Microsoft addressed 206 vulnerabilities in its June 2026 Patch Tuesday update, marking the vendor's largest monthly batch of security patches on record.
Attackers hijacked the update distribution system for the Smart Slider 3 Pro plugin, pushing version 3.5.1.35 loaded with multiple backdoors to WordPress and Joomla sites. The vendor urges all users to upgrade immediately to version 3.5.1.36 or roll back to 3.5.1.34.
Google has introduced Device Bound Session Credentials (DBSC) in Chrome 146 for Windows, cryptographically tying session cookies to a device's hardware to stop infostealers like LummaC2 from exploiting stolen authentication tokens.
Dutch EHR vendor ChipSoft has been struck by a ransomware attack, forcing the company to take its website and patient-facing digital services offline and prompting warnings to connected hospitals across the Netherlands and Belgium.
New research from CalTech and Google suggests fault-tolerant quantum computers capable of breaking classical encryption may need far fewer qubits than previously thought, compressing the window for post-quantum migration.
Researchers at Censys have identified more than 5,200 internet-exposed Rockwell Automation/Allen-Bradley PLCs potentially vulnerable to Iranian state-backed attackers, with nearly 3,900 of those devices located in the United States.
A previously undocumented phishing-as-a-service platform called VENOM is targeting Microsoft account credentials belonging to CEOs, CFOs, and VPs across multiple industries, using AiTM techniques and QR code lures.
Researchers at Comparitech discovered 179 industrial control devices accessible without authentication via the Modbus protocol, as the US government warns of state-sponsored attacks targeting programmable logic controllers in critical infrastructure.
A newly discovered Lua-based malware called LucidRook is being deployed against non-governmental organizations and universities in Taiwan via spear-phishing campaigns. Cisco Talos attributes the threat to a group tracked as UAT-10362.
Senate Judiciary Committee Chair Chuck Grassley has launched a congressional inquiry into eight major technology companies, citing failures to provide adequate data to a child exploitation cyber tipline operated by NCMEC.