The EU and OECD Set 19 AI Literacy Competences for Schools, and Hand Districts a Curriculum Blueprint
AI & ML
Bruno Digital · 1h ago

The EU and OECD Set 19 AI Literacy Competences for Schools, and Hand Districts a Curriculum Blueprint

Brussels just published a final AI literacy framework with 19 competences across four domains, giving education ministries and edtech vendors a shared vocabulary for what every student should know about AI.

Cybernews Finds an Open Database With 24 Billion Stolen Credentials, and It Was Being Updated Live
Cybersecurity·2h ago

Cybernews Finds an Open Database With 24 Billion Stolen Credentials, and It Was Being Updated Live

An 8.3 terabyte Elasticsearch cluster sitting on the open internet held 24 billion credential records pulled from 36 sources, and someone was keeping it current. For enterprises, this is a credential stuffing accelerant, not a one-off leak.

Bruno DigitalRead news
CISA Gives Federal Agencies Until June 29 to Patch the Eighth Cisco SD-WAN Zero-Day of the Year
Cybersecurity·21h ago

CISA Gives Federal Agencies Until June 29 to Patch the Eighth Cisco SD-WAN Zero-Day of the Year

CVE-2026-20262 lets an authenticated attacker write any file on a Catalyst SD-WAN Manager and pivot to root. Cisco found it being exploited, CISA put it on the KEV list, and the deadline is days away.

Bruno DigitalRead news
The Shai-Hulud Worm Returns, Hitting More Than 100 npm and PyPI Packages With Self-Spreading Malware
Cybersecurity·1d ago

The Shai-Hulud Worm Returns, Hitting More Than 100 npm and PyPI Packages With Self-Spreading Malware

A new wave of the self-replicating Shai-Hulud supply chain worm has compromised over 100 packages across npm and PyPI, harvesting developer secrets and using them to infect everything the victim can publish. The open source dependency tree is now an attack surface that fights back.

Bruno DigitalRead news
OpenAI Expands Daybreak With GPT-5.5-Cyber to Hand Defenders an Automated Patching Engine
Cybersecurity·1d ago

OpenAI Expands Daybreak With GPT-5.5-Cyber to Hand Defenders an Automated Patching Engine

OpenAI has moved GPT-5.5-Cyber from preview to a controlled release and paired it with a new Patch the Planet program, betting that the same models defenders fear can now close vulnerabilities faster than attackers can weaponize them.

Bruno DigitalRead news
A Fake AI Agent Skill Sailed Past Every Scanner and Reached 26,000 Agents
Cybersecurity·1d ago

A Fake AI Agent Skill Sailed Past Every Scanner and Reached 26,000 Agents

Security firm AIR planted a booby-trapped skill in a marketplace, watched every scanner wave it through, and then swapped the payload after 26,000 agents had already installed it. The lesson for the enterprise is uncomfortable.

Bruno DigitalRead news
GitHub Hardens actions/checkout by Default to Blunt Pwn Request Supply Chain Attacks
Cybersecurity·1d ago

GitHub Hardens actions/checkout by Default to Blunt Pwn Request Supply Chain Attacks

GitHub's actions/checkout v7 now refuses to fetch fork pull request code in privileged pull_request_target and workflow_run workflows, closing a long-standing class of attack that has leaked secrets and the GITHUB_TOKEN.

Bruno DigitalRead news
Trump Order Gives Federal Agencies Until 2030 to Move to Post-Quantum Cryptography
Cybersecurity·1d ago

Trump Order Gives Federal Agencies Until 2030 to Move to Post-Quantum Cryptography

Executive Order 14409 pulls the federal post-quantum migration timeline forward by half a decade, setting hard 2030 and 2031 deadlines and putting the harvest now, decrypt later threat at the center of national security planning.

Bruno DigitalRead news
Qilin Claims the Central Bank of Libya, and a Sovereign Monetary Authority Becomes a Double Extortion Target
Cybersecurity·1d ago

Qilin Claims the Central Bank of Libya, and a Sovereign Monetary Authority Becomes a Double Extortion Target

The Qilin ransomware crew has listed the Central Bank of Libya on its leak site and threatened to publish confidential banking data. The bank says it isolated the affected systems, but the episode shows how far ransomware has climbed up the target list.

Bruno DigitalRead news
Icarus Breaches Klue and Uses Stolen OAuth Tokens to Loot Salesforce Data From Ten Security Firms
Cybersecurity·1d ago

Icarus Breaches Klue and Uses Stolen OAuth Tokens to Loot Salesforce Data From Ten Security Firms

A new extortion crew called Icarus broke into market-intelligence vendor Klue, stole customers' OAuth tokens, and quietly drained Salesforce data from ten organizations, most of them the very security firms enterprises trust to protect them.

Bruno DigitalRead news
DifyTap: Cross-Tenant Flaws in Dify Could Expose One Customer's AI Chats to Another
Cybersecurity·1d ago

DifyTap: Cross-Tenant Flaws in Dify Could Expose One Customer's AI Chats to Another

Zafran Security details four authorization and path-traversal bugs in the popular Dify agent platform, two of them critical, that let users reach across tenant boundaries to read documents and conversations they never should have seen.

Bruno DigitalRead news
Squidbleed: A 29-Year-Old Squid Proxy Bug Leaks Other Users' Cleartext Web Traffic
Cybersecurity·2d ago

Squidbleed: A 29-Year-Old Squid Proxy Bug Leaks Other Users' Cleartext Web Traffic

A heap over-read rooted in a 1997 FTP parsing change lets a trusted client on a shared Squid proxy harvest fragments of other users' HTTP requests, including credentials and session tokens. The fix many shops will reach for is simply turning FTP off.

Bruno DigitalRead news
Cybersecurity·2d ago

North Korea's Sapphire Sleet Backdoors 144 Mastra AI npm Packages Through One Forgotten Account

Microsoft has tied a single 88-minute spree that poisoned 144 packages in the Mastra AI framework to North Korea's Sapphire Sleet, after a dormant contributor account that nobody revoked handed attackers the keys to the entire scope.

Bruno DigitalRead news