Daily Digest

Miasma Worm Hits Microsoft in Major Supply Chain Attack; CISA Warns of Actively Exploited SolarWinds Flaw

Miasma Worm Hits Microsoft in Major Supply Chain Attack; CISA Warns of Actively Exploited SolarWinds Flaw

June 8, 2026
6 articles (5 new, 1 updated)
18 min read

Summary

This cybersecurity brief for June 8, 2026, covers a series of high-impact events. A sophisticated supply chain attack, the 'Miasma worm,' compromised 73 Microsoft GitHub repositories by abusing AI coding tools. Concurrently, CISA issued an urgent directive for federal agencies to patch an actively exploited denial-of-service vulnerability (CVE-2026-28318) in SolarWinds Serv-U. Other major incidents include a massive data leak from DentaQuest by the ShinyHunters group affecting 2.6 million individuals, the discovery of critical CVSS 10.0 flaws in cloud database tools, and new malware campaigns targeting gamers and Python developers.

Filter by Category

New Articles (5)

CISA Mandates Patch for Actively Exploited SolarWinds DoS Flaw Added to KEV Catalog

HIGH

CISA Adds Actively Exploited SolarWinds Serv-U Denial-of-Service Vulnerability (CVE-2026-28318) to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical denial-of-service (DoS) vulnerability in SolarWinds Serv-U file transfer software, CVE-2026-28318, to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms the vulnerability is under active attack in the wild. The flaw allows an unauthenticated, remote attacker to crash the service by sending a specially crafted HTTP POST request. CISA has directed all Federal Civilian Executive Branch (FCEB) agencies to apply the patch or implement mitigations by June 19, 2026. Given Serv-U's widespread use in critical sectors like finance and healthcare, the directive emphasizes the urgency for all organizations to remediate this threat.

June 8, 2026
5 min read
CVE-2026-28318CISAKEVSolarWindsServ-U +3 more
CISA Mandates Patch for Actively Exploited SolarWinds DoS Flaw Added to KEV Catalog

Pirated PC Games Infect 400,000+ Devices with "RenEngine" Password-Stealing Malware

MEDIUM

Widespread Malware Campaign Uses Pirated PC Games to Deliver "RenEngine" Loader and Infostealers

A large-scale malware campaign is exploiting gamers by bundling a malicious loader, dubbed "RenEngine," with pirated versions of popular PC games like FIFA and Assassin's Creed. The campaign has reportedly infected over 400,000 devices globally. The RenEngine loader, disguised using a legitimate game launcher, is used to silently install a variety of potent malware, including the Rhadamanthys infostealer, the Async Remote Access Trojan (RAT), and Backdoor.XWorm. This allows attackers to steal credentials, gain full remote control of victims' computers, and commit financial fraud, highlighting the significant risks associated with downloading pirated software.

June 8, 2026
5 min read
RenEngineMalwareRhadamanthysAsyncRATGaming +2 more
Pirated PC Games Infect 400,000+ Devices with "RenEngine" Password-Stealing Malware

"Hades Cluster" PyPI Worm Abuses Python Startup Hooks for Stealthy Credential Theft

HIGH

New PyPI Supply Chain Attack "Hades Cluster" Abuses Python Startup Hooks to Steal Credentials

A novel supply chain attack campaign, dubbed "Hades Cluster," has been discovered on the Python Package Index (PyPI), affecting at least 19 legitimate packages. The malware utilizes a stealthy and unusual technique for execution and persistence by abusing Python's `.pth` startup hook files. This method allows the malware's code to execute automatically whenever the Python interpreter is launched, bypassing common detection methods. The campaign, suspected to be linked to the threat actor TeamPCP, uses the Bun JavaScript runtime to harvest credentials, primarily targeting developers in the scientific research and deep-learning communities.

June 8, 2026
5 min read
Hades ClusterPyPIPythonSupply Chain AttackTeamPCP +2 more
"Hades Cluster" PyPI Worm Abuses Python Startup Hooks for Stealthy Credential Theft

"WeedHack" MaaS Targets Minecraft Players, Infecting 116,000+ Systems for Remote Access

MEDIUM

"WeedHack" Malware-as-a-Service Campaign Compromises Over 116,000 Minecraft Player Systems

A Malware-as-a-Service (MaaS) operation known as "WeedHack" is aggressively targeting the Minecraft gaming community, having already infected over 116,000 systems. The malware, likely distributed through game mods or cheats, provides its operators with a web-based dashboard that gives them comprehensive remote access to victims' computers. This includes the ability to view screens in real-time, access webcams, and steal files. The campaign highlights the significant risks within gaming communities and the low barrier to entry for cybercrime enabled by the MaaS model.

June 8, 2026
5 min read
WeedHackMaaSMalware-as-a-ServiceMinecraftGaming +2 more
"WeedHack" MaaS Targets Minecraft Players, Infecting 116,000+ Systems for Remote Access

CVSS 10.0 Flaws in Azure HorizonDB and DbGate Expose Cloud Environments to RCE

CRITICAL

Critical Unauthenticated Flaws in Azure HorizonDB and DbGate Receive CVSS 10.0 Severity Score

A weekly threat intelligence report has disclosed two separate, critical vulnerabilities with a maximum CVSS severity score of 10.0, affecting Azure HorizonDB and DbGate. The first, CVE-2026-48567, is an unauthenticated privilege bypass in Azure HorizonDB that allows a network attacker to gain elevated access. The second, CVE-2026-47668, is a simple but devastating remote code execution (RCE) flaw in the DbGate JSON script runner. These vulnerabilities highlight the severe risks present in modern cloud hosting and database management tools and demand immediate patching and attention from defenders.

June 8, 2026
5 min read
CVE-2026-48567CVE-2026-47668CVSS 10.0RCEAzure HorizonDB +3 more
CVSS 10.0 Flaws in Azure HorizonDB and DbGate Expose Cloud Environments to RCE

Updated Articles (1)

Phishing Attacks Spike 28% as AI-Powered, Multi-Channel Campaigns Bypass Security

HIGH

AI and Multi-Channel Tactics Fuel 28% Surge in Phishing Attacks, Overwhelming Traditional Defenses

Update:

The industrialization of AI-powered phishing is creating an unprecedented challenge for Security Operations Centers. Attackers leverage AI to generate thousands of unique, highly convincing, and personalized phishing lures, bypassing traditional signature-based detection. This results in an overwhelming deluge of alerts for Tier 1 analysts, leading to severe alert fatigue, burnout, and a significantly increased risk of critical threats being overlooked. The shift necessitates new strategies for SOCs, focusing on advanced alert correlation, context enrichment, and behavioral analysis to manage the unmanageable volume and identify true threats amidst the noise.

June 7, 2026
Updated: June 8, 2026
7 min read
phishingAIsmishingquishingMicrosoft +3 more
Phishing Attacks Spike 28% as AI-Powered, Multi-Channel Campaigns Bypass Security

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.