ShapedPlugin Supply Chain Attack Backdoors Pro Plugin Updates

Attackers backdoored ShapedPlugin Pro updates, deploying malware that steals credentials, 2FA secrets, and grants full site access. If you installed a ShapedPlugin Pro plugin between April and June 2026 and kept it updated, your site may be compromised. Not because you did something wrong, but because the vendor’s own build and distribution pipeline was breached. […]

June 23, 2026
Read More >>

Squidbleed: 29-Year-Old Squid Bug Leaks User Credentials

Squidbleed is a 29-year-old Squid Proxy flaw that can leak credentials, tokens, and other users’ HTTP data through a memory overread. Researchers at Calif.io have disclosed CVE-2026-47729, a memory leak vulnerability in Squid Proxy that was introduced in 1997 and has remained undetected through nearly three decades of releases, audits, and rewrites. They named it […]

June 23, 2026
Read More >>

WhatsApp Malware Campaign Hijacks Trust, Installs Legitimate Admin Tools

WhatsApp accounts were hijacked to spread fake debt notices that install remote access software, giving attackers control of victims’ PCs. Kaspersky published a technical analysis this week of an active malware campaign that spreads through WhatsApp messages and ends with a remote management tool silently installed on the victim’s machine. The campaign is still running […]

June 22, 2026
Read More >>

Texas Parks & Wildlife (TPWD) Data Breach impacts 3 Million People

Texas Parks and Wildlife Department (TPWD) breach exposed data of 3M people via a third-party license vendor, including sensitive personal information. The Texas Parks and Wildlife Department (TPWD) disclosed a data breach affecting around 3 million individuals after a third-party vendor used for hunting and fishing license sales was compromised. The Texas Parks and Wildlife […]

June 22, 2026
Read More >>

Anthropic’s Mythos AI broke into almost all NSA classified systems in hours

Senate testimony claims Anthropic’s Mythos AI breached NSA and Cyber Command systems in hours, prompting a U.S.-ordered shutdown. On June 12, the Trump administration directed Anthropic to restrict access to Fable 5 and Mythos 5, its two most capable models, exclusively to US citizens. Because verifying every user’s nationality in real time isn’t practically possible, […]

June 22, 2026
Read More >>

FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation

FortiBleed targeted 430,000+ FortiGate devices, harvesting 110M credentials and enabling breaches through large-scale credential theft. A new threat intelligence report from SOCRadar’s Threat Research Unit (STRU), the team that first identified and named the FortiBleed campaign, goes deeper than anything published so far on what is shaping up to be one of the most significant […]

June 22, 2026
Read More >>

4,300+ Outdated Routers Hijacked in Stealthy Spy Infrastructure by AryStinger malware

AryStinger hijacks outdated routers via old flaws, turning 4,300+ devices into a stealth network for reconnaissance and intrusion support. On March 12, 2026, QiAnXin’s XLab threat detection system flagged a single IP address, 107.150.106.14, spreading a Linux binary through two vulnerabilities that were disclosed in 2013 and 2016 respectively. The binary had zero detections on […]

June 22, 2026
Read More >>

4,300+ Outdated Routers Hijacked in Stealthy Spy Infrastructure by AryStinger malware

AryStinger hijacks outdated routers via old flaws, turning 4,300+ devices into a stealth network for reconnaissance and intrusion support. On March 12, 2026, QiAnXin’s XLab threat detection system flagged a single IP address, 107.150.106.14, spreading a Linux binary through two vulnerabilities that were disclosed in 2013 and 2016 respectively. The binary had zero detections on […]

June 22, 2026
Read More >>

usbliter8 Brings Unpatchable BootROM Exploit to Apple A12 and A13 Devices

usbliter8 is an unpatchable BootROM exploit affecting A12/A13 devices, enabling code execution and extending checkm8-like risks to newer iPhones. Security researchers at Paradigm Shift published a working exploit on June 18, 2026, called usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips. SecureROM is the first code that runs […]

June 22, 2026
Read More >>