cKure

 The ‘Miasma’ worm source code briefly leaked on GitHub The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...] https://www.bleepingcomputer.com/news/security/the-miasma-worm-source-code-briefly-leaked-on-github/

 Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-rogueplanet-zero-day-grants-system-privileges/

 OpenClaw AI agent found falling for phishing attacks, spills user data Phishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. [...] https://www.bleepingcomputer.com/news/security/openclaw-ai-agent-found-falling-for-phishing-attacks-spills-user-data/

 SAP fixes critical flaws in NetWeaver and Commerce Cloud SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. [...] https://www.bleepingcomputer.com/news/security/sap-fixes-critical-flaws-in-netweaver-and-commerce-cloud/

■■■■□ 🇨🇳 PLA Cyberspace Forces (CSF) Order of Battle. The map illustrates the locations of cyber and electronic units involved in targeting, collection, execution, and analysis. Each unit supports its respective Theater Command (TC). https://cyberdefensereview.army.mil/CDR-Content/Articles/Article-View/Article/4500583/from-bytes-to-satellites-improving-us-joint-force-all-source-intelligence-to-co/

Free research papers

https://sci-bot.ru/

🇬🇧🇨🇳⚡️ — A hidden camera was discovered in a ceiling panel inside a sensitive government building on Marsham Street in central London that houses the Home Office and the Ministry of Housing, Communities, and Local Government, prompting concerns over possible espionage, according to The i Paper.

The incident has drawn particular attention because officials working in the building had been involved in reviewing the planning application for China's proposed new mega-embassy in London. Ministers were informed of the discovery, and security services were notified. The device was found within the past two months in a communal area used by civil servants rather than near ministerial offices. Authorities are investigating who installed the camera and how long it had been in place.

🚨 A single stray "!" in the #Linux kernel's firewall code (nftables). That one character let any normal logged-in user become root, and step out of the container. The fix? One line. And the exploit (CVE-2026-23111) to abuse it just went public. Read: https://thehackernews.com/2026/06/one-character-linux-kernel-flaw-enables.html

AI is finding zero-days faster than security teams can respond. NIST can't keep pace with CVEs. Exploitation windows are now measured in hours. Most vulnerability management programs weren't built for this environment. In the latest Resilient Cyber episode, Chris Hughes sits down with Ivan Dwyer of Axonius to discuss what comes next — asset visibility, board conversations, AI vs. AI, and the metrics that actually matter when the volume explodes. The Vulnpocalypse Playbook >> https://thn.news/vulnpocalypse-guide

■■■□□ Driving into the Unknown: Investigating and Addressing Security Breaches in Vehicle Infotainment Systems.

The website is geo locked and done regions are not allowed.

https://www.mdpi.com/1424-8220/26/1/77

📻🇮🇷 Active.

The Pentagon’s Defense Intelligence Agency (DIA) in recent weeks issued a new counterintelligence threat assessment, viewed by a current U.S. official, that raises the level of suspected espionage threat from Israel to “critical” targeting the United States. According to officials, the designation stems from concerns by the Pentagon that Israel is making a particular effort to surveil top officials to get information on the Trump administration’s internal deliberations on the Iran War in the Middle East.

📡🅰️🅰️🅰️❎❎🅰️🅰️🅰️🅰️

PimEyes.Com

— 🇺🇸/🇮🇱 NEW: American soldiers deployed to defend Israel had their phones bugged and wiretapped by Mossad – New York Times @Middle_East_Spectator

■□□□□ OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. https://thehackernews.com/2026/06/new-chatgpt-lockdown-mode-limits-tools.html

■■■■□ Russia: GRU University, Where Moscow Turns Students into Spies and Hackers. https://vsquare.org/welcome-to-the-gru-university-where-moscow-turns-students-into-spies-and-hackers-bauman-stupakov/

⚡🇺🇸 Here is the full video of the unknown aircraft recently spotted near Area 51. Three cameras were used: natural, night vision and infrared. The two first shows that the aircraft had its headlights on for some reason. The infrared view is the most interesting. From this footage we can say that the aircraft is quite large, seems to have two engine, has a delta + canard wing configuration, seems to lack any vertical surfaces and is almost certainly stealthy. The wing tips may be mobile like the Chinese J-36 although it's hard to tell for sure. No contrails or exhaust heat is visible. This could be due to advance and unknown stealth technology or just camera settings and local air conditions. The aircraft could be a NGAD demonstrator, a F-47 prototype, a F/A-XX demonstrator or something else. Full video on YouTube @wfwitness

🇺🇸⚡️ — Anthropic is working with the National Security Agency to deploy its restricted Mythos AI model for cyberattacks, with about six company engineers embedded inside the agency to customize the system for specific missions, FT reports. ➡️ Mythos is considered powerful enough to autonomously identify and exploit software vulnerabilities and could be used in operations targeting foreign networks, including those linked to China and Iran. ➡️ The cooperation comes despite Anthropic's ongoing legal dispute with the Pentagon over restrictions on military use of its AI systems. Anthropic previously sought to limit government use of its models for mass surveillance and autonomous weapons, prompting the Pentagon to designate the company a supply-chain risk. ➡️ Mythos was not broadly released because of concerns over its offensive cyber capabilities, although Anthropic has since expanded access to selected organizations internationally.

👩‍💻 Performing RCE in Internet Explorer via clickjacking!

Credits: Igor Sak-Sakovsky's (𝕏 | Psych0tr1a)

https://swarm.ptsecurity.com/the-click-that-shouldnt-have-worked-rce-via-clickjacking-in-internet-explorer/

📡🛰 For 19 years, GPS satellites have secretly broadcast a “numbers station” in their public signals. We decoded 12M messages: a 2011 flash where 31 of 32 satellites flipped in hours, “ghost” substrings repeating years apart, and a “TEXT” prefix spreading now. https://lsc-pagepro.mydigitalpublication.com/publication/?i=865273&p=62&view=issueViewer https://github.com/sjmurdoch/gps-special-messages https://x.com/i/status/2061829547289387209