BuzzSec

John N Just, Ed.D. - Chief Learning Officer If there are two topics that have gone from "nice to have" to business critical faster than almost anything else, they are sustainability and artificial intelligence. This month's Compliance Plus updates are built to meet that moment, with new content covering EU AI Act compliance, ESG risk recognition, and responsible AI use in the workplace, all delivered in formats designed to keep learners engaged. We have also added targeted modules for global teams, including Germany's BFSG accessibility requirements, India's POSH Act, and new Japanese-language content. from KnowBe4 Blog https://blog.knowbe4.com/your-knowbe4-fresh-compliance-plus-content-updates-from-may-2026

In April, Anthropic initated Project Glasswing . The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritically parroted Anthropic’s claims that it’s now common wisdom that Mythos is better at finding software vulnerabilities than other models. Which is just not true . In any case, Anthropic has published a Project Glasswing status report. It’s finding a lot of vulnerabilities in software—yay! Some of them are even dangerous. But almost none of them has been patched. It’s weird . There’s something fishy about the data that I don’t understand. That Anthropic refuses to release details—that it just says “trust us”—is a big problem here. from Schneier on Security https://www.schneier.com/blog/archives/2026/06/anthropics-project-glasswing-update.html

A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems. The activity has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo, which it said overlaps with hacking groups known as Clay Typhoon (Microsoft), from The Hacker News https://thehackernews.com/2026/06/verdantbamboo-deploys-bsd-variant-of.html

Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026. The activity has been attributed by Google Mandiant and Google Threat Intelligence Group (GTIG) to a threat actor dubbed UNC3753, which is also known as from The Hacker News https://thehackernews.com/2026/06/unc3753-used-vishing-and-physical.html

Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in an attempt to tackle software supply chain threats. "When automatic updates are enabled, new versions are auto-updated two hours after they are published, adding an extra layer of protection from The Hacker News https://thehackernews.com/2026/06/vs-code-adds-2-hour-extension-auto.html

OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection guarantees. Lockdown Mode is available to logged-in users across Free, Go, Plus, and Pro, and from The Hacker News https://thehackernews.com/2026/06/new-chatgpt-lockdown-mode-limits-tools.html