Are you sure?

AI-driven deception has reached a point that even leading deepfake experts no longer trust their observations. Imposter scams cost victims a record $3.5 billion in 2025, and sophisticated AI-powered threats include hallucinated reports, fake data breaches, and hardware exploitation. Social engineering remains the most common route to compromise, with threat actors extorting universities and attackers hijacking WordPress plugins and Steam Workshop content. The update urges readers to adopt a “verify-first” mindset, rejecting blind trust and adopting rigorous personal verification. It invites the community to engage with their new 7-hour cycle of security PSAs to build cyber resilience.

Daniel Masterson, Ai Courtrie Buson & Bard Gee
June 19, 2026

HX Weekly
^{by Hexagon Center}

^{for the week of June 14, 2026, 126th edition}

Subscribe at hexagoncenter.org

☝️ TWA

Is that you, AI?

Giphy

When will we stop talking about AI? Not today. That’s why there are a lot of new scams that are AI-generated. No doubt, if you look on both sides, both sides are using AI.

Meanwhile, strengthen your security by using MFA and turning on alerts.

🤷‍♀️ What now?: Verify. If you can’t verify, don’t share.

Tools: Always Be Doubtful

Meanwhile … ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw

WATCH OUT ◉_◉ Apple fixes Beats Studio Buds flaw that let hackers spy on conversations

MUST READ: The World’s Leading Deepfake Expert No Longer Trusts His Own Eyes

Echos: FTC warns of record $3.5 billion losses to imposter scams in 2025

📰 Security Highlights

In other news, Agentjacking: Researchers Show How One Fake Bug Report Can Hijack AI Coding Agents

GOOD READ: Cybercriminals Are Worried About AI Taking Their Jobs Too

about this edition and Inside Hexagon

Our systems are frequently compromised due to social engineering tactics. This indicates that someone has been careless, perhaps by neglecting to enable MFA or skipping a crucial verification step. Whether it's an email, a familiar voice, or even a video, always verify by using the callback method or a personal identifier.

Inside Hexagon

Get ready for some thrilling news! Hexagon Center just dropped an electrifying World Cup cybersecurity PSA about typosquatting, where unsuspecting fans are tricked into buying "official" tickets and merchandise from bogus websites. But wait, there's more! Hexagon Center is on a roll, unleashing a brand-new PSA every 7 hours on YouTube. Dive in and see if you can guess the theme of each one. They're a blast to watch and will keep you guessing while you learn!

Guess what? This week at the center is buzzing with thrilling new developments! We're jazzing up our PSA with some exciting tweaks and rolling out fresh schedules for our upcoming video releases. There's always something new and exhilarating happening at Hexagon Center! Why not dive into the action and join our team or volunteer with us at Hexagon Center?

This edition of HX Weekly highlights an increasingly blurred digital reality where AI-driven deception has reached a point that even the world’s leading deepfake experts no longer trust their own observations.

As imposter scams surge—costing victims a record $3.5 billion in 2025—the newsletter warns of sophisticated AI-powered threats, ranging from hallucinated corporate reports and fake data breach notifications to the exploitation of hardware like Apple’s Beats Studio Buds.

With threat actors such as ShinyHunters actively extorting universities and attackers hijacking everything from WordPress plugins to Steam Workshop content, the Hexagon Center underscores that social engineering remains the most common route to compromise.

Ultimately, the update serves as a call to adopt a "verify-first" mindset, urging readers to reject the convenience of blind trust and adopt rigorous personal verification, while inviting the community to engage with their new 7-hour cycle of security PSAs to build the cyber resilience necessary for this turbulent digital landscape.

- HX Weekly Team

HOUSEKEEPING

Glossary/Legend:

Zero Trust - a strategic cybersecurity framework based on the principle of "never trust, always verify," requiring strict identity authentication and authorization for every user and device, whether inside or outside the network perimeter. It assumes breach, removes implicit trust, and employs granular, least-privilege access controls to protect resources.
Holistic security - a comprehensive strategy that integrates various protection layers—physical, digital, psycho-social, and organizational—to safeguard individuals, communities, or systems, recognizing that true security involves overall well-being, not just isolated technical defenses.
MFA - Multi-Factor Authentication is a security process that requires users to provide two or more verification methods to access an account or system.

Personal Identifier - A unique word or phrase shared exclusively with an individual or a group, serving as a means of identification and affirmation within the established relationship. It is recommended that 2 or more Personal Identifiers be established per person.
Malware (short for malicious software) - refers to any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers and computer systems.
Ransomware - A type of malware that locks or encrypts a victim's files and demands a ransom payment to unlock and decrypt them. Ransomware can infect a variety of devices, including computers, smartphones, printers, and more.

Privacy Notice: HX Weekly and the Hexagon Center are committed to your digital security. We do not collect, track, or store any personal information from our subscribers beyond the email address provided for delivery.

Spread cybersecurity culture

Do you have any suggestions on how we can further share this newsletter? Tell your friends and family about us by sharing with them the Hexagon Center official website:

hexagoncenter.org

View archives at hxweekly.beehiiv.com

Even though we aim to provide you the most current and critical information to keep you safe, threat actors work 24/7 and this newsletter publishes only once a week. Even though we are available via a hotline, it is crucial that you stay up to date via other sources as well to be informed on how you may be at risk.

You may reply to this newsletter or email us at
[email protected]

Send us any questions or things you want to talk about. Please share some fun facts with us. We welcome feedback and suggestions.

_{Hexagon Center is formed as a nonprofit corporation in California for public benefit,}
_{and is tax-exempt under section 501(c)(3) of the Internal Revenue Code.}

_{Cybersecurity is an ever-changing field, and threats may evolve. While Hexagon Center strives to provide accurate and timely information, we cannot guarantee absolute security. Users are responsible for implementing their security measures and staying informed about the latest cybersecurity developments. Hexagon Center is}_not_{responsible for any cyber or scam attacks by our readers. HX Weekly tips are advice are not official positions of Hexagon Center nor is Hexagon Center responsible for its content.}

Content of this newsletter is not an official representation of Hexagon Center.

_{SEE MORE DISCLAIMER HERE}

Reply

or to participate.