HomeWeekly DigestsThis Week
LiveThreat Threat Intelligence

Weekly Threat Intelligence Digest — Jun 01 to Jun 08, 2026

Weekly threat intelligence digest from 405 items (33 critical, 187 high).

June 08, 2026 405 articles analyzed
LIVETHREAT WEEKLY THREAT DIGEST June 01 – June 08, 2026 This week the data reinforced a growing reality: attackers are no longer needing to break the perimeter – they are hijacking the trusted relationships that bind your ecosystem together. From Meta’s AI‑support bot handing over Instagram accounts, to ransomware‑linked supply‑chain compromises of npm packages and Red Hat pipelines, the common denominator is privileged access inside third‑party services. Simultaneously, a wave of zero‑day exploits (Cisco SD‑WAN, Windows Netlogon, WordPress plugins) is being weaponised before patches land, amplifying the blast radius of any single vendor breach. Large‑scale data dumps from ShinyHunters and DentaQuest show how quickly exposed credentials cascade downstream. 👉 Access, not vulnerability, is the primary risk driver. 🚨 EXECUTIVE RISK SNAPSHOT * Supply‑chain foothold → MSPs, CI/CD platforms, SaaS admin consoles, and API providers were the entry points for 8 supply‑chain attacks and 12 credential‑compromise incidents. * Privilege amplifies impact → A single compromised cloud admin account enabled the theft of >20 k Instagram accounts and the exposure of 2.6 M health records, illustrating how privileged access multiplies data loss. * Blind‑spot assets → Mis‑configured OT (fuel‑tank gauges) and undocumented third‑party dependencies remain invisible in most TPRM inventories, creating hidden exposure pathways. 🔍 WHAT CHANGED THIS WEEK * AI‑driven support tools are now attack vectors – Meta’s chatbot flaw shows LLM interfaces can be abused to reset passwords without user interaction. * npm and container supply chains are under siege – Red Hat, Miasma, and IronWorm malware injected credential‑stealers into widely‑used developer packages. * Zero‑day exploitation speed has outpaced patch cycles – Cisco SD‑WAN and Windows Netlogon zero‑days were observed in the wild within days of disclosure. * Extortion‑driven data dumps are becoming a continuous threat – ShinyHunters published multiple vendor‑level dumps, turning a breach into a regulatory nightmare for downstream partners. 🎯 WHERE YOU ARE MOST LIKELY EXPOSED * SaaS platforms with admin‑level API keys (e.g., GitHub, Azure, AWS) – especially those integrated via CI/CD pipelines. * Vendors that rely on third‑party libraries or container images (npm, Docker Hub, Red Hat) without runtime SBOM verification. * Cloud hosting providers and managed service providers that host critical workloads but have not enforced MFA on privileged accounts. * Organizations using AI‑driven customer‑service bots or LLM‑augmented tools without strict input validation. ⚡ WHAT TPRM LEADERS SHOULD DO THIS WEEK 1. Conduct a privileged‑access audit across all vendor contracts. 👉 Ask: “Which of your staff hold admin or root access to our environment, and how is that access logged?” #Cybersecurity #TPRM #VendorRisk #SupplyChainSecurity #ThreatIntel #LiveThreat #VerisqAI

Articles Referenced in This Digest 405 items

Advisory (124)

HighCisco Warns Agentic AI Will Put New Pressure on Enterprise Networks
HighSecuring CI/CD in an agentic world: Claude Code Github action case
HighNew CISA Warning: Hackers Are Targeting Fuel Tank Monitoring Systems
HighGot a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5
HighApple removes Russia’s state-backed messaging app Max from its store
High4 Critical Threats Where Attackers Have the Advantage
HighFTC considers setting aside or modifying $150 million privacy penalty against X
HighSoftware supply chain attacks: check your dependencies
High CISA warns of cyberattacks targeting fuel tank monitoring systems
HighOnly 11% of production agents pass the AI agent security bar
HighSecuring AI Agents Before They Go Rogue Is Next to Impossible
HighWhat CISOs need to do about post-quantum migration in the next 24 months
HighCISA and Partners Urge Hardening Automatic Tank Gauge Systems
HighUpdate Now: Apple Rolls Out Critical Fixes for iPhone 17, M5 Macs
HighFBI Warning: World Cup Scammers Are Spoofing FIFA Tickets, Job Sites
HighAI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.
HighInspector general finds NIST mistakes have made vulnerability database ineffective
HighVulnerability Disclosure in the Age of AI
HighRace Against Time: Why Faster Vulnerability Alerts Matter
MediumMost pros have seen AI hallucinations in IT operations
MediumTrump considers Palantir exec to lead CISA
MediumThe modern-day business can learn a lot about risk from this year’s mega events
MediumMicrosoft's Coreutils for Windows, (Thu, Jun 4th)
MediumCyber Insurance Rates Are Dropping, but Exclusions Widen
MediumDHS chief signals efforts to reshape CISA
MediumWhite House unveils pared-back AI executive order
MediumWork IQ is Microsoft's big bet on agent-first enterprise IT, and I have questions
MediumENISA NIS360 2026: Progress Across the Board, But the Sectors That Matter Most Are Still Falling Short
MediumHow Leading Organizations Are Turning EDR Into Operational Resilience
MediumMeta tries to get ahead of scammers before the World Cup begins
MediumOpenAI requires stronger authentication for users of its most powerful AI models
InformationalHands on with Intelligent Terminal, an AI-powered Windows Terminal
InformationalApple WWDC live blog: Everything we're expecting, from iOS 27 to Siri to smart glasses
LowYears of emergency prep taught me how to storm-proof my solar generators
LowAndroid Auto is way more customizable than you might realize - 6 tricks to try ASAP
LowI saw the Surface Laptop Ultra at Computex and it's clear: Microsoft has gone beastmode
LowThe Apple Watch needs a better Siri more than the iPhone right now
LowNew ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
LowHow Google could turn Siri into the AI health coach my Apple Watch needs
Informational3 ways a smarter Siri could make me rethink the HomePod over Sonos and Bose
Informational5 ways Android Auto beats your car's own infotainment system - hands down
LowI cracked open a '1,000W' portable charger after it failed me in minutes - the cause was clear (and gooey)
InformationalAdvancing Cybersecurity in the Age of Frontier AI: Qualys Steps into Project Glasswing
InformationalTrump AI Order Seeks Voluntary Frontier Model Testing
InformationalPhotos: Infosecurity Europe 2026
InformationalLet’s Encrypt works toward post-quantum certificates at web scale
InformationalOnly 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver
Informational AI: Threat, tool, or both?
InformationalBest VPNs for YouTube in 2026: Expert tested and reviewed
InformationalWWDC returns June 8: What we know and how to watch the Apple event
InformationalReporting from Vegas: Networking, AI, and good boys
LowApple Begins Rosetta’s Final Phase as Intel Mac Era Winds Down
LowBugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs
InformationalNew infosec products of the week: June 5, 2026
LowBrave Software releases Origin for a paid, bloat-free browsing experience
InformationalWhy eSIMs Are Replacing Traditional SIM Cards
InformationalMicrosoft continues its big Linux push at Build 2026
LowIs Microsoft 365 Premium worth it? What $20 a month gets you - and how it compares to ChatGPT Plus
InformationalI wore the Oura Ring 5 for 24 hours - and it fixes my biggest issue with Ring 4
LowHate the right-click menu in Windows? Microsoft just promised to let you tweak it - soon
InformationalI tried Google Drive's new AI cleanup tool to fix 14 years of storage clutter - here's the result
Informational"Practical Android Software Protection in the Wild" - An Appetizer
InformationalFrom Operating Model to Product: How We Built the ROC for Detection-Speed Remediation
LowUsing Rhino Linux's new Lomiri snapshot took me back to the glory days of Unity
Informational5 Android Auto mistakes you're probably making - and how to fix them
LowMicrosoft Tests Wearable AI Badge for Office Workers
InformationalETSI sets security requirements for AI data centers and cloud platforms
InformationalFrom critical to controlled: Cutting vulnerabilities in a live manufacturing environment
InformationalSpotless compliance evidence can still hide a broken control
InformationalCISA directive for AI executive order to be released this week, Andersen says
LowI paid Microsoft's premium Copilot agents to do my work - they were confidently bad at it
InformationalAI is causing cognitive fatigue. Here's how to work with more haste and less speed
InformationalCisco Live 2026: New Security Tools Target AI Threats
InformationalExtending Zero Trust Across the Agentic AI Workflow
LowThe best rechargeable batteries of 2026: Expert recommended
InformationalHow AI agents will transform your customer service - despite 3 hurdles
LowI've tested a lot of tablets - these are the best tablet deals I found ahead of Prime Day
LowHow I used a $170 sports watch as my training coach to help me avoid injuries
LowThe best early Prime Day smartwatch and smart ring deals I'd recommend
InformationalWelcoming the Philippine Government to Have I Been Pwned
InformationalZoom CISO: AI as Security Enabler, Not Role-Replacer
LowOpenAI upgrades GPT-5.5, as it plans to retire legacy ChatGPT models
LowMicrosoft's Coreutils project brings Linux commands to Windows
LowI set 10 honesty traps for Claude Opus 4.8 - and a legal test broke it
InformationalPrime Day 2026 is coming in June and will be 4 days long - here's what Amazon just unveiled
LowWhy I never let my Android recycling bin sit full for 30 days - and how I empty it
InformationalUbuntu 26.04 is the OS for the AI agentic era, says Canonical's Mark Shuttleworth - here's why
LowI'm a phone reviewer - these are the 5 early Prime Day phone deals I'd recommend
InformationalYour car is following you - how to reclaim your data privacy on the open road
Low4 Nvidia RTX Spark laptops I'm most excited to try - including Microsoft's new Ultra
LowMicrosoft's first reasoning model is one of 7 AIs just released at Build - what we know so far
InformationalBuild 2026: Microsoft's MDASH exits preview with 100+ specialized threat-hunting AI agents
InformationalSecurity Needs a New Operating Model
InformationalIdentity Elevated: A New Unified Identity Experience in Cisco Cloud Control
InformationalSecurity at Cisco Live: Going Shields Up for the Agentic Era
InformationalQuantum Resilience Needs a Common Language. Here’s Where to Start.
InformationalBeyond Assume-Breach: How AI-Native Security Will Reshape Enterprise Defense
InformationalMicrosoft Entra pushes passkeys, tightens identity security
InformationalCodex knowledge work expands into research, reports, and spreadsheets
LowMeta adds stricter guardrails for teen feeds
InformationalNoma brings visibility and access governance to AI agents and MCP servers
InformationalMicrosoft Build 2026: Securing code, agents, and models across the development lifecycle
InformationalAnthropic to Open Mythos AI to EU's ENISA
InformationalWhy you need BAS and autonomous pentesting together
InformationalZero trust physical security needs trust decisions at the edge
InformationalNSA selects new leads for key cybersecurity posts
LowGoogle Chrome’s New Feature Takes Aim at Cookie Theft, Account Hijacking
InformationalRaccoonLine Publishes 2026 dVPN Buyer’s Guide for Privacy-Focused Users
InformationalWhy Encrypted File Sharing Is Essential for Modern Businesses
InformationalChrome stops hackers from stealing your browser cookies now - how its new security feature works
LowWhy I happily paid for the Transmit MacOS app - and it's not just the 16x faster file transfer speed
LowYou can leave FaceTime video voicemails, and a lot of people don't know it - here's how
LowI tried gaming on Android Auto and found 4 apps that made car downtime less boring
InformationalFrom Log Flood to Threat Signal: Cisco and Splunk Bring Context to Modern Defense
InformationalCisco Secure Access and Island Browser Enable Zero Trust Everywhere
InformationalCisco Secure Access and Microsoft Purview Integration for Simplified Data Protection
InformationalData Security Is Having A Moment
InformationalCato cuts vulnerability protection time to 45 minutes with agentic threat research
InformationalPathSolutions brings on-premises AI troubleshooting to NetOps teams
Informationaldepthfirst adds pre-install protection against malicious dependencies
InformationalInsight bundles exposure management, patch operations, and XDR into one service
LowMicrosoft says it will not pursue security researchers after zero-day backlash
Informational1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever
InformationalThe Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools

Breach (26)

HighDentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People
HighOver 20,000 Instagram accounts stolen in Meta AI support hack
HighBaker Distributing - 102,935 breached accounts
HighAtlas Menu Data Breach Exposes 64,000 GTA V and CS2 Cheat Service Users
HighDentaQuest Cyberattack Tied to 2.6M Exposed Accounts
HighAttackers obtained encrypted password vaults from some Dashlane user accounts
HighBCD Travel - 396,313 breached accounts
HighDentaQuest data breach exposed info of 2.6 million accounts
HighHola Browser for Windows compromised to deliver cryptominer
HighiFood Confirms Data Breach Affecting 1.2 Million Users in Brazil
HighHacking Meta’s AI Chatbot
HighUN food agency discloses breach affecting 600,000 Gaza households
High Meta’s AI support bot happily handed Instagram accounts to hackers
HighHackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months
HighDentaQuest - 2,553,599 breached accounts
HighAlcasec, “Robin Hood of Spanish Hackers,” Jailed for 31 Months Over Data Theft
HighInstagram Account Hijacks Expose the Security Risks of AI-Powered Support
HighRed Hat npm packages compromised in new Mini Shai-Hulud malware wave
High64,000 accounts exposed in breach of GTA V cheat service Atlas Menu
HighRed Hat removes tainted packages after software pipeline compromise
High 23andMe exposed genetic information of millions, lawsuit says
HighDashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded
HighSpain arrests doxer leaking sensitive data of govt employees
HighEdmunds - 177,860 breached accounts
High A week in security (May 25 – May 31)
HighWeekly Update 506

ThreatIntel (190)

CriticalCisco warns of unpatched SD-WAN zero-day exploited in attacks
CriticalCisco warns of critical Unified CM flaw with PoC exploit code
CriticalRussia seeks to label two anti-Kremlin hacker groups as ‘extremist’
CriticalB&R PPT30 Operating System
CriticalHitachi Energy ITT600 Explorer
CriticalHitachi Energy MACH HiDraw
CriticalNAVTOR NavBox
CriticalBeyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore
CriticalStop Patching at Human Speed: Peer-to-Peer (P2P) Distribution Closes the Remediation Gap Before Attackers Strike 
CriticalEmbedded Threats: How Attackers Weaponize Legitimate Emails
CriticalCritical Start expands MDR capabilities with multi-agent AI system
CriticalVS Code zero-day lets hackers steal GitHub tokens in one click
CriticalAcer working to patch max severity zero-days in Wave 7 routers
CriticalWhat 345 Days of Untested Exposure Looks Like at a Bank
CriticalCISA flags two-year-old Oracle flaw as actively exploited in attacks
HighSilent Ransom Group targets law firms with fake IT support calls
HighNew Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams
HighChinese Spies Using LinkedIn, Job Sites to Recruit Western Workers
HighReport: Anthropic Deploys Engineers to Support NSA Use of Mythos
HighMiasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
HighFree Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
HighWhen Nation-States Stop Caring About Size
HighExposed Fuel Tank Gauges Under Attack in the US
HighIronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
HighSuspicious Polyfill login prompts pop up on Toshiba, Muji websites
HighSilent Ransom Group (SRG): Switching To DNS Fast Flux Infrastructure
HighReaper macOS Infostealer Abuses Script Editor to Steal Crypto and Passwords
HighMiasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account
HighAI Worm
HighSoutheast Asia Scam Compounds Turn AI Into a Cybersecurity Threat
HighAdaptive, Agentic AI Worms Loom as Next Enterprise Threat
HighAI is helping low-skill hackers pull off advanced cyberattacks
HighFIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins
HighNew Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
HighAndroid Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
HighOver 900 US gas station tank gauge systems exposed to attacks
HighDark web Nemesis Market vendor gets 26 years for selling drugs
HighChinese APT deploys new malware to keep access to hacked networks
HighEU unveils tech sovereignty package to cut reliance on US, Chinese suppliers
HighPCPJack Exposed: Researchers Uncover 230-Node Cloud Email Relay Network
HighChina's TA4922 Expands Cybercrime Attacks Globally
HighRust-Written IronWorm Hits NPM Supply Chain
HighAI agent governance gets harder when agents outnumber your people
HighThieves can pull off keyless car theft in under a minute and here’s how to stop them
HighCredit card theft campaign abuses Stripe to host stolen payment info
HighMobile device interception with MikroTik
HighFlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
HighChina-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa
HighHackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook
High29 Arrests, Nine Crime Groups Dismantled: Another Blow to Illegal Streaming
HighGamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets
HighFive Eyes Warns Chinese Spies Are Using Fake Job Ads to Target Military Staff
HighLazarus Group Uses npm Brandjacking Campaign to Target Developers
HighDoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets
HighFake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
HighSmashing Security podcast #470: This AI security flaw might be impossible to fix
HighTropical Blend: Cyber & Politics Ramp Up Across Latin America
HighAttackers Use AI to Automate EDR Evasion Testing
HighPakistan Spies on Afghan Finance Ministry With Xeno RAT
HighAttackers already know the secrets are on your developers’ machines. Do you?
HighU.S. sanctions Nobitex crypto exchange used by Iranian ransomware actors
HighChinese hackers use new Atlas RAT malware in European cyberattacks
HighRussia’s FSB Says Foreign Spies Infected Officials’ Phones With Malware
HighRed Hat hit by npm supply‑chain attack - here's how to stay safe
HighOne-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens
HighAutonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
HighGoogle DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT
HighAnthropic expands Project Glasswing to 150 organizations in more than 15 countries
HighNew Android feature promises to spot deepfake scam calls
HighPolice dismantles 9 crime groups in illegal streaming crackdown
HighNew cyber force would cost up to $11 billion to start, commission says
High These convincing copyright notices are designed to steal Google logins
HighEspionage Campaign Targeted Stock Exchange Executive for Five Months
HighWeedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content
HighChina Uses Dual-Method Cyberattack on Czech Orgs
HighDriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks
HighFBI-Flagged Phishing Kit Kali365 Expands Its Reach
HighKnown vulnerabilities behind most application security incidents
HighAI-built ransomware toolkit automates EDR evasion, AD discovery
HighOver 116,000 Minecraft systems infected in WeedHack malware campaign
HighPreinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
HighFake ChatGPT Desktop App Ads Used to Push Password-Stealing Malware
HighIran Expands Handala Brand to Physical Threats
HighOperation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor
HighMicrosoft Threatening Security Researcher
HighThe HazyBeacon Protocol – How Malware Weaponizes Amazon Web Services (AWS) Lambda Function URLs
HighWhy Traditional Phishing “Red Flags” Fail Against AI-Generated Attacks
HighFake Claude Code Installers Deliver Credential-Stealing Malware
HighLABScon25 Replay | Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine
HighSophos uncovers AI-powered malware lab built for EDR evasion
HighWhy the browser is now the front line for AI security
HighInstagram users locked out after Meta AI abused to steal accounts
HighMicrosoft Exchange Online outage causes email delays, failures
HighSpain arrests suspected hacker for publishing personal data of police, prosecutors and cyber officials
HighRussia claims foreign spy agencies hacked officials' phones
HighHalo Security Honored with 2026 MSP Today Product of the Year Award
HighNew WordPress Malware Uses Steam Profile Comments to Hide C2 Instructions
HighNew Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd)
HighPakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT
HighMicrosoft's Zero-Day Legal Threats Spark Backlash
HighThis AI model backdoor attack stays hidden until you customize the model
HighRed Hat npm packages compromised to steal developer credentials
HighHackers hijack thousands of sites for ClickFix and FakeUpdate attacks
HighInside APAC's malvertising ecosystem: How scams spread through social media ads
HighChina-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan
HighMiasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
HighContainers on fire: from container escapes to supply chain attacks
HighBrute-force attack triggers Dashlane account lockouts
HighWordPress malware campaign hides payloads in Steam profiles
HighUnknown hacker group targeted Russian maritime universities, diplomats for nearly two years
HighAfghan finance officials targeted by suspected Pakistani cyberespionage campaign
High Fake BlueWallet steals passwords, accounts, and crypto from Macs
HighThe Pentagon Finally Admits That Location Data Is a Battlefield Problem
HighFake Purchase Order Emails Spread Fileless PureLogs Malware via RAR Archives
HighOpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
MediumSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 100
MediumC0XMO botnet spreads via DD-WRT router flaw, kills rival malware
MediumAI Upgrades, Security Flaws, and SpaceX’s Record IPO Define the Week in Tech
MediumThe Evil MSI Background is Back!, (Fri, Jun 5th)
MediumUS Firms Try DeepSeek as Silicon Valley AI Costs Rise
MediumCisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
MediumNew IronWorm malware hits 36 packages in npm supply-chain attack
MediumResearcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure process
MediumHitachi Energy RTU500
MediumChina-Linked TA4922 Hackers Target UK, Europe With New SilentRunLoader Malware
MediumTA4922: The Suspected Chinese Crime Group is Going Global
MediumCISA Adds One Known Exploited Vulnerability to Catalog
MediumContinuing Scans for swagger.json, (Wed, Jun 3rd)
MediumArgamal: Malware hidden in hentai games
MediumMazeBolt brings AI-generated attack simulation to DDoS security testing
MediumMalware campaign targeting Minecraft users infects over 116,000 systems
MediumAutonomous AI-driven worm can reason its way through corporate networks
MediumMicrosoft responds to security challenges facing code, AI agents, and models
MediumCISA warns of active attacks exploiting Android, Linux bugs
Medium Infostealers are becoming the go-to phishing payload
MediumAgent Threat Rules: Open detection rule format for AI agent security threats
MediumWardriving assessment across Mexico: Preparing for the 2026 World Cup
MediumDashlane password manager users locked out by brute force attacks
MediumMicrosoft fixes KB5089549 Windows security update install issues
InformationalISC Stormcast For Monday, June 8th, 2026 https://isc.sans.edu/podcastdetail/9962, (Mon, Jun 8th)
InformationalSecurity Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION
InformationalWhy Holistic Sourcing Wins: The Numbers Behind the Recorded Future Advantage
InformationalWhat 2026 DBIR Confirms: Attacks Are Living in the Browser
InformationalFrom prompt to pwned: chaining LLM and web bugs to Admin
InformationalISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960, (Fri, Jun 5th)
InformationalUpdating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us 
InformationalHypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting
InformationalWinning the cyber marathon with Tony Giandomenico
InformationalMalicious WhatsApp, Slack Alerts Could Have Exposed Millions of Android Users
InformationalGartner SRM 2026 Signals a Cybersecurity Shift From Prevention to Resilience
InformationalThreats to the 2026 FIFA World Cup
InformationalOAuth marketplace apps keep access after publishers vanish
InformationalThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories
InformationalAgentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It
InformationalClaude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
InformationalPolice dismantles fake ID marketplace used by migrant smugglers
InformationalMicrosoft blames unexpected Windows driver updates on caching issue
InformationalUN food agency investigates breach exposing data of Gaza aid recipients
InformationalSupreme Court rules FCC fines punishing telecom giants for sharing location data were legal
InformationalISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958, (Thu, Jun 4th)
InformationalCyber espionage campaign targeted stock exchange executive’s Outlook account
InformationalHow to Recover Data from iCloud Backup Without Resetting Your iPhone
Informational6 ways I use Spotlight to get more out of my Mac - beyond basic search
InformationalI tested Microsoft Copilot Health with my real medical records - here's my verdict
InformationalOn a budget? These are the best deals under $25 ahead of Amazon Prime Day
InformationalFrustrated with your Bluetooth? How multipoint works - and why it sometimes won't
InformationalHow to use ChatGPT: A beginner's guide to mastering OpenAI's chatbot in 2026
InformationalAI Used to Decrypt Medieval Ciphers
InformationalShrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
InformationalMicrosoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
InformationalWhatsApp, Slack Notifications Could Hijack Google Gemini on Android
InformationalBest Dropbox Alternatives for 2026: Free & Premium Tools
InformationalGlobal Stock Exchange Hit by Monthslong Email Campaign
InformationalMalicious Notifications Could Trick Google Gemini Users
InformationalMicrosoft Scout agent opens a new category of always-on Autopilots
InformationalSimplify security management with CIS SecureSuite Platform
InformationalGoogle adds Android protection against AI deepfake scam calls
InformationalISC Stormcast For Wednesday, June 3rd, 2026 https://isc.sans.edu/podcastdetail/9956, (Wed, Jun 3rd)
InformationalA small Slovenian team handles 6,000 cyber incidents a year
InformationalStrengthening the Foundation: A Predictable, Customer focused Response to AI-Accelerated Vulnerability Discovery
InformationalTuskira Quell identifies, mitigates, and validates zero-day risk before breach
InformationalISC Stormcast For Tuesday, June 2nd, 2026 https://isc.sans.edu/podcastdetail/9954, (Tue, Jun 2nd)
InformationalRansomware Operators Keep Business Hours. The Data Proves It
InformationalFinding what lives between the alerts: Announcing Cisco Talos Threat Hunting
InformationalSecure Code Warrior connects developer training to AI usage and code risks
InformationalNetQuest expands NetworkLens to detect threats hidden in network management traffic
InformationalMicrosoft fixes outage affecting MFA setup, MySignIn service
InformationalWebinar tomorrow: From alert to resolution in network incident response
InformationalMicrosoft investigates Office Apps, Teams file access issues
InformationalISC Stormcast For Monday, June 1st, 2026 https://isc.sans.edu/podcastdetail/9952, (Mon, Jun 1st)

Vulnerability (65)

CriticalWeek in review: Cisco SD-WAN 0-day exploited, Patch Tuesday forecast
CriticalCritical Everest Forms Pro flaw exploited to take over WordPress sites
CriticalClaude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Someone Already Used It.
CriticalHackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites
CriticalCritical Cisco Unified CM Bug Patched as Public Exploit Code Emerges
CriticalU.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog
CriticalResearcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft’s Disclosure Process
CriticalCISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog
CriticalCISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited
CriticalApple’s 2026 Security Events: iPhone Exploits, Zero-Days Put Millions at Risk
CriticalWhy an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold
CriticalCritical Kirki flaw exploited to hijack WordPress admin accounts
CriticalCISA Adds One Known Exploited Vulnerability to Catalog
CriticalWindows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)
CriticalCritical Windows Netlogon RCE flaw now exploited in attacks
CriticalCIFSwitch, a Linux Root Bug Hidden in Plain Sight for 19 Years
CriticalCVE-2026-8732: The WP Maps Pro Flaw That Lets Anyone Create a WordPress Admin Without a Password
CriticalCritical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
HighMalicious Hugging Face Models Could Trigger Remote Code Execution
HighU.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog
HighAI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
HighCISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
HighThreat Brief: Active Exploitation of PAN-OS CVE-2026-0257
HighCisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available
HighCISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
HighCisco SD-WAN Has a New Root-Level Problem, and There’s No Fix Yet
HighJune 2026 Patch Tuesday forecast: Where are the CVEs?
HighCisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245)
HighCISA Adds One Known Exploited Vulnerability to Catalog
HighFake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications
High[webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection
HighNew GitHub Zero-Day Exposed Developer Tokens to Attackers
HighMeta’s own AI chatbot to blame for Instagram accounts being stolen in seconds
HighZDI-26-328: ASUS Business Manager Service Client-Side Authentication Local Privilege Escalation Vulnerability
HighZDI-26-331: (Pwn2Own) Microsoft Edge Feedback Log File Handling Directory Traversal Remote Code Execution Vulnerability
HighMicrosoft 365 Android Apps Had a Token Flaw IT Teams Should Check Now
HighCoding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover
HighNew 'HTTP/2 Bomb' DoS attack crashes web servers in under a minute
HighGoogle Patches Actively Exploited Android Flaw Affecting Millions of Devices
HighU.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog
HighNew HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
HighUnpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
HighU.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog
HighOracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
HighGamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine
HighGoogle June 2026 Android Update Patches 124 Flaws, One Actively Exploited
HighCISA Adds Two Known Exploited Vulnerabilities to Catalog
HighGoogle Patches Android Zero-Day Vulnerability in June 2026 Security Update
HighGoogle fixes actively exploited Android vulnerability (CVE-2025-48595)
HighGoogle fixes one actively exploited Android zero-day, 124 flaws
HighZero-Click pretalx XSS Flaw Lets Hackers Hijack Conference Organizer Accounts
High[webapps] YAMCS yamcs-core 5.12.7 - LDAP Injection
High[webapps] YAMCS yamcs-core 5.12.7 - User Enumeration
High[remote] Notepad++ 8.9.6 - Arbitrary Code Execution
High[webapps] WordPress OrderConvo 14 - Path Traversal
High[webapps] Drupal Core 10.5.5 - Error-Based SQL Injection
High⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
HighScala Security Audit
HighPatch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit
HighU.S. CISA adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog
MediumA Vulnerability in Cisco Products Could Allow for Server-Side Request Forgery
MediumZDI-26-327: Docker Desktop grpcfuse Kernel Module Uncontrolled Recursion Denial-of-Service Vulnerability
MediumZDI-26-330: (Pwn2Own) Microsoft Edge Navigation Handling Universal Cross-Site Scripting Vulnerability
Medium[webapps] YAMCS yamcs-core 5.12.7 - No Rate Limiting
LowZDI-26-329: (Pwn2Own) Microsoft Edge Origin Validation Error Security Bypass Vulnerability

Daily breach, advisory, and vulnerability briefs publish every weekday.

View Live Breach Feed ← All Weekly Digests