OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
June 12, 2026
OnyxC2, a new MaaS information stealer priced at $250 per month, targets 200-plus applications using DLL sideloading and encryption to
News
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
OnyxC2, a new MaaS information stealer priced at $250 per month, targets 200-plus applications using DLL sideloading and encryption to evade detection.
Maine AG Portal Abused to Post Fabricated Breach Notices
Threat actors filed fraudulent breach notices through Maine's AG portal, publishing false disclosures on a government site; VRChat denied the fabricated claim.
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
Fortinet patched CVE-2026-25089, a CVSS 9.1 OS command injection in FortiSandbox's Web UI exploitable by unauthenticated attackers via crafted HTTP requests.
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
OpenSSL released 16 security fixes, led by CVE-2026-45447, a HIGH severity heap use-after-free in PKCS7_verify() that may enable RCE via crafted S/MIME messages.
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Akira ransomware posted three US victims on June 9: Spray Equipment with 26GB of W-2 records and engineering drawings, Rockaway River Country Club, and SMPC ...
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Chaos ransomware listed US telecom provider Airespring on its leak site. Rapid7 documented Chaos as a MuddyWater Iranian APT false-flag tool, complicating attribution.
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
The Shai-Hulud Hades variant targeted ~29 bioinformatics and ML PyPI packages in a second wave, introducing a loader-payload split and bringing the campaign past 100 ...
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Oracle issued emergency mitigations for CVE-2026-35273, an RCE flaw in PeopleSoft, after ShinyHunters breached 300 instances across more than 100 organizations.
Nottingham University Breach Exposes Data on 454,600 Students
ShinyHunters posted 40GB of stolen data on 454,600 University of Nottingham students, exposing passport numbers, disability data, and credit card details.
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
The FBI and DOJ seized 13 websites used by Chinese intelligence services to recruit current and former U.S. government workers who hold security clearances.
Maine AG Portal Abused to Post Fabricated Breach Notices
June 12, 2026
Threat actors filed fraudulent breach notices through Maine’s AG portal, publishing false disclosures on a government site; VRChat denied the
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
June 12, 2026
Fortinet patched CVE-2026-25089, a CVSS 9.1 OS command injection in FortiSandbox’s Web UI exploitable by unauthenticated attackers via crafted HTTP
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
June 12, 2026
OpenSSL released 16 security fixes, led by CVE-2026-45447, a HIGH severity heap use-after-free in PKCS7_verify() that may enable RCE via
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
June 12, 2026
Akira ransomware posted three US victims on June 9: Spray Equipment with 26GB of W-2 records and engineering drawings, Rockaway
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
June 12, 2026
Chaos ransomware listed US telecom provider Airespring on its leak site. Rapid7 documented Chaos as a MuddyWater Iranian APT false-flag
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
June 12, 2026
The Shai-Hulud Hades variant targeted ~29 bioinformatics and ML PyPI packages in a second wave, introducing a loader-payload split and
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
June 11, 2026
Oracle issued emergency mitigations for CVE-2026-35273, an RCE flaw in PeopleSoft, after ShinyHunters breached 300 instances across more than 100
Nottingham University Breach Exposes Data on 454,600 Students
June 11, 2026
ShinyHunters posted 40GB of stolen data on 454,600 University of Nottingham students, exposing passport numbers, disability data, and credit card
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
June 11, 2026
The FBI and DOJ seized 13 websites used by Chinese intelligence services to recruit current and former U.S. government workers
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.