Incidents

One story per event: coverage from every outlet, clustered by shared CVEs and signals.

vulnerability closed 2 articles

Rockwell Automation patches multiple ICS vulnerabilities

Rockwell Automation released security advisories addressing multiple vulnerabilities in its industrial control systems products, including Logix, CompactLogix, Flex, RSLinx and FactoryTalk. The advisories cover flaws such as CVE-2025-13036 and CVE-2026-0647, among others.

Jun 17, 2026 Jun 19, 2026
vulnerability closed 3 articles

Cisco patches critical ISE command execution flaw (CVE-2026-20181)

Cisco released patches for a critical command execution vulnerability in its Identity Services Engine (ISE) tracked as CVE-2026-20181, which allowed attackers to execute arbitrary code and gain root access due to insufficient input validation.

Jun 17, 2026 Jun 18, 2026
breach closed 1 article

Global Schools Group breach exposes 183k accounts and passport data

The breach compromised personal information including passport details of approximately 183,000 individuals associated with the Global Schools Group. The exposed data totals around 4.8 terabytes and includes account credentials and other sensitive records.

Jun 18, 2026 Jun 18, 2026
breach closed 2 articles

Kodak data breach linked to ShinyHunters extortion group

Kodak confirmed that the ShinyHunters extortion group accessed and exfiltrated approximately 2.2 million records in a security breach. The compromised data includes personal information of customers and employees, though Kodak states there is no ongoing threat to its systems or operations.

Jun 18, 2026 Jun 18, 2026
malware closed 2 articles

Mastra npm supply chain attack compromises over 140 packages

Attackers uploaded malicious versions of popular Mastra-related npm packages, using typosquatted names to trick developers into installing them. The compromised packages contained obfuscated code designed to steal credentials and exfiltrate data from affected projects.

Jun 17, 2026 Jun 18, 2026
vulnerability closed 12 articles

CISA adds actively exploited Joomla, Cisco and LiteSpeed flaws to KEV catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-48907 (Widget Factory Joomla Content Editor improper access control), CVE-2026-20262 (Cisco Catalyst SD-WAN vulnerability) and CVE-2026-54420 (LiteSpeed cPanel plugin flaw) to its Known Exploited Vulnerabilities catalogu

Jun 15, 2026 Jun 17, 2026
breach closed 2 articles

FulcrumSec data leak targeting Novo Nordisk

In mid‑June 2026, the hack‑and‑leak group FulcrumSec claimed to have exfiltrated approximately 1.3 TB of data from Novo Nordisk, including clinical trial records and AI research assets. The group began publishing the stolen files on June 15, 2026, as part of an extortion campaign.

Jun 16, 2026 Jun 17, 2026
malware closed 2 articles

JDY botnet resurgence expands to 1,500 devices for reconnaissance

The JDY botnet, linked to Chinese state‑backed threat actors, has resurged and now comprises roughly 1,500 compromised SOHO and IoT devices. The network is actively scanning for vulnerabilities, with a focus on military and government targets.

Jun 10, 2026 Jun 17, 2026
breach closed 1 article

ShinyHunters and FulcrumSec cyberattacks target EdTech firms

ShinyHunters and FulcrumSec have launched coordinated cyberattacks against multiple education technology firms, compromising sensitive student and institutional data and causing service disruptions.

Jun 17, 2026 Jun 17, 2026
vulnerability closed 2 articles

Chrome and Firefox security updates patch CVE-2026-12437 and other flaws

Google and Mozilla released security updates for Chrome and Firefox, addressing over 70 vulnerabilities, including the critical CVE-2026-12437 in Chrome. The patches fix memory safety bugs that could allow remote code execution. Users are advised to update to the latest stable versions.

Jun 17, 2026 Jun 17, 2026
breach closed 2 articles

iRhythm patient data breach following social engineering attack

On June 8, iRhythm discovered that attackers had accessed its systems via a social engineering scheme and exfiltrated patient data. The threat actors subsequently contacted the company on June 9, demanding a ransom for the return of the stolen information.

Jun 16, 2026 Jun 16, 2026
campaign closed 3 articles

US seizes deepfake porn domains CFake.com and SOCFake.com under TAKE IT DOWN Act

U.S. Department of Justice and Homeland Security seized the domain names CFake.com and SOCFake.com, which hosted nonconsensual intimate deepfake content, under the newly enacted TAKE IT DOWN Act. The action disrupts a network that distributed exploitative deepfake pornography.

Jun 12, 2026 Jun 16, 2026
incident closed 2 articles

North Korean UNK_DeadDrop phishing campaign targets developers

North Korean state‑linked threat actor UNK_DeadDrop launched a phishing campaign that posed as legitimate job offers and fake GitHub repositories to lure software developers. The attackers used the lures to deliver malware designed to steal cryptocurrency wallets and credentials.

Jun 8, 2026 Jun 16, 2026
campaign closed 3 articles

Chinese cyberespionage group UNC6508 breaches US medical and research networks

Chinese-linked cyberespionage group UNC6508 infiltrated North American medical, military, and AI research networks, maintaining access for up to two years. The attackers harvested credentials, forwarded emails to external accounts, and exfiltrated sensitive data from multiple institutions.

Jun 15, 2026 Jun 16, 2026
breach closed 4 articles

Novo Nordisk data breach exposes clinical trial records

Novo Nordisk disclosed that unauthorized actors accessed its IT systems and copied clinical trial data, including deidentified patient information and provider contacts.

Jun 14, 2026 Jun 16, 2026
malware closed 2 articles

Mackay Sugar hit by ransomware attack, mills halted

On June 10, Mackay Sugar, Australia's second-largest sugar producer, disclosed a ransomware attack carried out by the threat group known as The Gentlemen. The attack forced the shutdown of its milling operations, disrupting the crushing season.

Jun 15, 2026 Jun 15, 2026
vulnerability closed 15 articles

Palo Alto PAN-OS CVE-2026-0257 exploited to bypass GlobalProtect VPN

Starting in mid‑May 2026, threat actors began exploiting CVE-2026-0257, an authentication bypass vulnerability in Palo Alto Networks PAN‑OS GlobalProtect VPN, to gain unauthorized access to corporate networks.

May 29, 2026 Jun 15, 2026
vulnerability closed 2 articles

Jenkins RCE vulnerability CVE-2026-53435 exploited in the wild

Attackers are actively exploiting a critical remote code execution flaw in Jenkins, tracked as CVE-2026-53435, to execute arbitrary code via the config.xml file. The vulnerability affects Jenkins installations worldwide, allowing unauthenticated or low‑privilege users to compromise servers.

Jun 11, 2026 Jun 15, 2026
breach closed 2 articles

ShinyHunters claims breach of Council of Europe, threatens data leak

The cybercrime group ShinyHunters claims to have breached the Council of Europe, exfiltrating approximately 300 GB of data that includes employee personal information. The group threatens to publish the stolen data unless its demands are met by 16 June.

Jun 14, 2026 Jun 15, 2026
incident closed 2 articles

Maine Attorney General suspends breach reporting portal after fake submissions

The Office of the Maine Attorney General suspended its breach reporting portal after fraudulent submissions claiming to be from VRChat and Discord were filed. The portal, which organizations use to file data breach notices, was taken down to prevent further false reports.

Jun 15, 2026 Jun 15, 2026
campaign closed 3 articles

Ukrainian national pleads guilty to Conti ransomware conspiracy

Ukrainian national Oleksii Lytvynenko pleaded guilty in U.S. federal court to conspiracy charges related to his participation in the Conti ransomware operation. He was extradited from Ireland last year and faces sentencing for his role in attacks that targeted victims worldwide.

Jun 12, 2026 Jun 14, 2026
vulnerability closed 2 articles

Chrome 149 security update patches 28 vulnerabilities

Google released Chrome version 149, which addresses 28 security flaws, five of them rated critical. The fixes include multiple use-after-free vulnerabilities that could allow remote code execution. Users are advised to update to the latest version to mitigate the risks.

Jun 12, 2026 Jun 12, 2026
malware closed 2 articles

OnyxC2 malware-as-a-service targets over 200 applications

OnyxC2 is a subscription-based stealer that has been advertised on cybercrime forums and is capable of extracting data from more than 210 applications and browser extensions.

Jun 11, 2026 Jun 11, 2026
vulnerability closed 2 articles

Langflow vulnerability CVE-2026-5027 exploited for unauthenticated remote code execution

Attackers are actively exploiting an unpatched high-severity flaw in Langflow, an open-source low-code platform for building AI applications, identified as CVE-2026-5027. The vulnerability allows unauthenticated remote code execution by enabling arbitrary file writes on affected systems.

Jun 10, 2026 Jun 11, 2026
malware closed 2 articles

Gentlemen ransomware gang surges to second most active by victim count

The ransomware group known as The Gentlemen has risen to become the second most active ransomware gang based on victim count. The gang has attracted numerous affiliates through a recruitment model that offers them 90 percent of any ransom collected.

Jun 10, 2026 Jun 10, 2026
breach closed 2 articles

ServiceNow unauthenticated API flaw exposes customer data

In early June 2026, attackers exploited an unauthenticated ServiceNow API to access customer instance data, resulting in a data breach disclosed by ServiceNow via KB3067321. The vulnerability had been known internally since April 7 and was patched after the attacks were detected.

Jun 10, 2026 Jun 10, 2026
vulnerability closed 2 articles

RoguePlanet zero‑day in Microsoft Defender allows SYSTEM privilege escalation

A security researcher known as Chaotic Eclipse (aka Nightmare‑Eclipse) published a proof‑of‑concept exploit for a zero‑day vulnerability named RoguePlanet in Microsoft Defender. The flaw is a race condition that can grant SYSTEM privileges on fully patched Windows systems.

Jun 10, 2026 Jun 10, 2026
campaign closed 4 articles

TA4922 cybercrime group expands attacks across Europe, Asia and Africa

The Chinese‑speaking threat cluster TA4922 has broadened its operations beyond East Asia, launching credential‑phishing, malware distribution and fraud campaigns in Europe, Asia and Africa. Researchers observed the group using stealth loader tactics and the Atlas RAT to compromise targets.

Jun 4, 2026 Jun 9, 2026
campaign closed 1 article

UNC3753 conducts vishing and USB drop attacks to steal legal data

The UNC3753 gang used voice phishing calls posing as IT support to hijack victims' screen sessions and exfiltrate sensitive legal files. They also dispatched operatives to physically insert USB drives into target offices to harvest additional data. The campaign, which targeted dozens of U.S.

Jun 8, 2026 Jun 8, 2026