ShinyHunters Breaches Millions at Charter & Carnival; Microsoft Zero-Days Actively Exploited in the Wild
Summary
A tumultuous day in cybersecurity for May 29, 2026, is marked by massive data breaches claimed by the ShinyHunters extortion group, affecting nearly 11 million customers of Charter Communications and Carnival Cruise Line. Concurrently, Microsoft is grappling with the active exploitation of three publicly disclosed Windows zero-days, now on CISA's KEV list, following a dispute with a security researcher. The landscape is further complicated by a wave of supply chain attacks targeting developers via npm and VS Code, and CISA's issuance of critical warnings for vulnerabilities in industrial control systems, highlighting pervasive risks across telecommunications, software development, and critical infrastructure.
Today New Articles
ShinyHunters Claims 4.9M Charter Communications Accounts Stolen via Vishing Attack
U.S. telecom giant Charter Communications is investigating a significant data breach impacting 4.9 million customer accounts. The notorious extortion group ShinyHunters has claimed responsibility, alleging they initiated the breach on April 1, 2026, through a...
CISA Issues Urgent Advisories for Critical Flaws in ICS and OT Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a series of advisories warning of critical vulnerabilities in widely deployed Industrial Control Systems (ICS) and Operational Technology (OT). The flaws affect products from vendor...
A critical, now-patched vulnerability in Fortinet's FortiClient Endpoint Management Server (EMS), tracked as CVE-2026-35616, is being actively exploited by threat actors. The flaw, rated 9.1 on the CVSS scale, allows for a pre-authentication API access bypass,...
New npm Typosquatting Campaign Pushes Malware to Steal AWS and CI/CD Secrets
The Microsoft Security team has identified an active supply chain attack on the npm ecosystem, where a threat actor published 14 malicious, typosquatted packages designed to steal developer secrets. The packages, published by an actor using the alias 'vpmdhaj,...
Microsoft Pushes Mandatory Secure Boot Update as 2011 Certificates Expire
Microsoft is deploying a mandatory update for Windows Secure Boot as the original certificates issued in 2011 are set to expire starting in June 2026. The update, delivered via Windows Update, rolls out new 2023-dated certificates to serve as the trust anchor...
California Sues 23andMe Over 2023 Breach, Alleging Major Security and Privacy Failures
California's Attorney General, Rob Bonta, has filed a lawsuit against genetic testing company 23andMe in response to its massive 2023 data breach. The breach, a result of a credential stuffing campaign, ultimately exposed the data of 6.9 million individuals. T...
The consumer finance company Industrial Acceptance Corp. (IAC) has begun notifying 79,216 individuals that their sensitive personal information was compromised in a ransomware attack attributed to the 'INC' ransomware group. The breach was first detected in ea...
Researchers Detail New 'Gines' Ransomware Variant Linked to Makop Family
Threat intelligence researchers from CYFIRMA have identified a new strain of file-encrypting malware called 'Gines' ransomware. Analysis suggests Gines is a variant of the notorious Makop ransomware family. It operates on a double-extortion model, first exfilt...
Chinese APTs Exploit Middle East Conflict for Cyber-Espionage in Maritime and Energy Sectors
A new report from ESET reveals that China-aligned Advanced Persistent Threat (APT) groups are capitalizing on geopolitical instability in the Middle East to conduct cyber-espionage campaigns. These state-sponsored actors are targeting maritime, energy, and gov...
Article Updates
Update:The dispute between Microsoft and Chaotic Eclipse has escalated, with three more zero-day vulnerabilities now confirmed as actively exploited: CVE-2026-33825 (BlueHammer), CVE-2026-41091 (RedSun), and CVE-2026-45498 (UnDefend). These flaws, including a Windows...
GlassWorm Malware Infrastructure Dismantled in Coordinated Takedown
Update:New details reveal the Glassworm botnet employed a highly resilient, quad-redundant command-and-control (C2) infrastructure. This included a novel method of embedding C2 server addresses in Solana blockchain transaction memo fields, utilizing BitTorrent DHT, a...
Carnival Cruise Data Breach Exposes Nearly 6 Million Customers; ShinyHunters Claims Responsibility
Update:This update clarifies the 'cybersecurity event' date as April 14, 2026. It raises concerns that the 'personal information' compromised could include highly sensitive data like passport numbers, Social Security numbers, and financial information, based on Shiny...