Threats

CISA confirms active exploitation of CVE-2026-28318, a Serv-U denial-of-service flaw requiring no credentials. Federal agencies must patch by June 19.

The 2026 Verizon DBIR confirms what browser telemetry has shown for months: the browser is the primary attack surface most enterprises aren't watching.

IronWorm and a new Miasma variant have compromised over 50 npm packages, stealing credentials and self-propagating through GitHub repositories.

Chinese APT group UNC5221 used Brickstorm, Plenet, and AgentPSD to maintain access across a victim network and its MSP for over 18 months.

Fake FIFA domains, banking trojans in streaming apps, and a single Chinese-speaking operation running 300 cloned login pages — all live before June 11.

A flaw in Claude Code's GitHub Action let any attacker with a bot account hijack public repos and steal write credentials via prompt injection.

Agentic AI is moving into defense networks fast. The security infrastructure underneath it isn't keeping pace.

A Cisco UCM flaw with a CVSS 8.6 score, FSB spyware claims, and $7.7B in sanctioned Iranian crypto volume define this week's threat landscape.

CVE-2026-20230 lets unauthenticated attackers write files and escalate to root. A public PoC exists and the version 15 patch isn't due until September.

A cryptominer was found inside the Windows version of Hola Browser after a supply chain compromise went undetected until routine certification checks flagged it

A new skimming campaign routes stolen payment data through api.stripe.com, bypassing CSP filters by abusing trusted infrastructure.

A dark web tutorial by "Hercules" breaks vulnerability exploitation into steps any beginner can follow—and it's spreading fast.