vulnerability
closed
2 articles
Rockwell Automation released security advisories addressing multiple vulnerabilities in its industrial control systems products, including Logix, CompactLogix, Flex, RSLinx and FactoryTalk. The advisories cover flaws such as CVE-2025-13036 and CVE-2026-0647, among others.
Jun 17, 2026
—
Jun 19, 2026
campaign
closed
2 articles
Operation Escaneo is a cyber campaign that has been exploiting known vulnerabilities in Fortinet and Ivanti perimeter devices to gain access to networks across Latin America.
Jun 18, 2026
—
Jun 18, 2026
vulnerability
closed
3 articles
Cisco released patches for a critical command execution vulnerability in its Identity Services Engine (ISE) tracked as CVE-2026-20181, which allowed attackers to execute arbitrary code and gain root access due to insufficient input validation.
Jun 17, 2026
—
Jun 18, 2026
breach
closed
1 article
The breach compromised personal information including passport details of approximately 183,000 individuals associated with the Global Schools Group. The exposed data totals around 4.8 terabytes and includes account credentials and other sensitive records.
Jun 18, 2026
—
Jun 18, 2026
campaign
closed
2 articles
Security researchers disclosed two OS command injection flaws in the Splunk AI Toolkit, identified as CVE-2026-20265 and CVE-2026-20266, that could allow attackers to execute arbitrary commands on affected systems.
Jun 17, 2026
—
Jun 18, 2026
breach
closed
2 articles
Kodak confirmed that the ShinyHunters extortion group accessed and exfiltrated approximately 2.2 million records in a security breach. The compromised data includes personal information of customers and employees, though Kodak states there is no ongoing threat to its systems or operations.
Jun 18, 2026
—
Jun 18, 2026
malware
closed
2 articles
Cybercriminals have been distributing the AsyncRAT remote access trojan through counterfeit AI‑study guides that appear as legitimate learning files.
Jun 11, 2026
—
Jun 18, 2026
malware
closed
2 articles
Attackers uploaded malicious versions of popular Mastra-related npm packages, using typosquatted names to trick developers into installing them. The compromised packages contained obfuscated code designed to steal credentials and exfiltrate data from affected projects.
Jun 17, 2026
—
Jun 18, 2026
vulnerability
closed
12 articles
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-48907 (Widget Factory Joomla Content Editor improper access control), CVE-2026-20262 (Cisco Catalyst SD-WAN vulnerability) and CVE-2026-54420 (LiteSpeed cPanel plugin flaw) to its Known Exploited Vulnerabilities catalogu
Jun 15, 2026
—
Jun 17, 2026
breach
closed
2 articles
In mid‑June 2026, the hack‑and‑leak group FulcrumSec claimed to have exfiltrated approximately 1.3 TB of data from Novo Nordisk, including clinical trial records and AI research assets. The group began publishing the stolen files on June 15, 2026, as part of an extortion campaign.
Jun 16, 2026
—
Jun 17, 2026
malware
closed
2 articles
The JDY botnet, linked to Chinese state‑backed threat actors, has resurged and now comprises roughly 1,500 compromised SOHO and IoT devices. The network is actively scanning for vulnerabilities, with a focus on military and government targets.
Jun 10, 2026
—
Jun 17, 2026
breach
closed
1 article
ShinyHunters and FulcrumSec have launched coordinated cyberattacks against multiple education technology firms, compromising sensitive student and institutional data and causing service disruptions.
Jun 17, 2026
—
Jun 17, 2026
incident
closed
4 articles
Researchers identified two previously undocumented Windows variants of the SprySOCKS backdoor, internally labeled WIN_DRV and WIN_PLUS, which employ kernel‑level stealth techniques.
Jun 16, 2026
—
Jun 17, 2026
vulnerability
closed
2 articles
Google and Mozilla released security updates for Chrome and Firefox, addressing over 70 vulnerabilities, including the critical CVE-2026-12437 in Chrome. The patches fix memory safety bugs that could allow remote code execution. Users are advised to update to the latest stable versions.
Jun 17, 2026
—
Jun 17, 2026
vulnerability
closed
2 articles
A vulnerability in the Google Cloud Vertex AI SDK for Python enables attackers with no access to a victim's project to hijack model uploads and execute arbitrary code within Google's serving infrastructure through bucket squatting.
Jun 16, 2026
—
Jun 16, 2026
breach
closed
2 articles
On June 8, iRhythm discovered that attackers had accessed its systems via a social engineering scheme and exfiltrated patient data. The threat actors subsequently contacted the company on June 9, demanding a ransom for the return of the stolen information.
Jun 16, 2026
—
Jun 16, 2026
campaign
closed
3 articles
U.S. Department of Justice and Homeland Security seized the domain names CFake.com and SOCFake.com, which hosted nonconsensual intimate deepfake content, under the newly enacted TAKE IT DOWN Act. The action disrupts a network that distributed exploitative deepfake pornography.
Jun 12, 2026
—
Jun 16, 2026
vulnerability
closed
2 articles
Microsoft patched a critical vulnerability in its M365 Copilot AI platform that could allow attackers to retrieve two-factor authentication codes via a three-stage prompt-injection exploit.
Jun 15, 2026
—
Jun 16, 2026
incident
closed
2 articles
North Korean state‑linked threat actor UNK_DeadDrop launched a phishing campaign that posed as legitimate job offers and fake GitHub repositories to lure software developers. The attackers used the lures to deliver malware designed to steal cryptocurrency wallets and credentials.
Jun 8, 2026
—
Jun 16, 2026
campaign
closed
3 articles
Chinese-linked cyberespionage group UNC6508 infiltrated North American medical, military, and AI research networks, maintaining access for up to two years. The attackers harvested credentials, forwarded emails to external accounts, and exfiltrated sensitive data from multiple institutions.
Jun 15, 2026
—
Jun 16, 2026
vulnerability
closed
6 articles
CVE-2026-48172 is a privilege escalation vulnerability in the LiteSpeed cPanel Plugin that allows any authenticated cPanel user to gain root access. The flaw was exploited as a zero-day in the wild, with threat actors such as the Serpens group using it to deploy new RAT variants.
May 23, 2026
—
Jun 16, 2026
breach
closed
4 articles
Novo Nordisk disclosed that unauthorized actors accessed its IT systems and copied clinical trial data, including deidentified patient information and provider contacts.
Jun 14, 2026
—
Jun 16, 2026
malware
closed
2 articles
On June 10, Mackay Sugar, Australia's second-largest sugar producer, disclosed a ransomware attack carried out by the threat group known as The Gentlemen. The attack forced the shutdown of its milling operations, disrupting the crushing season.
Jun 15, 2026
—
Jun 15, 2026
vulnerability
closed
15 articles
Starting in mid‑May 2026, threat actors began exploiting CVE-2026-0257, an authentication bypass vulnerability in Palo Alto Networks PAN‑OS GlobalProtect VPN, to gain unauthorized access to corporate networks.
May 29, 2026
—
Jun 15, 2026
vulnerability
closed
2 articles
Attackers are actively exploiting a critical remote code execution flaw in Jenkins, tracked as CVE-2026-53435, to execute arbitrary code via the config.xml file. The vulnerability affects Jenkins installations worldwide, allowing unauthenticated or low‑privilege users to compromise servers.
Jun 11, 2026
—
Jun 15, 2026
breach
closed
2 articles
The cybercrime group ShinyHunters claims to have breached the Council of Europe, exfiltrating approximately 300 GB of data that includes employee personal information. The group threatens to publish the stolen data unless its demands are met by 16 June.
Jun 14, 2026
—
Jun 15, 2026
incident
closed
2 articles
The Office of the Maine Attorney General suspended its breach reporting portal after fraudulent submissions claiming to be from VRChat and Discord were filed. The portal, which organizations use to file data breach notices, was taken down to prevent further false reports.
Jun 15, 2026
—
Jun 15, 2026
malware
closed
4 articles
The Silent Ransom Group, also known as Luna Moth, has been targeting law firms in the United States by posing as IT support staff via phone calls and, in some cases, visiting offices in person to gain access to systems.
May 29, 2026
—
Jun 15, 2026
vulnerability
closed
31 articles
Researchers disclosed a critical authentication bypass vulnerability in Oracle PeopleSoft Enterprise PeopleTools (CVE-2026-35273) that allows attackers to gain unauthorized access and manipulate systems.
Jun 10, 2026
—
Jun 15, 2026
breach
closed
2 articles
In March 2026, FortiGuard Labs identified a new variant of the Gafgyt botnet, designated C0XMO, that exploits known vulnerabilities in DDWRT routers to enslave IoT devices.
Jun 8, 2026
—
Jun 14, 2026
campaign
closed
3 articles
Ukrainian national Oleksii Lytvynenko pleaded guilty in U.S. federal court to conspiracy charges related to his participation in the Conti ransomware operation. He was extradited from Ireland last year and faces sentencing for his role in attacks that targeted victims worldwide.
Jun 12, 2026
—
Jun 14, 2026
campaign
closed
2 articles
Law enforcement agencies from multiple countries seized the domain of the AudiA6 dark‑web money‑laundering platform and arrested two suspects in a coordinated takedown.
Jun 12, 2026
—
Jun 12, 2026
vulnerability
closed
2 articles
Google released Chrome version 149, which addresses 28 security flaws, five of them rated critical. The fixes include multiple use-after-free vulnerabilities that could allow remote code execution. Users are advised to update to the latest version to mitigate the risks.
Jun 12, 2026
—
Jun 12, 2026
malware
closed
2 articles
OnyxC2 is a subscription-based stealer that has been advertised on cybercrime forums and is capable of extracting data from more than 210 applications and browser extensions.
Jun 11, 2026
—
Jun 11, 2026
vulnerability
closed
2 articles
Attackers are actively exploiting an unpatched high-severity flaw in Langflow, an open-source low-code platform for building AI applications, identified as CVE-2026-5027. The vulnerability allows unauthenticated remote code execution by enabling arbitrary file writes on affected systems.
Jun 10, 2026
—
Jun 11, 2026
vulnerability
closed
10 articles
In early 2026, an unidentified threat actor exploited a previously unknown high‑severity vulnerability in Cisco Catalyst SD‑WAN devices, gaining privileged command execution and root‑level access.
Jun 5, 2026
—
Jun 10, 2026
malware
closed
2 articles
The ransomware group known as The Gentlemen has risen to become the second most active ransomware gang based on victim count. The gang has attracted numerous affiliates through a recruitment model that offers them 90 percent of any ransom collected.
Jun 10, 2026
—
Jun 10, 2026
vulnerability
closed
10 articles
Microsoft released its June 2026 Patch Tuesday updates, addressing 206 security vulnerabilities across Windows and related software, of which three were publicly disclosed zero‑day flaws, including an HTTP/2 bomb vulnerability (CVE-2026-49160).
Jun 9, 2026
—
Jun 10, 2026
breach
closed
2 articles
In early June 2026, attackers exploited an unauthenticated ServiceNow API to access customer instance data, resulting in a data breach disclosed by ServiceNow via KB3067321. The vulnerability had been known internally since April 7 and was patched after the attacks were detected.
Jun 10, 2026
—
Jun 10, 2026
vulnerability
closed
2 articles
A security researcher known as Chaotic Eclipse (aka Nightmare‑Eclipse) published a proof‑of‑concept exploit for a zero‑day vulnerability named RoguePlanet in Microsoft Defender. The flaw is a race condition that can grant SYSTEM privileges on fully patched Windows systems.
Jun 10, 2026
—
Jun 10, 2026
vulnerability
closed
1 article
Veeam identified a critical remote code execution vulnerability in its Backup & Replication software (versions 12.x) that allows authenticated low‑privileged domain users to execute arbitrary code on backup servers.
Jun 9, 2026
—
Jun 9, 2026
malware
closed
3 articles
The Miasma worm, a self-replicating malware, infiltrated 73 Microsoft GitHub repositories by exploiting AI coding tools and pushing malicious commits.
Jun 6, 2026
—
Jun 9, 2026
malware
closed
2 articles
Attackers uploaded trojanized versions of 19 Python packages to PyPI, embedding malicious startup hooks and .pth files that exfiltrate developer environment variables and cloud credentials.
Jun 7, 2026
—
Jun 9, 2026
vulnerability
closed
3 articles
Researchers discovered a use‑after‑free bug in the Linux kernel's nf_tables packet filtering subsystem tracked as CVE-2026-23111. The flaw enables an unprivileged local user to gain root privileges, including breaking out of containers.
Jun 8, 2026
—
Jun 9, 2026
vulnerability
closed
2 articles
SAP issued urgent security patches for several critical flaws affecting its NetWeaver, Commerce, and SAML components, including CVE-2026-44748 which allows authentication bypass. The vulnerabilities could lead to information disclosure, memory corruption, or disruption of normal system usage.
Jun 9, 2026
—
Jun 9, 2026
malware
closed
4 articles
WhatsApp alleges that NSO Group violated a court injunction by launching spearphishing campaigns targeting WhatsApp users, using test accounts to deliver malicious links designed to install Pegasus spyware.
Jun 8, 2026
—
Jun 9, 2026
campaign
closed
4 articles
The Chinese‑speaking threat cluster TA4922 has broadened its operations beyond East Asia, launching credential‑phishing, malware distribution and fraud campaigns in Europe, Asia and Africa. Researchers observed the group using stealth loader tactics and the Atlas RAT to compromise targets.
Jun 4, 2026
—
Jun 9, 2026
vulnerability
closed
5 articles
Attackers are actively exploiting a critical remote code execution vulnerability (CVE-2026-3300) in the Everest Forms Pro WordPress plugin to gain arbitrary code execution and create rogue admin accounts, leading to full site compromise.
Jun 4, 2026
—
Jun 8, 2026
campaign
closed
1 article
The UNC3753 gang used voice phishing calls posing as IT support to hijack victims' screen sessions and exfiltrate sensitive legal files. They also dispatched operatives to physically insert USB drives into target offices to harvest additional data. The campaign, which targeted dozens of U.S.
Jun 8, 2026
—
Jun 8, 2026
campaign
closed
4 articles
The Silent Ransom Group has been targeting law firms in the United States and abroad with ransomware, using DNS fast flux to hide its command‑and‑control infrastructure.
Jun 5, 2026
—
Jun 8, 2026