Bad news for defenders — breaches, new threats, vulnerabilities, and attacks.
Attackers have successfully hijacked Instagram accounts by exploiting Meta's AI-powered support systems. The attackers tricked the AI into believing they were the legitimate account owners, leading to users being locked out of their accounts.
A single line of code in a development setting allowed unauthorized Android apps to access Microsoft account tokens, potentially compromising billions of app downloads. This bypass circumvented security measures designed to protect user data.
Russia's FSB has accused foreign intelligence agencies of turning the smartphones of Russian officials into surveillance devices. The agency claims a large-scale operation compromised these devices but has provided no technical evidence to support its allegations.
Google has released an Android update that addresses a zero-day vulnerability, CVE-2025-48595, which has reportedly been exploited in limited, targeted attacks. The update also includes patches for 123 other vulnerabilities.
The browser has become a critical front line for AI security due to the rise of AI-powered attacks and the adoption of shadow AI. Push Security emphasizes the need for enhanced browser visibility to effectively detect threats and govern AI usage.
CISA has issued a directive to US government agencies, ordering them to patch a two-year-old, high-severity Oracle WebLogic Server vulnerability. This flaw, which was previously patched, is now being actively exploited in real-world attacks.
Artificial intelligence can significantly aid attackers by generating malware, creating malicious payloads, and bypassing security measures. AI empowers threat actors to transform vague malicious intent into functional attack code.
A critical stack-based buffer overflow vulnerability has been discovered in HP VoIP phones. This flaw can be exploited remotely to achieve code execution on affected devices, posing a significant risk to enterprise networks.
A new supply chain attack, dubbed Miasma, has compromised over 30 Red Hat Cloud Services-related npm packages, inserting a worm designed to steal developer credentials and authentication tokens. The malware, an evolution of the Shai-Hulud family, also expands its scope to collect cloud identities from Google Cloud and Azure. While most of the infected packages have been removed, the attack highlights ongoing risks in the software supply chain.
AI is accelerating the timeline for vulnerability exploitation, shrinking the window between disclosure and weaponization to mere hours. This rapid exploitation demands a fundamental shift in how organizations approach vulnerability management, moving beyond traditional reactive patching to more proactive and AI-aware strategies.
Anthropic's AI chatbot, Claude, experienced a significant outage shortly after the company announced its upcoming stock market debut. The outage impacted users trying to access the service during this critical period, raising questions about system reliability.
A critical vulnerability, identified as CVE-2024-21182, in Oracle WebLogic Server is actively being exploited in the wild. This vulnerability can be exploited without requiring any authentication, posing a significant risk to affected servers.
Attackers are actively exploiting a Palo Alto Networks GlobalProtect vulnerability, tracked as CVE-2026-0257, to gain unauthorized VPN access into corporate networks. The flaw, which allows for credential-less authentication bypass, was initially disclosed as medium severity but was quickly escalated to high urgency by Palo Alto Networks due to observed exploitation.
Google has released the June 2024 Android security patch, which fixes 124 vulnerabilities. Among these is a zero-day flaw that was actively exploited in targeted attacks.
Bruce Schneier reflects on his 2010 article warning about the limitations of cryptography in securing modern networks against various threats. He reiterates his long-standing argument that cryptography is ill-equipped to solve prevalent network security issues such as denial-of-service attacks, data theft, and network penetration.
A security researcher known as 'Nightmare Eclipse' has published details of significant Windows exploits, including one that bypasses BitLocker encryption. Microsoft has responded by threatening legal action against the researcher, leading to a public exchange of recriminations.
Hackers exploited a confused deputy vulnerability in Meta's AI chatbot to gain control of high-profile Instagram accounts. By requesting the AI to link an account to a new email address, the attackers were able to gain unauthorized access.
Police in Northern Ireland have issued a public service announcement (PSA) after their official phone number was spoofed by scammers. The fraudsters were reportedly asking victims to purchase gift cards as part of their fraudulent scheme. Authorities are urging the public to be vigilant against such tactics.
A malicious npm package named codexui-android, disguised as a remote UI for OpenAI Codex, has been found to exfiltrate developer authentication tokens. Attackers allegedly injected malicious code into the published package that was not present in its public GitHub repository, highlighting risks in the AI software supply chain.
A supply chain attack has compromised 32 Red Hat npm packages, with attackers publishing 96 malicious package versions. These versions contained a credential-stealing worm, reportedly similar to Mini Shai-Hulud.
A spear-phishing campaign, attributed to the Pakistan-aligned SideCopy group, has targeted Afghanistan's Ministry of Finance. The attackers used a ZIP archive containing a malicious LNK file with a Pashto-language filename to deliver the Xeno RAT, an open-source remote access trojan.
Dashlane experienced a brute-force attack where attackers attempted to access user accounts. The company's security systems automatically locked accounts to prevent further unauthorized access and limited the number of encrypted vault downloads that could be initiated.
A new wave of phishing emails is using SVG files as attachments to deliver malicious content. Threat actors are leveraging the SVG format to embed harmful code, bypassing traditional email filters by presenting the content as an image without any URLs in the email body.
Oracle has released its first monthly Critical Security Patch Update (CSPU), addressing a total of 77 vulnerabilities. These updates are part of Oracle's initiative to deliver critical fixes more rapidly.
Password manager Dashlane has reported a brute-force attack that resulted in the encrypted vaults of fewer than 20 personal plan users being downloaded. The attack, which occurred on May 31, 2026, targeted the company's two-factor authentication (2FA) system.
AI is accelerating the development and testing of tools, but human oversight remains critical in driving the workflow. This advancement impacts areas like Endpoint Detection and Response (EDR) systems.
Hackers are using compromised websites to distribute malware through "ClickFix" and "FakeUpdate" techniques. A threat actor named DriveSurge is behind these large-scale campaigns, which target thousands of sites to deliver malicious payloads.
A new malware strain dubbed Shai-Hulud is targeting versions of the Red Hat build of Node.js package manager (npm). The malicious code was found embedded in a legitimate-looking package and has been downloaded approximately 80,000 times per week.
A supply-chain attack compromised over 30 npm packages within Red Hat's '@redhat-cloud-services' namespace. The attackers distributed a new variant of the Shai-Hulud malware, named "Miasma," designed to steal developer credentials.
Spanish police have arrested an individual accused of leaking sensitive data belonging to government employees from several important state organizations. Among the affected entities was the National Cybersecurity Institute (INCIBE). The investigation is ongoing to determine the full extent of the data leak and identify any accomplices.
Hackers exploited a vulnerability in Meta's AI-powered customer support chatbot to gain unauthorized access to celebrity Instagram accounts. They then resold these high-value accounts before Meta was able to fix the exploit.
A supply chain attack has compromised dozens of Red Hat packages via its official NPM channel. Attackers injected malicious code into these packages, which were then distributed to users through the official Red Hat registry.
Malicious actors have registered over 5,000 new domains in an effort to impersonate election-related entities and conduct phishing attacks. These domains are designed to mimic legitimate election websites and organizations, aiming to trick voters into revealing personal information. This tactic highlights the shift from direct election system attacks to social engineering methods.
Microsoft has threatened legal action against a security researcher who published several zero-day exploits, sparking backlash from the cybersecurity community. Critics argue that Microsoft's stance discourages responsible disclosure and could hinder vulnerability research.
A vulnerability in the WP Maps Pro WordPress plugin, identified as CVE-2026-8732, is being exploited by unauthenticated attackers. This flaw allows attackers to create administrative accounts on vulnerable WordPress sites.
Dashlane password manager is investigating reports of users being locked out of their accounts due to brute-force attacks. These attacks appear to originate from unknown locations and devices, with attackers attempting multiple login attempts. Dashlane is working to address the issue and has stated that no user data has been compromised.
Oracle has released its first monthly Critical Security Patch Update (CSPU) for May 2026, addressing 35 vulnerabilities, including 11 rated as critical. Among these are several flaws with publicly available exploit code, some of which have been known for a considerable time, highlighting ongoing challenges with patching embedded open-source components.
A new supply chain attack campaign, codenamed Miasma, has compromised Red Hat npm packages to steal credentials and secrets. The attack uses install-time execution tactics to harvest credentials, target CI/CD systems, and exfiltrate data with a self-propagating worm.
Hackers exploited Meta's AI support bot to gain unauthorized access to Instagram accounts, including those of the Obama White House and the U.S. Space Force Chief Master Sergeant. Instructions circulating on Telegram guided users on how to trick the AI into resetting account passwords, leading to the brief defacement of these accounts with pro-Iranian content.
A sophisticated WordPress malware campaign has been discovered that uses Steam Community profile comments to hide its command-and-control (C2) infrastructure. Attackers are exploiting WordPress sites to inject malicious code, which then communicates with C2 servers disguised within user comments on Steam profiles, making detection more challenging.
A new article by Melissa Hathaway argues that AI is dramatically accelerating vulnerability discovery, exposing decades of software development prioritizing speed over security. It calls for a coordinated national and international effort involving governments, vendors, and operators to accelerate remediation and invest in automated repair before adversaries exploit this opportunity.
Organizations are urged to patch CVE-2026-41089, a critical vulnerability affecting Windows Netlogon. Attackers are actively targeting this flaw, making timely patching essential for defense.
Microsoft is investigating an ongoing incident that is preventing users of Microsoft Teams and Office for the web from accessing and opening files. The issue appears to be related to issues with accessing files from SharePoint and OneDrive, impacting users across various platforms and devices.
Palo Alto Networks is urging users to patch a critical authentication bypass vulnerability in its PAN-OS GlobalProtect VPN, which is being actively exploited in the wild. Adversaries have already launched two waves of attacks leveraging this flaw, highlighting the urgency for defenders to apply the necessary security updates.
Law enforcement is reportedly scanning social media for individuals who post criticism of AI data centers. This surveillance activity raises concerns about privacy and freedom of expression.
The GTA cheat service Atlas Menu has been hacked, with the attacker publishing a database of 64,000 user records to GitHub. The attacker alleges that Atlas Menu was spying on users via screenshots.
Attackers are increasingly exploiting vulnerabilities before organizations can identify and patch them. Faster vulnerability alerts are crucial for reducing exposure and improving security response times.
This weekly recap highlights several cybersecurity events, including a new Linux vulnerability, an exploit targeting PAN-OS, the rise of AI-powered attacks, and OAuth-based phishing campaigns. It also mentions poisoned development tools and the increasing accessibility of malicious activities.
The Centre for Cybersecurity Belgium has issued a warning that threat actors are actively exploiting a critical Windows Netlogon Remote Code Execution (RCE) vulnerability in ongoing attacks. This vulnerability was recently patched, highlighting the ongoing threat posed by unaddressed security flaws.
Attackers are actively exploiting a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS software. This flaw allows unauthorized access to VPNs, necessitating urgent patching for affected users and organizations.
