Researchers demonstrated BioShocking, a prompt-injection technique that pushed six agentic browsers and plugins past guardrails and made them copy login credentials for exfiltration. The proof-of-concept raised immediate risk for logged-in accounts, open tabs, and private repositories across AI browser products. The test covered OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude extension.

The StealC and Amadey infostealer infrastructure was disrupted, cutting off the C2 servers used to control infected systems and weakening a major cybercrime supply chain. Law enforcement seized nearly 200 IP-based C2 servers and around 50 domains, while responders identified over 18,000 victim computers and severed criminal control. The takedown matters because the two families were linked to over 140,000 infected computers worldwide, and both were used to steal credentials or deliver additional malware.

The Amadey loader and StealC infostealer are being linked through shared C&C infrastructure, making the pair easier to coordinate and disrupt. Amadey helps attackers gain access and deliver secondary payloads, while StealC steals credentials, cryptocurrency wallets, cookies, and other valuable data. The pairing matters because it supports a common intrusion chain from initial access to post-compromise theft.

An international law-enforcement takedown under Operation Endgame disrupted shared infrastructure used by StealC and Amadey, with around 50 domains and nearly 200 active IP-based C2 servers seized. The action was coordinated by Europol, involved Germany’s Federal Criminal Police Office and legal support from Eurojust, and included technical analysis and intelligence support from partners such as Microsoft, ESET, BitSight, IBM X-Force, Lumen, Proofpoint, and Mitsui Bussan Secure Directions. Microsoft said the disruption used AI-powered analysis and court-authorized action to target the shared malware infrastructure, while Europol said the wider effort helped freeze €41m in criminal crypto assets and recover 27 million stolen login credentials.

CISA's BOD 26-04 requires federal agencies to apply available security updates or vendor-recommended mitigations within three days, accelerating remediation for actively exploited flaws. The directive increases pressure on agencies to reduce exposure across affected systems before attackers can expand access.

Ubiquiti UniFi OS now has three actively exploited CVEs that can let attackers make unauthorized changes, expose sensitive files, and reach remote code execution on vulnerable devices. CISA added CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 to its Known Exploited Vulnerabilities catalog after warning of active abuse. Ubiquiti released fixes in May, and the flaws were described as remotely exploitable without privileges. Researchers at Bishop Fox later showed the issues could be chained into full system compromise, raising urgency for patching and mitigation.

Service desk identity verification is being tightened against social engineering attacks, reducing impersonation-driven account takeover and unauthorized access across corporate environments. The guidance centers on password resets, account unlocks, and MFA changes, where attackers often pose as employees or IT staff. Recommended controls include out-of-band confirmation, tighter approval paths, and alerts for repeated recovery requests.

macOS.Gaslight now uses prompt injection to disrupt AI-assisted malware triage, increasing the chance that defender tooling aborts or misreads analysis. The Rust implant embeds 38 fabricated system messages inside a Markdown-fenced block that mimics triage scaffolding and feeds the model bogus error conditions. The sample still carries a backdoor/infostealer payload, but the adversarial text is the novel technique that targets analyst workflows.

Researchers identified macOS.Gaslight, a North Korea-linked Rust infostealer-backdoor that can steal Chrome, Brave, Firefox and Safari data, terminal histories, installed-app lists and the macOS login keychain. The sample also offers an interactive shell and routes command traffic through Telegram's Bot API, using encryption and certificate pinning to resist inspection. It embeds 38 fabricated system messages to derail AI-assisted triage before defenders can analyze the implant normally. The blend of credential theft, covert command handling and analysis sabotage increases the risk of unauthorized access and prolonged defender blindness.

Cordyceps exposed a CI/CD workflow privilege-escalation flaw in pull-request automation that let unauthenticated users hijack privileged workflows and reach open-source supply chains. In scans of about 30,000 high-impact repositories, more than 300 were fully exploitable. The weakness enabled attacker-controlled code execution, credential theft, and supply-chain compromise across repositories at large organizations. The issue was confirmed in environments tied to Microsoft, Google, Apache, Cloudflare, and Python.

KDDI Corporation confirmed an email-system breach that exposed customer credentials across six Japanese ISPs, putting account access at risk. The intrusion was detected on June 17 and publicly disclosed on June 23. KDDI said as many as 14.22 million email addresses and passwords were likely compromised, making password resets urgent.

A KDDI email-system breach exposed customer credentials across six Japanese ISPs, putting up to 14.22 million email addresses and passwords at risk. The compromise was detected on June 17 and publicly disclosed on June 23, making this a large-scale credential-exposure event. KDDI says it has modified the system and is urging affected customers to change passwords.

KDDI disclosed unauthorized access to its email system used by six Japanese ISPs after detecting the intrusion on June 17. The company said an actor exploited a vulnerability in third-party software and that up to 14.22 million email addresses and passwords were likely compromised, creating immediate account-security risk for customers of the affected providers. KDDI says it has modified the system, applied technical countermeasures, notified Japanese authorities, and urged affected users to change passwords. Public details still do not identify the vulnerable software, a CVE, or the intrusion actor, so response is focused on credential hygiene and containment rather than product-specific patch tracking.

MuddyWater is using Chaos ransomware branding and criminal tradecraft to disguise state-backed espionage, making attribution and response harder across targeted environments. The activity reflects a broader convergence of criminal and state-backed operations that complicates how defenders classify intrusions. It also increases the odds that organizations will misread intelligence operations as financially motivated extortion incidents.

The Mistic backdoor is being used in financially motivated attacks against insurance, education, IT, and professional services organizations, giving operators a stealthy foothold in enterprise networks. Researchers say it has been active since April and can communicate with command-and-control, run code in memory, and delete itself to evade detection. The activity matters because the malware is built for long-term persistence and begins with DLL side-loading plus a fake login screen that can steal credentials.

The U.S. Department of Justice seized a cloud computing account used by HuiOne Group subsidiaries, disrupting backend infrastructure tied to cyber scams and criminal proceeds movement.

The U.S. Treasury imposed fresh sanctions on nine individuals and 26 entities linked to Prince Group, while FinCEN designated H-Pay Service PLC as a primary money laundering concern. The actions tighten financial restrictions on a network tied to scam-compound and laundering activity. They are intended to cut off channels used to move fraud proceeds into the legitimate banking sector.

DCMS is now providing central advice to help museums, galleries, and arm’s-length bodies improve cyber-resilience and reduce the impact of cyber-attacks. The move follows parliamentary criticism that the department had been reactive rather than strategic on cyber threats. It also follows earlier sector incidents, including the British Library ransomware attack and thefts from the British Museum.

Published on June 24, the PAC pressed DCMS to set out concrete cybersecurity actions for museums and galleries, warning that weak oversight leaves public institutions exposed. The committee said the department has been too reactive on cyber threats and wants a clearer sector-wide response. It cited the British Library ransomware attack and thefts from the British Museum as evidence of the risk to arm’s-length bodies.

Tata Electronics disclosed a cyberattack that affected parts of its IT infrastructure, creating a confirmed security incident at the company. The company said it activated response protocols quickly and that business operations remained unaffected. No attacker was publicly identified, so the event is currently limited to the reported compromise of internal systems.

Xsolis disclosed a targeted phishing breach that compromised sensitive information tied to 1,396,519 people. The intrusion gave attackers access to a limited portion of the Xsolis environment and exposed customer records including names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information. The company said it contained the activity, opened an investigation, and began notifying affected individuals while adding security controls.

A macOS ClickFix campaign is using fake CAPTCHA pages and Terminal commands to quietly download and launch malicious DMG files, putting Mac devices at risk of AMOS credential theft. The operation expands the attack surface by turning a browser prompt into a malware delivery chain that can steal passwords, wallets, and other user data.

A multi-vendor brute-force wave tied to FortiBleed is hitting Fortinet, Synology, Sophos, Citrix, RDWeb, and MS-SQL targets, expanding the risk from one firewall-focused operation into a broader exposed-services campaign.

The FortiBleed campaign is a live credential-harvesting activity targeting Fortinet FortiGate devices worldwide. It has been active since at least February 2026 and is now reported to have extended from exposed firewall compromise into direct data theft, including DFS backup data from a NATO-aligned defense contractor on June 15. The operator is described as an initial access broker (IAB) using FortigateSniffer and related tooling to capture authentication traffic, crack credentials, and enable broader network access.

FortiBleed activity has grown from a Fortinet FortiGate credential-harvesting campaign into a broader brute-force push against other internet-facing authentication services, including Synology, Sophos, RDWeb, Citrix SSL-VPN, and MS-SQL. The operators are described as an initial access broker and remain active, using stolen and cracked credentials to move from exposed edge access toward downstream internal systems. Available figures place the FortiGate side of the operation at more than 430,000 firewalls in scope and over 110 million credentials identified, and the activity has already progressed to confirmed data theft from a NATO-aligned defense contractor. No CVE or patch-led fix is established in available material, so response pressure is centered on exposed-login hardening, credential rotation, and hunting for FortiGate packet-sniffing abuse.

UK authorities and prosecutors advanced the Transport for London cybercrime case after Thalha Jubair and Owen Flowers pleaded guilty in the United Kingdom to charges tied to the August 2024 attack that crippled TfL. The case remains linked to Scattered Spider and to broader alleged activity involving computer fraud, wire fraud, money laundering, and intrusions against other organizations.

Scattered Spider members Thalha Jubair and Owen Flowers pleaded guilty in the United Kingdom over the August 2024 cyberattack that crippled Transport for London. The case remains part of a broader law-enforcement action tied to the group’s U.K. arrests, U.S. complaints, and related cybercrime allegations.

The Transport for London (TfL) intrusion became a confirmed data leak after customer data was stolen from the Oyster refunds system, raising misuse risk for affected records. TfL disclosed the theft on September 12, 2024, after the attack had already disrupted refund services. The stolen-data thread sits alongside the wider operational damage and criminal case tied to the breach.

Security scanners for AI agent skills, including those wired into skills.sh, cleared a fake skill that hid its real payload behind stitch-design.ai, exposing a vetting gap that can let post-review instructions slip through. The skill, brand-landingpage, was pushed through a marketplace and an Instagram ad. A clean scan at install time did not guarantee a safe skill afterward because the linked content could change later.

President Trump signed EO 14409, ordering federal agencies to migrate high-value assets and high-impact systems to post-quantum cryptography on a fixed schedule, tightening U.S. government defenses against harvest now, decrypt later risk. The order sets December 31, 2030 for key establishment and December 31, 2031 for digital signatures, while leaving national security systems on a separate track. It also pushes OMB, NIST, CISA, and the FAR Council into follow-on guidance, inventory, pilot, and contractor-rule work.