When you least expect it ...

This week, we emphasize that cyberattacks are not a matter of "if" but "when," warning that threat actors remain highly active even during summer months. Want to focus on the critical intersections between AI governance, emerging privacy concerns—such as the Apple "Hide My Email" bug—and landmark legal decisions like the Supreme Court's ruling on geofence warrants. To combat this relentless landscape, the Hexagon Center advocates for "security by default" and encourages community members to utilize resources like HX Weekly and the newly revived HexagonPSA department to maintain vigilance.

HX Weekly
by Hexagon Center

for the week of June 28, 2026, 128th edition

Subscribe at hexagoncenter.org

☝️ TWA

is when you should be expecting it

As always, “just when you least expect it” is not a phrase that only you’re familiar with; it’s also something about which cyber threat actors know well.

🤷‍♀️ What now?: Keep your vigilance up, especially during the holidays.

Tools: Use HX Weekly and HexagonPSA to help you keep apprised and vigilant.

This week, we want to talk about the fast-changing world where AI governance, critical infrastructure threats, and evolving legal privacy standards intersect. Some of the big stories include the U.S. government's intricate strategy on AI exports and the Supreme Court's groundbreaking decision to restrict geofence warrants, a hot topic in today's digital privacy debates. The threat landscape is as fierce as ever, with active exploitation of vulnerabilities in platforms like Cisco and Oracle, the rise of autonomous and browser-only ransomware, and sophisticated attacks targeting both businesses and AI-driven processes. Amid these technical hurdles, industry experts keep stressing the importance of "security by design," weaving digital trust into corporate governance, and staying alert to ongoing identity-based attacks.

about this edition and Inside Hexagon

There were just a lot of noteworthy headlines this week. The span across the spectrum of cybersecurity. Needless to say, we are never able to fit everything we hope to fit into our newsletter. It only says one thing — the attacks are rampant and if you wonder if you’ll ever be targeted, you either already have been targeted or will be targeted. It’s not a matter of if, it’s a matter of when.

We are moving into the summer. That means we have to start getting ourselves ready for the year-end holidays. Volunteering at Hexagon Center is not only fun, it’s educational and edifying. Join the team and be part of something that matters to them and to you. Also, we are bringing back the old videos and getting our newly created department, HexagonPSA, to revive them.

This week, we emphasize that cyberattacks are not a matter of "if" but "when," warning that threat actors remain highly active even during summer months. The report details a surge in diverse threats, including healthcare data theft at Medtronic, a tenfold increase in attacks on the UK healthcare sector, and vulnerabilities in AirDrop and Microsoft SharePoint. Alongside these technical exploits, the newsletter highlights critical intersections between AI governance, emerging privacy concerns—such as the Apple "Hide My Email" bug—and landmark legal decisions like the Supreme Court's ruling on geofence warrants. To combat this relentless landscape, the Hexagon Center advocates for "security by default" and encourages community members to utilize resources like HX Weekly and the newly revived HexagonPSA department to maintain vigilance.

- HX Weekly Team
HOUSEKEEPING

Glossary/Legend:

  • Zero Trust - a strategic cybersecurity framework based on the principle of "never trust, always verify," requiring strict identity authentication and authorization for every user and device, whether inside or outside the network perimeter. It assumes breach, removes implicit trust, and employs granular, least-privilege access controls to protect resources. 

  • Holistic security - a comprehensive strategy that integrates various protection layers—physical, digital, psycho-social, and organizational—to safeguard individuals, communities, or systems, recognizing that true security involves overall well-being, not just isolated technical defenses.

  • MFA - Multi-Factor Authentication is a security process that requires users to provide two or more verification methods to access an account or system.

  1. Personal Identifier - A unique word or phrase shared exclusively with an individual or a group, serving as a means of identification and affirmation within the established relationship. It is recommended that 2 or more Personal Identifiers be established per person.

  2. Malware (short for malicious software) - refers to any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers and computer systems.

  3. Ransomware - A type of malware that locks or encrypts a victim's files and demands a ransom payment to unlock and decrypt them. Ransomware can infect a variety of devices, including computers, smartphones, printers, and more.

Privacy Notice: HX Weekly and the Hexagon Center are committed to your digital security. We do not collect, track, or store any personal information from our subscribers beyond the email address provided for delivery.

Spread cybersecurity culture

Do you have any suggestions on how we can further share this newsletter? Tell your friends and family about us by sharing with them the Hexagon Center official website:
View archives at hxweekly.beehiiv.com

Even though we aim to provide you the most current and critical information to keep you safe, threat actors work 24/7 and this newsletter publishes only once a week. Even though we are available via a hotline, it is crucial that you stay up to date via other sources as well to be informed on how you may be at risk.

You may reply to this newsletter or email us at
[email protected]

Send us any questions or things you want to talk about. Please share some fun facts with us. We welcome feedback and suggestions.

Hexagon Center is formed as a nonprofit corporation in California for public benefit,
and is tax-exempt under section 501(c)(3) of the Internal Revenue Code.

Cybersecurity is an ever-changing field, and threats may evolve. While Hexagon Center strives to provide accurate and timely information, we cannot guarantee absolute security. Users are responsible for implementing their security measures and staying informed about the latest cybersecurity developments. Hexagon Center is not responsible for any cyber or scam attacks by our readers. HX Weekly tips are advice are not official positions of Hexagon Center nor is Hexagon Center responsible for its content.

Content of this newsletter is not an official representation of Hexagon Center.

Reply

or to participate.