Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security Risks
(Alessandro Mascellino – Infosecurity Magazine) An attack by the Anubis ransomware group on a port authority on the Adriatic has been cast as a warning to maritime infrastructure. New analysis, published on June 11 by threat intelligence firm Resecurity, examined a cyber-attack which saw Anubis list the Adriatic Port Authority on its data leak site. The Adriatic Port Authority (Autorità di Sistema Portuale del Mare Adriatico Centrale), which runs the Italian port of Ancona, said the breach dated back to December 11 2025 and was attributed to Anubis in January 2026, when the group claimed it and leaked the data. – Adriatic Port Cyber-Attack Sparks Warning Over Maritime Security – Infosecurity Magazine
Cybersecurity Experts Urge US to Lift Ban on Anthropic’s Frontier AI Models
(Kevin Poireault – Infosecurity Magazine) Over 50 cybersecurity professionals have publicly requested the US government lift the ban on access to Mythos 5 and Fable 5, the latest frontier large language models (LLMs) released by AI company Anthropic. On June 12, Anthropic announced that the US government had issued an export control directive to suspend all access to Fable 5 and Mythos 5, released just a few days earlier, by any foreign national. This decision prompted the AI company to suspend access to both models for all customers to ensure compliance with the directive. – Cyber Experts Urge US to Lift Ban on Anthropic’s Frontier AI Models – Infosecurity Magazine
The Shared Language Needed to Secure and Govern AI Systems
(Sushila Nair – Infosecurity Magazine) As a cybersecurity professional with plenty of certs, I didn’t expect to study for another, but AI changed the risk landscape. Traditional systems are deterministic; AI systems are data-driven and probabilistic, which means code and data are inseparable and the threat model shifts with every retraining cycle. In AI security, you’re managing new risks like data poisoning, model drift, prompt injection, and non-determinism. You can’t patch a hallucination; you just have to retrain the model. That’s why our playbooks need to expand from endpoints and apps to training data, model governance, and post-deployment monitoring. Frameworks like MITRE ATLAS exist because ATT&CK wasn’t built for model-centric threats. The goal isn’t collecting another badge; it’s getting a shared language and repeatable methods to assess, govern, and secure AI systems. Certifications can help create that structure. One option is ISACA’s AAISM, which focuses on AI-specific security management. – The Shared Language Needed to Secure and Govern AI Systems – Infosecurity Magazine
UK Government Finds 400+ Vulnerabilities in AI Hackathons
(Phil Muncaster – Infosecurity Magazine) The UK government has discovered and patched hundreds of vulnerabilities after running a series of internal hackathons using frontier AI models. The weekly, in-person events were organized by the Government Cyber Coordination Centre (GC3) – an initiative from the National Cyber Security Centre (NCSC) and the Department for Science, Innovation and Technology (DSIT). The idea was to use the models to scan public code repositories across nine government departments. “Rather than mandate a single approach, we gave teams model access and let them build their own tooling, noticing what worked each week and building on the best approaches,” the GC3 said. – UK Government Finds 400+ Vulnerabilities in AI Hackathons – Infosecurity Magazine
Maine Takes Breach Reporting Portal Offline After Fake Entries
(Phil Muncaster – Infosecurity Magazine) The state of Maine has taken its public-facing database of breach reports offline following the publication of two false reports. The Office of the Maine Attorney General said in a statement on June 12 that the database would remain unavailable while it reviews its procedures to make such abuses less likely in the future. “After conversations with VRChat, one of two affected companies, it has become clear that the reported data breaches were hoaxes submitted by an unknown entity unrelated to either company,” the statement continued. “These false reports have been removed from the database. We have no knowledge of any recent legitimate data breach reports from either VRChat or Discord.” – Maine Takes Breach Reporting Portal Offline After Fake Entries – Infosecurity Magazine
Novo Nordisk Confirms Data Theft: What Attackers Took and What They Didn’t
(Pierluigi Paganini – Security Affairs) The Danish pharmaceutical giant Novo Nordisk disclosed a cybersecurity breach that resulted in unauthorized access to internal IT systems and the theft of personal data. The company sells some of the most in-demand drugs on the planet right now, which makes it an obvious target. Attackers got in, copied data, and left. The company’s incident page was updated in stages as the investigation progressed. “Novo Nordisk A/S recently identified an IT security incident involving unauthorised access to a limited number of internal IT systems.” reads the notice published by the company. “The incident included unauthorised access to certain personal data stored on the internal IT systems.” – Novo Nordisk Confirms Data Theft: What Attackers Took and What They Didn’t
Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw
(Pierluigi Paganini – Security Affairs) Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, a PAN-OS authentication bypass vulnerability affecting GlobalProtect portals and gateways. Palo Alto Networks addressed the vulnerability on May 13. Two weeks later, cybersecurity firm Rapid7 confirmed active exploitation across multiple customer environments. In early June, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw CVE-2026-0257 to its Known Exploited Vulnerabilities (KEV) catalog. The flaw affects the GlobalProtect portal and gateway components of Palo Alto Networks PAN-OS, allowing attackers to bypass authentication and establish unauthorized VPN connections. The vulnerabilities do not affect Panorama or Cloud NGFW deployments. – Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw
Supply Chain Attack Hits Popular WordPress Plugins Through Awesome Motive CDN
(Pierluigi Paganini – Security Affairs) Sansec researchers discovered an active supply chain attack hitting WordPress sites running OptinMonster, TrustPulse, and PushEngage, three plugins operated by Awesome Motive, one of the largest WordPress plugin companies in the world. The malicious JavaScript wasn’t sitting on any victim’s server. It was injected into files served directly from Awesome Motive’s own CDN endpoints, meaning every site that loaded those scripts pulled the tampered version straight from the source, with no warning and no way to discover the attack. “Attackers added malicious JavaScript to the legitimate files served by Awesome Motive, which are embedded in their customer’s sites.” reads the report published by Sansec. – Attackers compromised Awesome Motive CDN files, backdooring WordPress sites running OptinMonster, TrustPulse, and PushEngage
Infostealers, AI, and a 90% Affiliate Cut Fuel The Gentlemen group’s Rise
(Pierluigi Paganini – Security Affairs) The Gentlemen surfaced as a ransomware operation in September 2025 and by June 13, 2026 had listed 483 victims on their dark-web leak site, 380 of them in 2026 alone. That makes them the second most prolific ransomware brand of the year by published victim count, behind only Qilin. A May 2026 leak of the group’s internal chat logs handed researchers at KELA a rare look inside: nine core members, AI-assisted tooling, and an access model built almost entirely on credentials stolen by commodity infostealer malware. The affiliate model is straightforward and aggressive. A small core team builds and maintains the ransomware and the negotiation panel. External operators carry out the actual intrusions and keep 90% of each ransom, which is a generous split even by current standards. The leaked chats, spanning November 7, 2025 to April 30, 2026, read less like a criminal conspiracy than a small product team arguing about infrastructure choices and which AI model to use for data analysis. The victim distribution breaks from the typical ransomware pattern. Only about 15% of listed victims are in the United States, well below the 40-50% that US targets represent across most major leak sites. – Infostealers, AI, and a 90% Affiliate Cut Fuel The Gentlemen group’s Rise – Security Affairs
Belarus-linked hackers target Gmail accounts of Polish public figures and their families
(Daryna Antoniuk – The Record) Poland has warned that a Belarus-linked hacker group has expanded its phishing operations to target personal Gmail accounts belonging to senior public figures and their relatives. The group, known as GhostWriter, has previously focused on compromising work accounts and email services hosted by Polish email providers. Since March, however, its campaigns have increasingly targeted Gmail users, according to CERT Polska, the country’s national computer emergency response team. The campaign has primarily targeted people involved in political and public life, including government officials, researchers, journalists, public administration employees and law enforcement personnel, as well as family members and social contacts. – Belarus-linked hackers target Gmail accounts of Polish public figures and their families | The Record from Recorded Future News
Cyberattack on Russian tech firm Astral disrupts business, government services for week
(Daryna Antoniuk – The Record) The Russian software company Kaluga Astral said on Monday that it had been hit by a cyberattack earlier this month that disrupted several of its services for about a week, affecting customers that rely on its software for tax reporting, electronic document management and other business operations. “We are bringing each service back online only after completing a full security review — we are not willing to compromise security for the sake of speed. That is why the recovery process is taking longer than we would like,” the company said. Russian government agencies are involved in the investigation, limiting the company’s ability to comment publicly on the attack, Astral said. – Cyberattack on Russian tech firm Astral disrupts business, government services for week | The Record from Recorded Future News
