ICYMI: 2026-06-22
Latest Headlines
ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack
Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP Requests
New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer
Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries
Stop Your Legacy Infrastructure from Hijacking Your AI Agents
⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices
AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network
INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific
OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos
Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data
Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data
North Korean Hackers Blamed for Mastra NPM Supply Chain Attack
What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks
New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones
Texas Parks & Wildlife Data Breach Affects 3 Million Individuals
23 ClawHub Plugins Abuse Official Org Scopes to Impersonate Trusted AI Agent Tools
Windows RAT Uses Encrypted HTTP C2 and Registry Persistence After npm Infection
Malicious GST Debit Note Attachment Deploys Remcos RAT Through Multi-Stage Loader
AryStinger Botnet Hijacks 4,300+ Routers to Build Global Attack Proxy Network
Microsoft Entra Conditional Access Policies Can Be Bypassed Via Nested App Authentication
AI-Powered iOS Apps Leaking LLM API Credentials Through Network Traffic
Apple Beats Studio Buds Vulnerability Allows Hackers to Eavesdrop on Users
Klue Hack Leads to Data Breach Across Multiple Cybersecurity Companies
Hackers Use RemotePC RMM and PowerShell Stagers to Deploy Prinz Eugen Ransomware
29-Year-Old ‘Squidbleed’ Vulnerability Discovered With the Aid of Claude Mythos Preview
WhatsApp phishing attack uses fake business docs to hack PCs
FortiBleed campaign used custom FortiGate sniffer to steal credentials
Microsoft says Windows 11 26H2 is coming soon, details upgrade process
Microsoft fixes AutoGen Studio flaw that enabled code execution
A Glimpse into the “Search Your Target” Market for Stolen Credentials
– MTZ