Beat
Cybersecurity
Breaches, scams, and how to stay safe — the attack explained, calmly.
June 2026
Saturday, 13 June 2026
Hundreds of trusted software packages were quietly hijacked — the name stayed the same, the recipe didn't
Attackers took over 400-plus abandoned packages in Arch Linux's community repository and rewrote their build scripts to steal developer secrets. Days earlier, GitHub announced npm would flip its defaults to stop exactly this. Both are about the same weak spot: a package you trust today can change hands tomorrow, and you may never notice.
Friday, 12 June 2026
Security teams are drowning in alerts — and the warning that matters keeps slipping through
A growing share of breaches now start not with a missed clue but with a clue that was buried under thousands of others. Alert fatigue is becoming its own threat, and defenders, regulators, and ordinary users are all feeling the same overload.
Thursday, 11 June 2026
Quiet malware copied passwords off 11 million machines — and the thefts left no gap to notice
Cheap infostealer malware harvested passwords and login sessions from 11.1 million devices in 2025, and one stolen credential now spreads into several crimes at once.
Wednesday, 10 June 2026
A spyware firm a court told to stop went after WhatsApp users anyway
NSO Group is accused of breaking a permanent US court order to target WhatsApp users — a sign of how little a legal ban deters a company when the prize is bigger than the penalty. Plus Microsoft's record 206-flaw patch day, and Signal's warning about UK device-scanning.
Tuesday, 9 June 2026
A Meta support tool emailed the keys to the wrong people — and 20,225 Instagram accounts paid for it
A bug in Instagram's account-recovery tool sent password-reset links to strangers who simply asked. The accounts that survived were the ones with a second lock the bug couldn't reach.
Monday, 8 June 2026
A phone call, not a hack — extortion gang talks its way into law firms
A gang is calling US law firms while pretending to be their own IT desk, stealing client files within hours. Plus a US surveillance law nears its deadline, and the case for passkeys.
Sunday, 7 June 2026
An AI found 21 hidden flaws in software you already use — for about $1,000
Cheap AI bug-hunting is flooding software makers with vulnerabilities faster than humans can fix them. The same week, OpenAI gave ChatGPT a "Lockdown Mode" to blunt a different AI risk — and a startup raised $23M to police what AI agents are allowed to touch.
Saturday, 6 June 2026
Malware is learning to adapt, and the main guardrail is voluntary
Researchers warn of AI-powered worms that adjust as they spread, exposed fuel gauges are under attack, and a wave of romance scams shows the weakest link is still a person — but the basics that protect you haven't changed.
Friday, 5 June 2026
Your AI assistant will do what it's told — even when the order comes from a stranger
Researchers showed how a digital assistant could be steered by instructions hidden in an ordinary notification, not by its owner. It's already fixed — but it points at the security story of the moment: AI is now both a tool for attackers and a target itself. Plus fake job offers used as bait, a seventh zero-day, and the calm basics that still matter.
Thursday, 4 June 2026
The danger isn't the unknown attack — it's the known one no one got around to fixing
This week's security news has a single quiet theme: the most exploited weaknesses are flaws that already have a fix, sitting unpatched. A phone-system bug with a patch already out, a server flaw already under attack, a Microsoft app setting left switched on by mistake. Even the scary new AI-built worm mostly just hunts for holes someone forgot to close. The lesson, calmly: updating your software is the boring advice that actually matters.
Wednesday, 3 June 2026
A stock exchange spied on for five months, and a phishing kit that walks past your second check
An espionage crew lived inside a finance executive's inbox for months using ordinary Windows tools. A phishing kit shows why your login code can be the weak link. Plus a half-million-person breach, an exploited Linux flaw, and a fight over who gets to report bugs.