Weekly Review - June 08, 2026

Covers 7 daily digests (2026-06-02 to 2026-06-08).

All summaries, analysis, and story clustering are done by an LLM. It may make mistakes and say incorrect things. Check the sources and support the actual journalists.

Top Stories

1. Attackers exploited Meta AI logic flaw to hijack Instagram accounts

6 outlets, 2026-06-02 to 2026-06-08 - severity 4/5

Attackers exploited a logic flaw in Meta's AI-powered High Touch Support (HTS) assistant to hijack at least 20,225 Instagram accounts. By initiating the "forgot password" protocol and using VPNs to spoof target locations, attackers convinced the chatbot to link new, attacker-controlled email addresses to targeted accounts. In some instances, attackers used AI video generators to bypass identity verification by animating static photos of victims into fake selfies. This process allowed attackers to receive password reset codes directly, enabling them to bypass two-factor authentication on accounts that lacked additional protections and subsequently deface them with pro-Iranian content. The breach impacted high-profile entities including the Obama White House, Sephora, and the U.S. Space Force, with many compromised "OG" usernames being sold on the dark web. Meta responded by disabling the HTS tool, invalidating affected password reset links, and enrolling impacted users into a mandatory security checkpoint to reset passwords and re-authenticate.

Sources

• Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts - Krebs on Security, 2026-06-01 (quality: 18/21)
• Meta AI Hands Over High-Profile Instagram Accounts to Hackers - SecurityWeek, 2026-06-02 (quality: 17/21)
• Instagram users locked out after Meta AI abused to steal accounts - BleepingComputer, 2026-06-02 (quality: 17/21)
• Hacking Meta’s AI Chatbot - Schneier on Security, 2026-06-04 (quality: 13/21)
• Meta’s AI support bot happily handed Instagram accounts to hackers - Malwarebytes, 2026-06-04 (quality: 16/21)
• Meta’s own AI chatbot to blame for Instagram accounts being stolen in seconds - GRAHAM CLULEY, 2026-06-04 (quality: 8/21)
• Over 20,000 Instagram accounts stolen in Meta AI support hack - BleepingComputer, 2026-06-08 (quality: 19/21)
• Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse - SecurityWeek, 2026-06-08 (quality: 20/21)
• A week in security (June 1 – June 7) - Malwarebytes, 2026-06-08 (quality: 7/21)

2. TeamPCP used Shai-Hulud worm to launch npm supply chain attacks against Red Hat

5 outlets, 2026-06-02 to 2026-06-06 - severity 4/5

The threat actor TeamPCP executed a series of npm supply chain attacks between September 2025 and June 2026 using variants of the Shai-Hulud worm, including the Miasma malware. The campaign targeted diverse developer ecosystems, including Red Hat, TanStack, Bitwarden, and LiteLLM, by compromising GitHub accounts and exploiting GitHub Actions workflows to distribute malicious packages. In the Red Hat incident, attackers used compromised credentials to push orphan commits to repositories, subsequently using an OIDC token to publish 32 poisoned npm packages under the @redhat-cloud-services namespace within a 72-second window. The Miasma malware utilized preinstall scripts to execute code designed to steal cloud credentials (AWS, Azure, Google Cloud), GitHub Actions secrets, Kubernetes tokens, and various authentication keys. The scope of the attacks spanned hundreds of malicious package versions across multiple ecosystems, including @antv and SAP, impacting organizations such as OpenAI, Anthropic, and Mistral AI. Red Hat responded by identifying and removing the affected packages from the npm registry following the breach.

Sources

• Red Hat npm packages compromised to steal developer credentials - BleepingComputer, 2026-06-01 (quality: 20/21)
• Supply Chain Attack Hits 32 Red Hat NPM Packages - SecurityWeek, 2026-06-02 (quality: 20/21)
• Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm - The Hacker News, 2026-06-01 (quality: 20/21)
• The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2) - Unit 42, 2026-06-02 (quality: 17/21)
• Red Hat removes tainted packages after software pipeline compromise - The Record from Recorded Future News, 2026-06-02 (quality: 20/21)
• Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack - The Hacker News, 2026-06-06 (quality: 20/21)
• IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks - The Hacker News, 2026-06-05 (quality: 20/21)

3. Nightmare Eclipse releases zero-day exploits targeting Microsoft Windows and BitLocker

4 outlets, 2026-06-02 to 2026-06-06 - severity 4/5

Security researcher Nightmare Eclipse released a series of zero-day exploits targeting Microsoft Windows and BitLocker, including vulnerabilities identified as BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, and MiniPlasma. The disclosed vulnerabilities enabled various attack vectors, such as privilege escalation, denial-of-service (DoS), and the bypassing of BitLocker protections via the YellowKey exploit. A dispute emerged between Microsoft and the researcher after Microsoft disabled Nightmare Eclipse's vulnerability reporting portal and GitHub accounts, leading to accusations that the vendor refused to communicate or provide credit for discoveries. While Microsoft initially suggested that its Digital Crimes Unit might pursue legal action against those enabling criminal activity through uncoordinated disclosures, the company later issued clarifications stating it had no intention of pursuing legal action against security researchers. At least three of the six released vulnerabilities were exploited in the wild by attackers. The situation remains a point of contention within the cybersecurity community regarding the effectiveness of coordinated vulnerability disclosure and the relationship between vendors and independent researchers.

Sources

• Microsoft Threatening Security Researcher - Schneier on Security, 2026-06-02 (quality: 10/21)
• Microsoft's Zero-Day Legal Threats Spark Backlash - darkreading, 2026-06-01 (quality: 9/21)
• Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash - SecurityWeek, 2026-06-03 (quality: 18/21)
• Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away - CyberScoop, 2026-06-05 (quality: 19/21)

4. Claude Mythos Preview identifies thousands of unpatched vulnerabilities in critical infrastructure

4 outlets, 2026-06-02 to 2026-06-08 - severity 3/5

Anthropic’s Project Glasswing initiative uses the Claude Mythos Preview model to identify and remediate software vulnerabilities within critical infrastructure and essential software codebases. Launched in April 2026 with an initial cohort of 50 partners including Microsoft, Google, and NVIDIA, the project expanded in June 2026 to include approximately 150 additional organizations across sectors such as power, water, healthcare, and communications. The Mythos model scanned over 1,000 open-source projects, flagging 23,019 potential vulnerabilities, of which 6,202 were estimated as high or critical severity. Despite the identification of thousands of high-severity flaws, a June status report revealed that very few of these discovered vulnerabilities have been patched. The situation remains unresolved as many identified issues remain unaddressed in the targeted systems and software.

Sources

• Anthropic expanding access to Project Glasswing - CyberScoop, 2026-06-02 (quality: 18/21)
• Anthropic shares Mythos with 150 more organizations, including critical infrastructure operators - Cybersecurity Dive - Latest News, 2026-06-02 (quality: 16/21)
• Anthropic Expanding Mythos Access to 150 New Organizations - SecurityWeek, 2026-06-02 (quality: 13/21)
• Anthropic’s Project Glasswing Update - Schneier on Security, 2026-06-08 (quality: 11/21)

5. Unspecified threat actors target internet-exposed automatic tank gauge systems via vulnerabilities

2 outlets, 2026-06-04 to 2026-06-06 - severity 4/5

Unspecified threat actors are targeting internet-exposed automatic tank gauge (ATG) systems to manipulate liquid storage monitoring and pump controls. Attackers utilize authentication bypass, hardcoded credentials, SQL injection, and command execution vulnerabilities—including some with CVSS scores of 10/10—to gain administrator privileges and disable safety alerts or obscure leak detection. US federal agencies, including CISA, the FBI, and the EPA, issued joint guidance to industrial organizations to harden these devices against exploitation. While a Bitsight study previously identified seven critical zero-day vulnerabilities across six ATG models, recent scans by The Shadowserver Foundation identified 909 discoverable ATG devices in the United States, with additional exposed devices found in Canada, Australia, the UK, and Brazil. Compromised systems can disrupt fuel, energy, and food-grade storage operations, though researchers note that attackers cannot directly cause leaks using the ATG itself.

Sources

• CISA, FBI warn that hackers are targeting systems used to monitor industrial fluids - Cybersecurity Dive - Latest News, 2026-06-03 (quality: 20/21)
• Exposed Fuel Tank Gauges Under Attack in the US - darkreading, 2026-06-05 (quality: 18/21)

6. Chinese military intelligence officers target government personnel through fake job advertisements

2 outlets, 2026-06-05 to 2026-06-06 - severity 4/5

Chinese military intelligence officers are conducting a recruitment campaign targeting government and military personnel through fake job advertisements on professional networking and recruitment platforms such as LinkedIn, Indeed, and Upwork. The attack chain begins with actors posing as recruiters from private consultancies or HR firms to post roles like defense analysts, subsequently ranking applicants based on their potential access to sensitive information. During virtual interviews, recruiters conceal their identities to probe candidates about government contacts and military details before assigning trial reports on topics such as international trade or the Indo-Pacific region. Once a relationship is established, recruits are directed to move communications to encrypted messaging services and provide increasingly privileged information in exchange for payments made via Western Union, cryptocurrency, or third-party platforms like PayPal, Payoneer, and Wise. The FBI, MI5, and intelligence agencies from Australia, Canada, and New Zealand have issued a joint alert to warn Western workers of these solicitation tactics.

Sources

• Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities - SecurityWeek, 2026-06-05 (quality: 19/21)
• Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5 - GRAHAM CLULEY, 2026-06-05 (quality: 19/21)

7. Gamaredon uses WinRAR vulnerability to target Ukrainian military with Kazuar backdoor

2 outlets, 2026-06-03 - severity 4/5

The threat actor Gamaredon has established an operational collaboration with Turla to target Ukrainian military and government organizations, using its access to facilitate the deployment of Turla’s Kazuar backdoor. Between February and June 2025, Gamaredon utilized a path traversal vulnerability in WinRAR (CVE-2025-8088) to launch HTML Application payloads known as GammaPhish. This attack chain enables the delivery of GammaWorm and GammaSteel malware families for the purposes of data theft and network propagation.

Sources

• LABScon25 Replay | Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine - SentinelLabs - We are hunters, reversers, exploit developers, and tinkerers shedding light on the world of malware, exploits, APTs, and cybercrime across all platforms., 2026-06-02 (quality: 18/21)
• Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine - The Hacker News, 2026-06-02 (quality: 13/21)

Under the Radar

High-severity stories that received limited coverage this period.

Credential-stuffing attack at 23andMe exposed genetic information of millions of users

1 outlet, 2026-06-02 - severity 4/5

California Attorney General Rob Bonta has filed a lawsuit against Chrome Holding Co. following a massive data breach at 23andMe that exposed the genetic information of millions of users. The incident began with a credential-stuffing attack targeting approximately 14,000 accounts in 2023, which then leveraged a coding error in the DNA Relatives feature to scrape data from nearly seven million customers. The compromised data included sensitive genomic details used to determine genetic origins, much of which was later offered for sale on the dark web. Following 23andMe's Chapter 11 bankruptcy and the subsequent sale of its assets to the TTAM Research Institute, California is now seeking statutory penalties for the 855,541 affected California residents.

Why it matters: The breach involved widespread exploitation of a coding error, exposing sensitive genetic data for millions and resulting in significant legal and regulatory consequences.

Sources

• 23andMe exposed genetic information of millions, lawsuit says - Malwarebytes, 2026-06-02 (quality: 19/21)

UNC5221 compromised a Managed Services Provider using Brickstorm and pfSense firewalls

2 outlets, 2026-06-06 to 2026-06-08 - severity 4/5

The threat actor UNC5221, also known as VerdantBamboo, maintained network access for at least 18 months by compromising a Managed Services Provider's pfSense firewall with a BSD variant of the Brickstorm backdoor. The attackers exploited a local privilege escalation flaw on an Egnyte Storage Sync system to deploy Brickstorm and used its proxying capabilities alongside stolen credentials to access Microsoft 365 environments. During a second intrusion following initial remediation, the actor used administrative credentials to configure SSL VPN access on a firewall and deployed the .NET-based Plenet (or Grimbolt) backdoor and the AgentPSD Python reverse shell to a Synology NAS via SSH. The campaign targeted Linux-based appliances and edge devices, including systems from Egnyte, Synology, and pfSense. In response to the identified vulnerability, Egnyte released version 13.13 of its Storage Sync software in March 2026.

Why it matters: Confirmed widespread exploitation of edge devices and MSPs using new malware to maintain long-term access across multiple critical software environments.

Sources

• Chinese APT deploys new malware to keep access to hacked networks - BleepingComputer, 2026-06-05 (quality: 18/21)
• VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances - The Hacker News, 2026-06-08 (quality: 20/21)

Predatory Sparrow group breached Nobitex stealing ninety million dollars in assets

1 outlet, 2026-06-04 - severity 4/5

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Nobitex, Iran's largest cryptocurrency exchange, along with several other Iranian exchanges and individuals for facilitating payments linked to the Islamic Revolutionary Guard Corps (IRGC) and ransomware activities. These sanctions follow a June 2025 breach by the Predatory Sparrow hacking group, which claimed to have stolen approximately $90 million in digital assets from Nobitex. The targeted entities, including Wallex, Bitpin, and Ramzinex, were identified as key components of an ecosystem that processed significant portions of Iran's digital asset inflows and assisted the Central Bank of Iran in accessing hundreds of millions of dollars in stablecoins. The sanctions freeze all property or assets belonging to these designated parties within U.S. jurisdiction and prohibit U.S. persons from conducting business with them.

Why it matters: Major U.S.

Sources

• U.S. sanctions Nobitex crypto exchange used by Iranian ransomware actors - BleepingComputer, 2026-06-03 (quality: 18/21)

Attackers breached WFP self-registration application stealing Gaza Palestinian household data

1 outlet, 2026-06-05 - severity 4/5

Attackers breached the World Food Programme’s (WFP) self-registration application (SRA) in mid-May 2024, resulting in the theft of personal data belonging to approximately 600,000 Palestinian households in the Gaza Strip. The stolen information includes names, ID numbers, phone numbers, and neighborhood-level location data. In response to the breach, the WFP temporarily suspended the registration platform to implement security improvements and system protections. While the SRA remains offline for strengthening measures, the organization stated that existing registrations remain valid and food and cash assistance programs will continue without interruption.

Why it matters: Large-scale breach of sensitive PII for 600,000 vulnerable households poses significant real-world physical and identity theft risks.

Sources

• UN food agency discloses breach affecting 600,000 Gaza households - BleepingComputer, 2026-06-04 (quality: 17/21)

All Stories by Category

Vulnerabilities & Patches

• Marquis Software VPN Flaw Exposed Over Seventy Financial Institutions (2026-06-04, 1 outlet, severity 4/5)
  • What 345 Days of Untested Exposure Looks Like at a Bank - BleepingComputer
• Palo Alto Networks Patch Released for Active Auth Bypass Exploit (2026-06-02, 1 outlet, severity 4/5)
  • Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit - darkreading
• OP-512 Uses Custom Web Shells to Target Microsoft IIS Servers (2026-06-06, 1 outlet, severity 3/5)
  • New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework - The Hacker News
• Cisco and XBOW deploy automation to combat AI-driven vulnerabilities. (2026-06-05, 1 outlet, severity 3/5)
  • Inside the race to adapt to an AI-powered security world - CyberScoop
• CIFSwitch Linux Flaw and Netlogon Exploits Highlight Weekly Threats (2026-06-02, 1 outlet, severity 3/5)
  • ⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More - The Hacker News
• Anthropic Maps AI Threats Amid New Comodo Vulnerability Discovery (2026-06-06, 1 outlet, severity 3/5)
  • In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA - SecurityWeek
• Hercules Threat Actor Shares Vulnerability Exploitation Playbook for Novices (2026-06-05, 1 outlet, severity 3/5)
  • Hackers Are After the Gaps in Your Vulnerability Program: Here's Their Playbook - BleepingComputer
• NIST Vulnerability Database Ineffective Due to Errors, Says Inspector General (2026-06-02, 1 outlet, severity 3/5)
  • Inspector general finds NIST mistakes have made vulnerability database ineffective - The Record from Recorded Future News
• AI-driven threats exploit known vulnerabilities and lack of runtime visibility (2026-06-03, 3 outlets, severity 2/5)
  • Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis - SecurityWeek
  • Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore - The Hacker News
  • Third-Party Risk in an Age of Engineered Volatility & Fragmentation - Corporate Compliance Insights
• Attackers Scan swagger.json Files to Map API Vulnerabilities (2026-06-04, 1 outlet, severity 2/5)
  • Continuing Scans for swagger.json, (Wed, Jun 3rd) - SANS Internet Storm Center, InfoCON: green
• Kaspersky Study Reveals Public Wi-Fi Vulnerabilities Across Mexico (2026-06-02, 1 outlet, severity 2/5)
  • Wardriving assessment across Mexico: Preparing for the 2026 World Cup - Securelist
• OWASP Incubator Adopts CVE Lite CLI to Scan Dependencies (2026-06-06, 1 outlet, severity 1/5)
  • OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds - SecurityWeek
• Emphere Secures $2.1 Million for AI-Driven Vulnerability Remediation Platform (2026-06-07, 1 outlet, severity 1/5)
  • Emphere Raises $2.1 Million for AI-Powered Vulnerability Remediation - SecurityWeek

Data Breaches

• ShinyHunters leaked a 234 GB archive of stolen DentaQuest data (2026-06-05, 2 outlets, severity 3/5)
  • DentaQuest data breach exposed info of 2.6 million accounts - BleepingComputer
  • Hackers Leak DentaQuest Information Impacting 2.6 Million - SecurityWeek
• IMA Diligence Services Breach Exposes Data of 525,000 People (2026-06-03, 1 outlet, severity 3/5)
  • IMA Diligence Services Data Breach Impacts 525,000 People - SecurityWeek
• 2026 Verizon DBIR: ClickFix and Browser Threats Drive More Breaches (2026-06-06, 1 outlet, severity 3/5)
  • What 2026 DBIR Confirms: Attacks Are Living in the Browser - BleepingComputer
• RCI Hospitality Breach Exposes Data of 40,000 Independent Contractors (2026-06-05, 1 outlet, severity 3/5)
  • Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals - SecurityWeek
• Lansing Community College Breach Exposes 174,000 Students' Personal Data (2026-06-08, 1 outlet, severity 3/5)
  • 174,000 Impacted by Lansing Community College Data Breach - SecurityWeek

Ransomware

• Silent Ransom Group Targets U.S. Law Firms Through Social Engineering Campaign (2026-06-08, 2 outlets, severity 3/5)
  • Silent Ransom Group targets law firms with fake IT support calls - BleepingComputer
  • Silent Ransom Group Uses DNS Fast Flux in Attacks - SecurityWeek
• Sophos Uncovers AI-Powered Ransomware Toolkit Automating EDR Evasion (2026-06-03, 1 outlet, severity 3/5)
  • AI-built ransomware toolkit automates EDR evasion, AD discovery - BleepingComputer

Supply Chain Attacks

• Polyfill.io service triggers fake login prompts on Toshiba, Muji sites (2026-06-06, 1 outlet, severity 4/5)
  • Suspicious Polyfill login prompts pop up on Toshiba, Muji websites - BleepingComputer
• Department of Defense designates Anthropic as a supply chain risk (2026-06-06, 2 outlets, severity 3/5)
  • Sprawling new House AI bill includes frontier model oversight, open-source security grants - Cybersecurity Dive - Latest News
  • Trump AI Order Seeks Voluntary Frontier Model Testing - darkreading
• IronWorm malware attacks npm packages to steal developer credentials and secrets (2026-06-05, 2 outlets, severity 3/5)
  • New IronWorm malware hits 36 packages in npm supply-chain attack - BleepingComputer
  • Rust-Written IronWorm Hits NPM Supply Chain - darkreading
• Magecart Uses Stripe and Google Tag Manager to Steal Cards (2026-06-05, 1 outlet, severity 3/5)
  • Credit card theft campaign abuses Stripe to host stolen payment info - BleepingComputer
• Oxford University CareerConnect platform suffers data breach via third-party hack (2026-06-08, 1 outlet, severity 3/5)
  • Oxford University discloses data breach after careers platform hack - BleepingComputer
• Hola Browser supply chain attack delivers Monero cryptominer to users (2026-06-05, 1 outlet, severity 2/5)
  • Hola Browser for Windows compromised to deliver cryptominer - BleepingComputer
• VS Code Implements Update Delay to Prevent Supply Chain Attacks (2026-06-08, 1 outlet, severity 2/5)
  • VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks - The Hacker News

Nation-State / APT

• TA4922 targets global organizations using Atlas RAT for data theft (2026-06-04 to 2026-06-05, 3 outlets, severity 3/5)
  • Chinese hackers use new Atlas RAT malware in European cyberattacks - BleepingComputer
  • China-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South Africa - The Hacker News
  • China's TA4922 Expands Cybercrime Attacks Globally - darkreading
• Unknown threat actor targets senior finance executive in espionage campaign (2026-06-03 to 2026-06-04, 3 outlets, severity 3/5)
  • Global Stock Exchange Hit by Monthslong Email Campaign - darkreading
  • Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months - The Hacker News
  • Hackers Target Global Stock Exchange in Espionage Operation - SecurityWeek
• China-linked FamousSparrow and NegativeGlimmer Target Latin American Government Agencies (2026-06-04, 1 outlet, severity 3/5)
  • Tropical Blend: Cyber & Politics Ramp Up Across Latin America - darkreading
• SideCopy Uses Xeno RAT to Target Afghanistan Finance Ministry (2026-06-02, 1 outlet, severity 3/5)
  • Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT - The Hacker News
• Russia seeks extremist designation for Belarusian Cyber Partisans and Silent Crow (2026-06-05, 1 outlet, severity 3/5)
  • Russia seeks to label two anti-Kremlin hacker groups as ‘extremist’ - The Record from Recorded Future News
• Azureveil Malware Used in Chinese Cyberattacks Against Czech Organizations (2026-06-03, 1 outlet, severity 3/5)
  • China Uses Dual-Method Cyberattack on Czech Orgs - darkreading

Malware & Botnets

• Dutch Police and NCSC-NL Dismantle 17-Million-Device Botnet Network (2026-06-02, 1 outlet, severity 4/5)
  • Dutch Police Dismantle Massive 17-Million-Device Botnet - SecurityWeek
• RenEngine loader uses pirated games to infect 400,000 devices (2026-06-08, 1 outlet, severity 4/5)
  • Pirated PC games are delivering password-stealing malware - Malwarebytes
• CL-CRI-1089 uses Operation FlutterBridge macOS malvertising to distribute FlutterShell backdoor (2026-06-02 to 2026-06-04, 2 outlets, severity 3/5)
  • Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor - Unit 42
  • FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads - The Hacker News
• DriveSurge hijacks legitimate websites for ClickFix and FakeUpdate malware campaigns (2026-06-02 to 2026-06-03, 2 outlets, severity 3/5)
  • Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks - BleepingComputer
  • DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks - darkreading
• RemusStealer and AnimateClipper Distributed via Amazon CloudFront Traffic Redirection (2026-06-04, 1 outlet, severity 3/5)
  • Impersonation, Click Hijacking, and TDS: Inside a Malware Distribution Ecosystem - Check Point Research
• C0XMO Botnet Exploits CVE-2021-27137 to Target DD-WRT Routers (2026-06-08, 1 outlet, severity 3/5)
  • C0XMO botnet spreads via DD-WRT router flaw, kills rival malware - BleepingComputer
• Asin Android Spyware Targets Arabic Users via Malicious Apps (2026-06-06, 1 outlet, severity 3/5)
  • Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps - The Hacker News
• WordPress Malware Uses Steam Profiles to Hide Malicious Payloads (2026-06-02, 1 outlet, severity 3/5)
  • WordPress malware campaign hides payloads in Steam profiles - BleepingComputer
• MSI-branded JPEG backgrounds used to deliver malicious PowerShell payloads (2026-06-05, 1 outlet, severity 3/5)
  • The Evil MSI Background is Back!, (Fri, Jun 5th) - SANS Internet Storm Center, InfoCON: green
• Massive Malware Campaigns Infect Hundreds of Thousands of Minecraft Users (2026-06-03, 1 outlet, severity 3/5)
  • Over 116,000 Minecraft systems infected in WeedHack malware campaign - BleepingComputer
• Infostealer Malware Becomes Primary Payload in Rising Phishing Campaigns (2026-06-03, 1 outlet, severity 3/5)
  • Infostealers are becoming the go-to phishing payload - Malwarebytes
• Argamal malware infects users through modified adult-themed game files (2026-06-03, 1 outlet, severity 2/5)
  • Argamal: Malware hidden in hentai games - Securelist
• Cisco Talos uses AI to identify KongTuke C2 attack chains (2026-06-04, 1 outlet, severity 2/5)
  • Winning the cyber marathon with Tony Giandomenico - Cisco Talos Blog
  • Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting - Cisco Talos Blog
• AI Agents, ClickFix, and JavaScript Backdoors Threaten Global Security (2026-06-05, 1 outlet, severity 2/5)
  • ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories - The Hacker News
• Mobile Game Ads Used to Spread Fake Virus Alerts (2026-06-02, 1 outlet, severity 2/5)
  • Fake virus alerts are invading mobile games - Malwarebytes

Phishing & Social Engineering

• UNC3753 Uses Vishing and Physical Intrusion for U.S. Data Theft (2026-06-08, 1 outlet, severity 3/5)
  • UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign - The Hacker News
• Fake Ghidra and dnSpy Sites Use SessionGate to Deliver Malware (2026-06-04, 1 outlet, severity 3/5)
  • Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS - The Hacker News
• Fake BlueWallet Website Steals Crypto and Passwords From macOS Users (2026-06-02, 1 outlet, severity 3/5)
  • Fake BlueWallet steals passwords, accounts, and crypto from Macs - Malwarebytes
• Fake Copyright Notices Target Chrome Extension Developers to Steal Logins (2026-06-03, 1 outlet, severity 3/5)
  • These convincing copyright notices are designed to steal Google logins - Malwarebytes
• Booking.com Impersonation and Travel Scams: How to Stay Secure (2026-06-04, 1 outlet, severity 3/5)
  • Travel scams are everywhere. Here’s how to avoid them - Malwarebytes
• FIFA World Cup 2026 Scams Target Fans With Malware and Phishing (2026-06-05, 1 outlet, severity 3/5)
  • FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins - The Hacker News
• Google Android Update Detects AI Deepfake Scam Calls via Verification (2026-06-03, 1 outlet, severity 2/5)
  • Google adds Android protection against AI deepfake scam calls - BleepingComputer
• Cybersecurity threats escalate through phone hacking and expanded phishing kits. (2026-06-03, 1 outlet, severity 2/5)
  • Russia claims foreign spy agencies hacked officials' phones - The Record from Recorded Future News
• SVG Files Used in New JavaScript-Based Phishing Campaign (2026-06-02, 1 outlet, severity 2/5)
  • New Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd) - SANS Internet Storm Center, InfoCON: green
• PayPal and Amazon fake-invoice phishing campaign caught during rollout (2026-06-04, 1 outlet, severity 2/5)
  • We found this fake-invoice campaign while scammers were still building it - Malwarebytes
• Chinese Cybercrime Group Accelerates Attacks Using Social Engineering Tactics (2026-06-04, 1 outlet, severity 2/5)
  • Chinese Cybercrime Group in Spotlight for Record Campaign Pace - SecurityWeek

Cloud & Infrastructure Security

• Microsoft Exchange Online outage EX1331830 causes global email delivery failures (2026-06-03, 1 outlet, severity 3/5)
  • Microsoft Exchange Online outage causes email delays, failures - BleepingComputer
• PCPJack Hijacks AWS, Google, and Azure Servers for Email Relay (2026-06-05, 1 outlet, severity 3/5)
  • PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network - The Hacker News
• Microsoft Investigates File Access Outages in Teams and Office Apps (2026-06-02, 1 outlet, severity 2/5)
  • Microsoft investigates Office Apps, Teams file access issues - BleepingComputer
• Bugcrowd Launches EU Data Residency Option for Enhanced Data Sovereignty (2026-06-05, 1 outlet, severity 1/5)
  • Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs - darkreading

Identity & Access Management

• External threat actor launched brute-force attack against Dashlane user accounts (2026-06-02, 3 outlets, severity 2/5)
  • Dashlane password manager users locked out by brute force attacks - BleepingComputer
  • Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads - SecurityWeek
  • Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded - The Hacker News
• Orchid Security’s IVIP Strategy Combats Identity Dark Matter Risks (2026-06-03, 1 outlet, severity 2/5)
  • Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP) - The Hacker News
• Opal Security Secures $23 Million for AI-Native Identity Governance (2026-06-06, 1 outlet, severity 1/5)
  • Opal Security Raises $23 Million for AI-Native Identity Governance - SecurityWeek

AI & Machine Learning Security

• Carnival and Charter Breaches Highlight New AI-Driven Cyber Threats (2026-06-02, 1 outlet, severity 4/5)
  • 1st June – Threat Intelligence Report - Check Point Research
• Zero-knowledge threat actors use AI to automate vulnerability discovery and exploitation (2026-06-02, 2 outlets, severity 3/5)
  • The Intersection of Encryption and AI - Schneier on Security
  • The Zero-Knowledge Threat Actor and the End of Responsible Disclosure - SecurityWeek
• Claude Cowork AI Agents Pose Major Corporate Data Exfiltration Risks (2026-06-05, 1 outlet, severity 3/5)
  • Your AI agent could become your biggest insider threat - CyberScoop
• AI-Driven Framework Automates EDR Evasion Testing Against Security Agents (2026-06-04, 1 outlet, severity 3/5)
  • Attackers Use AI to Automate EDR Evasion Testing - darkreading
• Bright Data SDK Uses Smart TVs as AI Scraping Proxies (2026-06-06, 1 outlet, severity 3/5)
  • Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI - The Hacker News
• Attackers use AI to exploit vulnerabilities faster than organizations can patch (2026-06-02, 2 outlets, severity 3/5)
  • Race Against Time: Why Faster Vulnerability Alerts Matter - BleepingComputer
  • AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It. - The Hacker News
• Anthropic Proposes Global Pause on Advanced AI Development Risks (2026-06-08, 1 outlet, severity 3/5)
  • Anthropic Urges Industry Coordination to Allow for a ‘Pause’ in AI Development if Risks Grow - SecurityWeek
• Browsers Become Primary Battleground for New AI-Driven Security Threats (2026-06-03, 1 outlet, severity 3/5)
  • Why the browser is now the front line for AI security - BleepingComputer
• Cisco Talos Expands Threat Hunting Using AI-Driven Telemetry Analysis (2026-06-05, 1 outlet, severity 3/5)
  • Reporting from Vegas: Networking, AI, and good boys - Cisco Talos Blog
• Cornell Research Warns Prompt Injection May Be Unfixable in AI (2026-06-04, 1 outlet, severity 3/5)
  • Smashing Security podcast #470: This AI security flaw might be impossible to fix - GRAHAM CLULEY
• OpenAI implements security controls to mitigate ChatGPT data exfiltration via prompt injection (2026-06-07 to 2026-06-08, 2 outlets, severity 2/5)
  • New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration - The Hacker News
  • OpenAI Rolling Out ChatGPT Account Security Controls - SecurityWeek
• Agentic AI worm proof-of-concept uses LLMs to exploit network vulnerabilities (2026-06-06, 2 outlets, severity 2/5)
  • AI Worm - Schneier on Security
  • Adaptive, Agentic AI Worms Loom as Next Enterprise Threat - darkreading
• AI Agents Threaten Compliance with GDPR and HIPAA Frameworks (2026-06-08, 1 outlet, severity 2/5)
  • Data Privacy Rules Built for Human Behavior Have an AI Agent Problem - Corporate Compliance Insights
• IT and GRC Leaders Fear Rising Shadow AI Risks (2026-06-05, 1 outlet, severity 2/5)
  • 59% of Audit, GRC & IT Leaders Concerned About Shadow AI - Corporate Compliance Insights
• AI-Generated Fabrications Signal Impending Legal and Corporate Risks (2026-06-02, 1 outlet, severity 2/5)
  • Canaries in the Coal Mine: Law’s Crashout Over AI Is Coming for Everyone - Corporate Compliance Insights
• AI-Driven Vulnerability Discovery Demands Global Coordinated Patching Efforts (2026-06-02, 1 outlet, severity 2/5)
  • Vulnerability Disclosure in the Age of AI - Schneier on Security
• AI Risk Quadrant Ranks Security of 100 AI Agents (2026-06-04, 1 outlet, severity 2/5)
  • Security of 100 AI Agents Tested and Ranked – What You Need to Know - SecurityWeek
• Securing High-Autonomy AI Agents Against Rogue Behavior Remains Extremely Difficult (2026-06-03, 1 outlet, severity 2/5)
  • Securing AI Agents Before They Go Rogue Is Next to Impossible - darkreading
• Offroad and Willow emerge from stealth to secure enterprise AI agents (2026-06-05, 1 outlet, severity 1/5)
  • Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity Risk - SecurityWeek
  • Willow Raises $7 Million for Securing Autonomous AI Agents - SecurityWeek
• Only 10% of SOCs Report Excellent Value From AI Tools (2026-06-05, 1 outlet, severity 1/5)
  • Only 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to Deliver - The Hacker News
• Zoom CISO Sandra McLeod: AI Enhances Security Rather Than Replacing Roles (2026-06-03, 1 outlet, severity 1/5)
  • Zoom CISO: AI as Security Enabler, Not Role-Replacer - darkreading
• Coralogix Secures $200M to Expand AI Observability Platform (2026-06-04, 1 outlet, severity 1/5)
  • Coralogix Raises $200M at $1.6B Valuation to Scale AI Observability Platform - SecurityWeek
• AI Algorithms Successfully Decrypt Complex Medieval Pencil-and-Paper Ciphers (2026-06-03, 1 outlet, severity 1/5)
  • AI Used to Decrypt Medieval Ciphers - Schneier on Security
• AI-Native Security Architectures to Transform Future Enterprise Defense Strategies (2026-06-02, 1 outlet, severity 1/5)
  • Beyond Assume-Breach: How AI-Native Security Will Reshape Enterprise Defense - darkreading

Legal & Law Enforcement

• Bulgarian Ministry of the Interior Dismantles Organized Crime Groups in Operation KRATOS 2 (2026-06-03 to 2026-06-04, 2 outlets, severity 3/5)
  • Police dismantles 9 crime groups in illegal streaming crackdown - BleepingComputer
  • European authorities crack down on illegal streaming networks - CyberScoop
• Supreme Court Upholds FCC Fines Against AT&T and Verizon (2026-06-05, 1 outlet, severity 3/5)
  • Supreme Court rules FCC fines punishing telecom giants for sharing location data were legal - The Record from Recorded Future News
• DoJ Freezes $3.8 Million in Southeast Asian Crypto Fraud Assets (2026-06-04, 1 outlet, severity 3/5)
  • DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets - The Hacker News
• Nemesis Market vendor sentenced to 26 years for drug trafficking (2026-06-06, 1 outlet, severity 3/5)
  • Dark web Nemesis Market vendor gets 26 years for selling drugs - BleepingComputer
• Tina Peters vows legal battle to clear election breach conviction (2026-06-02, 1 outlet, severity 3/5)
  • Tina Peters, convicted in election-security breach, emerges defiant and vows legal fight - CyberScoop
• Spanish and French Police Bust Fake ID Marketplace for Smugglers (2026-06-04, 1 outlet, severity 3/5)
  • Police dismantles fake ID marketplace used by migrant smugglers - BleepingComputer
• Spanish Police Arrest Doxer Leaking INCIBE and Government Employee Data (2026-06-02, 1 outlet, severity 3/5)
  • Spain arrests doxer leaking sensitive data of govt employees - BleepingComputer
• Southeast Asian Scam Infrastructure Disruption Affects 1.4 Million Accounts (2026-06-04, 1 outlet, severity 3/5)
  • Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown - SecurityWeek
• FTC weighs petition from X to modify $150M privacy penalty (2026-06-05, 1 outlet, severity 2/5)
  • FTC considers setting aside or modifying $150 million privacy penalty against X - The Record from Recorded Future News
• NSA Names David Imbordino as New Cybersecurity Directorate Chief (2026-06-02, 1 outlet, severity 2/5)
  • NSA selects new leads for key cybersecurity posts - The Record from Recorded Future News
• Philippines National CERT Joins Have I Been Pwned Service (2026-06-03, 1 outlet, severity 2/5)
  • Welcoming the Philippine Government to Have I Been Pwned - Troy Hunt
• Antitrust Class Actions: Why Opting Out Boosts Corporate Recoveries (2026-06-05, 1 outlet, severity 1/5)
  • On Antitrust Class Actions, You May Be Leaving Value in the Mailroom - Corporate Compliance Insights

Policy & Regulation

• Trump administration establishes voluntary framework for AI developers to assess risks (2026-06-03 to 2026-06-05, 4 outlets, severity 2/5)
  • White House unveils pared-back AI executive order - The Record from Recorded Future News
  • Trump administration releases scaled-back AI executive order - CyberScoop
  • Trump signs EO seeking early government access to powerful AI models - Cybersecurity Dive - Latest News
  • Trump Signs Executive Order That Invites Vetting of Top AI Models for National Security Risks - SecurityWeek
  • CISA directive for AI executive order to be released this week, Andersen says - The Record from Recorded Future News
  • CISA chief says Trump AI executive order implementation will start soon - Cybersecurity Dive - Latest News
  • Industry Reactions to New Trump AI Cybersecurity Executive Order: Feedback Friday - SecurityWeek
• Trump proposes budget cuts for CISA during Markwayne Mullin testimony (2026-06-04, 2 outlets, severity 3/5)
  • DHS Secretary Markwayne Mullin pinpoints optimal CISA staffing levels - CyberScoop
  • DHS chief signals efforts to reshape CISA - The Record from Recorded Future News
• EU Tech Sovereignty Package Targets US and China Dependency (2026-06-06, 1 outlet, severity 3/5)
  • EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers - The Record from Recorded Future News
• Cyber Insurance Premiums Drop as Policy Exclusions Expand (2026-06-04, 1 outlet, severity 3/5)
  • Cyber Insurance Rates Are Dropping, but Exclusions Widen - darkreading
• FinCEN Proposes New Rules to Modernize AML/CFT Compliance Framework (2026-06-05, 1 outlet, severity 3/5)
  • FinCEN’s Proposed New AML Rules: What You Need to Know - Corporate Compliance Insights
• Commission Proposes $11 Billion New U.S. Cyber Warfare Branch (2026-06-03, 1 outlet, severity 2/5)
  • New cyber force would cost up to $11 billion to start, commission says - The Record from Recorded Future News
• SEC rescinds climate reporting rules, but ESG risks persist (2026-06-03, 1 outlet, severity 2/5)
  • The SEC Is Killing Its Climate Rule, but ESG Risk Remains - Corporate Compliance Insights
• S-RM Warns Unified AI Governance Must Address Interconnected Risks (2026-06-08, 1 outlet, severity 2/5)
  • AI’s Blend of Bias, Privacy & Regulatory Risk Means You Can’t Patch Your Way Out of Exposure - Corporate Compliance Insights
• DOD to Embed Cyber Capabilities and AI Security in Operations (2026-06-03, 1 outlet, severity 2/5)
  • DOD wants to integrate cyber in all operations, and integrate security into AI - CyberScoop
• Hill Democrats Condemn Proposed $250M CISA Budget Cut (2026-06-05, 1 outlet, severity 2/5)
  • Hill Dems hammer GOP for $250M CISA budget cut - CyberScoop
• Delinea CEO Advocates for AI Accountability Over Heavy Regulation (2026-06-08, 1 outlet, severity 1/5)
  • The AI security race needs accountability, not overregulation - CyberScoop
• Diligent, DataBee, and Sovos Launch New GRC Technology Solutions (2026-06-05, 1 outlet, severity 1/5)
  • GRC News Roundup: Diligent, Sovos, DataBee & More - Corporate Compliance Insights

Other Cybersecurity

• USPS implements new ballot tracking rules after court ruling (2026-06-02, 1 outlet, severity 3/5)
  • USPS moving forward with mail-in ballot changes as courts weigh Trump’s election order - CyberScoop
• S&P Warns AI Cyber Threats Could Damage Corporate Credit Ratings (2026-06-02, 1 outlet, severity 2/5)
  • Without strong governance, companies put credit ratings at risk in AI era - Cybersecurity Dive - Latest News
• Modern Risk Management Outpaces Traditional Finance-Focused Hiring Practices (2026-06-02, 1 outlet, severity 2/5)
  • If Risk Management Is Truly Integrated, Why Aren’t We Hiring That Way Yet? - Corporate Compliance Insights
• Allianz Report: War Now Surpasses Civil Unrest in Global Risk (2026-06-06, 1 outlet, severity 2/5)
  • Political Violence & Civil Unrest Trends - Corporate Compliance Insights
• CrowdStrike and Palo Alto Networks Surpass Estimates Amid AI Growth (2026-06-05, 1 outlet, severity 1/5)
  • CrowdStrike, Palo Alto Networks defy estimates as AI fuels cyber demand - Cybersecurity Dive - Latest News
• Gartner Summit: Focus on Fundamentals Over AI Hype and Risks (2026-06-04, 1 outlet, severity 1/5)
  • ‘Don’t panic’: AI reality checks dominate major cybersecurity conference - Cybersecurity Dive - Latest News
• Microsoft Coreutils Brings Native Linux Commands to Windows OS (2026-06-03, 1 outlet, severity 1/5)
  • Microsoft's Coreutils project brings Linux commands to Windows - BleepingComputer
• OpenAI Upgrades GPT-5.5 and Adds New Job Search Tool (2026-06-03, 1 outlet, severity 1/5)
  • OpenAI upgrades GPT-5.5, as it plans to retire legacy ChatGPT models - BleepingComputer
• Microsoft’s Intelligent Terminal Integrates AI Assistants into Windows Interface (2026-06-08, 1 outlet, severity 1/5)
  • Hands on with Intelligent Terminal, an AI-powered Windows Terminal - BleepingComputer
• Jennifer L. Gaskin Argues Against the Inevitability of AI (2026-06-08, 1 outlet, severity 1/5)
  • (This Is a Lie) AI Is Inevitable - Corporate Compliance Insights
• Brave Software Launches Paid Origin Browser Without Built-in Bloatware (2026-06-05, 1 outlet, severity 1/5)
  • Brave Software releases Origin for a paid, bloat-free browsing experience - BleepingComputer
• Endpoint Security: A Financial Imperative for Modern Risk Management (2026-06-08, 1 outlet, severity 1/5)
  • The new risk equation: Why endpoint security is a financial imperative - Cybersecurity Dive - Latest News
• CIO and CISO: Turning Structural Tension Into Strategic Collaboration (2026-06-03, 1 outlet, severity 1/5)
  • Turning tension into collaboration: How CIOs and CISOs can lead together - Cybersecurity Dive - Latest News
• Microsoft Releases Rust-Based Coreutils for Windows via Winget (2026-06-04, 1 outlet, severity 1/5)
  • Microsoft's Coreutils for Windows, (Thu, Jun 4th) - SANS Internet Storm Center, InfoCON: green
• Jennifer Gaskin Launches Queering Compliance Podcast for LGBTQIA+ Professionals (2026-06-03, 1 outlet, severity 1/5)
  • Queering Compliance - Corporate Compliance Insights
• EDR and MDR: Strengthening Operational Resilience Against Cyber Attacks (2026-06-02, 1 outlet, severity 1/5)
  • How Leading Organizations Are Turning EDR Into Operational Resilience - The Hacker News
• ISC Stormcast Provides Daily Security Updates and SANS Training News (2026-06-08, 1 outlet, severity 1/5)
  • ISC Stormcast For Monday, June 8th, 2026 https://isc.sans.edu/podcastdetail/9962, (Mon, Jun 8th) - SANS Internet Storm Center, InfoCON: green
• ISC Stormcast Daily Security News Digest for June 4, 2026 (2026-06-04, 1 outlet, severity 1/5)
  • ISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958, (Thu, Jun 4th) - SANS Internet Storm Center, InfoCON: green
• ISC Stormcast Podcast Delivers June 5th Cybersecurity Threat Updates (2026-06-05, 1 outlet, severity 1/5)
  • ISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960, (Fri, Jun 5th) - SANS Internet Storm Center, InfoCON: green
• ISC Stormcast June 2, 2026: Daily Cybersecurity Update Podcast (2026-06-02, 1 outlet, severity 1/5)
  • ISC Stormcast For Tuesday, June 2nd, 2026 https://isc.sans.edu/podcastdetail/9954, (Tue, Jun 2nd) - SANS Internet Storm Center, InfoCON: green
• ISC Stormcast June 3rd: Xavier Mertens Reports Green Threat Level (2026-06-03, 1 outlet, severity 1/5)
  • ISC Stormcast For Wednesday, June 3rd, 2026 https://isc.sans.edu/podcastdetail/9956, (Wed, Jun 3rd) - SANS Internet Storm Center, InfoCON: green

Reported Data Breaches

Breaches reported via Have I Been Pwned this period.

• ShinyHunters Leaks 103,000 Baker Distributing Customer Accounts via Data Breach (2026-06-07)
• BCD Travel breach exposes over 396,000 user accounts (2026-06-05)
• ShinyHunters Breach Exposes 2.5 Million DentaQuest User Accounts (2026-06-04)