Date: 1 July 2026
Ransomware Attacks in June 2026
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
June 2, 2026 |
Potential enterprise and organisational networks using Active Directory environments |
AI-Built Ransomware Toolkit Automates EDR Evasion, AD Discovery |
Unknown |
The AI-generated ransomware toolkit streamlined key attack stages by automating security evasion and network discovery tasks, potentially enabling attackers to compromise enterprise environments more quickly and efficiently. |
Source: Bleeping Computer |
|
June 3, 2026 |
Nobitex |
The US Sanctions Nobitex Crypto Exchange Used by Ransomware |
Multiple ransomware groups and cybercriminal actors (as cited by U.S. authorities) |
The exchange allegedly facilitated financial transactions linked to ransomware operations and other cybercrime activities, helping threat actors move and launder proceeds obtained from attacks. |
|
|
June 7, 2026 |
Law firms and legal organisations |
Silent Ransom Group Targets Law Firms With Fake IT Support Calls |
Silent Ransom Group (SRG) |
The attackers used social engineering and fake IT support calls to gain access to law firm networks, steal sensitive legal data, and extort victims by threatening to leak the stolen information. |
Source: Bleeping Computer |
|
June 8, 2026 |
Organisations using vulnerable VPN appliances |
Check Point links VPN zero-day attacks to Qilin Ransomware gang |
Qilin Ransomware Gang |
The attackers exploited a VPN zero day vulnerability to gain unauthorised access to corporate networks, enabling them to deploy ransomware, disrupt operations, and increase the risk of data theft and extortion. |
Source: Bleeping Computer |
|
June 12, 2026 |
Multiple organisations targetted by the Conti ransomware operation |
Ukrainian national pleads guilty to role in Conti Ransomware operation |
Conti Ransomware Group |
The Conti ransomware operation encrypted victims' systems, disrupted business operations, and caused significant financial losses through extortion demands and recovery efforts. |
Source: Bleeping Computer |
|
June 16, 2026 |
Organisations targeted by the ransomware campaign |
Ransomware gang abuses Microsoft Teams relays to hide malicious traffic |
Storm-1175 |
The ransomware group concealed malicious communications through Microsoft Teams relays, helping attackers evade detection while gaining access to victim networks and increasing the risk of ransomware deployment and operational disruption. |
Source: Bleeping Computer |
|
June 18, 2026 |
Organisations targetted by the Gentlemen ransomware operation |
Gentlemen Ransomware uses multiple EDR killers to disable defenses |
Gentlemen Ransomware Group |
The ransomware operators disabled endpoint security tools using multiple EDR-killing utilities before encrypting systems, increasing the likelihood of successful attacks, operational disruption, and financial losses for victims. |
Source: Bleeping Computer |
|
June 22, 2026 |
Multiple organisations and individuals (potential targets of the Prinz Eugen ransomware campaign) |
New Prinz Eugen ransomware prioritises recent files for encryption |
Prinz Eugen Ransomware Operators |
The Prinz Eugen ransomware encrypted victims’ most recently modified files first, increasing operational disruption and pressure on organisations by immediately targeting the data most likely to be actively used and business-critical. |
Source: Bleeping Computer |
|
June 23, 2026 |
Bajaj Auto |
Bajaj Auto says ransomware attack hits systems |
Unknown |
A ransomware attack disrupted parts of Bajaj Auto’s IT infrastructure, affecting certain business operations and prompting the company to implement containment measures while assessing the full impact of the incident. |
Data Breaches in June 2026
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
June 4, 2026 |
World Food Programme (WFP) |
UN Food Agency investigates Gaza Aid breach |
Unknown |
The breach exposed sensitive information linked to people receiving humanitarian assistance in Gaza, prompting an investigation into the unauthorized access of WFP data systems. |
|
|
June 4, 2026 |
DentaQuest customers and members |
DentaQuest data breach exposed information of 2.6 million accounts |
Unknown |
DentaQuest breach exposed sensitive personal and health-related information belonging to approximately 2.6 million individuals, increasing the risk of identity theft and fraud for affected members. |
Source: Bleeping Computer |
|
June 8, 2026 |
Instagram users who contacted Meta AI support services |
Meta AI Support data breach affects 20,000 Instagram accounts |
Unknown |
The breach exposed support case information linked to about 20,000 Instagram accounts, potentially revealing personal details and private communications submitted to Meta AI support teams. |
Source: Bleeping Computer |
|
June 8, 2026 |
SoFi Hong Kong customers and applicants |
SoFi confirms third-party data breach at Hong Kong subsidiary |
Unknown |
The breach exposed personal information belonging to customers and applicants of SoFi's Hong Kong subsidiary after a third party service provider was compromised, increasing the risk of identity theft and fraud. |
Source: Bleeping Computer |
|
June 9, 2026 |
ServiceNow customers |
ServiceNow discloses security incident exposing customer data |
Unknown |
The security incident exposed customer data stored within affected ServiceNow environments, potentially giving unauthorised parties access to sensitive business information and customer records. |
Source: Bleeping Computer |
|
June 11, 2026 |
Tchap users, including French government employees and public officials |
French Government messaging app Tchap suffers security breach; Hundreds of thousands of messages allegedly stolen |
Unknown |
The breach allegedly exposed hundreds of thousands of private messages exchanged through the French government's Tchap platform, raising concerns over the security of official communications and sensitive information. |
|
|
June 11, 2026 |
Organisations using vulnerable Oracle PeopleSoft systems |
Oracle mitigates PeopleSoft Zero Day exploited in data theft attacks |
Unknown |
Attackers exploited a PeopleSoft zero day vulnerability to gain unauthorised access to affected systems and steal sensitive data from impacted organisations. |
Source: Bleeping Computer |
|
June 11, 2026, |
Novo Nordisk |
Hacking group claims major hack of Novo Nordisk, attempted $25 million extortion |
Hunters International |
Unauthorised access to Novo Nordisk systems resulted in the external copying of non-public and clinical trial related patient data, prompting an investigation and the temporary shutdown of some internal IT systems. |
Source: Reuters |
|
June 11, 2026 |
University of Nottingham |
University of Nottingham confirms breach after hackers leak data |
Unknown |
The breach resulted in the unauthorised exposure of university data after attackers leaked stolen information online, raising concerns about the security of sensitive records belonging to the institution and affected individuals. |
|
|
June 14, 2026 |
Four Iranian banks |
Iran Says Limited cyber attack disrupts services at four banks, State Media Says |
Unknown |
The cyber attack temporarily disrupted banking services at four Iranian banks, affecting customer access to financial services and causing operational interruptions before services were restored. |
Source: Reuters |
|
June 15, 2026 |
Organisations operating vulnerable REDCap servers, including medical and research institutions |
Chinese hackers breach REDCap servers, Steal medical research |
Chinese state-backed hackers |
The attackers compromised vulnerable REDCap servers and stole sensitive medical research data, exposing valuable research information and potentially affecting institutions involved in healthcare and scientific studies. |
Source: Bleeping Computer |
|
June 15, 2026 |
Council of Europe |
ShinyHunters claims Council of Europe hack |
ShinyHunters |
ShinyHunters claimed to have stolen and leaked data from the Council of Europe, potentially exposing sensitive organisational information and prompting an investigation into the alleged breach. |
Source: www.securityweek.com |
|
June 15, 2026 |
Eastman Kodak Company |
ShinyHunters claims Kodak Hack; 2 million records allegedly exposed |
ShinyHunters |
ShinyHunters claimed to have accessed and exposed approximately two million Kodak records, potentially putting sensitive customer and business-related information at risk of unauthorized disclosure. |
|
|
June 16, 2026 |
iRhythm Technologies |
iRhythm discloses data breach, says hackers stole patient info |
Unknown |
Hackers gained unauthorised access to iRhythm systems and stole sensitive patient information, exposing affected individuals to privacy risks and potential misuse of their healthcare data. |
Source: Bleeping Computer |
|
June 16, 2026 |
Android users of targeted banking and cryptocurrency applications |
New Rokarolla Android malware targets 217 banking, crypto apps |
Unknown |
The Rokarolla malware targeted hundreds of banking and cryptocurrency apps to steal login credentials and financial information, putting affected users at risk of account compromise and monetary theft. |
Source: Bleeping Computer |
|
June 17, 2026 |
Users of multiple online services and platforms |
24 Billion credentials exposed in massive data leak, researchers warn |
Unknown |
Billions of login credentials compiled from numerous sources were exposed online, significantly increasing the risk of account takeovers, identity theft, and large-scale credential-stuffing attacks against affected users. |
|
|
June 18, 2026 |
Klue and affected Salesforce customers |
Klue OAuth breach linked to Icarus Salesforce data theft attacks |
Icarus |
Attackers abused a compromised OAuth connection to access Salesforce data, exposing sensitive business information from affected organisations and expanding the scope of the Icarus data theft campaign. |
Source: Bleeping Computer |
|
June 18, 2026 |
Texas Parks and Wildlife Department |
Texas Parks & Wildlife data breach exposes millions of driver's licenses, passport numbers |
Unknown |
A data breach at the Texas Parks and Wildlife Department exposed sensitive personal information, including driver's license and passport numbers, affecting millions of individuals whose records were stored in the agency’s systems. |
|
|
June 18, 2026 |
Amazon One Medical |
Amazon One Medical data breach exposed patient information |
Unknown |
Unauthorised access to patient records exposed sensitive personal and healthcare information, creating privacy risks for affected One Medical patients and prompting an investigation into the incident. |
Source: cybernews.com |
|
June 18, 2026 |
Nintendo |
Nintendo confirms data stolen in WebMD subsidiary cyber attack |
Unknown |
Personal information belonging to Nintendo job applicants was stolen after attackers breached a WebMD subsidiary’s recruitment platform, exposing applicant data that had been shared with Nintendo during the hiring process. |
Source: Bleeping Computer |
|
June 19, 2026 |
GrayRobinson |
Cyber attack on law firm GrayRobinson compromised personal data of over 65,000 people |
Unknown |
A cyber attack on GrayRobinson resulted in the theft of sensitive personal and health information belonging to more than 65,000 individuals after an unauthorised party accessed and exfiltrated files from the firm's network. |
|
|
June 22, 2026 |
Optimum First Mortgage |
Optimum First Mortgage Data Breach; Edelson Lechtzin LLP launches investigation into exposure of personal information |
Unknown |
A data breach at Optimum First Mortgage exposed sensitive personal information belonging to customers and individuals associated with the company, creating risks of identity theft, fraud, and misuse of the compromised data. |
|
|
June 22, 2026 |
Tata Electronics |
Tata Electronics, a major tech supplier to Apple and Tesla, confirms data breach |
Hunters International |
A breach at Tata Electronics led to the theft and public leak of company data, exposing internal information and documents after attackers claimed to have exfiltrated files from the firm's systems. |
Source: Tech Crunch |
|
June 22, 2026 |
London Hydro |
London Hydro customer data potentially compromised in security incident |
Unknown |
A security incident at London Hydro potentially exposed customer personal information, prompting the utility to investigate the breach and notify affected individuals about the risk of unauthorised access to their data. |
|
|
June 22, 2026 |
Belgian State Security Service |
Belgian state security hit by Ivanti data breach |
Suspected Chinese State-Backed Hackers |
A breach involving a vulnerable Ivanti platform exposed sensitive communications and personal data held by Belgium’s State Security Service, potentially compromising intelligence-related information and contacts accumulated over several years. |
Source: www.techzine.eu |
|
June 22, 2026 |
Alcott HR |
Alcott HR data breach exposes personal information, Murphy Law Firm investigates legal claims |
Unknown |
A data breach at Alcott HR exposed sensitive personal information belonging to current and former employees and dependents, increasing the risk of identity theft, financial fraud, and misuse of compromised data. |
Source: www.globenewswire.com |
|
June 22, 2026 |
One Medical Seniors |
ShinyHunters threatens to leak One Medical Seniors patient data |
ShinyHunters |
ShinyHunters claimed to have stolen sensitive patient information from One Medical Seniors and threatened to publicly leak the data, potentially exposing affected patients to privacy risks, identity theft, and fraud. |
ShinyHunters threatens to leak One Medical Seniors patient data |
|
June 22, 2026 |
XSOLIS, Inc. |
XSOLIS, Inc. ata breach: Edelson Lechtzin LLP launches investigation into exposure of personal information |
Unknown |
A data breach at XSOLIS exposed sensitive personal information entrusted to the healthcare technology company, potentially putting affected individuals at risk of identity theft, fraud, and other misuse of their personal data. |
Source: prnewswire.com |
|
June 22, 2026 |
Organisations using vulnerable Fortinet FortiGate devices |
FortiBleed campaign used custom FortiGate sniffer to steal credentials |
Unknown |
Attackers exploited the FortiBleed campaign to deploy a custom sniffer on vulnerable FortiGate devices, stealing user credentials and other sensitive authentication data that could be used to gain unauthorised access to affected networks. |
Source: Bleeping Computer |
|
June 23, 2026 |
Meta Employees |
Meta to pause internal mouse-tracking tech while examining data security issues |
Unknown |
Meta paused its employee-monitoring programme after an internal security lapse exposed sensitive employee data, including private conversations, performance information, and activity records, to a broader group of staff than intended, raising significant privacy and data security concerns. |
Source: Reuters |
|
June 23, 2026 |
LastPass |
LastPass confirms data breach in Klue supply chain attack |
UNC6040 |
The Klue supply-chain attack exposed limited customer and business information belonging to LastPass after attackers gained unauthorised access to data stored within the third-party platform, prompting an investigation into the scope of the breach. |
Source: Bleeping Computer |
|
June 25, 2026 |
Alera Group |
Alera Group data breach settlement: Americans could get up to $3,500 in settlement payouts; know who's eligible and the claim deadline |
Unknown |
A data breach at Alera Group exposed sensitive personal information of affected individuals, leading to a class-action settlement and raising concerns over potential identity theft and financial fraud risks. |
Source: economictimes.indiatimes.com |
Cyber Attacks in June 2026
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
June 1, 2026 |
Multiple organisations across the United States, Israel, Turkey, and the Middle East |
Iran-linked hackers allegedly destroy IT, backups, and recovery systems in cyber attack targeting Middle East |
Ababil of Minab (Iran-linked, associated with Black Shadow) |
The attack disrupted business operations after hackers wiped critical IT systems, backups, and recovery environments, significantly hindering victims' ability to restore affected services and data. |
Iran-linked hackers destroy IT, backups, and recovery systems |
|
June 1, 2026 |
Thousands of legitimate websites and their visitors worldwide |
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks |
Unknown |
The attackers hijacked thousands of websites and injected malicious code that redirected visitors to fake update and ClickFix pages, exposing them to malware infections and potential system compromise. |
Source: Bleeping Computer |
|
June 2, 2026 |
Minecraft players and server operators who downloaded infected game modifications and tools |
Over 116,000 Minecraft systems infected in WeedHack malware campaign |
Unknown |
The malware campaign infected more than 116,000 Minecraft-related systems, allowing attackers to steal credentials, cryptocurrency wallets, authentication tokens, and other sensitive data from affected users. |
Source: Bleeping Computer |
|
June 2, 2026 |
WordPress websites using vulnerable themes and plugins that relied on the Kirki Customizer Framework |
Critical Kirki Flaw Exploited to Hijack WordPress Admin Accounts |
Unknown |
Attackers exploited the critical Kirki vulnerability to create rogue administrator accounts on vulnerable WordPress sites, giving them unauthorised control over website management and content. |
Source: Bleeping Computer |
|
June 2, 2026 |
Russian government officials and employees of defense, telecommunications, law enforcement, and other public sector organisations |
Russia claims foreign spy agencies hacked government officials |
Alleged Foreign Intelligence Agencies (attribution claimed by Russian authorities) |
The espionage campaign reportedly compromised the mobile devices of Russian government and public-sector officials, enabling attackers to monitor communications and gather sensitive information. |
Source: The Record Media |
|
June 3, 2026 |
Web servers and online services using vulnerable HTTP/2 implementations |
New HTTP/2 Bomb DoS Attack Crashes Web Servers in Under a Minute |
Unknown |
The HTTP/2 Bomb attack overwhelmed vulnerable web servers with a small number of malicious requests, causing rapid service disruptions and making affected websites unavailable in under a minute. |
Source: Bleeping Computer |
|
June 3, 2026 |
Organisations across Europe, particularly in the technology, telecommunications, and government sectors |
Chinese hackers use New Atlas RAT malware in European cyber attacks |
Silver Fox (China-linked threat actor) |
The attackers deployed the Atlas RAT malware to gain persistent remote access to targeted systems, enabling espionage activities, data collection, and continued monitoring of compromised networks. |
Source: Bleeping Computer |
|
June 4, 2026 |
Developers and organisations that downloaded the compromised npm packages |
New IronWorm Malware Hits 36 Packages in npm supply chain attack |
Unknown |
The supply chain attack compromised 36 npm packages with IronWorm malware, exposing developers and organisations to credential theft, system compromise, and unauthorised access through infected software dependencies. |
Source: Bleeping Computer |
|
June 5, 2026 |
U.S. gas stations operating internet-exposed automatic tank gauge (ATG) systems |
Over 900 US gas station tank gauge systems exposed to attacks |
Unknown |
More than 900 internet-accessible fuel tank monitoring systems were left vulnerable to unauthorised access, creating a risk of fuel management disruption, operational interference, and potential manipulation of critical infrastructure. |
Source: Bleeping Computer |
|
June 5, 2026 |
Organisations targeted by long-term cyber espionage campaigns, including government and enterprise networks |
Chinese APT deploys new malware to keep access to hacked networks |
Salt Typhoon (China-linked APT group) |
The threat actors deployed new persistence malware to maintain covert access to compromised networks, enabling prolonged espionage activities and continued access to sensitive systems and data. |
Source: Bleeping Computer |
|
June 7, 2026 |
Internet-exposed routers running vulnerable DD-WRT firmware |
c0xM0 Botnet Spreads via DD-WRT Router Flaw, Kills Rival Malware |
c0xM0 Botnet Operators |
The botnet infected vulnerable DD WRT routers to expand its malicious network, allowing attackers to control compromised devices and strengthen their infrastructure for future attacks. |
Source: Bleeping Computer |
|
June 8, 2026 |
Android users who downloaded fake banking application updates from GitHub |
NFCShare Android malware spreads via fake banking app updates on GitHub |
Unknown |
The malware campaign infected Android devices through fake banking app updates, allowing attackers to steal banking credentials, intercept sensitive information, and conduct financial fraud against affected users. |
Source: Bleeping Computer |
|
June 10, 2026 |
Potentially any organisations and users that could be targeted using the leaked Miasma worm code |
The Miasma Worm Source Code briefly leaked on GitHub |
Unknown |
The brief exposure of the Miasma worm source code increased the risk that other threat actors could reuse or modify the malware to launch new attacks, potentially expanding its impact across additional networks and systems. |
Source: Bleeping Computer |
|
June 13, 2026 |
A high-value organisation operating an isolated network |
Chinese hackers hijack Auth Flow to spy on isolated network for a decade |
Chinese state-backed hackers |
The attackers maintained covert access to an isolated network for nearly a decade by hijacking authentication processes, enabling long-term espionage and the monitoring of sensitive communications and activities without detection. |
Source: Bleeping Computer |
|
June 15, 2026 |
Maine Attorney General's data breach notification portal |
Maine takes data breach notification portal offline after fake reports |
Unknown |
Attackers abused Maine's data breach notification portal to submit fraudulent breach reports, forcing the state to take the system offline and disrupting its public breach disclosure process. |
Source: cyberpress.org |
|
June 16, 2026 |
Multiple cardiac monitoring device manufacturers and their patients |
Cardiac Monitor makers' security skips a beat as data thieves go for the jugular |
Unknown |
Data breaches at several cardiac monitoring device providers exposed sensitive patient and healthcare information, increasing the risk of privacy violations and misuse of personal medical data. |
Data breaches at several cardiac monitoring device providers |
|
June 16, 2026 |
Steam users and Wallpaper Engine users |
Steam workshop abused to spread malware via wallpaper engine app |
Unknown |
Attackers used malicious Wallpaper Engine content distributed through Steam Workshop to infect users with malware, exposing affected systems to data theft and further compromise. |
Source: Bleeping Computer |
|
June 16, 2026 |
Organisations and Windows users targeted by the GhostTree campaign |
GhostTree attack abused recursive Windows junctions to hide malware |
Unknown |
Attackers used recursive Windows junctions to conceal malware from security tools, allowing them to maintain stealthy access to compromised systems and increasing the risk of data theft and prolonged network intrusion. |
Source: Bleeping Computer |
|
June 16, 2026 |
Government organisations and critical sector entities targeted by the campaign |
Windows Version of SprySOCKS Linux Malware Used to Attack Govt Orgs |
Chinese state-backed hackers |
The attackers deployed a Windows version of the SprySOCKS malware to maintain covert access to government networks, enabling long-term espionage activities and the theft of sensitive information from targeted organisations. |
Source: Bleeping Computer |
|
June 18, 2026 |
Windows users infected through compromised USB drives |
USB Worm spreads crypto-stealing malware via Windows shortcut files |
Unknown |
The malware spread through infected USB devices and stole cryptocurrency wallet data and other sensitive information, putting affected users at risk of financial loss and account compromise. |
Source: Bleeping Computer |
|
June 18, 2026 |
WordPress websites using compromised ShapedPlugin products |
ShapedPlugin Update Flow Hacked to Infect WordPress Sites |
Unknown |
Attackers compromised the plugin update mechanism and pushed malicious code to WordPress sites, potentially giving them unauthorised access to affected websites and exposing visitors and administrators to further attacks. |
Source: Bleeping Computer |
|
June 19, 2026 |
Mount Royal University |
Mount Royal University site down due to cyber attack |
Unknown |
The cyber attack disrupted Mount Royal University’s website, telephone services, and other key IT systems, forcing the institution to activate incident response measures while cybersecurity experts investigated the extent of the compromise. |
|
|
June 21, 2026 |
D-Link Router Users Worldwide |
Arystinger botnet infected thousands of D-Link routers worldwide |
Arystinger Botnet Operators |
The Arystinger botnet compromised thousands of vulnerable D-Link routers worldwide, allowing attackers to hijack the devices and use them as part of a malicious network for further cyber operations and abuse. |
Source: Bleeping Computer |
|
June 22, 2026 |
Brazil's Defesa Civil Alerta (Civil Defense Alert System) / National Protection and Civil Defense Secretariat (SEDEC) |
Brazil probes possible cyber attack on alert system |
Unknown (suspected hacker(s) under investigation) |
A suspected cyber attack hijacked Brazil’s emergency alert platform, triggering false “extreme” warnings on thousands of mobile phones across multiple states and forcing authorities to temporarily take the system offline while an investigation was launched. |
Source: www.thestar.com. |
|
June 23, 2026, June 25, 2026 |
Iran's Banking Infrastructure (including multiple Iranian banks) |
Islamic Republic confirms banking infrastructure cyber incident |
Predatory Sparrow (Gonjeshke Darandeh) |
The cyber attack disrupted card-based banking services at three Iranian lenders, causing payment processing problems and limiting customers' access to banking transactions and financial services. |
|
|
June 23, 2026 |
Jaredfromsubway MEV Bot Operator |
Jaredfromsubway MEV bot hacked in $1.5 million crypto theft |
Unknown |
Hackers compromised the Jaredfromsubway MEV bot and stole approximately $1.5 million in cryptocurrency, resulting in significant financial losses through unauthorised transfers of digital assets. |
Source: Bleeping Computer |
|
June 24, 2026 |
Cybercriminal infrastructure behind Amadey and StealC malware operations |
Amadey, StealC malware operations disrupted in Operation Endgame action |
Amadey and StealC Malware Operators |
An international law enforcement operation disrupted the infrastructure used by the Amadey and StealC malware groups, hindering their ability to infect victims, steal sensitive data, and conduct further cybercriminal activities. |
Source: Bleeping Computer |
New Ransomware/Malware Discovered in June 2026
|
New Ransomware |
Summary |
|
MLTBackdoor |
A newly discovered modular backdoor that leverages Beacon Object Files (BOFs) to dynamically extend its functionality after infection. Distributed through ClickFix social-engineering campaigns, it enables remote command execution, file transfers, and payload deployment, providing attackers with a flexible post-exploitation framework. |
|
AryStinger |
A newly identified botnet malware targeting vulnerable routers and NAS devices, including D-Link, Linksys, and QNAP systems. It converts compromised devices into a malicious proxy network, enabling traffic tunneling, reconnaissance, and anonymous attacker operations while abusing edge infrastructure for stealth. |
|
Crypto Clipper |
A newly uncovered cryptocurrency-stealing malware that spreads through infected USB drives using malicious shortcut (.LNK) files. It targets cryptocurrency wallets, seed phrases, and private keys while incorporating clipboard hijacking, credential theft, screenshot capture, and Tor-based command-and-control capabilities. |
|
Rocket Banking Trojan |
A newly observed Android banking malware family targeting banking and cryptocurrency applications. It abuses Android Accessibility Services, deploys credential-stealing overlays, records screens, captures keystrokes, intercepts notifications, and conducts extensive surveillance to facilitate financial fraud and account takeover attacks. |
|
Lalia Ransomware |
A newly emerged ransomware family identified in June 2026 that targets Windows environments. The malware is believed to employ modern ransomware tradecraft and may support double-extortion tactics involving both file encryption and data theft. Its emergence highlights the continued growth of the ransomware ecosystem as new threat actors enter the cybercrime landscape despite increased law enforcement pressure on established groups. |
Vulnerabilities/Patches Discovered in June 2026
|
Date |
New Flaws/Fixes |
Summary |
|
June 1, 2026 |
CVE-2026-41089 |
Attackers actively exploited a critical Windows Netlogon vulnerability that allowed unauthenticated remote code execution on domain controllers, potentially enabling full system compromise, prompting urgent patching recommendations for affected Windows Server environments. |
|
June 2, 2026 |
CVE-2025-30762 |
CISA ordered U.S. federal agencies to patch a critical Oracle WebLogic vulnerability that was being actively exploited, warning that attackers could gain unauthorised access and compromise affected servers if the flaw remained unpatched. |
|
June 5, 2026 |
CVE-2025-48799 |
CISA warned that attackers had begun actively exploiting a SolarWinds Serv-U vulnerability to crash vulnerable servers, increasing the risk of service disruption and prompting organisations to apply security updates immediately. |
|
June 6, 2026 |
CVE-2025-1128 |
Attackers actively exploited a critical vulnerability in the Everest Forms Pro WordPress plugin to create administrator accounts and take full control of vulnerable websites, prompting urgent patching recommendations. |
|
June 8, 2026 |
CVE 2024 39930 |
Gogs patched a critical zero day vulnerability that could have allowed attackers to execute remote code on vulnerable servers, prompting users to update immediately to prevent system compromise. |
|
June 9, 2026 |
CVE 2024 24919 |
CISA ordered federal agencies to patch a Check Point security vulnerability after it had been actively exploited by ransomware gangs to gain unauthorised access to targeted networks. |
|
June 9, 2026 |
CVE 2025 23121 |
Researchers disclosed a new Veeam vulnerability that could have allowed attackers to execute remote code on backup servers, potentially leading to full system compromise and disruption of backup operations. |
|
June 9, 2026 |
CVE 2026 44748, CVE 2026 27671, CVE 2026 22732, CVE 2026 40128 |
SAP released security updates that fixed multiple critical vulnerabilities in NetWeaver and Commerce Cloud which could have allowed attackers to bypass authentication, gain unauthorised access, execute malicious actions, or compromise affected enterprise |
|
June 10, 2026 |
CVE 2025 53786 |
Microsoft patched a zero day vulnerability in Exchange Server that had been actively exploited in attacks, helping organizations prevent unauthorized access and potential compromise of email systems. |
|
June 11, 2026 |
CVE 2025 5777, CVE 2025 6543, CVE 2025 6544 |
CISA directed federal agencies to patch multiple critical vulnerabilities within three days after confirming that the flaws had been actively exploited in attacks, highlighting the urgent risk of system compromise. |
|
June 12, 2026 |
CVE-2025-22457 |
CISA ordered federal agencies to patch an actively exploited Ivanti vulnerability within three days after attackers were found using the flaw to compromise vulnerable systems. |
|
June 16, 2026 |
CVE-2025-32756,CVE-2025-32755,CVE-2025-25257 |
Fortinet warned that attackers had begun exploiting critical FortiSandbox vulnerabilities in the wild, potentially allowing unauthorised code execution and compromise of affected security appliances. |
|
June 17, 2026 |
CVE-2025-25257 |
CISA ordered federal agencies to urgently patch a maximum-severity vulnerability in a widely used Joomla extension after attackers began exploiting the flaw to compromise vulnerable websites. |
|
June 18, 2026 |
CVE-2025-53859, CVE-2025-23419, CVE-2025-23418, CVE-2025-23417, CVE-2025-23416, |
F5 released emergency patches for several critical NGINX vulnerabilities that could have allowed attackers to crash servers, cause service disruptions, or potentially execute malicious code on affected systems. |
|
June 23, 2026 |
CVE-2026-20230 |
Attackers actively exploited a critical vulnerability in Cisco Unified CM and Unified CM SME systems, allowing unauthenticated remote access that could enable arbitrary command execution and compromise of affected servers. |
Warnings/Advisories/Reports/Analysis
|
News Type |
Summary |
|
Report |
A federal inspector general's report found that management shortcomings and resource challenges at NIST led to significant delays in processing vulnerability data, creating a backlog that affected the timeliness and reliability of the National Vulnerability Database. |
|
Warning |
The Five Eyes intelligence alliance warned that Chinese intelligence operatives had used professional networking and job recruitment platforms to target and recruit insiders with access to sensitive government and corporate information. |
|
Warning |
Acer warned that multiple maximum-severity zero-day vulnerabilities in its Wave 7 Wi-Fi routers could have allowed attackers to gain remote control of affected devices, prompting users to apply security updates immediately. |
|
Warning |
CISA warned that attackers had been actively exploiting vulnerabilities in Android and Linux systems, urging organizations and users to apply available patches to reduce the risk of device compromise and unauthorized access. |
|
Warning |
CISA warned that cyber threat actors had targeted internet-exposed fuel tank monitoring systems using default credentials and poor security configurations, potentially allowing unauthorized access and operational disruption. |
|
Warning |
Cisco warned that a critical vulnerability in Unified Communications Manager could have allowed attackers to gain unauthorized access and execute malicious actions on affected systems, and urged customers to patch the flaw after proof-of-concept exploit code became publicly available. |
|
Report |
Law enforcement agencies dismantled a large online marketplace that had supplied forged identity documents to migrant smuggling networks, disrupting a criminal operation that facilitated illegal border crossings and identity fraud. |
|
Warning |
Cisco warned that attackers had exploited a zero-day vulnerability in SD-WAN devices to gain root-level access to affected systems, prompting urgent patching and mitigation efforts to prevent further compromises. |
|
Report |
Researchers reported that the China linked JDY botnet had expanded its operations to target internet exposed systems associated with US military networks, increasing concerns about espionage, network compromise, and persistent access to sensitive infrastructure. |
|
Report |
Attackers abused Maine's online data breach reporting portal to publish fraudulent breach notifications, creating confusion and undermining trust in official breach disclosure records. |
|
Report |
A Japanese energy company disclosed that a storage device containing personal information belonging to approximately 10.9 million customers had been lost, raising concerns about potential unauthorized access to customer data. |
|
Report |
South Korea's privacy regulator reported that Coupang was fined approximately $400 million after a data breach affecting millions of users exposed weaknesses in the company's handling and protection of customer information. |
|
Warning |
Oracle warned customers that attackers had exploited a PeopleSoft security flaw to breach more than 100 organisations, urging users to secure vulnerable systems against further compromise. |
|
Report |
Maine temporarily disabled its online data breach notification portal after attackers abused the system to submit and publish fake breach disclosures, disrupting the state's public reporting process. |
|
Report |
The U.S. government reportedly asked Anthropic to restrict foreign national access to its Fable and Mythos AI models due to concerns that the technology could be misused for national security and sensitive research purposes. |
|
Report |
The FBI disrupted a large-scale AI-powered phishing service that had used more than one million malicious URLs to steal credentials and facilitate cybercrime campaigns targeting victims worldwide. |
|
Report |
The FBI revealed that it had built a realistic replica of a small town to simulate real-world cyber attacks, helping agents and cybersecurity professionals train for threats targeting critical infrastructure and connected systems. |
|
Report |
The Council of Europe launched an investigation after the ShinyHunters hacking group claimed to have breached its systems and stolen sensitive data, while officials worked to verify the authenticity and scope of the alleged compromise. |
|
Warning |
Security experts warned that a rise in account takeover attacks targeting Argos customers had been driven by password reuse, increasing the risk of unauthorised purchases and account compromise. |
|
Warning |
The FTC warned that Americans lost a record $3.5 billion to imposter scams in 2025, as cybercriminals increasingly posed as trusted organisations and government agencies to deceive victims into sending money. |
|
Warning |
CISA warned that attackers had been actively exploiting a vulnerability in a cPanel plugin, urging organisations to patch affected systems quickly to prevent unauthorised access and potential compromise |
|
Report |
Microsoft reported that North Korean threat actors were linked to a supply-chain attack targeting the Mastra AI development framework, after attackers compromised developer accounts and inserted malicious code designed to steal credentials and cryptocurrency assets from downstream users. |
|
Warning |
CISA warned Fortinet customers to immediately secure and review their devices after the FortiBleed vulnerability exposed sensitive information, raising concerns that attackers could have used the leaked data to gain unauthorised access to affected systems. |
|
Warning |
Researchers warned that attackers used WhatsApp messages containing fake business documents to trick users into opening malicious files, leading to malware infections and unauthorised access to compromised Windows PCs. |
|
Report |
Belgian authorities reported that hundreds of organisations were affected by a large-scale cyber attack that exploited a vulnerability in widely used software, exposing systems to unauthorised access and prompting a nationwide cybersecurity response. |
|
Report |
Germany approved new powers allowing its intelligence services to conduct offensive cyber operations against foreign hackers, marking a significant expansion of the country's ability to actively disrupt and counter cyber threats originating abroad. |
|
Report |
Meta paused its employee-tracking program after a security review found that internal data had been exposed more broadly than intended, raising concerns about employee privacy and data protection. |
|
Warning |
Researchers warned that a malicious Microsoft Edge extension abused the browser’s Native Messaging feature to communicate with malware on infected devices, enabling attackers to execute commands and maintain access to compromised systems. |
|
Warning |
Experts warned that ransomware attacks had increasingly pushed German businesses toward financial distress and potential bankruptcy by causing prolonged operational disruptions, recovery costs, and significant revenue losses. |
|
Warning |
CISA warned that attackers had actively exploited maximum-severity vulnerabilities in Ubiquiti networking devices, potentially allowing unauthorized access and full compromise of affected systems, and urged organizations to apply security updates immediately. |
|
Report |
Researchers reported that the stealthy MISTIC backdoor was linked to the KongTuke access broker, which used compromised systems to provide network access that could later be sold to ransomware operators and other cybercriminal groups. |
|
Warning |
The UK's Public Accounts Committee warned that many of the country's cultural institutions had failed to adequately strengthen their cyber defenses, leaving critical national collections and services vulnerable to increasingly sophisticated cyber threats. |


