The Transport for London (TfL) intrusion became a confirmed data leak after customer data was stolen from the Oyster refunds system, raising misuse risk for affected records. TfL disclosed the theft on September 12, 2024, after the attack had already disrupted refund services. The stolen-data thread sits alongside the wider operational damage and criminal case tied to the breach.

Security scanners for AI agent skills, including those wired into skills.sh, cleared a fake skill that hid its real payload behind stitch-design.ai, exposing a vetting gap that can let post-review instructions slip through. The skill, brand-landingpage, was pushed through a marketplace and an Instagram ad. A clean scan at install time did not guarantee a safe skill afterward because the linked content could change later.

President Trump signed EO 14409, ordering federal agencies to migrate high-value assets and high-impact systems to post-quantum cryptography on a fixed schedule, tightening U.S. government defenses against harvest now, decrypt later risk. The order sets December 31, 2030 for key establishment and December 31, 2031 for digital signatures, while leaving national security systems on a separate track. It also pushes OMB, NIST, CISA, and the FAR Council into follow-on guidance, inventory, pilot, and contractor-rule work.

The postcss-minify-selector-parser npm package delivered a multi-stage Windows RAT, creating a supply-chain path onto developer machines and exposing browser logins and file data to theft. The package impersonated postcss-selector-parser, making the compromise plausible during dependency review. It was still present on the npm registry during analysis.

OpenAI expanded Daybreak with a full release of GPT-5.5-Cyber and updated Codex Security, widening AI-assisted patch automation for verified defenders. The rollout matters because it pairs stronger authorized-security capability with tighter access controls around dual-use offensive potential. Patch the Planet extends the effort into open-source software by funding maintainers and researchers to ship fixes faster. OpenAI also opened a partner program for security vendors and said it will work with governments and critical infrastructure operators.

EO 14409 forces US federal agencies to accelerate their post-quantum cryptography (PQC) migration, imposing deadlines that reach 2030-2031 and affecting the security of high value assets and high impact systems. The order also assigns OMB a lead coordination role and adds a Commerce pilot project, turning quantum-safe migration into a federal cybersecurity program with concrete milestones. It matters because the transition is meant to protect sensitive data, critical infrastructure, and federal supply chains from future “harvest now, decrypt later” risk.

Klue confirmed a June 12, 2026 security incident in which an attacker used a compromised legacy credential to obtain OAuth tokens from Klue’s integration infrastructure and access data in connected Salesforce environments. The activity is now publicly claimed by Icarus, which said Klue.com was impacted and that partner Salesforce instances were exfiltrated. Reports from Huntress and ReliaQuest tie the theft to automated Python scripts and Salesforce API querying, with affected organizations including Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity. Klue says the incident was limited to third-party integrations and that there is no evidence customer content stored directly in the Klue platform was impacted.

The Icarus extortion campaign is actively stealing Salesforce CRM data from multiple organizations, expanding pressure on victims and showing a repeatable cloud-app abuse pattern. The operation uses stolen OAuth tokens and automated queries against Salesforce REST API endpoints to map objects and pull records. Victims then receive extortion emails tied to the alias mr bean, while leak-site messaging signals continuing activity.

A Klue-related Salesforce data leak on June 12 exposed customer records after an attacker used a compromised legacy credential to obtain OAuth tokens from Klue’s integration infrastructure and access connected environments. Huntress and ReliaQuest tied the activity to stolen integration access, Python scripting, and bulk Salesforce REST API querying, and Icarus has now publicly claimed responsibility on its leak site. Additional affected organizations have disclosed impacts, while most say the exposure was limited to Salesforce instances rather than their core platforms or infrastructure.

Scammers launched fake websites around the GTA 6 pre-order announcement to lure gamers with promises of early access and immediate payment. The operation pushes victims toward cryptocurrency transfers and may also be used for logins/key activations theft, creating direct fraud and account risk. Malwarebytes warned that only official Rockstar channels are legitimate, while the scam pages are designed to look credible enough to trigger quick, irreversible payments.

US authorities arrested Abdellah Belmili in Spain and extradited him to the United States over an alleged cybercrime marketplace operation, putting him at risk of up to 30 years in prison. The case centers on marketplaces identified as Market0Day and Spoxy. It also links the enforcement action to phishing kits, bulk SMS services, and victims across the US and UK.

The London Hydro incident exposed customer personal and account information after hackers broke into the provider’s systems, creating risk of phishing and account abuse. The breach was disclosed on June 20, 2026, and the company said data on some accounts may have been accessed. London Hydro said financial information was not involved, but the event still affects customers in London, Ontario.

A North Korean supply-chain campaign dubbed PolinRider is injecting obfuscated JavaScript into compromised GitHub repositories, exposing developers to staged malware delivery at scale. The operation has reached nearly 2,000 repositories, turning trusted configuration files into a malware distribution path. The chain delivers BeaverTail and then the InvisibleFerret backdoor, increasing the risk of credential theft and persistent access.

A set of malicious npm packages is delivering a Windows-based RAT through a multi-stage install chain, creating risk of credential theft, host profiling, and remote control on infected Windows systems. The packages—aes-decode-runner-pro, postcss-minify-selector, and postcss-minify-selector-parser—masquerade as legitimate build tooling while handing off execution to a downloader chain. The malware uses settings.ps1, update.vbs, curl.exe, and wscript.exe to fetch and launch the next stage. The resulting payload can steal Google Chrome credentials and extension data, run shell commands, transfer files, and talk to a C2 server at 95.216.92[.]207:8080.

Five Eyes cybersecurity agencies issued a June 22 advisory urging organizations to strengthen cyber resilience as frontier AI shortens the gap between vulnerability discovery and exploitation. The guidance calls for faster patching, tighter identity and access controls, reduced attack surface, and stronger incident readiness to limit operational and financial exposure.

The Five Eyes cybersecurity agencies issued a public warning on frontier AI, urging business leaders to prioritize cyber resilience as AI rapidly reshapes offensive and defensive cyber risk. The June 22 statement said AI lowers barriers for malicious actors and speeds attacks, shrinking the time between vulnerability discovery and exploitation. It called for a whole-of-organization and whole-of-society response built on secure-by-design/default practices, faster patching, stronger identity controls, and incident readiness. The agencies also pushed organizations to use AI in security operations to detect weaknesses earlier and respond faster.

VBScript attachments spread through WhatsApp direct messages are now driving a multi-stage Windows infection chain that can end in remote access to victim systems. The scripts are disguised as business and financial documents and are launched with WScript.exe. On execution, they fetch additional components and can install ManageEngine RMM Central, giving the operator control over infected machines. The activity is affecting WhatsApp Desktop and WhatsApp Web users across multiple countries, with the highest concentration in Malaysia.

The active WhatsApp VBScript campaign is spreading malicious attachments that can lead to remote access on victim systems. It targets WhatsApp Desktop and WhatsApp Web users across Malaysia, Brazil, India, Mexico, Singapore, the U.K., Spain, Taiwan, Australia, Russia, and Vietnam, with the highest victim concentration in Malaysia. The operation uses deceptive file names that impersonate business and financial documents to trick recipients into opening the attachment. The scripts launch through WScript.exe, pull additional stages, and end with the installation of legitimate ManageEngine RMM Central software.

OpenAI expanded Daybreak by releasing an improved GPT-5.5-Cyber model and updating the Codex Security plugin, giving trusted defenders faster tooling for finding, validating, and patching vulnerabilities across large codebases. The update also adds report generation, threat-model tracing, and codebase-specific patch workflows for existing systems and production code. The release matters because it shifts more of the defensive vulnerability lifecycle into AI-assisted analysis and remediation.

OpenAI launched Patch the Planet with Trail of Bits to help secure open-source projects, expanding a cybersecurity-focused partnership program for maintainers and defenders. The initiative brings in named projects including cURL, NATS Server, pyca/cryptography, Sigstore, aiohttp, the Go project, freenginx, Python, and python.org. The program is designed to speed up review, validation, patch development, and testing while preserving maintainer control over changes.

CISA added three actively exploited vulnerabilities to the KEV catalog and ordered Federal Civilian Executive Branch agencies to remediate by June 23, 2026. The action turns the exploitation reports into a federal remediation requirement for Cisco Catalyst SD-WAN Manager, Google Chrome V8, and Arista EOS. It raises near-term pressure on affected agencies to apply fixes or mitigations before the deadline.

An ongoing phishing campaign is using compromised WhatsApp accounts to send obfuscated VBScript files to users in multiple countries, creating a path to remote system access on Windows PCs. The messages masquerade as business and financial documents to push recipients into opening the attachments. The infection flow then drops additional scripts, weakens defenses, and installs ManageEngine Endpoint Central under attacker control.

The JaredFromSubway Ethereum MEV bot suffered a theft that drained $15 million in WETH, USDC, and USDT after fake trading opportunities tricked its automated execution system into granting attacker-controlled approvals. The compromise centered on fake pools and tokens that abused the bot's opportunity-detection logic. The event hit a single named MEV operation and created immediate unauthorized-withdrawal risk. The attacker then used those approvals to move funds out of the bot contract.

FFmpeg disclosed CVE-2026-8461, a heap out-of-bounds write in the MagicYUV decoder that can crash FFmpeg-based applications and create remote code execution risk under specific conditions. The flaw affects software using libavcodec and is reachable through crafted AVI, MKV, or MOV files. FFmpeg 8.1.2 fixes the issue, reducing exposure across media servers and preview pipelines that trust FFmpeg to process untrusted input.

FFmpeg shipped version 8.1.2 to fix CVE-2026-8461 in the MagicYUV decoder, closing a heap out-of-bounds write that could affect FFmpeg-based applications. The flaw exposed media players, servers, and thumbnailing workflows that rely on libavcodec to attack via crafted AVI, MKV, or MOV files. In some cases, the bug could be pushed to remote code execution if ASLR is disabled or bypassed, and it could also cause denial of service on vulnerable targets.

FortigateSniffer is a Golang-based credential-harvesting tool used in the FortiBleed operation against FortiGate firewalls. It abuses FortiOS packet-sniffing functionality to capture authentication traffic and recover credentials, hashes, and session material across protocols including RADIUS, NTLM, Kerberos, and LDAP. The activity has been tied to a campaign that targets over 430,000 FortiGate firewalls worldwide and has been active since at least February 2026.

The FortiBleed campaign is a live credential-harvesting activity targeting Fortinet FortiGate devices worldwide. It has been active since at least February 2026 and is now reported to have extended from exposed firewall compromise into direct data theft, including DFS backup data from a NATO-aligned defense contractor on June 15. The operator is described as an initial access broker (IAB) using FortigateSniffer and related tooling to capture authentication traffic, crack credentials, and enable broader network access.

ShapedPlugin suffered a supply-chain compromise that pushed infected WordPress plugin releases to paying customers through the vendor's official update system, putting affected sites at risk of credential theft and remote file-writing. The incident affected Product Slider Pro before 3.5.4 for WooCommerce, Real Testimonials Pro 3.2.5, and Smart Post Show Pro before 4.0.2. Researchers tied the backdoor injection to May 21 and confirmed malicious downloads on June 12. The vendor acknowledged the incident on June 16 and began preparing updated releases.

Microsoft’s AutoJack chain exposed AutoGen Studio to arbitrary command execution for developers building from the main GitHub branch before the hardening commit.

Researchers disclosed four Dify vulnerabilities that exposed cross-tenant AI chats, documents, and internal API access on the platform's multi-tenant cloud service. Three of the flaws enabled unauthorized data exposure between customers, and one allowed unauthenticated access to internal Plugin Daemon API paths. Version 1.14.2 fixed all but CVE-2026-41948, with a follow-up fix expected in the next release. The weaknesses created a covert exfiltration path for messages, model responses, and uploaded files.