Microsoft's Record Patch Tuesday Fixes 206 Flaws; CISA Overhauls Federal Patching; VRChat & Oracle Hit by Breaches

VRChat Discloses Data Breach Affecting 2.4 Million Users After Unauthorized Cloud Environment Access

The social virtual reality platform VRChat has disclosed a data breach that exposed the personal information of 2,436,782 users. The incident, which occurred in May 2026, resulted from an unauthorized third party gaining access to the company's cloud environment. Stolen data includes usernames, email addresses, login history with IP addresses, and linked Steam or Meta account IDs. VRChat has confirmed that passwords and financial information were not compromised.

VRChatData BreachCloud SecurityPIISocial Media +1 more

VRChat Cloud Breach Exposes Data of 2.4 Million Users, Including Login History and Linked Accounts

Vietnam's OceanLotus APT Pivots to Domestic Spying, Hits Construction and Finance Sectors

OceanLotus (APT32) Deploys SPECTRALVIPER Backdoor in Domestic Espionage Campaigns, Including Supply-Chain Attack on Stock Investors

The Vietnam-aligned threat group OceanLotus (also known as APT32) has shifted its focus to domestic espionage, targeting a Vietnamese construction firm and stock market investors. According to research from ESET, the group conducted a year-long intrusion and a sophisticated supply-chain attack compromising the FireAnt MetaKit stock trading software. Both campaigns leveraged the group's signature SPECTRALVIPER backdoor to exfiltrate data, suggesting a potential alignment with state anti-corruption efforts.

OceanLotusAPT32SPECTRALVIPERSupply Chain AttackEspionage +2 more

Vietnam's OceanLotus APT Pivots to Domestic Spying, Hits Construction and Finance Sectors

CISA Mandates Risk-Based Patching for Federal Agencies with New Directive BOD 26-04

INFORMATIONAL

CISA Issues Binding Operational Directive 26-04, Requiring Federal Agencies to Prioritize Vulnerabilities Based on Risk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 26-04, fundamentally changing how federal civilian agencies must manage cybersecurity vulnerabilities. The new directive, effective June 10, 2026, mandates a risk-based prioritization model based on four criteria, including active exploitation and internet exposure. It sets strict remediation timelines, as short as three days for the highest-risk flaws, and requires agencies to check for signs of compromise before patching.

CISABOD 26-04Vulnerability ManagementFederal GovernmentCybersecurity Policy +2 more

CISA Mandates Risk-Based Patching for Federal Agencies with New Directive BOD 26-04

Researcher Drops 'GreatXML' Zero-Day Exploit to Bypass Windows BitLocker

CRITICAL

New 'GreatXML' Zero-Day Exploit Bypasses Windows BitLocker Encryption, Researcher Claims

A security researcher known as Chaotic Eclipse has publicly released details of 'GreatXML,' a new unpatched zero-day exploit that allegedly bypasses Windows BitLocker encryption. The exploit allows an attacker with physical access to a machine to gain SYSTEM-level privileges in the Windows Recovery Environment (WinRE) by abusing XML artifacts left by a Microsoft Defender offline scan. The disclosure is part of an ongoing dispute between the researcher and Microsoft over its bug bounty program.

Zero-DayBitLockerWindowsMicrosoftGreatXML +2 more

Researcher Drops 'GreatXML' Zero-Day Exploit to Bypass Windows BitLocker

DragonForce Ransomware Gang Claims Attack on Taos Mountain Casino, Stealing SSNs

Taos Mountain Casino Discloses Data Breach After DragonForce Ransomware Attack Exposes Social Security Numbers

Taos Mountain Casino in New Mexico has confirmed it was the victim of a ransomware attack that resulted in a data breach. The incident, which occurred in late March 2026, was claimed by the DragonForce ransomware group on June 1. The gang alleges it stole 38.63 GB of data, including the names, addresses, and Social Security numbers of an undisclosed number of individuals. The casino is now offering credit monitoring services to those affected.

RansomwareDragonForceData BreachTaos Mountain CasinoPII +1 more

DragonForce Ransomware Gang Claims Attack on Taos Mountain Casino, Stealing SSNs

South Korea Hits E-Commerce Giant Coupang with Record $409M Fine Over Data Breach

Coupang Fined Record 624.6 Billion Won ($409M) by South Korea for Massive Data Breach and Illegal Data Collection

South Korea's data privacy regulator, the Personal Information Protection Commission (PIPC), has levied a historic fine of 624.68 billion won (approx. $409 million) against e-commerce giant Coupang. The penalty stems from a data breach affecting 37.55 million people, which the regulator attributed to inadequate security safeguards, not a sophisticated hack. Coupang was also penalized for illegally collecting customer data for marketing purposes without consent. The fine is the largest of its kind in South Korean history.

Data BreachCoupangSouth KoreaPIPCRegulatory Fine +2 more

South Korea Hits E-Commerce Giant Coupang with Record $409M Fine Over Data Breach

Jamaica's National Health Fund Probes Cyberattack as Hackers Claim Patient Data Theft

Jamaican National Health Fund Investigating Cybersecurity Incident After Hackers Claim Theft of Confidential Patient Data

Jamaica's National Health Fund (NHF) is conducting an active investigation into a cybersecurity incident after being contacted by a hacker group. The unidentified group claims to have breached the NHF's systems and stolen highly confidential patient data, including medication records and beneficiary details. While the claims are unverified, the NHF has notified law enforcement and the country's Information Commissioner and is working with an international cybersecurity firm to bolster its defenses.

HealthcareCyberattackData BreachJamaicaNHF +1 more

Jamaica's National Health Fund Probes Cyberattack as Hackers Claim Patient Data Theft

Oracle Rushes Emergency Patch for PeopleSoft Zero-Day Exploited by ShinyHunters

CRITICAL

Oracle Patches Critical PeopleSoft Zero-Day (CVE-2026-35273) Amid Active Attacks by ShinyHunters Extortion Group

Oracle has released an emergency, out-of-band patch for a critical unauthenticated remote code execution (RCE) zero-day vulnerability in its PeopleSoft PeopleTools software, tracked as CVE-2026-35273. The urgent release follows confirmation that the flaw is being actively exploited in the wild by the ShinyHunters extortion group. The attackers are reportedly targeting both on-premises and cloud instances, with a focus on the education sector, to steal data for extortion.

OraclePeopleSoftZero-DayCVE-2026-35273ShinyHunters +2 more

Oracle Rushes Emergency Patch for PeopleSoft Zero-Day Exploited by ShinyHunters

Russian APTs Persistently Exploit Year-Old WinRAR Flaw in Attacks on Ukraine

Russian Hackers Continue to Exploit Patched WinRAR Flaw (CVE-2025-8088) to Target Ukrainian Government and Military

A high-severity vulnerability in WinRAR, CVE-2025-8088, patched nearly a year ago, is still being actively exploited by multiple Russian-linked APT groups against targets in Ukraine. According to Trend Micro, the Gamaredon (UAC-0010) and SHADOW-EARTH-066 (UAC-0226) groups are using the flaw to deliver credential stealers and espionage tools. The continued success of these attacks highlights the significant risk posed by unpatched software in high-stakes environments.

WinRARCVE-2025-8088GamaredonAPTUkraine +2 more

Russian APTs Persistently Exploit Year-Old WinRAR Flaw in Attacks on Ukraine

Europol Busts 'AudiA6' Crypto Laundering Service Used by Ransomware Gangs

MEDIUM

Europol Dismantles €336 Million 'AudiA6' Crypto Laundering Pipeline for Ransomware Gangs

An international law enforcement operation led by Europol has taken down 'AudiA6,' a major cryptocurrency laundering service that allegedly washed over €336 million for cybercriminals, primarily ransomware gangs, between 2022 and 2025. The operation resulted in arrests in Georgia, the seizure of over 30 servers, and the takedown of the service's clear and dark web domains, dealing a significant blow to the financial infrastructure of cybercrime.

EuropolCryptocurrencyMoney LaunderingRansomwareTakedown +1 more

Europol Busts 'AudiA6' Crypto Laundering Service Used by Ransomware Gangs

AI Agent 'Skills' Pose Major Supply Chain Risk; New Audit Tool Finds 80% Deviate from Declared Behavior

Unit 42 Unveils Behavioral Integrity Verification (BIV) to Combat AI Agent Supply Chain Attacks

A new study by Unit 42 reveals significant supply chain risks within the burgeoning AI agent ecosystem. Researchers developed a new audit primitive, Behavioral Integrity Verification (BIV), to analyze third-party "skills" used by Large Language Model (LLM) agents. A scan of the OpenClaw registry found that a staggering 80% of the nearly 50,000 skills deviated from their declared behaviors. More alarmingly, 5% of skills contained multi-stage attack chains designed for credential theft and remote code execution, highlighting a critical security gap as enterprises increasingly adopt AI agents in production environments.

AI SecurityLLMSupply Chain AttackAgent SkillsBehavioral Integrity Verification +5 more

7 min read

AI Agent 'Skills' Pose Major Supply Chain Risk; New Audit Tool Finds 80% Deviate from Declared Behavior

Updated Articles (2)

Ransomware Groups Pivot to 'Pure Extortion' as Victim Payment Rates Collapse

INFORMATIONAL

The End of Encryption? Ransomware Actors Shift to Data Theft as Payments Plummet

Update:

A new report from cybersecurity insurer Resilience provides updated statistics on the shift to 'extortion-only' attacks. By late 2025, 65% of all extortion-related insurance claims involved only data theft, without encryption, a significant rise from previous periods. Crucially, the report highlights a major risk for victims: 30-40% of attackers reportedly leak stolen data even after a ransom payment is made, making the decision to pay far more uncertain and increasing reputational and regulatory risks. This reinforces the need for robust data exfiltration prevention and a re-evaluation of payment strategies.

May 25, 2026

Updated: June 11, 2026