Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
June 10, 2026
Chaos ransomware listed US telecom provider Airespring on its leak site. Rapid7 documented Chaos as a MuddyWater Iranian APT false-flag
News
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Chaos ransomware listed US telecom provider Airespring on its leak site. Rapid7 documented Chaos as a MuddyWater Iranian APT false-flag tool, complicating attribution.
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
The Shai-Hulud Hades variant targeted ~29 bioinformatics and ML PyPI packages in a second wave, introducing a loader-payload split and bringing the campaign past 100 ...
Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
Microsoft's June Patch Tuesday closes the actively exploited Exchange Server CVE-2026-42897 and sets a 17-day countdown to a critical Secure Boot deadline.
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
Check Point disclosed CVE-2026-50751, a critical VPN authentication bypass exploited by Qilin ransomware for five weeks, and released an emergency hotfix.
WhatsApp Files Contempt Motion Over New NSO Group Spyware Activity
WhatsApp detected new NSO Group activity violating a permanent court injunction and filed a federal contempt motion against the Israeli surveillance firm.
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
TheGentlemen ransomware posted 12 victims across 8 countries in one day, including two healthcare providers with HIPAA and NHS breach notification exposure.
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Gogs version 0.14.3 patches a critical CVSSv4 9.4 RCE zero-day that had exposed 2,300 internet-facing servers for ten days with a public Metasploit exploit.
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
Akira, Qilin, and Nightspire claimed four victims including a port trade association, a German security firm, a youth nonprofit, and a commercial printer.
TVING Data Breach Triggers South Korean Government Probe
South Korea's largest streaming platform TVING suffered a data breach exposing user IDs, contact details, and encrypted national ID-derived identifiers.
AI Agent Finds 21 FFmpeg Zero-Days Including Unauthenticated RCE
Depthfirst's autonomous AI security agent spent $1,000 to find 21 zero-days in FFmpeg, including an unauthenticated RCE triggered by a 183-byte packet.
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
June 10, 2026
The Shai-Hulud Hades variant targeted ~29 bioinformatics and ML PyPI packages in a second wave, introducing a loader-payload split and
Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
June 9, 2026
Microsoft’s June Patch Tuesday closes the actively exploited Exchange Server CVE-2026-42897 and sets a 17-day countdown to a critical Secure
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
June 9, 2026
Check Point disclosed CVE-2026-50751, a critical VPN authentication bypass exploited by Qilin ransomware for five weeks, and released an emergency
WhatsApp Files Contempt Motion Over New NSO Group Spyware Activity
June 9, 2026
WhatsApp detected new NSO Group activity violating a permanent court injunction and filed a federal contempt motion against the Israeli
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
June 9, 2026
TheGentlemen ransomware posted 12 victims across 8 countries in one day, including two healthcare providers with HIPAA and NHS breach
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
June 9, 2026
Gogs version 0.14.3 patches a critical CVSSv4 9.4 RCE zero-day that had exposed 2,300 internet-facing servers for ten days with
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
June 9, 2026
Akira, Qilin, and Nightspire claimed four victims including a port trade association, a German security firm, a youth nonprofit, and
TVING Data Breach Triggers South Korean Government Probe
June 8, 2026
South Korea’s largest streaming platform TVING suffered a data breach exposing user IDs, contact details, and encrypted national ID-derived identifiers.
AI Agent Finds 21 FFmpeg Zero-Days Including Unauthenticated RCE
June 8, 2026
Depthfirst’s autonomous AI security agent spent $1,000 to find 21 zero-days in FFmpeg, including an unauthenticated RCE triggered by a
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.