Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7

Microsoft pulls 119 Edge extensions that hid malware inside images and fonts

Microsoft has removed 119 malicious Microsoft Edge extensions, tied to a single actor active since at least 2021, that hid their payloads inside ordinary image and font files using steganography. The extensions posed as ad blockers, VPNs, translators, and similar tools, worked as advertised, and stayed dormant for days while passing evasion checks, which let them survive in the store for years and reach up to 2.6 million installs. Beyond ad fraud and affiliate hijacking, the more dangerous variants stole Google credentials and two-factor codes at sign-in, harvested WordPress admin logins, and exfiltrated cookies for session hijacking, with extra aggression against corporate and banking targets. Microsoft has published indicators of compromise.

Check
Open your browser's extensions page and check installed add-ons against Microsoft's published list of StegoAd extension IDs, and review endpoints for the campaign's indicators of compromise across Chromium browsers.
Affected
Users who installed any of the 119 extensions, which posed as ad blockers, VPNs, and similar tools; stolen cookies and two-factor codes let attackers hijack sessions and accounts without passwords.
Fix
Remove any matching extension and treat the browser as compromised: reset Google and WordPress passwords, review sign-in activity, and prefer hardware security keys over SMS codes. Govern extensions with allowlists.

Djinn stealer harvests cloud and AI credentials through SimpleHelp RMM flaw

A new information stealer called Djinn is being used to grab cloud and AI service credentials, Dark Reading reports. Attackers deliver it by exploiting CVE-2026-48558, a critical authentication-bypass flaw in the SimpleHelp remote-management tool, then use Djinn to target the credentials that link developer and administrator environments to broader enterprise systems. The focus on cloud and AI secrets reflects where valuable access now lives: API keys and tokens for cloud platforms and AI services can unlock far more than a single machine. Organizations that run SimpleHelp, especially unpatched instances, are the immediate exposure point for this credential theft.

Check
Confirm SimpleHelp servers are patched against CVE-2026-48558, and review developer and admin systems for credential theft and any unexpected use of cloud or AI service API keys and tokens.
Affected
Organizations running SimpleHelp remote-management software vulnerable to CVE-2026-48558; Djinn specifically hunts the cloud and AI service credentials that bridge developer and admin environments to wider enterprise systems.
Fix
Patch SimpleHelp immediately, rotate cloud and AI service credentials that may have been exposed, enforce least privilege and short-lived tokens, and monitor for unusual API key usage.

Malicious Perplexity look-alike extension logged every search and keystroke typed

Microsoft found a malicious Chrome extension impersonating the AI search engine Perplexity that quietly logged users' searches and address-bar input. Calling itself "Search for perplexity ai" and using a look-alike domain, it set itself as the default search engine and routed every query through an attacker server, which logged it with the user's IP and browser details before redirecting to a real engine so results looked normal. Worse, it also pointed the browser's live search suggestions at the attacker, so each character typed in the address bar was sent before the user even pressed Enter. Microsoft found no password theft, but far more access than a search tool needs. Google removed it.

Check
Check whether anyone installed the 'Search for perplexity ai' extension, confirm the default search engine has not been changed, and watch for browser traffic to unfamiliar look-alike domains imitating AI services.
Affected
Users who installed the fake Perplexity extension; their searches and every character typed into the address bar were sent to an attacker-controlled server, exposing potentially sensitive queries and browsing intent.
Fix
Remove the extension, reset the default search engine, and allow only approved extensions through browser policy. Treat AI-branded tools with extra suspicion and verify the publisher and domain before installing anything.

KDDI email breach affects up to 14.2 million accounts across six Japanese ISPs

Japanese telecom giant KDDI has disclosed a breach of an email platform it operates for itself and several internet service providers, potentially exposing the email addresses and passwords of up to 14.22 million mailboxes. KDDI detected the intrusion on June 17, blocked the attacker the same day, and traced the entry to a vulnerability in unnamed third-party software used by the email system. Six ISPs are affected, including JCOM, Nifty, and Biglobe, and the figure covers current, former, and inactive accounts. KDDI says some passwords were hashed or encrypted but has not said how many were stored in plaintext, and is urging all affected users to change their passwords.

Check
Customers of KDDI or the affected ISPs, including JCOM, Nifty, and Biglobe, should change their email passwords immediately and anywhere the same password was reused, and watch for phishing attempts.
Affected
Up to 14.22 million current, former, and inactive email accounts across six Japanese ISPs on KDDI's platform; exposed addresses and passwords enable account takeover, phishing, and credential stuffing where reused.
Fix
Affected users should change email passwords and any reused elsewhere, and enable multi-factor authentication. Organizations should inventory third-party software in shared platforms, patch promptly, and segment systems to limit breach scope.

ShinyHunters leaks Sysco data with 2.7 million email addresses after extortion

Food distribution giant Sysco was hit by the extortion group ShinyHunters in a "pay or leak" attack, and after the company did not pay, the stolen data was published. Have I Been Pwned has indexed 2,691,852 unique email addresses belonging to staff and customers, alongside what is described as largely corporate contact information. The breach fits ShinyHunters' sweeping 2026 campaign against large enterprises, which has typically relied on social engineering and compromised SaaS integrations rather than software exploits. Exposed business contact data is useful for convincing, targeted phishing aimed at Sysco's staff, customers, and partners.

Check
People and businesses dealing with Sysco should check Have I Been Pwned for affected emails and stay alert to phishing or invoice fraud that references Sysco accounts, orders, or deliveries.
Affected
Sysco staff, customers, and partners whose email addresses and corporate contact details were exposed (2,691,852 indexed); the data supports targeted phishing and business email compromise against the food-distribution supply chain.
Fix
Treat unexpected Sysco-themed emails with caution, verify payment or account changes through known contacts, enable phishing-resistant MFA, and brief staff and partners on the heightened phishing risk from this exposure.

Clean GitHub repos trick AI coding agents into fetching and running malware

Researchers at Mozilla's 0DIN found that an AI coding agent told to clone and set up a seemingly harmless GitHub repository can be tricked into running malware that stays invisible to security scanners, the agent itself, and human reviewers. The trick is that nothing malicious sits in the repository's files. Instead, a routine-looking setup command runs a script that fetches a value hidden in a DNS TXT record and executes it as a shell command, pulling down and running an attacker's payload like a reverse shell. Because the payload lives outside the repo and arrives over DNS at setup time, code review and static scanning see nothing wrong.

Check
Review how your AI coding agents and developers set up unfamiliar repositories, and check whether setup or build commands can make outbound network or DNS requests that fetch and execute external content.
Affected
Developers and teams that let AI coding agents automatically run setup steps for untrusted repositories; the malicious payload is fetched at setup time over DNS, so scanning the repository alone misses it.
Fix
Run repository setup for untrusted code in sandboxes without credentials, restrict outbound network and DNS during setup, and treat agent setup and build commands as untrusted code execution rather than safe automation.

Self-spreading Shai-Hulud worm hits more npm packages and reaches into Go

Socket reports a new wave of the self-spreading Shai-Hulud supply-chain worm, in its Miasma and Hades variants, that compromised more npm packages and, for the first time, reached the Go ecosystem. On June 24 attackers used a hijacked maintainer account to push trojanized versions of LeoPlatform and RStreams npm packages, tied to cloud and serverless workloads, and also poisoned a Go module from the Verana blockchain project. The malware harvests developer and CI/CD credentials, abuses GitHub Actions, and polls GitHub hourly for a marker commit to pull down its Hades payload. Researchers note the campaign keeps shifting ecosystems and indicators to stay ahead of detection rather than changing its core behavior.

Check
Check whether your projects or pipelines pulled affected LeoPlatform, RStreams, or related npm packages or the compromised Verana Go module, and review developer and CI/CD systems for credential theft.
Affected
Developers and CI/CD pipelines that installed the compromised npm packages or Go module; the worm steals cloud, registry, and GitHub credentials, then uses them to spread to more packages and repositories.
Fix
Remove affected versions, rotate developer, cloud, and CI/CD credentials, pin and verify dependencies, restrict install-time and build-time execution, and monitor for unexpected GitHub Actions activity and new exfiltration repositories.

PTC Windchill flaw exploited for remote code execution on manufacturing systems

Attackers are actively exploiting a critical flaw in PTC Windchill and FlexPLM, product lifecycle management software widely used across automotive, aerospace, defense, and manufacturing to store designs, engineering data, and intellectual property. The bug (CVE-2026-12569) is an unsafe deserialization issue that lets an unauthenticated attacker run code remotely by sending a crafted request. PTC patched it in mid-June, but has since reported heightened activity, with attackers deploying JSP web shells for command execution and data theft. CISA added it to its Known Exploited Vulnerabilities catalog, the first-ever PTC product to be listed, with a federal deadline of June 28. PTC has published indicators of compromise.

Check
Inventory PTC Windchill and FlexPLM instances and versions, restrict internet exposure of the login endpoint, and hunt for the JSP web shells and indicators of compromise PTC published.
Affected
Organizations running unpatched PTC Windchill or FlexPLM (CVE-2026-12569), especially internet-facing instances; manufacturers in automotive, aerospace, and defense risk remote code execution, intellectual-property theft, and supply-chain compromise.
Fix
Apply PTC's patches for your Windchill or FlexPLM version immediately, restrict the login endpoint to trusted networks, deploy the published IOCs, and check for web shells before assuming systems are clean.

Amazon Q Developer flaw let a malicious repo steal a developer's cloud keys

Wiz Research found a high-severity flaw in Amazon Q Developer, Amazon's AI coding assistant, that let a malicious code repository run commands and steal a developer's cloud credentials simply by being opened. The bug (CVE-2026-12957) lay in how Amazon Q handled Model Context Protocol servers: it read an MCP configuration file from the open workspace and automatically launched the servers it defined. Because those servers run as local processes that inherit the developer's full environment, a single config file committed to a repo could reach AWS keys, cloud tokens, API secrets, and SSH agent sockets, turning a git clone into a full compromise. Amazon has patched the issue and published an advisory.

Check
Confirm Amazon Q Developer is updated to the patched version, and review whether developers open untrusted repositories in AI coding assistants that can auto-launch Model Context Protocol servers from in-repo configuration files.
Affected
Developers using vulnerable versions of Amazon Q Developer (CVE-2026-12957) who open untrusted repositories; a malicious MCP configuration file could run commands and steal cloud credentials from the developer's environment.
Fix
Update Amazon Q Developer, treat opening a repository in an AI assistant as running its code, disable automatic MCP server launching where possible, and isolate untrusted repos without real credentials.

New Linux kernel flaws give local users root by poisoning cached binaries

Researchers disclosed closely related Linux kernel flaws in the traffic-control subsystem that let an unprivileged local user gain root, and working exploits appeared within a day of disclosure. The main bug, nicknamed pedit COW (CVE-2026-46331), is an out-of-bounds write in the packet-editing action that corrupts shared page-cache memory; a related variant tracked as DirtyClone (CVE-2026-43503) was demonstrated by JFrog. Rather than touching files on disk, the exploit poisons the cached copy of a setuid root program like /bin/su in memory and runs the altered version as root, so file-integrity checks still pass. Exploitation needs the act_pedit module loadable and unprivileged user namespaces enabled, both common defaults on RHEL and Debian.

Check
Identify Linux systems running affected kernels, and check whether unprivileged user namespaces are enabled and whether the act_pedit traffic-control module can be loaded, the two conditions these exploits require.
Affected
Linux systems on affected kernels (CVE-2026-46331 and CVE-2026-43503), including default RHEL and Debian configurations, where any local user can escalate to root despite file-integrity checks passing.
Fix
Apply kernel updates from your distribution as they ship, and as interim hardening, disable unprivileged user namespaces and block loading of the act_pedit module where it is not needed.