Miasma Supply Chain Worm Hits npm, PyPI, and Microsoft Azure

Miasma supply chain attack

Miasma Supply Chain Worm Infects npm, PyPI, and Microsoft Azure Repositories A fast-moving supply chain campaign dubbed Miasma is spreading across open-source software registries this week, weaponizing a novel install-time technique to steal developer credentials, poison build pipelines, and self-propagate across enterprise cloud environments. Security researchers have confirmed three distinct waves since June 1, 2026, … Read more

Chrome Extension YouTube Ad Blocker with 10M Installs Hides Remote Code Injection

Malicious Chrome Extension

YouTube Ad Blocker with 10 Million Installs Can Inject Code on Any Website A popular Google Chrome ad-blocking extension with more than 10 million installations and an official Featured badge from the Chrome Web Store contains dormant infrastructure that enables its operator to execute arbitrary JavaScript on any website a user visits all through a … Read more

Klue Supply Chain Attack Exposes CRM Data Across Major Firms

Salesforce OAuth Breach

A sweeping supply chain attack against Klue, the Vancouver-based competitive intelligence platform, has triggered cascading data breaches at more than a dozen major technology and cybersecurity firms, including Huntress, Recorded Future, Jamf, and Tanium. The Icarus extortion group compromised a legacy integration credential at Klue on June 11, 2026, planted malicious code to harvest customer … Read more

SolarWinds Serv-U DoS Flaw Actively Exploited: Patch Now

SolarWinds DoS vulnerability

SolarWinds Serv-U Denial-of-Service Flaw CVE-2026-28318 Actively Exploited, CISA Warns Attackers are actively exploiting CVE-2026-28318, a high-severity denial-of-service vulnerability in SolarWinds Serv-U file transfer software, the U.S. Cybersecurity and Infrastructure Security Agency confirmed on June 5, 2026. The flaw requires no credentials, no elevated privileges, and no user interaction to trigger, making it one of the … Read more

Claude Code GitHub Action Flaw Enabled Repository Hijacking

Claude code Github action flaw

Claude Code GitHub Action Flaw Enabled Full Repository Takeover via a Single Bot Issue A critical vulnerability in Anthropic’s Claude Code GitHub Action gave attackers the ability to fully compromise any public repository running the tool, using nothing more than a single GitHub issue submitted by a bot account. Discovered by security researcher RyotaK of … Read more

CVE-2026-41089: Critical Windows Netlogon RCE Exploited

Active Directory Vulnerability

CVE-2026-41089: Critical Windows Netlogon RCE Flaw Now Actively Exploited A critical Windows Netlogon remote code execution flaw is now being actively weaponized in the wild, three weeks after Microsoft shipped the patch. CVE-2026-41089, carrying a near-perfect CVSS score of 9.8, allows unauthenticated attackers to seize full SYSTEM-level control of any unpatched Windows domain controller by … Read more

PAN-OS GlobalProtect Auth Bypass CVE-2026-0257 Exploited

PAN-OS GlobalProtect Authentication Bypass CVE-2026-0257 Is Being Actively Exploited Right Now A confirmed, in-progress attack campaign is targeting enterprise VPN infrastructure globally, and Canadian organizations are directly in the line of fire. Palo Alto Networks has confirmed that CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass flaw carrying a CVSS score of 7.8, is under active exploitation. … Read more

Microsoft Zero-Day Feud: Six Windows Flaws Disclosed

Six Windows Zero-Days Dropped Without Warning; Three Are Now Actively Exploited Three Windows zero-day vulnerabilities disclosed publicly without prior notice to Microsoft are now being actively exploited in the wild. The situation has triggered a sharp public response from Microsoft and a growing controversy over vulnerability disclosure ethics, GitHub account takedowns, and a researcher threatening … Read more

Toronto Sextortionist Gets 33 Years for Targeting 145 Kids

Toronto Man Sentenced to 33 Years in U.S. for Sextortion Scheme Targeting 145 Children A sextortion scheme originating from Toronto has resulted in one of the most significant child exploitation sentences in recent North American legal history. Ramanan Pathmanathan, 40, was handed a 33-year federal prison term by a U.S. District Court in Washington, D.C. … Read more

GHOST STADIUM Phishing Targets FIFA World Cup Fans in Canada

GHOST STADIUM: Chinese-Linked Phishing Operation Deploys 300+ Fake FIFA Domains to Defraud World Cup Fans A large-scale, financially motivated phishing campaign has been uncovered targeting fans of the 2026 FIFA World Cup, with researchers identifying over 300 fraudulent domains engineered to steal credentials, payment information, and ticket access. The operation, attributed to a threat actor … Read more