Miasma Supply Chain Worm Hits npm, PyPI, and Microsoft Azure

Miasma supply chain attack

Miasma Supply Chain Worm Infects npm, PyPI, and Microsoft Azure Repositories A fast-moving supply chain campaign dubbed Miasma is spreading across open-source software registries this week, weaponizing a novel install-time technique to steal developer credentials, poison build pipelines, and self-propagate across enterprise cloud environments. Security researchers have confirmed three distinct waves since June 1, 2026, … Read more

Chrome Extension YouTube Ad Blocker with 10M Installs Hides Remote Code Injection

Malicious Chrome Extension

YouTube Ad Blocker with 10 Million Installs Can Inject Code on Any Website A popular Google Chrome ad-blocking extension with more than 10 million installations and an official Featured badge from the Chrome Web Store contains dormant infrastructure that enables its operator to execute arbitrary JavaScript on any website a user visits all through a … Read more

Klue Supply Chain Attack Exposes CRM Data Across Major Firms

Salesforce OAuth Breach

A sweeping supply chain attack against Klue, the Vancouver-based competitive intelligence platform, has triggered cascading data breaches at more than a dozen major technology and cybersecurity firms, including Huntress, Recorded Future, Jamf, and Tanium. The Icarus extortion group compromised a legacy integration credential at Klue on June 11, 2026, planted malicious code to harvest customer … Read more

GentleKiller Ransomware Disables 400+ EDR Security Processes

gentle-killer image

A newly uncovered EDR-killing framework known as GentleKiller has emerged as one of the most aggressive tools in the ransomware landscape this year, systematically terminating over 400 endpoint protection processes across 48 distinct security products. The framework, developed and maintained by the Gentlemen ransomware-as-a-service operation, exploits the Bring Your Own Vulnerable Driver (BYOVD) technique to … Read more

Anthropic AI Export Ban Pulls Fable 5, Mythos 5 Offline

Claude Fable 5 Ban

Anthropic AI Export Ban: US Forces Fable 5 and Mythos 5 Offline Worldwide Anthropic has pulled its two most capable AI models offline for all users worldwide after the US government issued an unprecedented export control directive ordering the company to cut off access to them for all foreign nationals. The Anthropic AI export ban … Read more

Microsoft June 2026 Patch Tuesday: 6 Zero-Days, 200 Flaws

Microsoft June 2026 Patch Tuesday: 6 Zero-Days and 200 Vulnerabilities Demand Immediate Action Microsoft has released its June 2026 Patch Tuesday security updates, closing 200 vulnerabilities across its product ecosystem, including six zero-day flaws, one of which is confirmed to be actively exploited in live attacks. This is one of the heaviest Patch Tuesday releases … Read more

Cisco SD-WAN CVE-2026-20245 Actively Exploited, No Patch Yet

CISA SD-WAN vulnerability

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Actively Exploited With No Patch Available A high-severity privilege escalation vulnerability in Cisco Catalyst SD-WAN Manager is being actively exploited in the wild, and no patch currently exists to fix it. CVE-2026-20245, rated 7.8 on the CVSS scale, enables an attacker who holds local system access to execute arbitrary commands … Read more

SolarWinds Serv-U DoS Flaw Actively Exploited: Patch Now

SolarWinds DoS vulnerability

SolarWinds Serv-U Denial-of-Service Flaw CVE-2026-28318 Actively Exploited, CISA Warns Attackers are actively exploiting CVE-2026-28318, a high-severity denial-of-service vulnerability in SolarWinds Serv-U file transfer software, the U.S. Cybersecurity and Infrastructure Security Agency confirmed on June 5, 2026. The flaw requires no credentials, no elevated privileges, and no user interaction to trigger, making it one of the … Read more

Claude Code GitHub Action Flaw Enabled Repository Hijacking

Claude code Github action flaw

Claude Code GitHub Action Flaw Enabled Full Repository Takeover via a Single Bot Issue A critical vulnerability in Anthropic’s Claude Code GitHub Action gave attackers the ability to fully compromise any public repository running the tool, using nothing more than a single GitHub issue submitted by a bot account. Discovered by security researcher RyotaK of … Read more

Meta AI Support Flaw Let Hackers Hijack Instagram Accounts

Instagram account takeover AI

Meta’s AI Support Chatbot Was Weaponized to Hijack Instagram Accounts, No Malware Required A critical flaw in Meta’s AI Support Assistant on Instagram allowed attackers to seize control of accounts belonging to high-profile individuals and organizations using nothing more than a target’s username and a VPN. No malware, no phishing link, no access to the … Read more