24.06.2026

CSO Online 24.06.2026 01:13
An extensive program at Meta to gather a wide range of data from employees to train its AI model has been frozen after employees reportedly broke through its guardrails and accessed restricted data, and then did so again after Meta claimed to have fixed the vulnerability.
Whether or not the data collection by the $201 billion owner of Facebook was a good idea, analysts argue that the data protections deployed were woefully inadequate, given the extreme sensitive nature of the collected data.

CSO Online 24.06.2026 00:23
A newly discovered critical vulnerability in the FFmpeg media processing framework bundled in a huge number of open source and commercial applications points, again, to the need for CSOs to have strategies to deal with software supply chain vulnerabilities, which should include demanding a software bill of materials for all products.
Found by researchers at JFrog, the hole (CVE-2026-8461) is a heap out-of-bounds write in the MagicYUV decoder that can crash any application that uses the framework. It runs in everything from desktop video players like Kodi and mpv, to Linux file-manager thumbnail generators, to cloud transcoding pipelines (such as AWS MediaConvert and Cloudflare Stream) and self-hosted media servers.

CSO Online 23.06.2026 18:25
US President Donald Trump on Monday signed a pair of executive orders aimed at accelerating the federal government’s transition to post-quantum cryptography while expanding US investment in quantum technologies, establishing what the administration describes as a coordinated strategy to prepare for the opportunities and risks posed by quantum computing.
The actions include an executive order, “Securing the Nation Against Advanced Cryptographic Attacks,” and a companion order, “Ushering in the Next Frontier of Quantum Innovation.” Accompanying White House fact sheets frame the initiatives as part of the administration’s broader national security, economic competitiveness, and cybersecurity strategy.

The Hacker News 23.06.2026 15:16
President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography.

Key establishment must move by December 31, 2030; digital signatures by December 31, 2031. EO 14409 leaves national security systems on a separate track.

The deadlines matter because of a threat that does not

The Hacker News 23.06.2026 14:22
GitHub is moving to strengthen software supply chain security by updating "actions/checkout" to block pwn request attacks that exploit the risky use of the "pull_request_target workflow" trigger to run malicious code with the workflow's full privileges.

Effective June 18, 2026, the latest version of "actions/checkout," the official GitHub action for checking out a repository into the

Infosecurity Magazine 23.06.2026 14:00
All US federal agencies will have to complete their post-quantum cryptography transition by 2031, according to a new Trump Executive Order

Heise Security 23.06.2026 11:53
Mit einer Sicherheitsinitiative geht OpenAI in Konkurrenz zu Anthropics Mythos und bietet zudem einen Sicherheits-Review-Service für Open-Source-Projekte.

Heise Security 23.06.2026 09:49
Aktuelle macOS-Versionen können potenziell problematische Terminal-Eingaben abfangen. Die Angriffsform wird populärer.

Golem 23.06.2026 09:36
Mit einer nur 50 KByte großen Videodatei können Angreifer Server- und Desktop-Anwendungen zum Absturz bringen oder gar Schadcode einschleusen. (Sicherheitslücke, Film)

Infosecurity Magazine 23.06.2026 09:29
Two young British men have pleaded guilty to hacking Transport for London as part of a Scattered Spider plot

Heise Security 23.06.2026 07:06
Die ersten Secure-Boot-Zertifikate laufen in diesen Tagen ab. Microsoft legt noch mal Handreichungen nach, für Linux auf Azure-VMs.