Aikido Security has bought Root for a reported $70 million, and the logic of the deal is simpler than the roll-up around it suggests: the industry has spent a decade telling teams to triage a backlog of CVEs and then choose between two bad fixes — upgrade and risk breaking production, or migrate to a vendor's locked-down replacement. Root's pitch is that both options are … [Read more...] about Aikido Acquires Root for a Reported $70 Million to Patch Open Source Without Forcing Upgrades
The three-week freeze on Anthropic’s most capable models is over
The three-week freeze on Anthropic's most capable models is over, and the terms of its ending matter more than the fact of it. The U.S. Department of Commerce has withdrawn the export controls imposed on Claude Fable 5 and Mythos 5, and the Bureau of Industry and Security now says no license is required to export, reexport, or transfer either model. Anthropic confirmed it … [Read more...] about The three-week freeze on Anthropic’s most capable models is over
Miasma Supply Chain Worm Jumps to Go and Now Executes Inside AI Coding Assistants
The self-replicating supply chain campaign that began with Shai-Hulud in late 2025 has mutated again, and the newest variant breaks the assumption that has anchored most npm defenses for a year. Researchers tracking the Mini Shai-Hulud, Miasma, and Hades malware family report a fresh wave of compromised npm packages that has now propagated into the Go ecosystem — and a … [Read more...] about Miasma Supply Chain Worm Jumps to Go and Now Executes Inside AI Coding Assistants
Two-Factor Authentication Bypass: Attackers Brute-Force 2FA Systems, Gaining Access to Enterprise Accounts
Throughout June 2026, incident responders have documented a pattern of attackers bypassing two-factor authentication systems through brute-force attacks against one-time password (OTP) generation endpoints. In at least one documented case, attackers gained administrative access to customer accounts at a SaaS provider by exhausting the search space of time-based OTP values … [Read more...] about Two-Factor Authentication Bypass: Attackers Brute-Force 2FA Systems, Gaining Access to Enterprise Accounts
France’s Tchap Government Messaging Breach Signals Weak Oversight of Encrypted State Communications
On June 7, 2026, France's National Cybersecurity Agency (ANSSI) detected suspicious activity on Tchap, the government's homegrown messaging service designed for secure communications across French ministries and public sector organizations. The breach indicates that a secure-by-design communication platform designed for state secrecy is vulnerable to the same human and … [Read more...] about France’s Tchap Government Messaging Breach Signals Weak Oversight of Encrypted State Communications
OpenSSL CVE-2026-45447: Heap Use-After-Free in PKCS#7 Verification Enables S/MIME RCE, Discovered With AI
On June 9, 2026, OpenSSL disclosed CVE-2026-45447, a high-severity heap use-after-free vulnerability (CVSS 9.8) in the PKCS7_verify() function that allows remote code execution via specially crafted PKCS#7 or S/MIME signed messages. The vulnerability was discovered by a California researcher working in collaboration with Claude AI and Anthropic Research, marking a notable … [Read more...] about OpenSSL CVE-2026-45447: Heap Use-After-Free in PKCS#7 Verification Enables S/MIME RCE, Discovered With AI
Microsoft Patch Tuesday June 2026: Record 200+ Vulnerabilities in Single Release, Three Pre-Disclosure Zero-Days
On June 9, 2026, Microsoft released Patch Tuesday security updates addressing 206 vulnerabilities—the largest single-month disclosure in the 23-year history of the program, exceeding the previous record of 167 CVEs. The volume alone signals something shifted in the threat landscape or in Microsoft's own development pipelines. Of the 206 fixes, 39 carry Critical severity rating, … [Read more...] about Microsoft Patch Tuesday June 2026: Record 200+ Vulnerabilities in Single Release, Three Pre-Disclosure Zero-Days
Check Point VPN Zero-Day (CVE-2026-50751) Actively Exploited by Qilin Ransomware, CISA Orders Emergency Patch
On June 8, 2026, Check Point disclosed CVE-2026-50751, a critical authentication bypass (CVSS 9.3) affecting Remote Access VPN, Mobile Access, and Spark Firewall products running the deprecated IKEv1 key exchange protocol. The flaw stems from improper certificate validation during IKEv1 Phase 1 handshake, allowing unauthenticated remote attackers to bypass the VPN login screen … [Read more...] about Check Point VPN Zero-Day (CVE-2026-50751) Actively Exploited by Qilin Ransomware, CISA Orders Emergency Patch
Ondas (ONDS) Buys Cyberhawk for $125 Million, Pulling Critical Infrastructure Inspection Data Into the Defense and Security Perimeter
On June 18, 2026, Ondas Inc. (Nasdaq: ONDS) announced a definitive agreement to acquire Cyberhawk Holdings Limited for approximately $125 million, roughly 95% in cash, with Cyberhawk leadership rolling about $5 million of proceeds into Ondas common stock under a one-year lock-up. The deal is expected to close in the third quarter of 2026, subject to regulatory approval. The … [Read more...] about Ondas (ONDS) Buys Cyberhawk for $125 Million, Pulling Critical Infrastructure Inspection Data Into the Defense and Security Perimeter
Fable 5’s Export Ban: When AI Vulnerability Discovery Became a National Security Cyber Weapon
Strip away the politics and the IPO timing and the export-control novelty, and the Fable 5 suspension is, at its core, a cybersecurity story. A frontier model was taken off the market three days after launch because the U.S. government decided its ability to find software vulnerabilities was a national security problem. That has never happened to a deployed commercial product … [Read more...] about Fable 5’s Export Ban: When AI Vulnerability Discovery Became a National Security Cyber Weapon