The same scanners work on malware, and malware carries a steady supply of its own bugs. Researchers ran four of these tools across 658 leaked malware projects and found that close to 90 percent contained at least one recognized software weakness.

Apple expands what parents can block, approve, and limit
Apple has previewed a set of new child safety features coming to iPhone, iPad, and the Mac later this year, expanding parental controls with tools that help families manage app access, web browsing, communication, and screen time.

Apple Intelligence can now replace weak passwords without user intervention
Apple’s next generation of Apple Intelligence, the company’s personal intelligence system, expands its capabilities and introduces new security features in Passwords. With the new update, Passwords can automatically replace weak or compromised passwords.

Scams now operate like real businesses with budgets and targets
Social media has overtaken email as a primary attack vector, showing changes in how people consume information and interact online, according to Bitdefender’s Global Scam Intelligence Report 2026. Fraud campaigns use advertisements, sponsored content, impersonation pages, and direct messages to reach users.

Apple extends Private Cloud Compute to third-party data centers
Apple is bringing its Private Cloud Compute (PCC) platform to Google Cloud, expanding the infrastructure behind Apple Intelligence to third-party data centers. Introduced in 2024, PCC provides cloud-based processing for AI workloads that exceed the capabilities of on-device models while maintaining Apple’s security and privacy guarantees.

Building reusable workflows with custom agents in Copilot CLI
Developers spend much of their working time in the terminal, generating commands, debugging issues, and running scripts close to their systems. Repeated terminal work tends to pile up small steps such as re-running the same commands, re-explaining context, and translating logs into a form a team can act on. Custom agents in GitHub Copilot CLI address these patterns by turning repeated tasks into reusable workflows.

Organizations can’t see much of their mobile AI activity
Organizations have limited visibility into AI activity on mobile devices despite security leaders expressing confidence in their AI governance, according to Lookout’s “Solving for the Mobile AI Blind Spot: Executive Confidence Meets Technical Reality” report.

Prompt injection still drives most agentic AI security failures in production
A backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model gateway for CrewAI, DSPy, Microsoft GraphRAG, and dozens of other AI agent frameworks. Anyone pulling an update during that window pulled in an autonomous attack bot named hackerbot-claw along with it.

Threat actors are recruiting the people who hold cloud logins
Companies keep most of their data and applications in cloud platforms that anyone can reach with the right login. That setup turns each employee holding those credentials into a security variable, and members of the cybercrime underground have built methods to reach those people. Intel 471 tracked this activity into 2026 and sorted insider risk into three categories that cloud-reliant organizations contend with.

Fake Spotify Premium tutorials on TikTok and Instagram Reels spread malware
Cybercriminals are using TikTok and Instagram Reels videos to spread Vidar, an infostealer malware, through fake downloads for popular paid software, according to ReversingLabs. The researchers uncovered two campaigns behind the activity, each using a different approach to draw in viewers before sending them to external download sites.

Google sues China-based scammers over Gemini AI abuse
Google has filed a lawsuit against Outsider Enterprise, a China-based cybercrime network for using AI tools, including Gemini, to build phishing websites and scam infrastructure.

Cybercriminals are moving away from mass phishing campaigns
Phishing activity declined by roughly 20% in both 2024 and 2025, according to research from Zscaler’s ThreatLabz team. The drop followed years of growth that pushed phishing activity above 2 billion hits in 2023.

Authorities dismantle crypto laundering service that moved €336 million for cybercriminals
An international law enforcement operation has dismantled a cryptocurrency laundering service linked to ransomware groups and other cybercriminals that processed more than €336 million in illicit funds.

Cybersecurity jobs available right now: June 9, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

New infosec products of the week: June 12, 2026
Here’s a look at the most interesting products from the past week, featuring releases from AISLE, Drata, Elastic, Filigran, IDnow, and Ridge Security.


from Help Net Security https://ift.tt/dGPZHIO

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

While you may not have heard of it, the Insignia QF Series QLED TV is a hidden gem among budget QLED TVs with built-in Fire TV. It’s not trying to compete with premium models, but consistently delivers vibrant colors and a sharp 4K picture with colors that are richer than similarly priced entry-level TVs. Right now, it’s 40% off across multiple sizes in an early Prime Day deal, starting at $239.99 (originally $399.99), making it a smart time to invest. 

Quantum Dot Technology allows for a more detailed image than standard LED TVs, while Dolby Vision HDR support improves contrast and overall picture quality. It also comes with Dolby Atmos Audio for improved sound. The built-in Fire TV interface removes the need for a separate streaming stick and gives you access to a wide range of apps and channels, including Apple TV+, Disney+, Hulu, Netflix, and Prime Video. 

And despite the largest 85-inch model costing just $659.99 and giving you excellent value-per-inch, the TV itself has a design that looks pricier than its budget-friendly price tag, thanks to thin bezels and a lightweight construction. 

That said, there are a couple of drawbacks. It only has a 60Hz panel, so it’s not the best choice for competitive gaming, and while it supports Dolby Vision, the HDR performance can’t compare to brighter QLED models like the TCL QM8K Series, which is better suited to daytime watching and bright rooms.  There’s also no local dimming, so blacks might not look as deep as they do on higher-end models.

Still, with the 55-inch, 65-inch, and 85-inch models all heavily discounted, this is one of the best QLED TV deals right now. If you’re looking for an affordable entry model with HDR, built-in Fire TV, and a better-than-expected picture, the  Insignia QF Series QLED TV is a great early Prime Day deal to take advantage of now.

Our Best Editor-Vetted Early Prime Day Deals Right Now
Deals are selected by our commerce team

from Lifehacker https://ift.tt/h5SxmC0