Cyber espionage is no longer confined to hidden servers and suspicious domains. A recently disclosed threat group, GopherWhisper, shows how modern attackers are shifting command-and-control operations into the same tools enterprises use every day.

Instead of relying on traditional infrastructure, this group operates through platforms like Slack, Discord, and Microsoft 365, blending into normal business traffic by design.

What is GopherWhisper?

GopherWhisper is a China-aligned advanced persistent threat (APT) group identified by ESET researchers.

It was publicly documented in 2025–2026 reporting and is associated with cyberespionage activity targeting government organizations, including entities in Mongolia.

Rather than focusing on disruption or ransomware, the group’s objective is long-term intelligence collection and stealthy access.

Watch Summary Video Below: ⬇️

Read more

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

The global tech and cyber landscape saw significant developments across software maintenance, enterprise security, and consumer protection. Microsoft successfully resolved a frustrating issue affecting Windows Server 2016 administrators, fixing a bug where June 2026 security updates would fail with a “file not found” error if the previous month’s patch hadn’t been installed. Meanwhile, Eastman Kodak confirmed it suffered a security breach after the extortion group ShinyHunters threatened to leak over 2.2 million customer and corporate records. While Kodak states the incident is contained with no operational impact, affected customers are being urged to update passwords and monitor for phishing attempts. On the regulatory front, the UK’s Competition and Markets Authority (CMA) hit retailer Marks Electrical with a £720,000 fine for illegally using automatic opt-ins to charge nearly 40,000 customers for unwanted appliance services.

Simultaneously, major strides are being made in authentication technology and cloud infrastructure. Google updated its reCAPTCHA platform within Google Cloud Fraud Defense, introducing hand gesture verification as a new challenge-based tool to help organizations separate human users from automated bots during logins and checkouts. In the infrastructure space, cloud provider Render hosted its inaugural “Localhost” developer conference in San Francisco. Targeting AI-driven applications, Render’s leadership advocated for “application-defined compute,” arguing that traditional serverless frameworks are fundamentally unequipped to handle modern AI workloads that require dynamic, runtime infrastructure provisioning.

Listen to our podcast here ⏬

Get BlueSleuth-Lite

⚡THREAT LANDSCAPE

Microsoft fixes Windows Server 2016 update failures

Microsoft resolved a known issue causing June 2026 security updates to fail on Windows Server 2016 systems that had not installed the previous month’s update. Affected administrators encountered 0x80070002 or FILE_NOT_FOUND errors when attempting to install KB5094122 without first deploying May’s KB5087537 security update. Microsoft confirmed the issue is now fixed and devices should no longer experience installation failures. Read More

Subscribe Now

🚨INCIDENTS & REAL-WORLD IMPACT

Kodak confirms breach; ShinyHunters leak deadline passes

Eastman Kodak confirmed a security breach after extortion group ShinyHunters claimed to have stolen over 2.2 million records containing customer personal information and internal corporate data, threatening to leak the data after a June 18 deadline. Kodak stated the incident was limited in scope and contained, with no threat to systems or operations, and has engaged external cybersecurity experts and law enforcement. Affected customers should change passwords, enable multi-factor authentication, and consider credit freezes while monitoring for phishing attempts that often follow breach announcements. Read More

Claim Your Workspace

🔓 EXECUTIVE RISK & CYBERNOMICS

Google reCAPTCHA adds hand gesture verification

Google has added hand gesture verification as a new authentication method for its reCAPTCHA service, which is part of Google Cloud Fraud Defense. The system uses risk analysis and challenge-based verification to distinguish human users from automated bots on login pages, registration forms, password resets, and checkout systems. Organizations using reCAPTCHA can now deploy this gesture-based verification alongside existing methods to prevent fraud and abuse. Read More

Get Help

🛡️ POLICY, REGULATION & LEGAL SIGNALS

CMA fines Marks Electrical £720k for unauthorized opt-ins

The UK Competition and Markets Authority (CMA) fined Marks Electrical £720,000 for automatically enrolling customers in paid services without consent. Nearly 40,000 customers will receive refunds averaging £15 each (totaling approximately £600,000) after being charged for appliance recycling and packaging removal services they did not explicitly agree to purchase. The retailer admitted breaking consumer protection laws that prohibit pre-ticked boxes or automatic opt-ins for paid extras, and the fine was reduced 40% due to early settlement and cooperation. Read More

💻 CAREER ENABLEMENT

Render hosts Localhost dev conference on AI-native infrastructure

Cloud hosting provider Render held its first developer conference, Localhost, in San Francisco to promote its infrastructure approach for AI-driven applications. The company claims 400,000 developers join monthly and handle 200 billion requests per month, positioning itself as an alternative to AWS, Azure, and Google Cloud for dynamic AI workloads. Render’s CEO argues traditional serverless platforms cannot handle AI applications that provision their own infrastructure at runtime, proposing “application-defined compute” as a solution. Read More

Click Here To Read

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cloud infrastructure company Render hosted its inaugural Localhost developer conference in San Francisco, targeting engineers building AI-powered applications. The event drew developers grappling with the rapid evolution of AI tooling and terminology, with attendees expressing both excitement and uncertainty about the pace of change in the industry. One recent computer engineering graduate noted the constant emergence of new concepts like "harness engineering" and "loop engineering," making it difficult to build deep expertise.

Render founder and CEO Anurag Goel presented company metrics showing 400,000 developers joining monthly, 10 million live services, and 200 billion monthly requests. Despite this growth, the company faces a perception challenge, as enterprise customers typically expect services to run on major cloud providers like AWS, Azure, or Google Cloud rather than lesser-known alternatives.

Goel argued that AI applications represent a fundamental shift from traditional infrastructure patterns. Unlike conventional applications with static resource requirements, AI-powered systems dynamically provision their own infrastructure based on runtime needs. For example, a research agent might require minimal resources for one query but need a headless browser with 128 GB of RAM for another, with task durations varying significantly. A single request can trigger hundreds or thousands of different tasks that cannot be predicted in advance.

According to Goel, existing serverless platforms cannot accommodate these dynamic requirements due to limitations on execution time, memory, storage, and application size. These constraints make them unsuitable for AI workloads that need flexible resource allocation based on unpredictable runtime demands.

Render's proposed solution is "application-defined compute," which allows applications to specify infrastructure requirements at runtime rather than pre-provisioning resources. This approach aims to provide the flexibility AI applications need while maintaining appropriate guardrails. The company positions this capability as a key differentiator for developers building AI-native applications that require dynamic resource allocation beyond what traditional cloud platforms offer.

Subscribe now

Source: https://www.theregister.com/ai-and-ml/2026/06/19/devs-in-the-trenches-are-stressed-from-the-mandate-to-automate-everything-but-render-thinks-it-can-help/5258595

UK appliance retailer Marks Electrical will pay a £720,000 fine and refund nearly 40,000 customers after the Competition and Markets Authority found the company automatically enrolled buyers in paid services without their consent. The investigation revealed that customers purchasing appliances were charged for "Recycle Old Appliance" and "Unwrap & Recycle Packaging" services without providing express agreement to these optional extras.

The CMA's enforcement action stems from violations of consumer protection laws that took effect in April 2025, which explicitly prohibit businesses from using pre-ticked boxes or automatic opt-ins for services that carry additional costs. Under these regulations, consumers must have genuine choice over whether to purchase extra products or services when making a transaction. The watchdog initiated its investigation after identifying these practices at Marks Electrical.

The retailer ceased the automatic opt-in practices immediately when the CMA investigation began and cooperated fully with authorities throughout the process. Marks Electrical admitted to breaking consumer law and agreed to an early settlement, which resulted in a 40% reduction to the original fine amount. The company will contact affected customers directly to arrange refunds, which will be processed through the original payment method or by cheque if necessary.

Affected customers will receive refunds averaging £15 each, totaling approximately £600,000 in total repayments. The exact amount each customer receives will vary depending on which services they were charged for and the specific costs involved. Customers do not need to take any action, as Marks Electrical will initiate contact regarding the refund process.

CMA executive director of consumer protection Emma Cochrane emphasized that the law clearly prohibits automatic enrollment in paid services. She noted that purchasing major appliances represents a significant expense for consumers, who have the right to decide whether they want optional extras rather than being charged for services without agreement. Cochrane warned all businesses to review their policies on automatic opt-ins and confirmed the CMA will continue issuing fines and securing refunds when companies violate consumer protection laws.

Subscribe now

Source: https://www.independent.co.uk/news/business/competition-and-markets-authority-b2998239.html

Google has expanded its reCAPTCHA verification system with a new hand gesture authentication method, offering an alternative to traditional image-based challenges like identifying traffic lights or crosswalks. The feature is part of Google Cloud Fraud Defense, the company's platform for preventing bot activity, account fraud, and transaction abuse.

reCAPTCHA has long served as a frontline defense against automated attacks by requiring users to complete challenges that prove they are human rather than bots. The service combines risk analysis with challenge-based verification to detect suspicious behavior patterns. Organizations typically deploy reCAPTCHA on high-risk entry points including login pages, registration forms, password reset interfaces, and e-commerce checkout systems.

The new hand gesture verification method provides another option for distinguishing legitimate users from automated scripts and bot networks. While Google has not disclosed specific technical details about how the gesture system works, it represents a shift away from purely visual or text-based challenges. This approach may help address accessibility concerns and reduce friction for users who struggle with traditional CAPTCHA formats.

The addition comes as bot operators continue to develop more sophisticated methods for bypassing security controls, including using machine learning to solve image-based challenges. By diversifying verification methods, Google aims to stay ahead of automated attack tools while maintaining a balance between security and user experience. Organizations relying on reCAPTCHA for fraud prevention will have access to this new verification option as part of their existing implementation.

Security teams using reCAPTCHA should evaluate whether hand gesture verification fits their threat model and user base. The feature can be deployed alongside existing challenge types, allowing organizations to test effectiveness before making it a primary verification method. As with any authentication control, monitoring false positive rates and user completion metrics will be essential for optimizing both security and usability.

Subscribe now

Source: https://www.helpnetsecurity.com/2026/06/19/google-recaptcha-hand-gesture-verification/

Eastman Kodak Company has confirmed it is investigating a security breach after the ShinyHunters extortion group publicly claimed responsibility for stealing more than 2.2 million records. The threat actors set a June 18 deadline for Kodak to respond before releasing the stolen data, which allegedly includes customer personally identifiable information and internal corporate data. The company acknowledged the incident to multiple security news outlets while emphasizing that the breach was limited in scope.

ShinyHunters has established a pattern of targeting organizations with data theft and extortion rather than traditional ransomware encryption. The group typically makes public claims and sets deadlines to pressure victims into paying before full details emerge. In this case, ShinyHunters has not publicly provided proof of the stolen data, which follows a common extortion playbook where threat actors leverage the fear of data exposure to force negotiations.

Kodak told investigators that an unauthorized third party gained access to a limited amount of company data and that the incident appears to have been contained. The company has brought in external cybersecurity experts to assist with the investigation and has notified law enforcement. The method of initial access remains unknown, though ShinyHunters is known for using social engineering tactics, bribery, and exploiting zero-day vulnerabilities to conduct supply chain attacks.

The company maintains that there is no ongoing threat to its systems or operations, though the investigation continues. Kodak has not yet disclosed the specific number of affected customers or the exact types of data accessed. The breach represents another example of modern extortion tactics that prioritize data theft over system encryption, allowing attackers to maintain leverage without disrupting business operations.

Security experts recommend that Kodak customers immediately change their account passwords and avoid reusing credentials across multiple services. Enabling multi-factor authentication provides an additional security layer that prevents account takeover even if passwords are compromised. Customers should also remain vigilant for phishing attempts, as cybercriminals often exploit post-breach confusion by sending fraudulent communications that appear to come from the affected company. US residents may want to consider placing credit freezes with major credit bureaus and monitoring their accounts for suspicious activity.

Subscribe now

Source: https://www.malwarebytes.com/blog/news/2026/06/kodak-confirms-breach-as-shinyhunters-leak-threat-reaches-deadline

Microsoft has resolved a known issue that prevented Windows Server 2016 systems from successfully installing June 2026 security updates. The problem affected organizations attempting to deploy the KB5094122 update on systems that had not first installed the May 2026 KB5087537 security update, resulting in 0x80070002 or FILE_NOT_FOUND errors during installation.

The issue was confirmed through an admin portal service alert after IT administrators reported widespread installation failures. Microsoft acknowledged that the security update installation bug primarily impacted customers who had skipped the previous month's update cycle, creating a dependency chain that blocked the June update from completing successfully.

This incident is part of a broader pattern of Windows update installation problems Microsoft has addressed in recent months. In May 2026, the company fixed a similar issue causing 0x800f0922 errors during Windows 11 security update installations due to insufficient free space on the EFI System Partition. Additional problems included 0x80073712 or 0x800f0993 errors on Windows 11 24H2 and 25H2 systems, BitLocker recovery boot loops on Windows Server 2025 after April updates, and failures when using the Windows Update Standalone Installer for updates released since May 2025.

The cumulative effect of these update failures poses security risks for organizations, as delayed patching leaves systems vulnerable to known exploits. Windows Server 2016 systems that experienced the installation error remained unpatched until administrators either manually installed the prerequisite May update or waited for Microsoft's fix to deploy.

Administrators managing Windows Server 2016 environments should verify that the June 2026 KB5094122 security update has successfully installed on all systems. Organizations that previously encountered installation errors should retry the update deployment. For systems still experiencing issues, Microsoft recommends ensuring all prerequisite updates are installed in sequence. Microsoft is also currently investigating a separate issue blocking third-party applications from launching Office applications after installing June 2026 updates.

Subscribe now

Source: https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-2016-security-update-failures/

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

Over the past week, government agencies and enterprise IT teams have been urged to immediately address critical vulnerabilities in widely used infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) mandated that federal agencies patch a maximum-severity remote code execution flaw (CVE-2024-56359) in the Joomla Content Editor plugin, which is actively being exploited by attackers. Simultaneously, Cisco released urgent patches for its Identity Services Engine (ISE) to resolve an input validation vulnerability that allows authenticated attackers to escalate privileges to root level and compromise the underlying operating system.

On the incident and strategic fronts, attackers successfully exploited Aztec’s deprecated private rollup bridge for $2.15 million using a false rollup proof, underscoring the lingering security risks of abandoned blockchain infrastructure. Internationally, South Korean authorities dismantled a major crypto-laundering ring by arresting 23 individuals who moved over $11 million in stolen phishing funds using USDT. To combat future digital threats, the European Union announced “Shield-6G,” an advanced security framework integrating AI and honeypots to secure next-generation telecom networks, while Google introduced a new “Agentic Resource Discovery” open standard to help AI agents seamlessly find and verify tools across separate platforms.

Listen to our podcast here ⏬

Get BlueSleuth-Lite

⚡THREAT LANDSCAPE

CISA Orders Feds to Patch Critical Joomla Plugin Flaw

CISA has ordered federal agencies to patch a critical vulnerability (CVE-2024-56359) in the Joomla Content Editor (JCE) plugin that is being actively exploited. The maximum-severity flaw allows unauthenticated attackers to execute arbitrary code remotely on vulnerable systems. Federal agencies must patch by a specified deadline, and all organizations using the affected plugin should update immediately. Read More

Critical Command Execution Flaw Patched in Cisco ISE

Cisco has patched a critical command execution vulnerability in Identity Services Engine (ISE) that stems from insufficient input validation. An authenticated attacker could exploit this flaw to access the underlying operating system and escalate privileges to root level. Organizations running Cisco ISE should apply the available security updates immediately to prevent potential system compromise. Read More

Subscribe Now

🚨INCIDENTS & REAL-WORLD IMPACT

Aztec suffers $2.1M exploit in second attack

Aztec’s deprecated private rollup bridge was exploited on Thursday for approximately $2.15 million in cryptocurrency, including 1,158 ETH, 150,000 DAI, and 0.46 renBTC. This marks the second attack on Aztec infrastructure within days, with the attacker using a false rollup proof to trick the protocol into releasing assets from its reserves. Security researchers emphasize that deprecated smart contracts remain vulnerable even after projects stop maintaining them, highlighting risks in abandoned blockchain infrastructure. Read More

Claim Your Workspace

🔓 EXECUTIVE RISK & CYBERNOMICS

EU Develops Shield-6G Network Security

The European Union is developing Shield-6G, a comprehensive security framework designed to protect future 6G telecommunications networks. The system will integrate AI-based threat detection, digital twin technology, and honeypot deployments to help mobile carriers defend against emerging cyber threats. This initiative addresses security concerns before 6G networks become operational, aiming to build protection mechanisms into the infrastructure from the start. Read More

Get Help

🛡️ POLICY, REGULATION & LEGAL SIGNALS

South Korea arrests 23 in USDT laundering case

South Korean police arrested 23 people for allegedly laundering 16.8 billion won ($11.1 million) in cryptocurrency for a Cambodia-based phishing syndicate. The operation converted stolen funds into USDT stablecoin and moved them through multiple exchanges to obscure their origin. Organizations should review transaction monitoring systems and verify counterparty identities when handling large cryptocurrency transfers, particularly involving stablecoins and cross-border movements. Read More

💻 CAREER ENABLEMENT

Google launches Agentic Resource Discovery standard

Google has released Agentic Resource Discovery, an open specification that enables AI agents to find, connect to, and verify tools and services across different platforms and organizations. The standard addresses the current fragmentation where AI agent capabilities exist in isolated registries, making cross-platform resource discovery difficult. This specification allows tools and services to be published and shared in a standardized way across the web. Read More

Click Here To Read

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Google has introduced Agentic Resource Discovery, an open specification designed to help AI agents locate and verify tools, skills, and other agents across disparate systems and organizations. The standard addresses a growing challenge in the AI ecosystem where capabilities remain siloed in separate registries, preventing agents from easily discovering resources hosted in different environments.

As AI agents become more prevalent in enterprise and consumer applications, they increasingly need to interact with tools and services distributed across multiple teams, platforms, and organizations. Currently, these capabilities exist in isolated systems with their own proprietary registries, creating significant barriers to interoperability. An agent operating in one environment has limited ability to discover or connect to resources available elsewhere, hampering the potential for cross-platform collaboration.

The Agentic Resource Discovery specification provides a standardized method for publishing, discovering, and verifying AI capabilities across the web. By establishing common protocols for resource advertisement and authentication, the standard enables agents to locate relevant tools and services regardless of where they are hosted. The specification includes mechanisms for verifying the authenticity and permissions of discovered resources, addressing security concerns that arise when agents interact with external capabilities.

This standardization effort could significantly impact how AI systems are built and deployed across organizations. Developers will be able to create agents that tap into a broader ecosystem of tools without building custom integrations for each platform. Organizations can publish their AI capabilities in a discoverable format, potentially creating new opportunities for collaboration and service sharing across enterprise boundaries.

Google has released the specification as an open standard, inviting other organizations and developers to adopt and contribute to its development. Organizations implementing AI agent systems should evaluate how this standard might simplify their architecture and improve interoperability. Security teams should review the verification mechanisms within the specification to ensure they align with their organization's policies for external resource access and agent permissions.

Subscribe now

Source: https://www.helpnetsecurity.com/2026/06/18/google-agentic-resource-discovery/

South Korean authorities have arrested 23 individuals connected to a cryptocurrency laundering network that processed approximately $11.1 million for cybercriminals operating from Cambodia. The Seoul Metropolitan Police dismantled the operation after tracing 16.8 billion won in illicit funds that originated from phishing attacks and were converted into USDT, a stablecoin pegged to the US dollar.

The laundering scheme served a Cambodia-based phishing syndicate that targeted victims through fraudulent schemes. Once the criminals obtained funds from their victims, they relied on the arrested intermediaries to convert and move the money through cryptocurrency channels. This arrangement allowed the phishing operators to distance themselves from the stolen assets while maintaining access to the funds.

The money laundering network used USDT transactions and transfers across multiple cryptocurrency exchanges to obscure the trail of stolen funds. By converting assets into stablecoins and moving them between different platforms, the operators attempted to break the chain of custody and make tracking more difficult for law enforcement. This multi-step process is a common technique in cryptocurrency-based money laundering operations.

The case highlights the continued use of cryptocurrency infrastructure by international criminal networks, particularly those operating from Southeast Asian countries with less regulatory oversight. Cambodia has become a known hub for various cyber fraud operations, including pig butchering scams and phishing syndicates. The involvement of South Korean intermediaries demonstrates how these networks span multiple jurisdictions to complicate law enforcement efforts.

Financial institutions and cryptocurrency exchanges should strengthen their transaction monitoring capabilities to detect suspicious patterns associated with layered transfers and rapid conversions between different digital assets. Enhanced due diligence on customers conducting large or frequent cross-border cryptocurrency transactions can help identify potential money laundering activity. Organizations accepting cryptocurrency payments should implement robust know-your-customer procedures and maintain detailed records of transaction origins to avoid inadvertently processing illicit funds.

Subscribe now

Source: https://crypto.news/south-korea-detains-23-suspects-over-usdt-laundering-for-cambodia-based-fraud-network/

The European Union has launched Shield-6G, a security initiative designed to protect next-generation 6G telecommunications networks before they become operational. The framework combines multiple defensive technologies including artificial intelligence-based threat detection, digital twin simulations, and honeypot systems to create a comprehensive security posture for mobile carriers.

While 6G networks remain in development and are not expected to deploy commercially for several years, the EU is taking a proactive approach to security architecture. This early focus on protection mechanisms represents a shift from previous generations of mobile networks, where security measures were often added after deployment rather than built into the foundational design.

The Shield-6G framework integrates several key technologies to create layered defenses. AI-powered threat detection systems will monitor network traffic and identify anomalous behavior in real-time. Digital twin technology will allow security teams to simulate network environments and test defensive measures without risking production systems. Honeypots will serve as decoy targets to attract and analyze attacker techniques.

Mobile carriers will be the primary beneficiaries of this security framework, as they will operate the 6G infrastructure that connects billions of devices and handles sensitive communications. The increased speed and connectivity promised by 6G networks will also expand the attack surface, making robust security measures necessary from the outset. The framework aims to address threats that may not yet exist but could emerge as 6G technology matures.

Organizations planning for 6G adoption should monitor the development of Shield-6G and similar security frameworks. Security teams should begin evaluating how AI-based threat detection and digital twin technologies can integrate with their existing infrastructure. Carriers and enterprises should participate in industry discussions about 6G security standards to ensure their requirements are addressed in these early-stage frameworks.

Subscribe now

Source: https://www.darkreading.com/cybersecurity-operations/eu-6g-network-security

Aztec's deprecated private rollup bridge suffered a $2.15 million exploit on Thursday, marking the second attack on the platform's infrastructure within days. The attacker stole 1,158 Ether, 150,000 Dai, and 0.46 renBTC by manipulating the protocol's verification system, according to Cos, co-founder of cybersecurity firm SlowMist.

Preliminary analysis revealed that the attacker exploited the bridge by submitting a false rollup proof. This fraudulent proof tricked the protocol's verification mechanism into believing a legitimate transaction had occurred, causing it to release assets from its reserves directly to the attacker's address. The exploit targeted infrastructure that Aztec had already deprecated and was no longer actively maintaining.

The technical vulnerability lies in how the bridge validated rollup proofs before releasing funds. Rollup bridges typically batch multiple transactions together and submit cryptographic proofs to verify their validity. In this case, the attacker crafted a proof that passed the bridge's validation checks despite representing fraudulent transactions, allowing unauthorized withdrawal of funds held in the protocol's reserves.

This incident represents the second exploit of Aztec infrastructure in recent days, raising serious concerns about the security posture of deprecated smart contracts. Once a project stops maintaining its code, vulnerabilities can persist indefinitely while the contracts continue holding user funds. The attack demonstrates how abandoned blockchain infrastructure can become attractive targets for attackers who have time to analyze unmaintained code for weaknesses.

Security researchers warn that deprecated smart contracts pose ongoing risks to the cryptocurrency ecosystem. Projects that deprecate infrastructure should ensure proper migration of funds and clear communication to users about security risks. Users holding assets in deprecated protocols should move funds to actively maintained alternatives. Organizations should implement sunset procedures that include security audits, fund migration plans, and contract deactivation to prevent similar exploits of abandoned infrastructure.

Subscribe now

Source: https://cointelegraph.com/news/aztec-exploited-21-million-previous-hack-slowmist?utm_source=rss&utm_medium=rss_feed_medium&utm_campaign=rss_feed_medium

Cisco has released security patches for a critical vulnerability in its Identity Services Engine (ISE) platform that could allow authenticated attackers to execute arbitrary commands and gain root-level access to the underlying operating system. The flaw represents a significant security risk for organizations relying on Cisco ISE for network access control and policy enforcement.

The vulnerability exists due to insufficient validation of user-supplied input within the ISE application. This weakness in input handling creates an opportunity for attackers who have already obtained valid credentials to inject malicious commands that the system processes without proper security checks.

Successful exploitation allows an authenticated attacker to break out of the application layer and interact directly with the underlying operating system. Once this initial access is achieved, the attacker can then escalate their privileges to root, giving them complete administrative control over the affected ISE deployment. This level of access would enable attackers to modify security policies, intercept authentication data, or use the compromised system as a pivot point for further network intrusion.

The impact of this vulnerability is particularly severe for enterprise environments where Cisco ISE serves as a central authentication and authorization platform. A compromised ISE deployment could undermine an organization's entire network security posture, potentially allowing attackers to bypass access controls, modify user permissions, or gain unauthorized access to sensitive network segments.

Cisco has made patches available to address this vulnerability. Security teams should prioritize applying these updates to all ISE deployments as soon as possible. Organizations should also review their ISE access logs for any suspicious authentication patterns or unusual administrative activity that might indicate attempted or successful exploitation. As an additional precaution, administrators should verify that ISE administrative access is restricted to trusted users and protected by strong authentication mechanisms.

Subscribe now

Source: https://www.securityweek.com/critical-command-execution-vulnerability-patched-in-cisco-ise/

The U.S. Cybersecurity and Infrastructure Security Agency has added a critical vulnerability in the Widget Factory Joomla Content Editor plugin to its Known Exploited Vulnerabilities catalog, mandating that federal agencies patch the flaw by a specified deadline. The vulnerability, tracked as CVE-2024-56359, carries a maximum CVSS severity score and is confirmed to be under active exploitation in the wild.

The JCE plugin is a widely used content editor for Joomla websites, providing enhanced editing capabilities for site administrators and content creators. This particular vulnerability affects versions of the plugin prior to the patched release, making thousands of Joomla installations potentially vulnerable to attack. The flaw's presence in such a common component amplifies the risk across the broader web ecosystem.

CVE-2024-56359 allows unauthenticated remote attackers to execute arbitrary code on vulnerable systems without requiring any user interaction or valid credentials. This type of vulnerability represents one of the most severe security risks, as successful exploitation grants attackers complete control over affected web servers. Attackers can leverage this access to steal sensitive data, install malware, modify website content, or use compromised servers as launching points for further attacks.

The addition to CISA's KEV catalog signals that threat actors are already exploiting this vulnerability in real-world attacks. Federal agencies face mandatory patching deadlines under Binding Operational Directive 22-01, which requires remediation of known exploited vulnerabilities within specified timeframes. The active exploitation status means attackers have developed working exploit code and are scanning for vulnerable installations.

Organizations running Joomla websites with the JCE plugin should immediately verify their plugin version and apply available security updates. Website administrators should check their Joomla extension manager for updates to the JCE plugin and install the patched version without delay. Beyond patching, organizations should review web server logs for signs of compromise, monitor for unusual administrative activity, and consider implementing web application firewalls as an additional protective layer while patches are deployed.

Subscribe now

Source: https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-max-severity-joomla-plugin-flaw-by-friday/

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

The evolving cyber threat environment is marked by highly targeted financial scams and significant data exposures. In recent developments, the FBI has warned of a rising trend where cryptocurrency scammers employ physical couriers to collect cash directly from victims’ homes after banks block suspicious digital transfers. Meanwhile, the healthcare sector faces ongoing exposure risks, as evidenced by a data breach at iRhythm Holdings, where attackers gained unauthorized access to third-party-hosted applications, exposing highly sensitive patient data including Social Security numbers, medical records, and clinical information.

Concurrently, systemic and regulatory hurdles continue to complicate organizational defenses and national oversight. Despite its longevity, implementing a zero-trust architecture remains exceptionally difficult, with an overwhelming majority of organizations reporting deployment challenges or operational failures rooted in treating the strategy as a product rather than an institutional mindset. These defensive struggles are compounded by shifting federal support and regulatory friction: Senator Mark Warner has sounded alarms over severe budget reductions and a potential loss of one-third of the workforce at CISA, which threatens vital local security support, while the GAO is actively pressing the FDIC for stronger interagency coordination to mitigate the financial market risks posed by blockchain technologies.

Listen to our podcast here ⏬

Get BlueSleuth-Lite

⚡THREAT LANDSCAPE

FBI warns of crypto scam couriers collecting cash

The FBI has issued a warning about cryptocurrency investment scammers who are now sending couriers to victims’ homes to collect cash in person. Scammers typically contact targets through social media or text messages, using fake investment platforms that display fabricated returns to encourage more deposits. When banks block suspicious wire transfers, the fraudsters claim that in-person cash pickups are necessary to continue investing or pay supposed fees. Read More

Subscribe Now

🚨INCIDENTS & REAL-WORLD IMPACT

iRhythm discloses patient data breach

iRhythm Holdings, a digital healthcare company, disclosed a data breach where hackers accessed patient personal and health information stored on third-party-hosted business applications. The breach exposed sensitive patient data including names, dates of birth, Social Security numbers, medical record numbers, health insurance information, and clinical data. Affected patients should monitor their accounts for suspicious activity, consider credit freezes, and watch for potential phishing attempts using the stolen information. Read More

Claim Your Workspace

🔓 EXECUTIVE RISK & CYBERNOMICS

Zero Trust Implementation Challenges and Best Practices

Despite being 15 years old, zero trust security remains widely misunderstood and difficult to implement, with 88% of organizations facing significant challenges and 35% experiencing failures that harmed their operations. Common misconceptions include viewing zero trust as a product or technology rather than a strategic mindset requiring cross-organizational collaboration, starting with identifying critical assets and mapping transaction flows. Experts recommend starting small with high-value targets, leveraging existing tools, building cross-functional teams, and measuring success through outcome-driven metrics tied to business objectives. Read More

Get Help

🛡️ POLICY, REGULATION & LEGAL SIGNALS

GAO urges FDIC coordination on crypto oversight

The US Government Accountability Office has called on the Federal Deposit Insurance Corporation to establish better coordination with other federal agencies regarding blockchain technology risks. The GAO first raised these concerns in May 2024 and has placed blockchain oversight on its High Risk List due to regulatory struggles with blockchain-based financial products. The recommendation aims to address gaps in how multiple agencies handle potential risks to US financial markets from blockchain technology. Read More

💻 CAREER ENABLEMENT

Warner warns of CISA cuts and staffing gaps

Senator Mark Warner has raised alarms about severe staffing cuts at the Cybersecurity and Infrastructure Security Agency (CISA), including the loss of one-third of its workforce and over $700 million in proposed budget reductions for fiscal year 2027. The cuts have disrupted CISA’s ability to support state and local governments, particularly after funding was halted for the MS-ISAC information sharing center that serves critical infrastructure operators. Warner has introduced legislation to restore MS-ISAC funding and requested detailed organizational data from CISA to assess the impact on regional operations and service delivery. Read More

Click Here To Read

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

The Cybersecurity and Infrastructure Security Agency faces significant operational challenges following workforce reductions and budget cuts that Senator Mark Warner warns could compromise national security. In a letter to CISA Acting Director Nick Andersen, Warner detailed concerns about the agency losing approximately one-third of its staff, including many senior personnel, alongside a proposed $700 million budget cut for fiscal year 2027.

The staffing crisis has particularly affected CISA's regional operations, with five of ten regional director positions currently filled by acting officials. State and local government officials have reported reduced responsiveness and disrupted service delivery from the agency, which traditionally provides critical cybersecurity support including vulnerability scans, risk assessments, and incident response services to infrastructure operators nationwide.

A major point of contention involves the MS-ISAC (Multi-State Information Sharing and Analysis Center), which supports state and local critical infrastructure cybersecurity efforts. Former DHS Secretary Kristi Noem discontinued federal funding for the program and blocked state and local governments from using federal grants to participate. Warner has introduced the Guaranteeing Universal Access to Cybersecurity Act to restore this funding and sent letters to all 50 governors outlining the risks to their states' critical infrastructure.

CISA Acting Director Andersen has announced plans to hire more than 300 additional workers, with some already onboarded. He emphasized the administration's commitment to maintaining a ready cyber defense capability, though the agency has operated without a permanent director since January 2025 after nominee Sean Plankey withdrew from consideration following months of Senate delays.

Warner has requested comprehensive organizational charts and staffing data from CISA, including details on employee departures, service delivery metrics by region, and information about new hires' qualifications and assignments. The senator seeks documentation showing the number of security services provided to state and local officials, service request volumes, completion rates, and response times to assess the full impact of the organizational changes on CISA's operational capacity.

Subscribe now

Source: https://therecord.media/warner-warns-of-cisa-cuts-staffing-shortages

The US Government Accountability Office has publicly urged the Federal Deposit Insurance Corporation to improve coordination with other federal agencies on blockchain technology oversight. In a June 8 letter to FDIC Chairman Travis Hill made public this week, the GAO emphasized that regulators currently lack an ongoing coordination mechanism for addressing blockchain-related risks.

The GAO initially flagged these priority recommendations to the FDIC in May 2024, identifying blockchain technology oversight as a critical area requiring attention. The watchdog agency has since elevated blockchain technology to its High Risk List, a designation reserved for areas where the government faces significant challenges in effective oversight and management.

The GAO's concerns center on what it describes as regulatory struggles to oversee blockchain-based financial products and assess the risks they may pose to US financial markets. The current fragmented approach across multiple federal agencies has created gaps in how blockchain technology and related financial products are monitored and regulated. Without a formal coordination mechanism, different agencies may duplicate efforts or leave critical areas unaddressed.

The implications extend beyond the FDIC to the broader regulatory framework governing digital assets and blockchain applications in the financial sector. Multiple federal agencies, including the Securities and Exchange Commission, Commodity Futures Trading Commission, and Office of the Comptroller of the Currency, have varying degrees of authority over blockchain-based financial activities. The lack of coordination among these bodies creates uncertainty for both regulators and financial institutions.

The GAO's recommendation calls for the FDIC to take a leadership role in establishing formal coordination channels with other federal regulators. This would involve creating structured processes for information sharing, joint risk assessments, and coordinated policy development related to blockchain technology. Financial institutions operating in this space should monitor how agencies respond to these recommendations, as improved coordination could lead to clearer regulatory expectations and more consistent oversight approaches across the federal government.

Subscribe now

Source: https://cointelegraph.com/news/us-government-watchdog-urges-fdic-coordinate-on-crypto-oversight?utm_source=rss&utm_medium=rss_feed_medium&utm_campaign=rss_feed_medium

Organizations continue to struggle with zero trust implementation 15 years after the security model was introduced, with new research revealing widespread failures and confusion about the approach. Accenture reports that 88% of organizations encounter significant challenges when implementing zero trust, while a Gartner survey found that 35% of organizations attempting zero trust initiatives experienced failures that negatively affected their operations. Security researchers at DefCon 33 identified vulnerabilities in multiple zero-trust network access (ZTNA) vendor offerings, highlighting that even dedicated solutions contain familiar security flaws.

The core problem stems from persistent misconceptions about what zero trust actually represents. Many organizations mistakenly view zero trust as a product they can purchase or a technology they can deploy, when it is fundamentally a security strategy and mindset. Vendors contribute to this confusion by marketing products as complete zero-trust solutions, though experts note that individual products typically deliver only 10-15% of required controls. Zero trust was originally defined by John Kindervag as a "never trust, always verify" approach to replace perimeter security models, but translating this principle into practice requires organizational change rather than just technology deployment.

Successful zero trust implementation starts with identifying high-value assets (protect surfaces) and mapping transaction flows associated with mission-critical business processes. This requires breaking down organizational silos and coordinating among security teams, networking groups, business units, compliance functions, and risk management. IT departments often lack visibility into what constitutes the organization's crown jewels, making collaboration with business leaders essential. In multi-cloud environments, this mapping becomes particularly complex as business processes span on-premises systems, edge computing, cloud services, containers, and microservices.

Many organizations believe zero trust requires massive investment, but experts emphasize that initial steps involve minimal spending. Key activities include forming cross-functional zero-trust teams from existing governance and compliance groups, educating stakeholders across departments, developing a business-aligned strategy, and defining architecture specific to organizational needs. Organizations should inventory existing security tools like multi-factor authentication, single sign-on, and identity management systems before identifying gaps requiring new investments. Gartner warns that overly expansive initial scopes incorporating too many systems or intricate policy sets lead to scalability challenges and extended timelines.

Security leaders recommend starting with targeted, high-impact initiatives that demonstrate quick wins rather than attempting organization-wide implementation. Success should be measured through outcome-driven metrics linking zero-trust initiatives to business objectives, including reduced breach incidents, improved compliance rates, and mitigation of specific risks like lateral movement and data breaches. As organizations adopt AI and deploy autonomous agents, zero-trust principles become more relevant rather than obsolete, requiring the same fundamental approach of strict segmentation, policy enforcement, and data flow control. Organizations should view zero trust as an ongoing journey requiring continuous adaptation as business needs and technology environments evolve.

Subscribe now

Source: https://www.sophos.com/en-us/blog/a-needle-in-a-stack-of-needles-hunting-infostealers-with-ai

iRhythm Holdings, a digital healthcare company specializing in cardiac monitoring services, has disclosed a data breach affecting patient information stored on third-party-hosted business applications. The company detected unauthorized access to systems containing sensitive patient data, prompting notifications to affected individuals and regulatory authorities.

The breach involved multiple categories of protected health information and personally identifiable data. Compromised information includes patient names, dates of birth, Social Security numbers, medical record numbers, health insurance details, and clinical data related to cardiac monitoring services. The extent of the breach and the exact number of affected patients has not been publicly specified.

The attack targeted business applications hosted by a third-party service provider rather than iRhythm's core clinical systems. This highlights the persistent security risks associated with vendor relationships and cloud-based infrastructure in healthcare environments. The company has not disclosed technical details about how the breach occurred, whether ransomware was involved, or the specific third-party vendor affected.

The exposure of Social Security numbers and health insurance information creates significant identity theft risks for affected patients. Combined with clinical data, the stolen information could enable targeted phishing campaigns or insurance fraud. Healthcare data breaches often have long-term consequences as medical information cannot be changed like credit card numbers.

Affected patients should immediately review their credit reports and consider placing fraud alerts or security freezes with credit bureaus. They should monitor explanation of benefits statements from insurers for unauthorized medical claims and remain vigilant against phishing emails or calls referencing their cardiac care. iRhythm is offering credit monitoring services to impacted individuals and has stated it is enhancing security measures to prevent future incidents.

Subscribe now

Source: https://www.bleepingcomputer.com/news/security/irhythm-discloses-data-breach-says-hackers-stole-patient-info/

The FBI has issued an alert about an escalation in cryptocurrency investment fraud, where scammers are dispatching couriers to collect cash directly from victims at their homes. This tactic represents a significant shift from traditional remote-only fraud schemes and introduces additional physical risk to victims.

The scams typically begin with contact through social media platforms, text messages, or dating apps, where fraudsters pose as investment advisors or romantic interests. Victims are gradually convinced to invest in cryptocurrency through what appear to be legitimate trading platforms. These platforms display fake account balances and fabricated investment returns designed to build trust and encourage victims to deposit increasingly larger sums.

When victims attempt to transfer funds and their financial institutions flag or block the suspicious transactions, scammers adapt their approach. They tell victims that cash collection is the only way to continue their investments or that in-person payments are required to cover taxes, fees, or other charges before they can access their supposed profits. The courier pickup method allows scammers to bypass banking security measures that might otherwise prevent the fraud.

The physical component of these schemes creates additional dangers beyond financial loss. Victims who allow strangers into their homes or meet them at other locations face potential safety risks. The courier tactic also makes it more difficult for law enforcement to trace the funds, as cash transactions leave fewer digital footprints than electronic transfers.

The FBI recommends that individuals be extremely skeptical of unsolicited investment opportunities, particularly those involving cryptocurrency. Anyone contacted by supposed investment advisors through social media should verify their credentials through independent sources. Most importantly, legitimate investment firms never send couriers to collect cash payments, and any request for in-person cash pickup should be treated as a clear warning sign of fraud. Victims or potential victims should report suspicious activity to the FBI's Internet Crime Complaint Center.

Subscribe now

Source: https://www.helpnetsecurity.com/2026/06/16/crypto-scammers-couriers-cash-pickups-fbi-warning/