Miasma Supply Chain Attack Hits Red Hat npm Packages; Google Patches Actively Exploited Android Zero-Day

Qilin Ransomware Gang Fuels 30% Surge in Attacks, Heavily Targeting Healthcare

Ransomware attacks have surged by 30% in the first half of 2026, with the Qilin ransomware group emerging as a primary driver of this increase. Operating a Ransomware-as-a-Service (RaaS) model, Qilin and its affiliates have been particularly aggressive, claimi...

Critical RCE Flaw (CVE-2026-0826) in HP Poly VoIP Phones Allows Root Takeover

A critical, unauthenticated remote code execution (RCE) vulnerability, CVE-2026-0826, has been found in numerous HP Poly VVX and Trio series VoIP phones. Disclosed by Rapid7, the flaw is a stack-based buffer overflow with a CVSS score of 9.2. It allows a remot...

'Operation Dragon Weave': China-Linked Espionage Campaign Targets Taiwan and Czech Republic

A suspected China-linked cyberespionage campaign, dubbed "Operation Dragon Weave," has been uncovered targeting government, technology, and financial entities in Taiwan and the Czech Republic. The campaign, detailed by security firm Seqrite, employed highly cu...

Critical cPanel Zero-Day (CVE-2026-41940) Actively Exploited, Over 40,000 Servers Compromised

Update:The UK's National Federation of Subpostmasters (NFSP) disclosed on June 3, 2026, that it suffered a ransomware attack on April 30, 2026. Attackers exploited the critical cPanel vulnerability (CVE-2026-41940) to gain entry, leading to significant technical disr...

Email Under Siege: AI, QR Codes, and Phishing-as-a-Service Fuel Surge in Attacks

Update:A new report indicates a dramatic escalation in QR code phishing, or 'quishing,' attacks, with a 146% surge in Q1 2026 and nearly 18.7 million incidents in March alone. This widespread adoption by threat actors exploits public trust in QR codes, effectively by...

The AI Sword: Anthropic Model Demonstrates Hacking Prowess Surpassing Human Experts

Update:University of Toronto researchers unveiled a proof-of-concept AI-powered worm capable of autonomous propagation and adaptive exploitation. Crucially, this worm was built using publicly available, open-weight AI models, not proprietary ones like Anthropic's. Th...

ShinyHunters Claims 4.9M Charter Communications Accounts Stolen via Vishing Attack

Update:The data breach at Charter Communications, initially reported to affect 4.9 million customers, has been updated to impact over 42 million customer records. This significant increase in scope has led to multiple class-action lawsuits being filed against the com...

Microsoft Faces Community Backlash After Threatening Researcher Over Zero-Day Disclosures

Update:The incident involving Microsoft's threats against 'Nightmare Eclipse' has new developments. The BlueHammer vulnerability is now identified as CVE-2026-33825, with detailed technical analysis revealing it as a TOCTOU race condition in Microsoft Defender (MsMpE...

NYDFS Warns Financial Firms of 'Frontier AI' Accelerating Cyberattacks

Update:This update provides further clarification on the NYDFS guidance, emphasizing that while it doesn't introduce new regulations, it will significantly inform future NYDFS examinations. Failure to adhere to these 'best practices' could lead to deficiencies during...

Android Zero-Day Under Attack: Google Issues Urgent Patch for Privilege Escalation Flaw

Update:The June 2026 Android security update now includes clarified details on CVE-2025-65018, identifying it as a critical Remote Code Execution (RCE) vulnerability in the Android Framework. This flaw is highlighted as potentially wormable, allowing remote attackers...