Miasma Supply Chain Attack Hits Red Hat npm Packages; Google Patches Actively Exploited Android Zero-Day

A new report indicates a dramatic escalation in QR code phishing, or 'quishing,' attacks, with a 146% surge in Q1 2026 and nearly 18.7 million incidents in March alone. This widespread adoption by threat actors exploits public trust in QR codes, effectively bypassing traditional email security filters. The technique is proving highly effective for credential harvesting, leading to increased credential compromise and eroding trust in legitimate QR code usage. Organizations face challenges as quishing neutralizes traditional email security investments, necessitating advanced detection methods like computer vision and enhanced user awareness training.

The UK's National Federation of Subpostmasters (NFSP) disclosed on June 3, 2026, that it suffered a ransomware attack on April 30, 2026. Attackers exploited the critical cPanel vulnerability (CVE-2026-41940) to gain entry, leading to significant technical disruption. The Post Office temporarily suspended email communications with the federation as a precaution. While the NFSP claims no data was lost, the incident highlights the severe real-world impact of the ongoing cPanel exploitation campaign.

University of Toronto researchers unveiled a proof-of-concept AI-powered worm capable of autonomous propagation and adaptive exploitation. Crucially, this worm was built using publicly available, open-weight AI models, not proprietary ones like Anthropic's. This development significantly lowers the barrier for threat actors to create sophisticated, adaptive malware, escalating the threat landscape previously discussed. The worm can analyze target devices and tailor its exploit strategy, posing a severe risk to interconnected systems and critical infrastructure.

The data breach at Charter Communications, initially reported to affect 4.9 million customers, has been updated to impact over 42 million customer records. This significant increase in scope has led to multiple class-action lawsuits being filed against the company. The lawsuits allege negligence and failure to implement adequate security controls, stemming from the vishing attack by ShinyHunters that compromised a Microsoft Entra account and led to data exfiltration from Salesforce. The exposed data includes names, addresses, and contact information, raising the risk of identity theft and fraud for a much larger customer base.

The incident involving Microsoft's threats against 'Nightmare Eclipse' has new developments. The BlueHammer vulnerability is now identified as CVE-2026-33825, with detailed technical analysis revealing it as a TOCTOU race condition in Microsoft Defender (MsMpEng.exe) leading to LPE. The article provides MITRE ATT&CK mappings, specific IOCs (process names, file paths, event IDs), and detection/mitigation strategies. Crucially, there are now reports confirming these exploits are actively used in the wild, increasing the immediate threat. Security firms like Huntress and Barracuda have also joined the backlash against Microsoft's actions.

This update provides further clarification on the NYDFS guidance, emphasizing that while it doesn't introduce new regulations, it will significantly inform future NYDFS examinations. Failure to adhere to these 'best practices' could lead to deficiencies during Part 500 audits, potentially resulting in mandated remediation and fines. The guidance also explicitly extends its recommendations as 'best practices' for all organizations, not just NYDFS-regulated entities, and underscores the critical importance of board-level oversight and reporting on cybersecurity risks.

The June 2026 Android security update now includes clarified details on CVE-2025-65018, identifying it as a critical Remote Code Execution (RCE) vulnerability in the Android Framework. This flaw is highlighted as potentially wormable, allowing remote attackers to execute arbitrary code without user interaction, significantly increasing its risk profile. Additionally, specific CVEs for other critical local privilege escalation flaws (e.g., CVE-2026-0043, CVE-2026-21352) and a Qualcomm memory corruption vulnerability (CVE-2026-21385) have been disclosed. The report also incorporates D3FEND and MITRE M1017 for enhanced detection and mitigation strategies.