Miasma Worm Hits Microsoft in Major Supply Chain Attack; CISA Warns of Actively Exploited SolarWinds Flaw

Publication Date: June 8, 2026

Summary

This cybersecurity brief for June 8, 2026, covers a series of high-impact events. A sophisticated supply chain attack, the 'Miasma worm,' compromised 73 Microsoft GitHub repositories by abusing AI coding tools. Concurrently, CISA issued an urgent directive for federal agencies to patch an actively exploited denial-of-service vulnerability (CVE-2026-28318) in SolarWinds Serv-U. Other major incidents include a massive data leak from DentaQuest by the ShinyHunters group affecting 2.6 million individuals, the discovery of critical CVSS 10.0 flaws in cloud database tools, and new malware campaigns targeting gamers and Python developers.

Today New Articles

CISA Mandates Patch for Actively Exploited SolarWinds DoS Flaw Added to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical denial-of-service (DoS) vulnerability in SolarWinds Serv-U file transfer software, CVE-2026-28318, to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms...

Pirated PC Games Infect 400,000+ Devices with "RenEngine" Password-Stealing Malware

A large-scale malware campaign is exploiting gamers by bundling a malicious loader, dubbed "RenEngine," with pirated versions of popular PC games like FIFA and Assassin's Creed. The campaign has reportedly infected over 400,000 devices globally. The RenEngine...

"Hades Cluster" PyPI Worm Abuses Python Startup Hooks for Stealthy Credential Theft

A novel supply chain attack campaign, dubbed "Hades Cluster," has been discovered on the Python Package Index (PyPI), affecting at least 19 legitimate packages. The malware utilizes a stealthy and unusual technique for execution and persistence by abusing Pyth...

"WeedHack" MaaS Targets Minecraft Players, Infecting 116,000+ Systems for Remote Access

A Malware-as-a-Service (MaaS) operation known as "WeedHack" is aggressively targeting the Minecraft gaming community, having already infected over 116,000 systems. The malware, likely distributed through game mods or cheats, provides its operators with a web-b...

CVSS 10.0 Flaws in Azure HorizonDB and DbGate Expose Cloud Environments to RCE

A weekly threat intelligence report has disclosed two separate, critical vulnerabilities with a maximum CVSS severity score of 10.0, affecting Azure HorizonDB and DbGate. The first, CVE-2026-48567, is an unauthenticated privilege bypass in Azure HorizonDB that...

Article Updates

Phishing Attacks Spike 28% as AI-Powered, Multi-Channel Campaigns Bypass Security

Update:The industrialization of AI-powered phishing is creating an unprecedented challenge for Security Operations Centers. Attackers leverage AI to generate thousands of unique, highly convincing, and personalized phishing lures, bypassing traditional signature-base...