SHADOWBYT3$ Allegedly Claims Nintendo Breach and Theft of Sensitive Data
The threat actor SHADOWBYT3$ has allegedly claimed a data breach involving Nintendo, potentially targeting third-party platform TINYpulse. While the claim remains unverified and lacks public evidence, the incident reportedly involves sensitive employee data and financial documents.
FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service - SecurityWeek
The FBI and Google have dismantled Outsider Enterprise, a phishing-as-a-service platform that caused approximately $1.9 billion in losses by stealing millions of credit cards. This operation involved seizing administrative servers and domains to disrupt the network’s ability to impersonate brands through SMS phishing campaigns.
ShinyHunters Claims Council of Europe Hack - SecurityWeek
The extortion group ShinyHunters claims to have hacked the Council of Europe, allegedly stealing nearly 300 gigabytes of data containing sensitive employee and organizational information. The group threatens to release the stolen files publicly if the Council does not initiate negotiations by June 16.
PhishLumos: Exposing phishing campaigns that evade detection by hiding content - Help Net Security
PhishLumos is a system that exposes phishing campaigns by analyzing URL infrastructure—such as IP addresses and SSL certificates—rather than relying on easily cloaked web content. By mapping these connections into a graph, it enables LLM-powered agents to generate effective detection rules even when attackers attempt to hide malicious pages.
Hackers Abuse LNK Files, PowerShell, and Python Loader to Deploy NarwhalRAT
The NarwhalRAT malware campaign targets Korean users by utilizing deceptive LNK files, PowerShell, and a Python loader to deploy a sophisticated remote access trojan. This threat employs Living-off-the-Land techniques and a dual command-and-control structure to evade detection while performing espionage activities like keylogging and screen capture.
The FCC Wants to Eliminate Burner Phones - Schneier on Security
The FCC proposes a new rule to eliminate burner phones by requiring telecoms to collect personal identification and address information from all customers. This initiative aims to combat scammers while raising significant concerns among privacy advocates regarding increased surveillance.
French Government Messaging Platform Breached by Mysterious ‘Misere’ Hacker - SecurityWeek
The French government confirmed that its secure Tchap messaging service suffered a data breach affecting over 73,000 employees. An unknown threat actor identified as misere claimed responsibility for the incident, though the full extent of the stolen data remains subject to conjecture.
Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw
Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, an authentication bypass vulnerability in PAN-OS GlobalProtect portals that allows attackers to establish unauthorized VPN connections. Organizations are urged to patch their systems or apply recommended mitigations immediately to prevent potential network access by threat actors.
Ozempic Maker Novo Nordisk Says Hackers Breached IT Systems - SecurityWeek
Pharmaceutical company Novo Nordisk recently disclosed a cybersecurity incident involving unauthorized access to internal systems that contained personal data from clinical trial participants and healthcare providers. The company confirmed that no direct identifiers were exposed, meaning the breach does not enable the identification of specific patients.
Ukrainian Man Pleads Guilty in US to Conti Ransomware Charges - SecurityWeek
A Ukrainian national pleaded guilty in a US court to charges related to his development of malware for the notorious Conti ransomware group. He now faces up to 20 years in prison for his role in the cybercriminal operation.
AI is creating a two-track labor market where roles requiring human-intensive skills experience faster salary growth and higher demand than roles focused on automation. This shift is also pushing entry-level jobs to prioritize senior-level capabilities like leadership and creativity as traditional apprenticeship pathways vanish.
Velvet Ant Hackers Backdoor OpenSSH and PAM to Spy on Critical Infrastructure Network
The China-nexus actor Velvet Ant maintained a near-decade campaign by backdooring OpenSSH and PAM components to gain persistent, silent access to critical infrastructure. This operation allowed the hackers to bypass authentication and exfiltrate credentials while evading detection within segmented networks.
PromptSnatcher Ad Blocker Extensions Steal AI Chats From ChatGPT, Claude, and Gemini
Two malicious browser extensions, Smart Adblocker and Adblock for Browser, have been identified for secretly stealing private AI chat conversations from platforms like ChatGPT, Claude, and Gemini. Users are urged to immediately remove these extensions and rotate their account credentials to prevent further data exposure.
AI giant’s Dynatrace GitHub data allegedly up for sale | Cybernews
A hacker is allegedly selling 8.46GB of internal Dynatrace GitHub repositories obtained through a compromised Personal Access Token. This potential data breach could expose sensitive source code and cloud infrastructure details, enabling targeted attacks against the company and its clients.
TikTok data leak expose 2.4B records, hackers claim | Cybernews
The alleged 2.4 billion-record TikTok data leak is likely a collection of infostealer logs rather than a direct breach of the platform. Experts warn that if the data is authentic, users may face increased risks of phishing, vishing, and account takeovers.
TikTok data leak expose 2.4B records, hackers claim | Cybernews
The alleged 2.4 billion-record TikTok data leak is likely a collection of infostealer logs rather than a direct breach of the platform. Experts warn that if the data is authentic, users may face increased risks of phishing, vishing, and account takeovers.
University of Nottingham Confirms Breach After Hackers Leak Data - SecurityWeek
The University of Nottingham has confirmed a data breach after the ShinyHunters hacker collective leaked sensitive personal and financial information from its student record system. The incident impacts both current students and alumni, prompting the university to coordinate with regulatory bodies and notify those affected by the theft.
Oracle warns of security bug that hackers abused to breach 100+ companies | TechCrunch
The hacking group ShinyHunters is exploiting a critical zero-day vulnerability in Oracle PeopleSoft software to breach over 100 organizations. While Oracle has issued a security advisory for the unpatched flaw, affected companies are urged to apply mitigations to protect sensitive data.
Over 400 Arch Linux packages compromised to push rootkit, infostealer
Over 400 Arch User Repository (AUR) packages have been compromised to distribute an infostealer and a Linux rootkit that targets developer credentials and system access. Users are advised to check for the atomic-lockfile malware, rotate all credentials, and potentially reinstall their systems if infected.
Hackers Use OnyxC2 Malware-as-a-Service to Steal Credentials From 210 Applications
The OnyxC2 Malware-as-a-Service platform enables attackers to steal sensitive credentials from over 210 applications by disguising malicious payloads as legitimate software installers. This dangerous tool utilizes DLL sideloading and encryption to bypass security defenses while harvesting passwords, cookies, and cryptocurrency data from compromised systems.
ShinyHunters linked to exploitation of critical flaw in Oracle PeopleSoft | Cybersecurity Dive
The ShinyHunters threat group has exploited a critical zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft to target over 100 organizations, primarily in the higher education sector. Mandiant reports that attackers used this remote-code execution flaw to compromise systems and steal sensitive data for potential phishing and extortion.
MCP Client OAuth Refresh-Token Support Matrix (June 2026) | RedCaller Docs | RedCaller
The MCP Client OAuth Refresh-Token Support Matrix details the status of OAuth 2.1 implementation across various clients as of June 2026. While the ecosystem has made progress, most clients currently offer only partial support for refresh tokens, often relying on the mcp-remote bridge as a necessary workaround.
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
Early warning signs of supply-chain attacks are frequently hidden in the dark web within seemingly routine sales of developer access, source code, and SaaS credentials. By monitoring these underground forums for compromised CI/CD pipelines and trusted integrations, organizations can proactively identify threats before they evolve into major security incidents.
French government’s secure messaging system breached | CSO Online
The French government’s secure messaging service, Tchap, was recently breached after an intruder used social engineering to gain unauthorized access to a user account. Although the system’s encryption remained intact, the attacker successfully accessed unencrypted public chat rooms and sensitive user data.
Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets
A coordinated malicious npm campaign has targeted developers by distributing over 2.7 million downloads of compromised packages designed to steal SSH keys, API tokens, and cloud credentials. Researchers identified that these packages exploit npm lifecycle hooks to silently exfiltrate sensitive data from developer workstations and CI/CD pipelines.