As end users get smarter, scammers get more difficult

This week, we discuss a growing "cyber arms race" where advanced threat actors use hard-to-detect methods like AI-driven prompt injection and "Agentjacking" attacks. It reports major data breaches, including in Texas and at Madison Square Garden, and notes that even cybersecurity firms and tech giants like Meta face internal exposures. Despite attackers blinding AI security tools, law enforcement and companies like Microsoft and Cloudflare are using AI to combat "cybercrime-as-a-service" and enhance web traffic integrity. Hexagon Center advises treating smart devices with caution and invites community involvement to develop adaptive security programs for this high-stakes digital landscape.

HX Weekly
by Hexagon Center

for the week of June 21, 2026, 127th edition

Subscribe at hexagoncenter.org

☝️ TWA

The arms race of end users v. hackers and scammers

While end users are becoming more aware, the methods used by scammers are simultaneously becoming more difficult to detect.

🤷‍♀️ What now?: Stay vigilant, stay updated. HX Weekly makes it easy to do that.

Tools: Hexagon Center, cyber hygiene and vigilance

about this edition and Inside Hexagon

We are learning that collectively, we are getting "smarter" while scammers are getting "harder to detect." It is a phenomenon where the threshold for what constitutes a "believable" scam has been raised for both sides.

We are still going. More programs are being developed as cybersecurity becomes more and more complex. If you are interested in contributing to this great work, join one of the boards of Hexagon Center. We are always growing.

Despite increased public awareness, sophisticated threat actors are deploying harder-to-detect methods like AI-driven prompt injection, proxy-laced smart TV apps, and “Agentjacking” attacks on AI ecosystems.

This edition details major data compromises, including millions of driver’s licenses in Texas and records at Madison Square Garden, while noting that even cybersecurity firms and tech giants like Meta are vulnerable to internal exposures.

While attackers innovate to blind AI-assisted security tools, law enforcement and companies like Microsoft and Cloudflare are using AI to proactively dismantle “cybercrime-as-a-service” operations and improve web traffic integrity.

Hexagon Center urges readers to treat all smart devices with heightened suspicion and invites the community to join their growing board to develop complex, adaptive security programs for navigating this high-stakes digital environment.

- HX Weekly Team
HOUSEKEEPING

Glossary/Legend:

  • Zero Trust - a strategic cybersecurity framework based on the principle of "never trust, always verify," requiring strict identity authentication and authorization for every user and device, whether inside or outside the network perimeter. It assumes breach, removes implicit trust, and employs granular, least-privilege access controls to protect resources. 

  • Holistic security - a comprehensive strategy that integrates various protection layers—physical, digital, psycho-social, and organizational—to safeguard individuals, communities, or systems, recognizing that true security involves overall well-being, not just isolated technical defenses.

  • MFA - Multi-Factor Authentication is a security process that requires users to provide two or more verification methods to access an account or system.

  1. Personal Identifier - A unique word or phrase shared exclusively with an individual or a group, serving as a means of identification and affirmation within the established relationship. It is recommended that 2 or more Personal Identifiers be established per person.

  2. Malware (short for malicious software) - refers to any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers and computer systems.

  3. Ransomware - A type of malware that locks or encrypts a victim's files and demands a ransom payment to unlock and decrypt them. Ransomware can infect a variety of devices, including computers, smartphones, printers, and more.

Privacy Notice: HX Weekly and the Hexagon Center are committed to your digital security. We do not collect, track, or store any personal information from our subscribers beyond the email address provided for delivery.

Spread cybersecurity culture

Do you have any suggestions on how we can further share this newsletter? Tell your friends and family about us by sharing with them the Hexagon Center official website:
View archives at hxweekly.beehiiv.com

Even though we aim to provide you the most current and critical information to keep you safe, threat actors work 24/7 and this newsletter publishes only once a week. Even though we are available via a hotline, it is crucial that you stay up to date via other sources as well to be informed on how you may be at risk.

You may reply to this newsletter or email us at
[email protected]

Send us any questions or things you want to talk about. Please share some fun facts with us. We welcome feedback and suggestions.

Hexagon Center is formed as a nonprofit corporation in California for public benefit,
and is tax-exempt under section 501(c)(3) of the Internal Revenue Code.

Cybersecurity is an ever-changing field, and threats may evolve. While Hexagon Center strives to provide accurate and timely information, we cannot guarantee absolute security. Users are responsible for implementing their security measures and staying informed about the latest cybersecurity developments. Hexagon Center is not responsible for any cyber or scam attacks by our readers. HX Weekly tips are advice are not official positions of Hexagon Center nor is Hexagon Center responsible for its content.

Content of this newsletter is not an official representation of Hexagon Center.

Reply

or to participate.