Attackers this week compromised more than 400 packages in the [Arch User Repository (AUR)](https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html), rewriting their `PKGBUILD` scripts to silently install
Researchers have disclosed three security vulnerabilities in LangGraph, the open-source framework from LangChain used to build stateful, multi-step AI agent workflows. One of those flaws forms a critical chain that leads
CISA issued [Binding Operational Directive (BOD) 26-04](https://www.bleepingcomputer.com/news/security/cisa-gives-feds-3-days-to-patch-ivanti-flaw-exploited-in-attacks/) on June 12, ordering all federal civilian agencies
The day's biggest headline was financial — SpaceX officially priced what's now the largest IPO on record — but the more urgent reading was on the security wire, where a single researcher published a second critical Windo
**What Happened**
Oracle has disclosed a critical zero-day in PeopleSoft Suite — **CVE-2026-35273** — enabling unauthenticated remote code execution, and the ShinyHunters threat group is already exploiting it in live data theft campaigns.
Enterprise breach claims, leaked attack-framework source code, and a CrowdStrike finding that North Korean operators are behind roughly half of all US tech-sector attacks converged to make security the lead story. On the
A maximum-severity vulnerability in Ivanti Sentry is being actively exploited in the wild, [according to BleepingComputer](https://www.bleepingcomputer.com/news/security/max-severity-ivanti-sentry-vulnerability-now-explo
Attackers are actively exploiting **CVE-2026-5027**, a high-severity path traversal flaw in [Langflow](https://www.bleepingcomputer.com/news/security/path-traversal-flaw-in-ai-dev-platform-langflow-exploited-in-attacks/)
Patch Tuesday's heaviest June haul in recent memory landed alongside Anthropic's Claude Fable 5 rollout — a day where the security debt came due and the AI frontier simultaneously narrowed its own attack surface in ways
Ivanti has disclosed and patched two critical vulnerabilities in its Sentry secure mobile gateway — including a [maximum-severity flaw that allows unauthenticated remote attackers to execute arbitrary code as root](https
A public proof-of-concept exploit for an unpatched Microsoft Defender vulnerability has been released, granting SYSTEM-level access on fully updated Windows machines. There is currently no patch available.
Microsoft's June 2026 Patch Tuesday — the largest in company history at [nearly 200 vulnerabilities patched in a single cycle](https://krebsonsecurity.com/2026/06/a-record-breaking-patch-tuesday-for-june-2026/) — include
CISA has added a critical Check Point Remote Access VPN vulnerability to its Known Exploited Vulnerabilities catalog and [ordered all U.S. federal agencies to patch within three days](https://www.bleepingcomputer.com/new
Two moves defined Monday — Apple rewired its entire AI stack at WWDC while OpenAI quietly filed its S-1 with the SEC, two companies approaching the same destination — AI platform dominance — from radically different posi
CISA has added **CVE-2026-42271** in [BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog](https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html), confirming active exploitation in the w
A new supply chain campaign called **Shai-Hulud** has compromised 19 science-focused packages on the Python Package Index, [according to BleepingComputer](https://www.bleepingcomputer.com/news/security/new-shai-hulud-att
Security researchers have published a [detailed, working exploit](https://thehackernews.com/2026/06/one-character-linux-kernel-flaw-enables.html) for **CVE-2026-23111**, a use-after-free vulnerability in the Linux kernel
Researchers have demonstrated that three previously patched vulnerabilities in Ubiquiti's UniFi OS can be chained to achieve remote code execution with root privileges — entirely without authentication. The finding was [
Check Point has disclosed and patched [CVE-2026-50751](https://thehackernews.com/2026/06/critical-check-point-vpn-flaw-exploited.html), a CVSS 9.3 authentication-bypass vulnerability in Remote Access VPN and Mobile Acces
Active nation-state threat activity just expanded its reach. Volexity has attributed a new campaign to **VerdantBamboo**, a China-nexus cyber espionage group, now deploying three malware families against Linux systems —
The AI industry's mounting costs surfaced from multiple angles: token prices are set to rise as labs eye IPOs, the Texas power grid is buckling under data center load, and a key White House policy seat went vacant. Meanw
A new [Mandiant report covered by BleepingComputer](https://www.bleepingcomputer.com/news/security/silent-ransom-group-targets-law-firms-with-fake-it-support-calls/) documents an ongoing campaign by **Silent Ransom Group
A newly identified botnet called **C0XMO** is actively exploiting a vulnerability in [DD-WRT router firmware](https://www.bleepingcomputer.com/news/security/c0xmo-botnet-spreads-via-dd-wrt-router-flaw-kills-rival-malware
Active exploitation of a critical WordPress plugin, White House AI policy upheaval, and Python's JIT compiler hitting an unexpected governance stop made for a dense Friday in tech.
Meta has confirmed that thousands of Instagram accounts were compromised through an attack vector that weaponized the platform's built-in AI chatbot — marking one of the first publicly confirmed large-scale account takeo
The Google-SpaceX compute deal dominates Friday's news cycle — $920M per month, flowing to xAI's infrastructure, one week before SpaceX goes public.
A self-replicating worm called **Miasma** has been confirmed active inside Microsoft's GitHub presence, hitting 73 repositories across four organizations: **Azure**, **Azure-Samples**, **Microsoft**, and **MicrosoftDocs*
Cisco has confirmed that [CVE-2026-20245](https://thehackernews.com/2026/06/cisco-catalyst-sd-wan-manager-cve-2026.html), a high-severity flaw in Catalyst SD-WAN Manager, is under active exploitation in the wild. The vul
CISA has issued an active-exploitation warning for a high-severity vulnerability in SolarWinds Serv-U file-transfer software. According to [BleepingComputer's report](https://www.bleepingcomputer.com/news/security/cisa-h
Threat actors are actively exploiting [CVE-2026-3300](https://thehackernews.com/2026/06/hackers-exploit-critical-everest-forms.html), a critical remote code execution vulnerability in **Everest Forms Pro**, a premium Wor
Yesterday's security feed delivered a trio of attacks that weaponize trust — in software distribution, in payment processors, and in password managers — while the NSA reportedly put an Anthropic AI model to work in offen
Cisco has issued an urgent advisory for [CVE-2026-20245](https://www.bleepingcomputer.com/news/security/new-cisco-sd-wan-flaw-exploited-in-zero-day-attacks-to-gain-root/), a high-severity privilege escalation zero-day in
A threat actor tracked as **PCPJack** has quietly compromised at least 230 cloud servers across Amazon Web Services, Google Cloud Platform, and Microsoft Azure, repurposing them as a covert SMTP email relay network, [acc
Cisco has patched a critical flaw in Unified Communications Manager (Unified CM) — **CVE-2026-20230** — that lets an unauthenticated attacker on the same network write arbitrary files to the device and chain that primiti
Three security disclosures landed in the same day — a password manager breach with minimal explanation, a notification-delivered AI hijack, and wellness data stolen through an internal tool — while bot traffic quietly cr
CISA has added **CVE-2026-45247** to its [Known Exploited Vulnerabilities (KEV) catalog](https://thehackernews.com/2026/06/cisa-adds-exploited-magento-rce-flaw.html), confirming active in-the-wild exploitation of a criti
A Chinese-speaking threat actor has expanded operations into Europe, deploying a previously undocumented remote access trojan called Atlas alongside an additional backdoor component, according to [BleepingComputer](https
A coordinated advisory from CISA, the FBI, the NSA, the Department of Energy, and several other U.S. government agencies is warning that threat actors are actively targeting internet-exposed **automatic tank gauge (ATG)*
Researchers have publicly disclosed a remote denial-of-service vulnerability dubbed **HTTP/2 Bomb** that exploits behavior in the HTTP/2 protocol itself. According to [The Hacker News](https://thehackernews.com/2026/06/n
Microsoft Build 2026 and a Sony PlayStation showcase competed for headlines yesterday, but the sharpest signal came from security researchers watching AI migrate from productivity tool to attack infrastructure.
A working exploit for an unpatched Visual Studio Code vulnerability is now public, and it does something particularly damaging: steal GitHub authentication tokens with a single click from the victim.
A large-scale malware campaign called **WeedHack** has compromised more than 116,000 systems running Minecraft since January 2026, according to [BleepingComputer](https://www.bleepingcomputer.com/news/security/over-116-0
Attackers are actively exploiting a critical privilege escalation vulnerability in the Kirki Customizer Framework plugin for WordPress, using it to silently promote themselves to administrator on any site running a vulne
Russia-linked **Gamaredon** (also tracked as Armageddon, Shuckworm, UAC-0010) is [actively weaponizing CVE-2025-8088](https://thehackernews.com/2026/06/gamaredon-exploits-winrar-to-deliver.html), a path traversal flaw in
The day's sharpest signal: AI being weaponized as an attack surface — Meta's own support chatbot handing hackers control of high-profile Instagram accounts with no credential theft required. In the background, capital is
On May 31, 2026, Dashlane [disclosed](https://thehackernews.com/2026/06/dashlane-discloses-brute-force-attack.html) that an external threat actor conducted a brute-force attack against its systems and successfully downlo
A threat actor tracked as **DriveSurge** is actively compromising thousands of websites and injecting malicious JavaScript that delivers malware to visitors through two well-worn but effective techniques: [ClickFix and F
More than 30 npm packages under Red Hat's `@redhat-cloud-services` namespace were compromised in a confirmed supply-chain attack, [per BleepingComputer](https://www.bleepingcomputer.com/news/security/red-hat-npm-packages
A supply chain attack campaign dubbed **Miasma** has compromised dozens of packages published under Red Hat's official `@redhat-cloud-services` npm organization, injecting a credential-stealing, self-propagating worm int