Threats

A flaw in Claude Code's GitHub Action let any attacker with a bot account hijack public repos and steal write credentials via prompt injection.

DentaQuest's breach exposed 2.6 million accounts including health IDs and insurance data after ShinyHunters published 234 GB when negotiations collapsed.

A high-severity zero-day in Cisco Catalyst SD-WAN Manager lets low-privilege attackers escalate to root. No patch is available yet.

Fake FIFA domains, banking trojans in streaming apps, and a single Chinese-speaking operation running 300 cloned login pages - all live before June 11.

A self-replicating worm has compromised 73 Microsoft GitHub repositories across Azure, MicrosoftDocs, and related orgs, disabling developer access.

A Rust-based infostealer called IronWorm compromised 36 npm packages, targeting AWS, OpenAI, and SSH credentials via a stealthy supply-chain attack.

Conflict gives scammers powerful lures built on fear and sympathy. Learn which scams thrive during geopolitical turmoil and how to avoid them.

A new espionage cluster called OP-512 is deploying a custom three-shell web framework against Microsoft IIS servers, with China attribution at moderate-to-high

San Jose man Darren Hughes sentenced to 26+ years for fentanyl and meth sales on Nemesis Market, paid in cryptocurrency.

Polyfill.io reactivated in late May 2026, serving HTTP 401 prompts that tricked browsers on Toshiba and Muji sites into showing fake login screens.

CISA confirms active exploitation of CVE-2026-28318, a Serv-U denial-of-service flaw requiring no credentials. Federal agencies must patch by June 19.

Attackers breached the WFP's Gaza self-registration platform on May 14, stealing names, ID numbers, phone numbers, and location data from roughly 600,000 househ