Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware.

ESET discovers Windows SprySOCKS variant with rootkit capabilities.

Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk.

Critical Fortinet FortiSandbox flaws now exploited in attacks.

iRhythm discloses data breach, says hackers stole patient info.

FBI issues urgent Kali365 security warning for Teams, Outlook, OneDrive users.

Researchers found a one-click data exfiltration vulnerability in M365 Copilot. A single click on a trusted microsoft[.]com link let attackers pull emails, MFA codes, meeting notes, and SharePoint/OneDrive files, no permissions or second click required.

Microsoft has patched it as CVE-2026-42824, rated critical.

India has temporarily banned Telegram over fears it could be used for cheating, days before a major medical entrance exam is reheld. Millions of students will retake the National Eligibility cum Entrance Test on June 21, after the May sitting was cancelled over paper-leak allegations.

A ransomware attack has shut down mills at Mackay Sugar, Australia's second-largest raw sugar producer.

A sealed 1985 Super Mario Bros. sold for $3 million, the most expensive video game ever sold at public auction. It beat the prior record of $2 million, set by the same game in 2021.

The Council of Europe has allegedly been breached. Over 297 GB of HR and payroll data, more than 429,000 files, has been compromised.

Google announced that a hacker group linked to China secretly collected information from research, medical, and military institutions in the US and Canada between 2023 and 2025.

A Joomla flaw is now on CISA’s exploited bug list.

CVE-2026-48907 has a max CVSS score of 10.0 and can let attackers upload and run PHP code through JCE editor profiles.

Affected versions: 1.0.0 through 2.9.99.4
Fixed in: 2.9.99.5

Richard Lambert of One Identity explains how CVE-2026-25177 exposes a deeper problem: overbroad AD rights, service account sprawl, and weak governance.

Elon Musk’s Grok AI helped Pentagon launch attacks on 2,000 targets in Iran within four days

While defending the trillionaire's date centers in an environmental lawsuit, the DOJ revealed the extent of Grok's use in military operations.

Researchers say Rokarolla, a new Android banking trojan, targets 217 banking and crypto apps and can steal PINs, SMS codes, and crypto wallet funds.

U.S. Debates Creation of Independent Cyber Force
Proposal focuses on specialized cyber warfare capabilities and talent retention.

Suspected Cyber Link in Electrical Failure Sparks Fire Incident
Authorities investigate potential cyber interference in infrastructure disruption.

Passwords Remain Top Cybersecurity Weakness
Stolen credentials drive nearly 80% of breaches, with phishing as a key entry point.

Estonia to Quarantine Emails from Russian Domains
New policy aims to block phishing and cyber-espionage targeting government systems.

Malware Hidden in Steam Wallpapers Targets Gamers
Malicious files steal accounts, hijack systems, and mine cryptocurrency.