Threats

Tata Electronics confirmed a cyberattack on parts of its IT infrastructure. The World Leaks group leaked alleged Apple manufacturing data stolen in the incident

Chinese APT group UNC5221 used Brickstorm, Plenet, and AgentPSD to maintain access across a victim network and its MSP for over 18 months.

Free apps embed Bright Data's SDK to route web-scraping traffic through home IPs, including always-on smart TVs, with consent screens that don't match actual da

CISA added CVE-2026-28318, a DoS flaw in SolarWinds Serv-U, to its KEV catalog with a federal patch deadline of June 19, 2026.

An AI agent found 21 FFmpeg zero-days for ~$1,000. That same week, Chrome 149 patched a record 429 bugs.

Over 900 ATG systems in the US sit exposed on the open internet, vulnerable to command execution attacks that could disable fuel leak detection.

PCPJack compromised 230 AWS, Azure, and Google Cloud servers to build a covert SMTP relay network, leaving tools exposed on an open C2 directory.

A Cisco UCM flaw with a CVSS 8.6 score, FSB spyware claims, and $7.7B in sanctioned Iranian crypto volume define this week's threat landscape.

The 2026 Verizon DBIR confirms what browser telemetry has shown for months: the browser is the primary attack surface most enterprises aren't watching.

CVE-2026-3300 in Everest Forms Pro lets unauthenticated attackers run arbitrary PHP and create rogue admin accounts.

A dark web tutorial by "Hercules" breaks vulnerability exploitation into steps any beginner can follow - and it's spreading fast.

A new skimming campaign routes stolen payment data through api.stripe.com, bypassing CSP filters by abusing trusted infrastructure.