Daylila
All editions

Beat

Cybersecurity

Breaches, scams, and how to stay safe — the attack explained, calmly.

June 2026

Saturday, 13 June 2026

Hundreds of trusted software packages were quietly hijacked — the name stayed the same, the recipe didn't

Attackers took over 400-plus abandoned packages in Arch Linux's community repository and rewrote their build scripts to steal developer secrets. Days earlier, GitHub announced npm would flip its defaults to stop exactly this. Both are about the same weak spot: a package you trust today can change hands tomorrow, and you may never notice.

Friday, 12 June 2026

Security teams are drowning in alerts — and the warning that matters keeps slipping through

A growing share of breaches now start not with a missed clue but with a clue that was buried under thousands of others. Alert fatigue is becoming its own threat, and defenders, regulators, and ordinary users are all feeling the same overload.

Thursday, 11 June 2026

Quiet malware copied passwords off 11 million machines — and the thefts left no gap to notice

Cheap infostealer malware harvested passwords and login sessions from 11.1 million devices in 2025, and one stolen credential now spreads into several crimes at once.

Wednesday, 10 June 2026

A spyware firm a court told to stop went after WhatsApp users anyway

NSO Group is accused of breaking a permanent US court order to target WhatsApp users — a sign of how little a legal ban deters a company when the prize is bigger than the penalty. Plus Microsoft's record 206-flaw patch day, and Signal's warning about UK device-scanning.

Tuesday, 9 June 2026

A Meta support tool emailed the keys to the wrong people — and 20,225 Instagram accounts paid for it

A bug in Instagram's account-recovery tool sent password-reset links to strangers who simply asked. The accounts that survived were the ones with a second lock the bug couldn't reach.

Monday, 8 June 2026

A phone call, not a hack — extortion gang talks its way into law firms

A gang is calling US law firms while pretending to be their own IT desk, stealing client files within hours. Plus a US surveillance law nears its deadline, and the case for passkeys.

Sunday, 7 June 2026

An AI found 21 hidden flaws in software you already use — for about $1,000

Cheap AI bug-hunting is flooding software makers with vulnerabilities faster than humans can fix them. The same week, OpenAI gave ChatGPT a "Lockdown Mode" to blunt a different AI risk — and a startup raised $23M to police what AI agents are allowed to touch.

Saturday, 6 June 2026

Malware is learning to adapt, and the main guardrail is voluntary

Researchers warn of AI-powered worms that adjust as they spread, exposed fuel gauges are under attack, and a wave of romance scams shows the weakest link is still a person — but the basics that protect you haven't changed.

Friday, 5 June 2026

Your AI assistant will do what it's told — even when the order comes from a stranger

Researchers showed how a digital assistant could be steered by instructions hidden in an ordinary notification, not by its owner. It's already fixed — but it points at the security story of the moment: AI is now both a tool for attackers and a target itself. Plus fake job offers used as bait, a seventh zero-day, and the calm basics that still matter.

Thursday, 4 June 2026

The danger isn't the unknown attack — it's the known one no one got around to fixing

This week's security news has a single quiet theme: the most exploited weaknesses are flaws that already have a fix, sitting unpatched. A phone-system bug with a patch already out, a server flaw already under attack, a Microsoft app setting left switched on by mistake. Even the scary new AI-built worm mostly just hunts for holes someone forgot to close. The lesson, calmly: updating your software is the boring advice that actually matters.

Wednesday, 3 June 2026

A stock exchange spied on for five months, and a phishing kit that walks past your second check

An espionage crew lived inside a finance executive's inbox for months using ordinary Windows tools. A phishing kit shows why your login code can be the weak link. Plus a half-million-person breach, an exploited Linux flaw, and a fight over who gets to report bugs.