
Loading summary
A
From the CISO series, it's Cybersecurity Headlines
B
these are the cybersecurity headlines for Wednesday, June 17, 2026. I'm Rich Stroffelino. Athena coalition looks to secure open source chainguard CEO Dan Lorenk announced Athena, a new coalition that looks to use AI tools to quickly remediate flaws in critical open source software. At announcement. The coalition includes JPMorgan Chase, Cisco, Cloudflare, Docker, Kyndryl and PwC. The companies agree to pool data and remediations that apply across company stacks. The idea is to move from one off patching to a more coordinated industry response, Loranc said. The first coordinated disclosures from Athena will be released in about a month. This is one of several attempts to solve this problem. IBM and Red Hat announced a similar effort earlier this month, and the Open Source Security foundation established an AI ML Security Working group along similar lines. In related news, Softbank announced it will launch a cybersecurity patching service targeting Japan's top 3,000 companies in critical infrastructure. This will be part of its joint venture with OpenAI called SBO AI Japan, which launched last year to develop AI services specific to the Japanese market. Estonia to quarantine Russian email domains Estonia's Minister of Justice and Digital Affairs, Laisa Pakosta, announced that as of August 31st the the country will start quarantining emails sent from Russia's.ru top level domain before being delivered to government officials. Officials receiving emails from that domain will receive a notification when a message has been isolated and be given the option of opening it using additional security precautions. This is similar to existing quarantining that Estonia uses across the public sector for individual emails with specific risk criteria. This would just apply the same protocol to an entire top level domain. Pacosta characterized these emails as presenting elevated cyber risk and saying there is a serious danger that they are being used to break into personal databases. Malicious package wave hits Arch Linux the maintainers of the Arch Linux distribution announced this week that they suspended new signups for the Arch user repository, or aur, in response to a deluge of malicious package submissions. According to researchers at Sonatype. The campaign started with abandoned packages in Aura. These were modified to execute a malicious NPM package during installation. By June 11, over 1,500 malicious packages were published. This doesn't directly impact the Arch linux distribution as AUR is a community driven repository, FTC reports. Impostor scams cost $3.5 billion the US Federal Trade Commission warned that losses from imposter scams tripled since 2020 of the $3.5 billion verified victims lost nearly $1 billion to business impersonators and almost as much to government impersonators. Bank fraud resulted in the biggest individual losses, usually from threat actors contacting victims about fake bank transfers. Social media was a common theme among these fraud schemes, with $2.1 billion tied to attacks originating from social platforms and one in three scams starting with initial contact on social. Overall fraud losses climbed to $16 billion in 2025. That's up roughly 25% from from 2024 and now. A huge thanks to our sponsor for today, Threat Locker Every security leader is being asked the same question right now. How do we enable innovation without creating unnecessary risk? That's the challenge behind cloud adoption, behind AI, behind automation, and behind every major technology decision. ThreatLocker helps organizations take a zero trust approach to that challenge, giving them greater control over what they can execute, what can access their environment, and what users applications are allowed to do. That's why ThreatLocker is proud to support cybersecurity headlines, because security works best when innovation and control move together. Cal Water investigating breach Report earlier this week, the Iranian linked hacktivist collective Handala published data it claimed was stolen from the California Water Service utility. Analysis by the firm Data Miner found that the leaked data included personal information and appears to be from a customer billing database. Handala claims it could have disrupted water supply at the utility in the attack. Cal Water said it's investigating these claims, but said preliminary findings indicate that there are no known operational disruptions to our water and wastewater systems. Heart monitoring company Confirms data breach In a filing with the U.S. securities and Exchange Commission, the cardiac monitoring company iRhythm disclosed it detected a data breach impacting patient data on June 8. On June 9, it received extortion demands from the threat actors. Although it did not disclose any further negotiations. The filing maintains that attacks accessed business applications, not clinical systems or medical devices. The attacker gained access from a social engineering attack. No threat group was identified in the filing, and the Register said it found no major ransomware groups taking credit for the attack. An all in one Android Trojan, Researchers at Z Labs detailed the Android Trojan Rocka Rolla recently found to target hundreds of banking and cryptocurrency apps. It spreads through sites spoofing as either TikTok or Google's Chrome download page, using a dropper to impersonate the Play Store to get a second stage payload on device. The researchers note this malware marks a shift from simple data theft, adding in efforts to further isolate the victim from legitimate sources. Rocka Rolla sets itself as the default for calls and texts and blocking incoming calls and intercepting legitimate one time passcodes and fraud alerts. Once a victim goes to open a legit banking app, the Trojan uses accessibility services to overlay a fake login page and then grab credentials. Grub Claims Cyber Attack on Novo Nordisk following up on our coverage from earlier this week, the group fulcrumsec contacted the site Data Breaches to take credit for the attack on the pharma giant Novo Nordisk. The group claimed it initially gained access in March through a GitHub Access Token, stealing roughly 1.3 terabytes of data. It claims this includes intellectual property related to pharmaceutical development and private AI models. It further claimed it demanded a $25 million ransom, which the company did not pay India Tries to Stop Cheating by blocking Telegram India's national testing agency, or nta, said that local authorities will restrict access to Telegram across India until June 22, the day after its national eligibility test for undergraduate courses in is held again. The government also ordered Telegram to disable message editing features in the country until June 30. These exams were originally scheduled for May but canceled after reports that test questions leaked. The NTA also said the government worked to remove a substantial number of channels, groups and bots claiming to sell cheating materials from the app. The NTA maintains no test papers have leaked. Remember, if you have a hot take about the news from today or from this week on Cybersecurity headlines, we we want you to send us a 30 second vertical video giving us your reaction and your take on the story. What are we missing? What angle do we need to hit? We want to know. Send it to us@feedbacksoseries.com we'd love to feature these on the Department of Know and just to hear from our audience. Reporting for the CISO series, I'm Rich Drofalino reminding you to have a super sparkly day.
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.
Podcast: Cybersecurity Headlines
Host: Rich Stroffelino (CISO Series)
Episode: Athena coalition, Estonia's quarantine, Arch hit with malware
Date: June 17, 2026
This episode delivers a concise roundup of the day’s most pressing cybersecurity stories. Topics range from the launch of a new industry coalition to secure open source software with AI, to policy changes in Estonia regarding Russian email domains, a major malware wave striking the Arch Linux community, and the rising cost of imposter scams, among others. Each segment offers vital developments and context relevant for cybersecurity professionals and enthusiasts.
Timestamps: 00:06 – 01:48
Timestamps: 01:48 – 02:36
Timestamps: 02:36 – 03:13
Timestamps: 03:13 – 04:04
Timestamps: 05:06 – 05:42
Timestamps: 05:42 – 06:07
Timestamps: 06:07 – 06:47
Timestamps: 06:47 – 07:08
Timestamps: 07:08 – 07:38
For full stories and further analysis, listeners are encouraged to visit CISOseries.com.