Microsoft researchers detailed AutoJack, an attack that turns an AI browsing agent into a route for running code on the user's machine. If the agent is steered to open an attacker's web page, that page's JavaScript can reach a privileged local service on the same host and spawn a process, with no credentials and no further interaction once the page loads. A planted link, poisoned URL field, or prompt injection is enough to trigger it. The demonstrated flaw sits in AutoGen Studio, the prototyping interface for Microsoft's AutoGen agent framework. The lesson: once an agent browses the open web and can reach local services, localhost is no longer a trust boundary.
Have I Been Pwned has added 368,418 accounts from a breach of JCPenney, after the extortion group ShinyHunters claimed in mid-June it stole data from the retailer and several sister brands under Catalyst Brands and Authentic Brands Group. ShinyHunters says the haul includes highly sensitive employee and customer data: Social Security numbers, dates of birth, W-2 tax forms, payroll records, and scans of government-issued IDs. Unlike passwords, these identifiers cannot simply be reset, raising long-term identity-theft and tax-fraud risk. JCPenney has not confirmed the full scope, and the group has not published samples, but the data types make this a serious exposure.
F5 has issued out-of-band patches for two critical flaws in NGINX, the web server and reverse proxy that runs a large share of the internet. CVE-2026-42530 (a use-after-free in the HTTP/3 module) and CVE-2026-42055 (a heap overflow in the HTTP/2 proxy and gRPC modules), both rated 9.2, let a remote, unauthenticated attacker corrupt memory in an NGINX worker, crashing it for a denial of service and, where address-space randomization is disabled or bypassed, potentially running code. They affect non-default configurations across NGINX Open Source, Plus, Gateway Fabric, and Instance Manager. F5 has not seen exploitation yet, but its products are frequent attacker targets.
Cisco has patched serious flaws in Identity Services Engine (ISE), the platform many organizations use to control who and what connects to their network. The most severe is a critical remote-code-execution bug that can give an attacker root-level control of the appliance. A second flaw, CVE-2026-20190, is an unauthenticated information-disclosure issue caused by weak authorization checks, letting a remote attacker pull sensitive data, including hashed credentials, that could fuel follow-on attacks and lateral movement. All versions of ISE and ISE-PIC are affected, though which flaws apply varies by release. Cisco has not reported active exploitation, but ISE sits at the heart of network access control.
Cybernews researchers found an unprotected Elasticsearch database holding 24 billion records and over 8 terabytes of data, most of it infostealer logs: stolen usernames, passwords, and the services they unlock. The collection also pulls from Telegram channels and older breach dumps. Oddly, it included thousands of records tracking CVE vulnerabilities, breach news articles, and social-media posts about cyber incidents, with content as recent as 2026, suggesting the owner is actively curating and refreshing the stash with new leaks. The researchers could not determine how many records are duplicates, how old the data is, or who owns it.
Nintendo of America has confirmed that attackers stole internal employee data through TinyPulse, a third-party employee-survey service run by WebMD Health Services, after a threat actor calling itself SHADOWBYT3$ posted the haul and demanded a $2 million ransom. Nintendo says its own systems were not breached, no customer or financial data was touched, and the exposure is limited to internal survey content for a small subset of employees, mostly several years old. The attacker, however, claims to hold more, including bank statements and tax forms. The incident is a textbook third-party vendor breach affecting a major brand.
A new extortion group called Icarus stole Salesforce CRM data from multiple organizations by abusing Klue, a competitive-intelligence app that integrates with Salesforce. Attackers compromised Klue's backend through a dormant credential, pushed a malicious update that harvested customers' OAuth tokens, and used those tokens to run automated queries against Salesforce's API, exfiltrating contacts, sales communications, and account data over about a day. Salesforce has disabled the Klue Battlecards integration. It is the same OAuth-abuse playbook seen in the Salesloft Drift and Gainsight incidents, exploiting trusted third-party integrations that carry broad, lightly-monitored access. Researchers expect more such attacks through 2026.
Microsoft has detailed a cryptocurrency-stealing campaign, active since February, that spreads through USB drives and hides its command channel inside the Tor network. Infection starts when someone opens a malicious Windows shortcut on a USB stick; the malware then hides real documents and replaces them with lookalike shortcuts, copies itself to other drives, and sets scheduled tasks for persistence. Its clipper component watches the clipboard about twice a second, swapping copied wallet addresses for the attacker's and grabbing seed phrases and private keys, which it sends out over a bundled Tor client. It can also run attacker-supplied code, doubling as a lightweight backdoor.
Attackers compromised the build pipeline of ShapedPlugin, a WordPress plugin maker, and slipped malware into legitimate updates delivered to paying customers through the vendor's own update system. The tainted releases install a fake plugin that impersonates WooCommerce components, steals site credentials, and gives attackers the ability to write files remotely. Three paid plugins are affected: Product Slider Pro for WooCommerce, Real Testimonials Pro, and Smart Post Show Pro. The backdoor was injected into Pro builds on May 21, with the first customer reports on June 10. Versions on WordPress.org stayed clean, pointing to a compromise of the vendor's release infrastructure rather than the plugins themselves.
A critical flaw in the Joomla Content Editor (JCE), one of the most widely used editor extensions for the Joomla CMS, is being actively exploited to take over websites. The bug (CVE-2026-48907, rated a perfect 10) is an access-control failure that lets an unauthenticated attacker create editor profiles and then upload and run arbitrary PHP code, leading to full server compromise. CISA added it to its known-exploited list and ordered federal agencies to patch by June 19. Working exploit code is public and attacks are automated, so even sites with no public registration are at risk. Patching closes the hole but does not remove anything attackers already planted.