CVE-2026-20262: CISCO Catalyst SD-WAN Flaw Under Active Targeted Exploitation
Cisco has confirmed that CVE-2026-20262, an arbitrary file write vulnerability in Cisco Catalyst SD-WAN Manager, is currently under active exploitation. CISA has added this flaw to its Known Exploited Vulnerabilities catalog and urges users to apply available security patches to prevent potential privilege escalation.
Infinite Campus Breach Leaks Personal Information of 137,000 Users
The Infinite Campus breach attributed to the ShinyHunters threat group exposed the personally identifiable information of 137,000 users, primarily consisting of school staff data and internal support records. This incident highlights significant risks for educational technology platforms regarding phishing and social engineering attacks due to the aggregation of sensitive administrative details.
Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive
A recent industry study reveals that anonymized infrastructure, such as VPNs and residential proxies, is involved in 94% of security incidents. Despite this trend, security teams remain largely reactive, struggling to gain the necessary context to move beyond basic detection toward proactive risk management.
Russian and Chinese Influence Actors Use AI to Evade Bot Detection and Mimic Human Behavior
Russian and Chinese influence actors are utilizing artificial intelligence to mimic human behavior and evade bot detection by reducing post volume and adopting realistic activity patterns. These sophisticated operations now leverage AI-generated content and repurposed accounts to more effectively propagate anti-US narratives and shape public opinion.
Chinese Hacking Firm Upgrades With New Windows Backdoor
Security researchers have identified new Windows backdoors linked to the Chinese hacking firm known as FishMonger, which have been used to target government organizations since 2023. These upgraded variants of the SprySocks malware utilize kernel-level rootkits to enhance stealth and facilitate long-term espionage and data theft.
Anthropic Faces Lawsuit Over Allegedly Misleading Claude AI Pricing - Decrypt
Anthropic faces a class action lawsuit alleging that its Claude Max AI subscription plans provide less usage than advertised. The plaintiff claims the company failed to clearly explain how usage limits are measured, leading customers to overpay for services they did not receive.
The PRC-nexus threat actor UNC6508 targeted North American research institutions by exploiting REDCap servers and deploying the INFINITERED malware for credential theft. This campaign aimed to exfiltrate sensitive defense, AI, and medical research data through the abuse of enterprise content compliance rules.
SHADOWBYT3$ Allegedly Claims Nintendo Breach and Theft of Sensitive Data
The threat actor SHADOWBYT3$ has allegedly claimed a data breach involving Nintendo, potentially targeting third-party platform TINYpulse. While the claim remains unverified and lacks public evidence, the incident reportedly involves sensitive employee data and financial documents.
FBI, Google Dismantle ‘Outsider Enterprise’ Phishing Service - SecurityWeek
The FBI and Google have dismantled Outsider Enterprise, a phishing-as-a-service platform that caused approximately $1.9 billion in losses by stealing millions of credit cards. This operation involved seizing administrative servers and domains to disrupt the network’s ability to impersonate brands through SMS phishing campaigns.
ShinyHunters Claims Council of Europe Hack - SecurityWeek
The extortion group ShinyHunters claims to have hacked the Council of Europe, allegedly stealing nearly 300 gigabytes of data containing sensitive employee and organizational information. The group threatens to release the stolen files publicly if the Council does not initiate negotiations by June 16.
PhishLumos: Exposing phishing campaigns that evade detection by hiding content - Help Net Security
PhishLumos is a system that exposes phishing campaigns by analyzing URL infrastructure—such as IP addresses and SSL certificates—rather than relying on easily cloaked web content. By mapping these connections into a graph, it enables LLM-powered agents to generate effective detection rules even when attackers attempt to hide malicious pages.
Hackers Abuse LNK Files, PowerShell, and Python Loader to Deploy NarwhalRAT
The NarwhalRAT malware campaign targets Korean users by utilizing deceptive LNK files, PowerShell, and a Python loader to deploy a sophisticated remote access trojan. This threat employs Living-off-the-Land techniques and a dual command-and-control structure to evade detection while performing espionage activities like keylogging and screen capture.
The FCC Wants to Eliminate Burner Phones - Schneier on Security
The FCC proposes a new rule to eliminate burner phones by requiring telecoms to collect personal identification and address information from all customers. This initiative aims to combat scammers while raising significant concerns among privacy advocates regarding increased surveillance.
French Government Messaging Platform Breached by Mysterious ‘Misere’ Hacker - SecurityWeek
The French government confirmed that its secure Tchap messaging service suffered a data breach affecting over 73,000 employees. An unknown threat actor identified as misere claimed responsibility for the incident, though the full extent of the stolen data remains subject to conjecture.
Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw
Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, an authentication bypass vulnerability in PAN-OS GlobalProtect portals that allows attackers to establish unauthorized VPN connections. Organizations are urged to patch their systems or apply recommended mitigations immediately to prevent potential network access by threat actors.
Ozempic Maker Novo Nordisk Says Hackers Breached IT Systems - SecurityWeek
Pharmaceutical company Novo Nordisk recently disclosed a cybersecurity incident involving unauthorized access to internal systems that contained personal data from clinical trial participants and healthcare providers. The company confirmed that no direct identifiers were exposed, meaning the breach does not enable the identification of specific patients.
Ukrainian Man Pleads Guilty in US to Conti Ransomware Charges - SecurityWeek
A Ukrainian national pleaded guilty in a US court to charges related to his development of malware for the notorious Conti ransomware group. He now faces up to 20 years in prison for his role in the cybercriminal operation.
AI is creating a two-track labor market where roles requiring human-intensive skills experience faster salary growth and higher demand than roles focused on automation. This shift is also pushing entry-level jobs to prioritize senior-level capabilities like leadership and creativity as traditional apprenticeship pathways vanish.
Velvet Ant Hackers Backdoor OpenSSH and PAM to Spy on Critical Infrastructure Network
The China-nexus actor Velvet Ant maintained a near-decade campaign by backdooring OpenSSH and PAM components to gain persistent, silent access to critical infrastructure. This operation allowed the hackers to bypass authentication and exfiltrate credentials while evading detection within segmented networks.
PromptSnatcher Ad Blocker Extensions Steal AI Chats From ChatGPT, Claude, and Gemini
Two malicious browser extensions, Smart Adblocker and Adblock for Browser, have been identified for secretly stealing private AI chat conversations from platforms like ChatGPT, Claude, and Gemini. Users are urged to immediately remove these extensions and rotate their account credentials to prevent further data exposure.
AI giant’s Dynatrace GitHub data allegedly up for sale | Cybernews
A hacker is allegedly selling 8.46GB of internal Dynatrace GitHub repositories obtained through a compromised Personal Access Token. This potential data breach could expose sensitive source code and cloud infrastructure details, enabling targeted attacks against the company and its clients.
TikTok data leak expose 2.4B records, hackers claim | Cybernews
The alleged 2.4 billion-record TikTok data leak is likely a collection of infostealer logs rather than a direct breach of the platform. Experts warn that if the data is authentic, users may face increased risks of phishing, vishing, and account takeovers.
TikTok data leak expose 2.4B records, hackers claim | Cybernews
The alleged 2.4 billion-record TikTok data leak is likely a collection of infostealer logs rather than a direct breach of the platform. Experts warn that if the data is authentic, users may face increased risks of phishing, vishing, and account takeovers.
University of Nottingham Confirms Breach After Hackers Leak Data - SecurityWeek
The University of Nottingham has confirmed a data breach after the ShinyHunters hacker collective leaked sensitive personal and financial information from its student record system. The incident impacts both current students and alumni, prompting the university to coordinate with regulatory bodies and notify those affected by the theft.
Oracle warns of security bug that hackers abused to breach 100+ companies | TechCrunch
The hacking group ShinyHunters is exploiting a critical zero-day vulnerability in Oracle PeopleSoft software to breach over 100 organizations. While Oracle has issued a security advisory for the unpatched flaw, affected companies are urged to apply mitigations to protect sensitive data.