Trump backs voluntary AI model reviews in cybersecurity-focused executive order

Don't miss my latest CSO news report, which details the many cybersecurity provisions in the Trump administration's newest AI executive order.

PLUS don't miss my latest CSO feature on how AI may finally unlock the cyber budgets CISOs have wanted for years.

Metacurity is the only daily cybersecurity briefing built for clarity, not agendas—no vendor spin, no echo chamber, just sharp, original aggregation and analysis of what actually matters to security leaders.

Each day, Metacurity is read by thousands of cyber leaders, including some of the industry's top CISOs, security architects, practitioners, vendors, analysts, and journalists.

If you rely on Metacurity to cut through the noise on policy, industry shifts, and security research, consider supporting us with a paid subscription. Independent coverage like this only exists because readers decide it’s worth it.

Donald Trump signed an executive order that asked technology companies to voluntarily give the government oversight of new artificial intelligence models before releasing them to the public, a shift for an administration that had promoted a hands-off approach to the powerful technology.

The order followed months of debate in the Trump administration over how to handle AI and its effects on cybersecurity and national security. Last month, Trump scrapped an executive order on AI — which would have created a window of up to 90 days in which the government would review new AI models before they were released — just hours before he was set to sign it.

Tuesday’s signing followed a meeting at the White House on Monday that Trump convened with Treasury Secretary Scott Bessent, Defense Secretary Pete Hegseth and David Sacks, who was previously the administration’s AI czar, among others, two people familiar with the confidential meeting said. Sacks, who had opposed the order, blessed a revised version after the timeline for reviews was cut to 30 days from 90 days, the people said. That helped persuade Mr. Trump to move forward with the signing.

The order is the Trump administration’s biggest step toward regulating artificial intelligence. It is a reversal of the president’s anything-goes stance, which he adopted when he returned to office last year. That approach was designed to help American tech companies beat China and bolster the economy.

Under the new order, tech companies would voluntarily give the government a window of up to 30 days to review their new AI models before releasing them to the public. The order also asks the ⁠Treasury secretary to form an AI “cybersecurity clearinghouse,” which would review security vulnerabilities discovered by AI models.

“Advanced AI capabilities make our nation stronger, but also introduce new national security considerations that require coordinated action across executive departments and agencies,” the order said. (Sheera Frenkel and Tripp Mickle / New York Times)

Related: White House, New York Times, Politico, The Register, CSO, Associated Press, TechCrunch, Bloomberg Law, Axios, Implicator.ai, The Guardian, Washington Post, Breaking Defense, CNBC, NBC News, Council on Foreign Relations, Federal News Network, The Record, Android Authority, One America News Network, The Verge, Dow Jones Newswires, Decrypt, UPI, Barron's Online, Motley Fool, Nextgov/FCW, CNN, Newser, International Business Times, Dallas Express, The Information, The Washington Star, Financial Times, NOTUS, CoinGape, Engadget, Mashable, Washington Times, ABA Banking Journal, CBS News, Newsweek, Hacker News, /politics, Wired, CyberScoop, Politico, Bloomberg, Punchbowl

Anthropic will distribute its Mythos artificial intelligence model to 150 organizations across the world, vastly expanding access to its powerful cybersecurity software beyond the US and UK.

The AI lab said that it would extend “Project Glasswing” — an industry initiative to use Mythos to find and patch security vulnerabilities — to companies and institutions in more than 15 countries.

The move comes a day after Anthropic filed for an initial public offering that could value the company at more than $1tn, underlining the growing commercial and geopolitical significance of AI to critical national security.

New countries to be granted access to Mythos include countries in the “Five Eyes” intelligence alliance, such as Canada, Australia and New Zealand. Other nations include France, Germany, Italy, Switzerland, the Netherlands, Spain, Belgium, Sweden, India, Japan, and South Korea, according to a person familiar with the matter.

Companies given Mythos access include US tech group Okta and South Korean companies Samsung, SK Hynix, and SK Telecom. Financial markets groups such as Euroclear, New York Stock Exchange owner Intercontinental Exchange, and international payments platform Swift are also part of the expansion.
NATO, the US-led military alliance headquartered in Brussels, has also been given access, along with the EU’s cybersecurity agency, ENISA, according to people familiar with the matter.

Anthropic launched Claude Mythos Preview in April but initially limited access to a group of about 50 largely US companies, citing the AI model’s advanced coding capabilities and the potential for it to be used for hacking. (Madhumita Murgia and Jamie John / Financial Times)

Related:  Anthropic, Bloomberg, Hacker News, The New Stack, CyberScoop, TechCrunch, Gizmodo, SiliconANGLE, Mercury News, PYMNTS, Nextgov/FCW, Implicator.ai, Decrypt, Engadget, Yahoo Finance, Blockonomi, 9to5Mac, Cyber Security News, Reuters, Seoul Economic Daily, StartupHub.ai, SecurityWeek, The Decoder, Politico, CNBC, Help Net Security, Reuters, TechCrunch, Quartz, ERP Today, 9to5Mac, WION, The Korea Times, The Times of India, Security Week, CSO Online

Researchers at the University of Toronto say they have found a way to use artificial intelligence to create a dangerous computer “worm” capable of targeting any known flaw in the world’s computers and quickly spreading mayhem throughout the internet.

The computer scientists said in a paper published that this program could be built and that a prototype they had created spread across a test network with no human intervention.

The researchers kept their test network isolated from the public internet. They also redacted some details from the paper describing how they built the worm so that hackers would not be able to use the paper as a blueprint for attacks.

But their work is likely to raise fears that AI is leading to a new era of computer hacking that will be difficult to defend against. It also adds to growing evidence that advances in AI are creating risks to computer networks that would have been hard to imagine just a few years ago.

The paper from the University of Toronto adds a new twist to AI fears. Because the AI technology that powered the worm was “open source” or “open weight” — meaning it has been freely shared on the internet — no one can restrict how it is used. The proverbial genie is out of the bottle.

“You have to have a perfectly secure system to defend against this — and we know that is not currently feasible,” said Nicolas Papernot, a professor of computer engineering at the University of Toronto who led the team that built and tested the prototype.

Papernot and his team, which published the paper on his lab’s website, were able to create what is essentially an AI-powered version of the computer worms that hackers started releasing onto the internet two decades ago. Unlike other kinds of computer viruses, worms spread from machine to machine on their own, without help from humans.

With names like SQL Slammer, Conficker, and Stuxnet, each of these self-replicating software programs exploited a specific vulnerability in computers, taking control of millions of machines, stealing their data, deleting their files, and generally wreaking havoc. (Cade Metz / New York Times)

Related: arXiv.org, CleverHans Lab

President Donald Trump announced he was appointing Bill Pulte as acting director of national intelligence, tapping a staunch political supporter who heads a federal mortgage regulation agency but has no intelligence experience.

In selecting Pulte for the intelligence czar post, Trump turned to a reliable political ally who was a leading voice in trying to oust then-Federal Reserve Chair Jerome H. Powell and who has pursued mortgage fraud accusations against the president’s Democratic foes.

Pulte will replace, at least temporarily, Tulsi Gabbard, who announced her resignation last month, saying she was leaving the administration to attend to her husband after he was diagnosed with a rare bone cancer. Gabbard said in her resignation letter that she intended to stay in the position through June 30.

Pulte’s appointment was greeted with alarm by Democratic lawmakers and former intelligence officials who voiced concern that his record of doing Trump’s bidding could lead to abuses within the powerful, but traditionally nonpartisan, US intelligence community.

“Frighteningly, he’s got more of a platform” at the Office of the Director of National Intelligence than he did as a housing regulator, Rep. Jim Himes (D-CT) said in an interview. “There’s a lot of opportunity for mischief here.”

Pulte will have responsibility for thousands of intelligence personnel as well as the safety of US citizens, said Himes, ranking Democrat on the House Intelligence Committee. The National Counterterrorism Center is part of the intelligence czar’s office. (Warren P. Strobel and Lauren Kaori Gurley / Washington Post)

Related: NextGov, MS Now, The New York Times, The Atlantic, CNN, The Hill, Politico, BBC News, The Guardian, PBS

Station Casinos in Las Vegas was the victim of a cybersecurity breach in March, but the company said it believes it will have no impact on customers or business operations.

The breach occurred when an unauthorized third party accessed a single employee’s account and associated files.

Disclosure of the breach occurred when an attorney with the Clark Hill international law firm notified the Maine attorney general’s office that a Maine resident had been notified of the breach.

According to the Maine attorney general’s website, the breach occurred and was discovered on March 5.

“Upon detecting the incident, the company promptly took steps to respond to the incident with the assistance of external cybersecurity experts and in cooperation with law enforcement,” a Station Casinos representative said in a Monday email.

“The company is notifying impacted individuals and has notified its regulators and other governmental agencies as required. The company has offered to provide credit monitoring and identity theft protection to all potentially affected individuals.” (Richard N. Velotta / Las Vegas Review Journal)

Related: Maine Attorney General, KVVU, KSNV, KLAS, CDC Gaming

A cyber-attack targeting the World Food Program has exposed sensitive personal information belonging to some 600,000 households in Gaza, the UN’s food agency has confirmed, in what may be the largest-known breach of humanitarian beneficiary data to date.

WFP is investigating a “security-related incident” in which “unauthorized actors” accessed personal information submitted by Palestinians in Gaza, the agency said in a statement sent to aid recipients via Telegram on 31 May.

The exposed information included names, ID, mobile numbers, and location data, the statement said.

WFP confirmed the data breach on 2 June: “WFP recently detected unauthorized access to its self-registration application (SRA) for Palestine, where individuals are able to register to receive food and cash assistance after verification,” a spokesperson said in a statement responding to questions from The New Humanitarian. “WFP took immediate action to shut down the platform, contain the intrusion, and strengthen its security controls to prevent further exposure.”

More than 2 million people in Gaza have submitted their personal information to WFP’s self-registration application, known as People Portal, which the WFP credits with cutting registration red tape and response times. The spokesperson said the compromised data is “isolated to the SRA application used only in Palestine”.

An investigation is under way, and no party has claimed responsibility, WFP said.

WFP said the cyber-attack occurred on 14 May. The Telegram message to affected Gazans was sent 17 days later. (Jacob Goldberg and Irwin Loy / The New Humanitarian)

Related: WFP on Telegram, Middle East Eye, r/privacy, Databreaches.net

The Central Board of Secondary Education (CBSE) in India opened the portal for revaluation in the early hours of Tuesday morning, four days after it was first scheduled to, and claimed it was immediately hit with DDoS attacks.

Despite complaints of several issues, the CBSE said that June 6 is the last date for applications and that they can only be done online. 

“The CBSE revaluation portal is currently supporting over 8,000 concurrent users. As of 3:00 PM today, more than 16,000 students have successfully completed their submissions. While thousands of students accessed the CBSE re-evaluation portal today, malicious actors attempted to disrupt services through a barrage of cyberattacks,” the Board said in a statement. 

The site went live at 4 am on Tuesday, after its launch was initially extended by three days. The Board said that the site was facing a cybersecurity attack. “Most recent being a denial of service attack attempt causing 1.5 million hits  on the portal within a matter of 2 minutes and more than 1 lakh attempts of unauthorized file access,” the CBSE said, adding that after student feedback, it has further “refined” the platform, including extending session time limits to make it “convenient and seamless."

Earlier, a 19-year-old Class 12 student named Nisarga Adhikary from West Bengal broke into the OSM test portal in under 30 minutes and exposed vulnerabilities. He said he could create, read, update, and delete data, had shell access on the servers, and found master passwords that could bypass OTP verification. Adhikary reported these security problems to CERT-In, CBSE, and the Ministry of Education. CBSE maintained until very recently that exams are held offline and are unaffected. Further, it claimed that only evaluators could access the OSM portal and said the vulnerabilities had been fixed. Adhikary, however, kept sharing documentation of the alleged flaws. (Amrita Madhukalya / Deccan Herald and Pramod Kumar Singh / The Pioneer)

Related: Times of India, Daily Pioneer, India Today, NDTV, Hindustan Times

Camilla, the Australian luxury lifestyle brand, confirmed that in April it became aware of a cyber incident involving an unauthorized third party that accessed and exfiltrated certain company data.

“As soon as the incident was identified, Camilla took immediate steps to secure its systems and commenced an investigation to understand the nature and scope of the incident,” the company said. Camilla also notified the Office of the Australian Information Commissioner in accordance with its obligations.

The incident is limited to Camilla’s Australian operations and has not impacted the company’s operations in any other country. Camilla’s day-to-day operations have continued uninterrupted, and the company remains able to process customer orders in-store and online securely.

The investigation has confirmed that the affected information relates to customer record details held within Camilla’s point-of-sale system. The information involved includes customer names, dates of birth, email addresses, and phone numbers. (Lisa Lockwood / WWD)

Related: The West Australian

Everyone is racing to adopt AI. But if your security foundation is weak, AI won’t save you — it will amplify the risk.

That’s the core message behind my just-published new book, The NIST 2.0 Cybersecurity Framework: Practical Risk Management Using Real-World Incidents. Rather than treating cybersecurity as a compliance exercise, the book shows how organizations can build resilient security programs grounded in real operational failures and lessons learned.

Wiley is currently offering Metacurity readers a 20% discount with code ENG20. Don't wait! Order your copy today! Email me to find out about bulk purchases for your organization or special customized print runs for your team.

A Virginia resident sued Amazon over what he said were privacy violations after the company's Ring doorbell cameras at friends' and ​family members' homes collected and stored images of his face using facial recognition ‌software.

The plaintiff, Charles Sigwalt, who is seeking class-action status, sued Amazon in federal court in Seattle, alleging a feature known as “Familiar Faces” retains images of passersby without their consent. He is seeking at least $5 million ​in damages for the class.

Familiar Faces, which is optional, uses artificial intelligence to identify ​and remember people so that when they return to a home or a ⁠business, notifications can include specific names.

Those affected “did not consent to have their privacy rights ​violated at the entranceway,” according to the suit. “Millions of other Americans passed by a Ring ​security camera and unknowingly had their facial recognition information collected.” (Greg Bensinger / Reuters)

Related: Tech Times, The Hill, The Independent, Quartz, PYMNTS

Researchers at Sekoia report they have observed a Russian state-linked worm hiding its components inside a little-used Windows file feature, allowing it to spread across Ukrainian networks while leaving almost no trace on infected machines.

The worm is the latest tool of Gamaredon, a long-running espionage group that Ukraine's security service has formally tied to Russia's Federal Security Service (FSB).

The group focuses almost entirely on Ukraine, targeting government, military, and critical infrastructure to steal documents and keep long-term access.

Working from artifacts on compromised hosts and more than 70 samples from a partner, the team reconstructed an infection chain seen in January 2026 and still active at the time of writing. The campaign has moved almost entirely to fileless VBScript, a clear step up in stealth from Gamaredon's earlier tooling.

The intrusion began with a booby-trapped xHTML file that, once opened, smuggled a malicious RAR archive onto the target's machine. Sekoia tracks this initial-access stage as GammaPhish.

The archive exploited CVE-2025-8088, a path traversal flaw in WinRAR that Google's threat analysts have separately tied to Sandworm, Turla and other Russian operators.

Abusing the bug planted a hidden HTA file in the Windows Startup folder, which ran at the next login and fetched the next payload from a remote server. A decoy PDF kept the victim unaware. (Alessandro Mascellino / Infosecurity Magazine)

Related: Sekoia, SentinelOne, Cyber Security News, SC Media

Researchers at Sophos say that a threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions.

Tool and payload development was assisted by Cursor and Claude Opus agents in various stages, including initial coding, analysis, and revisioning. Additionally, some agents were tasked with checking security research posts for various bypass techniques.

Some of the malware created this way was tested in virtual environments against EDR tools from Sophos, CrowdStrike, and Microsoft.

Despite the malware research and development orchestrated using AI technology, the researchers note that the workflow is entirely human-driven. (Bill Toulas / Bleeping Computer)

Related: Sophos, Help Net Security, Infosecurity Magazine

Researchers at Seqrite report that a suspected Pakistan-linked hacking group has targeted Afghanistan's Ministry of Finance and provincial government officials in a new cyberespionage campaign.

Seqrite attributed the operation with medium-to-high confidence to SideCopy, a threat actor widely linked to Pakistan and known for targeting government, military and diplomatic entities across South Asia.

The attackers used phishing emails containing ZIP archives with a malicious file masquerading as an internal government document. The file's title, written in Pashto, claimed to contain a list of employees who had participated in a seminar on intellectual and psychological warfare.

The malicious files were delivered through infrastructure hosted on Afghan government servers, allowing the attackers to blend their traffic with legitimate state communications and evade network-level detection. It is not known how SideCopy gained access to the compromised Afghan education domain server.

Once opened, the file silently installed XenoRAT, an open-source remote access trojan that allows attackers to maintain long-term access to infected systems. The malware then connected to attacker-controlled servers hosted in Europe, allowing the attackers to spy on infected computers and carry out additional malicious activities.

According to Seqrite, the use of Pashto was likely intentional. The language is widely used across Afghanistan's government institutions and among the provincial finance officials who appeared to be the primary targets of the operation. (Daryna Antoniuk / The Record)

Related: Seqrite, SC Media, Cyber Security News

Europol announced that European and international law enforcement agencies have dismantled nine organized crime groups and arrested 29 suspects in a major crackdown on illegal streaming operations.

The seven-month "Operation KRATOS 2" was coordinated by Bulgaria with Europol's support and involved authorities from 13 countries, including Belgium, Bulgaria, Croatia, France, Greece, Ireland, Italy, the Netherlands, Poland, Romania, Spain, the United Kingdom, and the United States.

Cooperation with private sector partners also helped the investigators pin down over 18,000 IP addresses associated with illegal services and 4,370 domains linked to piracy, as well as nearly 400,000 additional URLs flagged for suspension or removal and more than 126,000 additional infringing objects.

In total, this joint action led to the removal of more than 27,000 illegal streaming URLs linked to the unauthorized distribution of copyrighted sports, film, and television content.

In addition to the arrests, law enforcement officers identified 86 suspects, conducted 148 house searches, referred 59 cases to judicial authorities, and are working on 72 other criminal investigations. (Sergiu Gatlan / Bleeping Computer)

Related: Europol, The Sofia Globe

McAfee researchers report that a large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January.

The malware is distributed through Minecraft-related malicious mods, clients, cheats, and utilities that are promoted over YouTube and SEO (search engine optimization) poisoning.

WeedHack works as a malware-as-a-service (MaaS) infostealer operation that offers a dashboard for customers to see stolen credentials and information on compromised systems.

Telemetry data from cybersecurity company McAfee shows that WeedHack has impacted 116,464 systems, averaging between 2,000 and 3,000 infections every day. Most victims are in the United States, Germany, India, and the UK.

The scale of the operation is reflected in the more than 240 distribution URLs and 3,820 unique malicious JAR files.

In a report today, McAfee researchers say that the WeedHack campaign reaches victims mainly through YouTube videos showcasing Minecraft-related tools and SEO poisoning promoting them.

On the video platform, the attacker drops download links in descriptions and comments. Some of the videos are well-made, featuring voice-over narration for authenticity, and have accumulated more than 7,500 views. (Bill Toulas / Bleeping Computer)

Related: McAfee, CyberInsider, GBHackers, PlayerOne, Digital Trends

Security researcher Ammar Askar released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link.

Askar said this VS Code vulnerability allows attackers to install malicious extensions that steal GitHub OAuth tokens when they are passed to github.dev (a browser-based version of Visual Studio Code used to work on GitHub repositories) by exploiting VS Code's sandboxed webview message-passing system.

The proof-of-concept exploit he also released on Tuesday abuses this system by running malicious JavaScript inside a webview to simulate keypresses in the main editor and install an extension that extracts the GitHub OAuth token sent to github.dev and queries the GitHub API to enumerate all private repositories the victim can access.

"This functionality is achieved by github.com POSTing over an OAuth token to github.dev that allows it to interact with GitHub on your behalf," Askar said. "The token is not scoped to the particular repo you interacted with, meaning it has full access to every other repo that you have access to."

Askar said they notified GitHub one hour before disclosing the bug and noted that they chose immediate public disclosure due to a prior negative experience with Microsoft's security response process, in which a previously reported VS Code bug was silently fixed without credit or acknowledgment of the security impact. (Sergiu Gatlan / Bleeping Computer)

Related: Ammar Raskar, GitHub, Cyber Security News

Researchers at WordPress security firm Defiant say hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators.

Defiant's Wordfence firewall blocked over 222 attempts against its customers in the past 24 hours.

The full name of the plugin is Kirki - Freeform Page Builder, Website Builder & Customizer. It is a freeform visual builder and advanced theme customizer active on more than 500,000 websites.

Wordfence reports that the issue was introduced in a recent major release, version 6.0.0, and impacts plugin versions up to 6.0.6, which are used by nearly 40% of the plugin’s user base, according to download statistics from WordPress.org.

CVE-2026-8206 is caused by the exposure of a custom REST API endpoint for password resets through the ‘handle_forgot_password()’ function.

The flaw was discovered by security researcher CHOIGYENGMIN, who reported it to Wordfence on May 4, 2026. The company notified the vendor on May 16 and released a fix with version 6.0.7 on May 18, 2026. (Bill Toulas / Bleeping Computer)

Related: Wordfence, r/WordPress

A personal information leak incident occurred at For example, last year, the Government Accountability Office found that there are already about 61,000 people involved in DOD cyberspace operations.

Tving announced on the 3rd through a member notice, “We have confirmed the leakage of member personal information due to unauthorized access,” and added, “We sincerely apologize to our users.” The leaked information includes member IDs, names, dates of birth, genders, phone numbers, and email addresses. However, Tving explained that resident registration numbers and valid payment-related information were not leaked, as the company does not possess such data.

Tving also stated, “We recommend changing passwords for Tving and other services that use the same account information.” This measure aims to prevent secondary damage, such as “credential stuffing,” where leaked IDs and passwords are indiscriminately entered on other sites.

Alongside this, Tving has launched a “Special Customer Support Guidance Center” and announced that the process for damage relief will be shared later. (Choi A-ri / The Chosun Daily)

Related: Star News, The Asia Business Daily, The Korea Herald, Chosun Biz

A report by the Commission on Cyber Force Generation concludes that a US military branch dedicated to cyber warfare, on par with the Army or Navy, would cost up to $11 billion to establish and should consist of around 30,000 personnel in order to bolster the nation's digital defenses and better address growing threats.

The military branch would take 12 to 18 months to get up and running and also include roughly 5,000 members of the National Guard and up to 6,000 civilians, according to the commission.

The report essentially calls for the department to fundamentally rearrange its existing workforce and dollars. For example, last year, the Government Accountability Office found that there are already about 61,000 people involved in DOD cyberspace operations. Meanwhile, the Trump administration’s fiscal year 2027 budget request allocates $7.7 billion for the Pentagon’s cyberspace operations, including about $4.5 billion for Cyber Command.

“There are five domains, and we have built services to cover four out of those five. I don’t see how this domain is any less deserving of a service when it is where we literally have troops in contact with the adversary on a daily basis,” Josh Stiefel, a former professional staff member on the House Armed Services Committee who co-chaired the commission, told reporters during a press call.

The board is a partnership between the Center for Strategic and International Studies (CSIS) and the Foundation for Defense of Democracies (FDD). Composed of private sector and policy experts and former senior DOD officials, including several who helmed the digital warfighting arm of their respective service, the panel launched last year with the core assumption that the president had ordered the establishment of the Cyber Force, focusing its attention on designing how the branch should be built — rather than rehashing past debates over whether one is needed. (Martin Matishak / The Record)

Related: CSIS, Breaking Defense, Foundation for the Defense of Democracies

The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks.

Oracle WebLogic Server is an enterprise-grade Java app server used as middleware for large, multi-tier distributed applications.

Tracked as CVE-2024-21182, this security flaw can be exploited remotely by threat actors with no privileges in low-complexity attacks targeting systems running Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0.

"Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server," Oracle said when it released security patches for CVE-2024-21182 in July 2024.

"Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data." (Sergiu Gatlan / Bleeping Computer)

Related: CISA, CSO Online, SC Media, Security Affairs, Security Week, GBHackers, Cyber Security News

AI and data security company Cyera has raised $300 million at a valuation of $12 billion.

Evolution Equity Partners led the round with the participation of Georgian, Greenoaks, Lightspeed Venture Partners, Sequoia Capital, Sapphire Ventures, Redpoint Ventures, Cyberstarts Ltd., Coatue, Accel, and Spark Capital. (Meir Orbach / Calcalist)

Related:  TechCrunch, SiliconANGLE, Ynetnews, Axios

Palo Alto Networks surpassed Wall Street’s fiscal third-quarter results as artificial intelligence threats drive demand for sophisticated cybersecurity tools.

Shares rose as much as 12% in after-hours trading, but later pulled back near the flatline.

Revenue grew 31% from a year ago, including $388 million from its recent CyberArk and Chronosphere acquisitions, the cybersecurity company said. The company reported a net loss of $177 million, a loss of 22 cents per share, down from net income of $262 million, or 37 cents per share, a year ago. (Samantha Subin / CNBC)

Related:  SiliconANGLE, MarketWatch, Proactive, Sherwood News, Constellation Research, Reuters, Wall Street Journal, Bloomberg, Barron's Online, Palo Alto Networks

Best Thing of the Day: The UK Is Getting Wise

A ‌UK parliamentary committee singled out US tech group Palantir as an instance of Britain's over-reliance on US companies in the public sector, calling it an "unacceptable point of weakness" in a report.

Bonus Best Thing of the Day: Promising, But Let's See How Long This Lasts

Meta is dialing back elements of its plan to collect employee mouse movements, keystrokes and other actions for use as AI ​training data, following weeks ​of angry pushback from staffers.

Extra Bonus Best Thing of the Day: Maybe the C-Suite Will Spend More on Cyber Now

M&S boss Stuart Machin has seen his pay reduced by 44% for the 2025/26 financial year, following the retailer's decision not to operate the annual bonus scheme for executive directors after last year's major cyber attack.

Worst Thing of the Day: Wait Until Bugmageddon Is Fully Upon Us

Over 80% of organizations that miss the 24-hour patch window report security incidents involving known vulnerabilities

Closing Thought