June 19, 2026
Today's top tech stories, deduped across the newsletters I read and briefly summarized. Click a source to open the original article.
AI
Noam Shazeer Joins OpenAI
Noam Shazeer, co-inventor of the Transformer architecture and founder of Character.AI, announced he is joining OpenAI. The hire is one of the highest-profile AI industry moves of 2026.
GLM-5.2 Released as Open-Weights Model Under MIT License
Chinese AI lab Z.ai released GLM-5.2 as a fully open-weights model under an MIT license, with Simon Willison calling it likely the most powerful text-only open-weights LLM available. The model was first available to coding subscribers on June 13 before the full open release on June 16.
Security
Over 10,000 GitHub Repositories Found Distributing Trojan Malware
A security researcher discovered more than 10,000 GitHub repositories actively distributing Trojan malware, often disguised as popular tools and projects. The campaign exploits GitHub's trusted infrastructure to target unsuspecting developers.
"FortiBleed" Leak Exposes VPN Credentials for 73,000 Fortinet Devices
A data leak dubbed "FortiBleed" has exposed VPN credentials for 73,932 Fortinet and FortiGate firewall URLs across organizations worldwide. The breach poses a serious network security risk for affected organizations.
Law Enforcement Cleans SocGholish Malware from Nearly 15,000 WordPress Sites
International law enforcement agencies removed malware from nearly 15,000 infected WordPress websites and took down over 100 servers tied to the SocGholish botnet and Russian cybercrime group Evil Corp. The operation is one of the largest coordinated WordPress malware cleanups on record.
"Gentlemen" Ransomware Deploys Multiple EDR Killers to Disable Defenses
The "Gentlemen" ransomware-as-a-service group is actively building and maintaining a suite of EDR-killing tools to help affiliates evade detection during attacks. The approach makes it significantly harder for security products to detect and stop intrusions.
ShapedPlugin Update System Hacked in WordPress Supply Chain Attack
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack, with infected releases pushed to paying customers through the vendor's official update system. The attack directly targets users who rely on legitimate update channels.
Klue OAuth Breach Linked to "Icarus" Salesforce Data Theft Campaign
Market intelligence platform Klue suffered an OAuth breach that enabled the "Icarus" threat actor to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign. The incident highlights the risks of OAuth integrations across third-party platforms.
Dev
Zero-Touch OAuth for MCP Simplifies Enterprise Authentication
The Model Context Protocol (MCP) launched Zero-Touch OAuth, letting enterprises centralize authentication without requiring developers to manually handle OAuth flows per tool. The feature targets simpler, secure enterprise integration of AI agents.
IT
Elkjøp Fined €1.8M for Unlawful Forced Consent
After five years of warnings that forced consent was unlawful, Elkjøp was fined €1.8 million by data protection authorities. The case shows that GDPR enforcement against large retailers eventually delivers results, even if slowly.
Ubiquiti Launches Enterprise NAS Built on ZFS
Ubiquiti introduced an enterprise NAS solution built on the ZFS file system, targeting the business market with a focus on reliability and data integrity. This is Ubiquiti's first dedicated enterprise storage product.
Other
Swiss Parliament Lifts Ban on New Nuclear Power Plants
Switzerland's parliament voted to overturn its post-Fukushima moratorium on new nuclear power plant construction, reversing a policy in place since 2011. The decision opens the door to new reactor construction for the first time in over a decade.