The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems by exploiting a zero-day vulnerability in an Oracle PeopleSoft server.

NAIC is a U.S. insurance regulatory organization present in all 50 states. The organization identified on June 11 that its PeopleSoft system had been accessed by an unauthorized party and discovered that “an unauthorized third party gained access to a portion of our IT systems.”

ShinyHunters claimed the attack and leaked the stolen data after the organization refused to pay a ransom.

NAIC responded to the threat actor’s leak and addressed some of the claims. The organization says that the hackers accessed and, in some cases, stole already publicly available statutory financial reports, credit rating agency data, outdated logs, and configuration information.

According to NAIC, the investigation found no evidence of personally identifiable information (PII) or financial data having been exposed and directly disputed the threat actor’s earlier claims that they compromised critical insurance regulatory platforms like SERFF (System for Electronic Rate and Form Filing), OPTins (Online Premium Tax for Insurance), and SBS (State-Based Systems).

The incident had operational consequences, with credit rating agencies temporarily suspending data feeds and the NAIC pausing investment designation work, but there are significant discrepancies between the hackers’ claims and the organization’s findings.

In an announcement updated on June 25, ShinyHunters claims to hold 3.1 TB of data corresponding to 105,000 files stolen from NAIC’s systems:

• INSData and Vision servers
• 264,000 insurer regulatory filing PDFs between 2017 and 2024
• 2,000 customer/order/payment records
• 45,000 rating agency files
• AWS infrastructure configs
• Stored credentials for SERFF, OPTins, and UCAA production environments

The hackers also noted in the update that a previous summary of the stolen data was exaggerated due to using AI hallucinations when evaluating the files.

However, according to the threat actor, the latest published inventory was validated by a human reviewer and should be considered accurate.

NAIC stated that all affected systems have now been remediated and that they are implementing additional defenses to prevent future attacks.

ShinyHunter’s hacking spree using the zero-day (CVE-2026-35273) in the PeopleSoft enterprise system has allegedly impacted more than 100 organizations.

BleepingComputer reported about the threat actor’s zero-day attacks before Oracle disclosed the security issue publicly. Both cloud and on-premises Oracle PeopleSoft customer instances were targeted in breaches that left behind extortion demands signed by ShinyHunters.

The hackers told us that most of the targeted organizations were in the education sector and had been previously extorted by the threat actor.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

WhatsApp username reservations are now open globally. While you still need a phone number to create an account, usernames let you start conversations without sharing your phone number. 

Claiming yours would take less than a minute, but only when you go in with all the details. 

What should you know before reserving your username?

Your username must be between 3 and 35 characters and must comply with WhatsApp’s policies. Beyond those limits, you’re mostly free to choose what you like.

WhatsApp has already reserved certain handles for top celebrities, VIPs, and verified organizations, so those names are locked. 

If nothing clicks, WhatsApp’s built-in generator can suggest unique handles.

How do you actually reserve your username?

Go to Settings > Account > Username on the latest version of WhatsApp. Thereafter, you can enter your desired username, and the app will tell you whether it is available. The app will also give you suggestions regarding available usernames. 

As seen in the screenshot, you can also use your Instagram or Facebook username. 

Once you select one, it will be linked to your WhatsApp account and will appear when the feature goes live later this year. If the option isn’t visible, hang tight. WhatsApp is rolling this out region by region and will notify you in the app when it arrives in your country. 

When it does, anyone messaging you for the first time won’t see your phone number, as long as you’ve enabled your username. For extra protection, you can also set an optional username key that contacts will need in addition to your handle to message you.

If you change your mind later, WhatsApp will also let you change or remove your username. 

The importance of usernames

WhatsApp usernames follow a pattern set by Signal, which added phone-number-free contact discovery in 2024. Telegram has also had this feature for years. 

The addition addresses one of WhatsApp’s longest-standing privacy gaps. Sharing your contact information in the app has always required handing over your phone number, making it harder to maintain separation among personal, professional, and public connections.

Apple’s iOS 26.5.2 update adds a variety of fixes to keep your data safe while browsing the web. Here’s what you need to know and why you should update.

On Monday, just under a month after releasing iOS 26.5.1, Apple made iOS 26.5.2 available for download. The update contains more than 25 different security enhancements, and over 15 of them are related to WebKit.

Notably, Apple patched two WebKit vulnerabilities that used maliciously crafted web content to disclose sensitive information. One of the vulnerabilities, a cross-origin issue, was resolved with improved tracking of security origins, while the other security issue was addressed with validation improvements.

iOS 26.5.2 also prevents sensitive data from being leaked when an iOS user visits a webpage. Apple addressed a permissions issue with additional restrictions. Similarly, Apple has added enhanced checks to prevent malicious websites from processing restricted web content outside the sandbox.

Another now-patched WebKit Storage vulnerability let malicious websites silently hijack clipboard data, affecting the text users were copying and pasting. iOS 26.5.2 resolves this issue through improvements to state management.

Multiple now-resolved WebRTC and WebKit issues allowed maliciously crafted websites to cause unexpected Safari and process crashes, along with memory corruption. All of these vulnerabilities have been addressed with the iOS 26.5.2 update.

Additionally, Apple fixed three kernel-related issues. One of the vulnerabilities, which was addressed with improvements to input sanitization, let apps leak sensitive kernel states. The other two kernel-related issues let apps cause an unexpected system termination and let them write or corrupt kernel memory.

Overall, though, iOS 26.5.2 mostly includes WebKit-related fixes, which will undoubtedly make web browsing safer on an iPhone. Unlike other iOS releases, Monday’s software update doesn’t include fixes for vulnerabilities that were used in targeted attacks.

Even so, AppleInsider recommends installing the iOS 26.5.2 update to ensure your devices have the latest security enhancements. Unlike the iOS 27 developer betas, which may contain bugs, glitches, and performance issues, iOS 26.5.2 is an update that should be installed by all users.

OS PLATFORMS

Polished Mandriva descendant still makes room for PCs the 64-bit world has left behind

Mageia 10 marks 15 years since the distribution’s first release in June 2011. The project began the previous year as a fork of Mandriva, itself formerly known as Mandrake Linux. We last looked at Mageia alongside the other Mandrake descendants in 2022.

What sets Mageia apart from OpenMandriva Lx, PCLinuxOS, and Russia’s ROSA Linux is its continued support for 32-bit x86 PCs. Its GNOME and KDE Plasma live images are available only for x86-64, while the Xfce edition comes in both x86-64 and x86-32 versions.

There is also a “Classic Installer” ISO, which lets you choose your own desktop from nine different desktop environments, plus another 16 window managers, as detailed in the release notes. Both the standard GNOME session and GNOME Classic are available, while Liquidshell provides a lightweight alternative to KDE Plasma.

Mandrake Linux started out in 1998 as an easier version of Red Hat Linux using the new KDE desktop, which, at that time, Red Hat refused to incorporate due to concerns over the licence of KDE’s Qt toolkit. Nearly three decades later, Mageia remains an RPM-based distro. Version 10 offers two RPM package-management tools: Mageia’s urpmi command and DNF. urpmi also has its own graphical wrapper called Rpmdrake, but Fedora’s dnfdragora is an optional install. Since RHEL and the RHELatives, Fedora, SUSE and openSUSE all use RPM as well, packages of big-name apps such as Google Chrome are available – but Mageia is a different distro, whose common ancestry dates back more than 25 years, and packages for Fedora or openSUSE may not install or work correctly. It comes with Flatpak preinstalled, although no Flatpak applications are installed by default. As with other niche distros, Flatpak may help when you can’t find a native package of something. For those with the 32-bit edition, though, we suspect that few Flatpaks support that architecture.

Mageia 10 is a polished, friendly graphical Linux, built from recent components such as kernel 6.18. True, it does feel a little old-fashioned in some ways: for instance, it uses separate root and user accounts – although sudo is installed, it’s not configured for use. However, it’s a solid choice if you want to get away from the Debian/Fedora mainstream – and if you have a capable 32-bit machine, like a Windows 10 32-bit box, or some other need to run a 32-bit OS such as specific hardware support, then this is one of the best choices around today.

The Welcome screen is rich and very helpful, offering the ability to install extra apps, switch repositories, and more. Alongside it is the Mageia Control Center, which can manage most aspects of the OS without going near a command line. The distro is also well documented, with a substantial Mageia wiki.

It does use systemd, but, even so, it’s relatively lightweight. In our testing on a 32-bit VirtualBox VM, the Xfce edition used just 633 MB of RAM at idle, which is low by modern standards, and 7.8 GB of disk space. If you choose the KDE Plasma desktop, you get Plasma 6.5.5 with a choice of X11 or Wayland. The installation occupies about the same amount of disk space, although the RAM usage rises sharply: about 1.7 GB at idle. Xfce has an unusual GNOME 2-style two-panel setup, while the Plasma layout is clean and simple. We installed the Liquidshell desktop to have a look, but it’s very basic and rather clunky. 

Mageia forked from Mandriva in 2011, before the company closed down, while OpenMandriva did so afterwards. They are still quite similar distributions, though, and we really wish that the two teams could settle their differences and merge the distros. Either way, Mageia’s 32-bit edition is an increasingly rare offering in an increasingly 64-bit world, which might win it some new admirers. ®

Waymo robotaxis are no longer available on Uber’s ride-hail app in Phoenix, Arizona, ending a nearly three-year partnership in the city, both companies confirmed to TechCrunch on Monday.

Uber said it is readying the launch of a separate autonomous vehicle partnership in the city, but did not name the partner. Waymo told TechCrunch that the vehicles Uber used for this “pilot” program have already been integrated into its own Phoenix fleet, available through its app. Waymo users started noticing that the company’s vehicles were absent from Uber’s network in recent days. Waymo’s vehicles are still available on Uber in Austin and Atlanta, for instance.

The quiet end to this partnership in Phoenix, which Waymo said happened in May, comes as the Alphabet-owned company is starting to put its newest robotaxis — the Zeekr-made van it calls Ojai — on the road. It’s also happening as the Uber-Waymo relationship appears to be wearing in some places, with the two companies poised to directly compete against each other in London as early as this year.

Still, both companies praised the collaboration in Phoenix as a successful jumping-off point for their respective robotaxi plans, which have gotten increasingly ambitious since 2023.

“This was a productive pilot that paved the way for future expansions and partnerships across the globe. After hundreds of thousands of trips with Uber, we have integrated these vehicles back into our Phoenix fleet, where they will continue to serve riders through Waymo, including our public transit integration with Via, and delivery with DoorDash,” Waymo told TechCrunch. “We’re grateful to all of the Uber customers who took fully autonomous trips with us, and we look forward to continuing to serve the Phoenix community.”

“Phoenix was our first pilot market with Waymo and was an intentionally limited deployment, reaching just over a dozen vehicles dedicated to the program. We learned a lot from that collaboration, which helped us to quickly scale Austin and Atlanta, where hundreds of Waymo AVs are available exclusively on Uber and our coverage area continues to expand,” Uber said.

The robotaxi landscape looks much different than it did when these two companies kicked off this collaboration in 2023. Back when it was first announced, the idea of Uber and Waymo partnering up still seemed unlikely given their messy legal battle that ended in a settlement in 2018. Robotaxis as a technology were in a far more uncertain place, as no operator had reached scale yet. Cruise was still seen as a viable competitor, as it had not yet gone through its own scandal and been absorbed into General Motors.

In the three years since, Waymo has grown its fleet to around 4,000 vehicles, and Uber has inked deals to add dozens of autonomous vehicle partners to its network.

This Phoenix partnership remained an unusual one, as it was the only city where Waymo operated directly and through Uber. Waymo is in the process of launching in around 20 new cities this year, is operating in 11 major U.S. metro areas, and the company offers more than 500,000 trips every week.

On June 28, the International Society for Transforming Education — the organization behind the editorially independent news site EdSurge — released an expanded version of its “Profile of an AI-Ready Graduate,” a framework designed to help K-12 educators teach students how to work with artificial intelligence.

The updated framework, designed with support from the nonprofit Britebound, goes beyond basic literacy to higher-order skills. It identifies six roles the organization says students should fill when using AI tools: Learner, Researcher, Synthesizer, Problem Solver, Connector and Storyteller.

“Today, we are releasing a fully fleshed out version, 30 skills aligned with each of these roles to help model using AI to support our uniquely human skills,” said Richard Culatta, CEO of the organization. “Humans have always used tools to accomplish human tasks. AI is no different, but when we teach AI as a way to support us being better at being human, it is far more relevant and far more meaningful than when we just talk about what AI is.”

The announcement was made at the organization’s annual conference in Orlando, Florida, one year after the initial rollout of the Profile. While the original framework focused on basic technical understanding of AI, the updated version shows what those skills look like in practice — with role-by-role descriptions, classroom examples and articulations for middle and high school. 

The framework is intended to layer on to the work educators are already doing and aligns with the International Society for Transforming Education’s existing student standards and “Transformational Learning Principles.”

The updated Profile of an AI-Ready Graduate is available as a free download here.

(Editor’s note: EdSurge is an editorially independent newsroom of the International Society for Transforming Education.)

It’s time to update your Mac, iPhone, and iPad, as Apple has released a new trio of security patches for its operating systems.

Apple pushed out three new updates on Monday in an effort to patch an apparent security flaw. As of publication, Apple has not specified what issue the patch is meant to fix.

Because Apple has not announced what is in the update, it is also possible that it contains bug fixes as well.

To update, you can follow the steps below.

How to update to 26.5.2 on iPhone and iPad

1. On your iPhone or iPad, open the Settings app
2. Tap General
3. Tap Software Update
4. Tap Update Now

How to update to macOS 26.5.2

1. On your Mac, click the Apple Menu
2. Click System Settings
3. Click Software Update
4. If available, click Update Now or schedule an update with Update Tonight

AppleInsider and Apple suggest installing these kinds of minor patches. Security patches are essential for keeping your device safe and operational.

A single fake error report hijacked Claude Code in controlled testing — the agent ran the attacker’s code with the developer’s full privileges, and not one alert fired. EDR, WAF, IAM, and the firewall all missed it completely.

Tenet Security’s June agentjacking disclosure describes a single crafted Sentry error event — sent through a public credential that requires no breach and no authentication — that injected attacker instructions into error data that Claude Code, Cursor, and Codex then executed as trusted diagnostic output. Tenet tested 100-plus targets in controlled conditions and achieved an 85% success rate. Sentry called the flaw “technically not defensible.”

he Cloud Security Alliance classified agentjacking as a systemic MCP vulnerability class within days of the disclosure. No credentials were stolen, no policy was violated, no perimeter was breached: every step in the chain was authorized. That is the problem.

Tenet identified 2,388 organizations with publicly exposed Sentry credentials that could be used to inject malicious events at scale. The research is proof-of-concept, not confirmed exploitation across all 2,388. But one captured Claude Code environment held a live AWS secret access key and private repository URLs.

Here is the scope test: If your AI coding agents are connected to Sentry, Datadog, PagerDuty, Jira, or any MCP-connected data source your developers trust — and those agents can execute shell commands — then your stack has the same blind spot.

Organizations running Sentry should audit all publicly exposed DSNs immediately. Sentry’s architecture intentionally makes DSN credentials public for frontend error reporting, so the mitigation isn’t revoking the DSN — it’s restricting what agents can do with the data those DSNs return.

Why your stack can’t see it

Agentjacking works because every step is authorized: The attacker sends a valid Sentry API call using a public DSN, the MCP server returns the injected event as authentic output, and the agent executes the instruction using the developer’s privileges. No signature fired. The victim saw only benign diagnostics while the agent silently exposed cloud credentials and source-control tokens.

SOC teams have never needed to distinguish between a developer running an npm install and an agent running that command in response to a malicious error event. That distinction did not exist until AI coding agents became production tools. The stack that cannot make it is the stack agentjacking bypasses.

Five surveys, one pattern

Five independent surveys from the first half of 2026 found that enterprises trust their AI agents far more than their enforcement justifies.

Only 34% of organizations apply the same security controls to AI agents as to humans, according to an Okta/Apprize360 survey of 292 executives and 492 knowledge workers. Fifty-two percent of employees use unapproved AI tools, and 58% of executives reported an AI-related incident or close call in the prior year.

HiddenLayer’s 2026 AI Threat Landscape Report surveyed 250 IT and security leaders: 33% reported agents had already exceeded intended scope, and 31% could not confirm whether they had experienced an AI breach. One in eight AI breaches was linked to agentic systems.

Gravitee’s survey of over 900 executives and practitioners found only 14.4% of agents went live with full security approval, and 88% reported confirmed or suspected incidents. A follow-up of 750 leaders in April found agent estates had doubled while monitoring barely moved.

The runtime gap nobody closed

“Securing agents looks very similar to securing highly privileged users,” said Elia Zaitsev, CTO of CrowdStrike, in an interview with VentureBeat. “They have identities, access to underlying systems, they reason, they take action.”

Zaitsev pointed to the gap the industry left open. “No one has been talking about securing agents at runtime. We are doing that now. What is your safety net? If all these controls fail, how do you prevent them from failing silently?”

CrowdStrike’s fleet data quantifies the exposure: more than 1,800 agentic applications on enterprise endpoints, approximately 160 million instances under monitoring. On June 15, CrowdStrike shipped Continuous Identity for AI Agents at Identiverse, replacing static policies with continuous enforcement that authorizes every agent action in real time. The control class that announcement reflects — continuous action-level authorization with verifiable agent identity — is now a baseline procurement criterion regardless of vendor.

“People have kind of forgotten about runtime security,” Zaitsev said. “We did this with endpoint, virtualization, and cloud. People focused on patching vulnerabilities, locking down permissions. Somehow, they always seem to miss something. The safety net is runtime.”

Zaitsev was equally direct about sandbox approaches. “If you start with an agent in a sandbox that has no ability to touch anything, it is worthless. Very quickly, you are in this race of giving it more capabilities. And then what is the point of your sandbox?” Agents derive their value from access. Every access grant is an attack surface.

The governance gap is a budget problem

Kayne McGladrey, an IEEE Senior Member, described the structural challenge in an exclusive interview with VentureBeat. “The CISO doesn’t have the budget. The CISO doesn’t have the staff. We can observe risks, we can advise on business risks, but we don’t own the business systems affected by those risks,” McGladrey said. When agent governance spans six departmental budgets, no single executive can confirm whether agents get the same access reviews as humans.

The Okta survey quantifies the disconnect. Only 43% of workers say agent policies are clear, compared to 65% of executives, and nearly two-thirds apply weaker controls to agents than to humans. The people deploying agents daily do not recognize the governance posture their leadership claims to have built.

Assaf Keren, chief security officer at Qualtrics and former CISO at PayPal, put it plainly. “The real risk starts not by the implementation of AI systems. It is the fact that baseline architecture is not well established. When we put an AI system on top of something not architected well, we are accelerating the fractures.” Keren called runtime behavior analytics “an unsolved problem right now.”

The 5-question gap test

The five-question gap test draws on five surveys from the first half of 2026. Each question maps to a gap that agentjacking exploits. Run this before any Q3 vendor evaluation.

Security director action plan

EU AI Act high-risk compliance obligations take effect August 2, 2026. Worth factoring into Q3 planning timelines.

1. Run the five-question gap test above before any Q3 vendor evaluation — it costs nothing to administer, and the procurement clarity it creates is worth far more than the 30 minutes it takes.

2. Consider mandating agent-specific runtime detection. If your stack cannot tell what an agent did from what a developer did, agentjacking will bypass it the same way it bypassed every layer in Tenet’s testing. That distinction is the one that matters now.

3. Treat every agent as a privileged insider. According to the Okta/Apprize360 survey, only 34% of organizations apply the same controls to agents as to humans; closing that gap is the single most impactful thing most security teams can do this quarter.

4. Test the perception gap before investing in new tooling. One question to 50 knowledge workers. Do you know your company’s AI agent policies? If the gap between their answer and leadership’s answer exceeds 15 points, that is the problem to solve first. No vendor product fixes a governance posture your own workforce does not recognize.

5. Make agent census completion a procurement gate — every agent, every MCP connection. The security teams getting this right are the ones that started with a complete inventory and worked forward from there.

Agentjacking stripped away an assumption that has survived every security architecture since the first firewall went live. Authorized does not mean safe. When every step in the chain is legitimate, the only defense that matters is the one watching what agents do. Not what policies say. What agents do.