@securitydailyr profile picture
Daily Security Review @securitydailyr

Everything you need to know about data security, ransomware, data storage, backup & disaster recovery

Joined October 2022
  • Tweets 940
  • Following 163
  • Followers 118
543 Photos and videos
Anthropic released Claude Mythos 5 — guardrail-free variant of Fable 5 — to vetted security researchers alongside the public launch. Previously deployed at NSA. Risk profile hinges on vetting rigor. dailysecurityreview.com/cybe… #CyberSecurity #AISecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers

ALT Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
45
npm v12 will disable install scripts by default — eliminating the vector used by Miasma and Shai-Hulud supply chain campaigns. 3B weekly downloads affected. Opt-in allowlist required going forward. dailysecurityreview.com/cybe… #CyberSecurity #SupplyChainSecurit
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk

ALT npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
11
Proto6: 6 vulns in protobuf.js (npm, millions of downloads/week) enabling RCE and DoS on Node.js apps. Only prerequisite: ability to submit data to a protobuf endpoint. No CVE or patch confirmed yet. dailysecurityreview.com/cybe… #CyberSecurity #VulnerabilityMan
Six Proto6 Flaws in protobuf.js Enable Node.js RCE

ALT Six Proto6 Flaws in protobuf.js Enable Node.js RCE
18
Anthropic disputed a researcher’s claimed jailbreak of Claude Fable 5 (launched June 10), saying it doesn’t constitute a safety classifier bypass. Simultaneous release: Mythos 5 (guardrail-free) to vetted researchers. dailysecurityreview.com/cybe… #AISecurity #C
Anthropic Disputes Jailbreak Claim Against Claude Fable 5

ALT Anthropic Disputes Jailbreak Claim Against Claude Fable 5
51
Kyushu Electric Power lost a drive holding 10.9M customer records — more than its 8M active customers. June 11 disclosure. Japan APPI mandatory reporting triggered. dailysecurityreview.com/cybe… #DataBreach #CyberSecurity
Kyushu Electric Loses Drive With Data on 10.9M Customers

ALT Kyushu Electric Loses Drive With Data on 10.9M Customers

1
1
58
Researchers showed OpenClaw AI agents can be hijacked via malicious vCard instructions — no credentials or system access needed. Agent executes attacker code using its own elevated permissions. dailysecurityreview.com/cybe… #CyberSecurity #AISecurity
OpenClaw AI Agent Hijacked via Malicious vCard Injection

ALT OpenClaw AI Agent Hijacked via Malicious vCard Injection
9
Chrome 149 security update patches 28 vulns, ~12 use-after-free bugs. No active exploitation confirmed. 5 Chrome zero-days patched in 2026 so far. 65% of desktop browsers affected. dailysecurityreview.com/cybe… #CyberSecurity #VulnerabilityManagement
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs

ALT Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
8
Threat actors filed fraudulent breach notices on Maine’s AG portal, including a false claim of 24M VRChat records exposed. VRChat denied any breach. State gov sites weaponized as misinformation channels. dailysecurityreview.com/cybe… #CyberSecurity #DataBreach
Maine AG Portal Abused to Post Fabricated Breach Notices

ALT Maine AG Portal Abused to Post Fabricated Breach Notices
1
77
OnyxC2 MaaS info stealer: $250/month, targets 200 apps via DLL sideloading and encrypted payloads. Enterprise-grade C2. Feeds initial access broker market with VPN creds and corporate sessions. dailysecurityreview.com/cybe… #Malware #CyberSecurity
OnyxC2 Stealer Targets 200 Apps for $250 Per Month

ALT OnyxC2 Stealer Targets 200 Apps for $250 Per Month
1
21
Three patched LangGraph vulns chain SQL injection to RCE on self-hosted AI agent servers. Patches released June 12. RCE yields access to every API key, credential, and service the agents can reach. dailysecurityreview.com/cybe… #CyberSecurity #VulnerabilityManag
Three LangGraph Flaws Chain to Remote Code Execution

ALT Three LangGraph Flaws Chain to Remote Code Execution
9
Europol dismantled AudiA6, a crypto laundering service that processed $380M in ransomware extortion proceeds. Operation announced June 12. Targeting financial infrastructure — not just ransomware groups. dailysecurityreview.com/cybe… #Ransomware #CyberSecurity
Europol Dismantles AudiA6 Crypto Laundering Service

ALT Europol Dismantles AudiA6 Crypto Laundering Service
11
Novo Nordisk disclosed a breach of clinical trial patient data on June 12. Scope, vector, and responsible party unconfirmed. GDPR 72-hr notice, GCP reporting, and potential FDA/EMA engagement triggered. dailysecurityreview.com/cybe… #DataBreach #CyberSecurity
Novo Nordisk Discloses Breach of Clinical Trials Patient Data

ALT Novo Nordisk Discloses Breach of Clinical Trials Patient Data
1
53
CISA BOD 26-04: federal agencies must patch critical KEV vulns within 3 days, non-critical within 7. Prior: 2 weeks for critical. Scope includes cloud and third-party systems. Private sector encouraged to adopt. dailysecurityreview.com/cybe… #CyberSecurity #CISA
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies

ALT CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies
5
China-linked JDY botnet grew from 650 to 1,500 compromised devices, targeting US military networks. Associated with Volt Typhoon. Tor-based C2. Cisco, Ubiquiti, DrayTek, Hikvision hardware compromised. dailysecurityreview.com/cybe… #CyberSecurity #ThreatIntel
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military

ALT China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
37
FBI seized 13 Chinese intelligence recruitment sites targeting US clearance holders. Posed as consulting firms on LinkedIn with AI-generated photos. Civil action coordinated with Five Eyes. No criminal charges filed. dailysecurityreview.com/cybe… #CyberSecurity
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders

ALT FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
1
25
University of Nottingham: 40GB stolen by ShinyHunters via Oracle PeopleSoft zero-day. 454,600 students across UK, Malaysia, China. Exposed: passports, disability data, credit card details. ICO notified. dailysecurityreview.com/cybe… #DataBreach #CyberSecurity
Nottingham University Breach Exposes Data on 454,600 Students

ALT Nottingham University Breach Exposes Data on 454,600 Students
99
ShinyHunters breached 300 Oracle PeopleSoft instances across 100 orgs via CVE-2026-35273 zero-day chain. Universities, hospitals, govt agencies hit. No complete patch — Oracle issued mitigations only. dailysecurityreview.com/reso… #CyberSecurity #ZeroDay
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100 Orgs

ALT Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100 Orgs
1
53
WorldLeaks posted Tata Electronics (Apple iPhone component maker), First Federal Savings & Loan, and Reliance Group. Breach targets iPhone supply chain specs. WorldLeaks = rebranded Hunters International. dailysecurityreview.com/cybe… #DataBreach #CyberSecurity
WorldLeaks Claims Apple Supplier Tata Electronics and Two More Firms

ALT WorldLeaks Claims Apple Supplier Tata Electronics and Two More Firms
170
CVE-2026-5027 in Langflow: unauthenticated RCE via path traversal, 7,000 exposed instances. Default auto-login removes auth. AI pipeline credentials and enterprise integrations at risk. Patch: 1.10.0. dailysecurityreview.com/reso… #CyberSecurity #AISecurity
Langflow CVE-2026-5027: Path Traversal Becomes Unauthenticated RCE

ALT Langflow CVE-2026-5027: Path Traversal Becomes Unauthenticated RCE
45
Storm-3075 exploits ChatGPT, Claude, and DeepSeek brands to harvest credentials via AiTM phishing. Claude campaign hit 2,000 orgs (62% US, 18% UK, 9% India). DeepSeek fake GitHub appeared within 45 min of launch. dailysecurityreview.com/phis… #Phishing #CyberSe
Storm-3075 Uses ChatGPT and Claude Brands to Harvest Credentials

ALT Storm-3075 Uses ChatGPT and Claude Brands to Harvest Credentials
1
58
Load more