Breaking News – Cyber Threats (last 6h)
Generated: 2026-06-18 13:00 PDT
- Nintendo confirms data stolen in WebMD subsidiary cyberattack
BleepingComputer • 2026-06-18 11:31 • www.bleepingcomputer.com
Nintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used internally, but its systems were not compromised. […]
https://www.bleepingcomputer.com/news/security/nintendo-confirms-data-stolen-in-webmd-subsidiary-cyberattack/ - ‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
KrebsOnSecurity • 2026-06-18 10:37 • krebsonsecurity.com
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a “residential proxy” provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR].
https://krebsonsecurity.com/2026/06/popa-botnet-linked-to-publicly-traded-israeli-firm/ - F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
The Hacker News • 2026-06-18 10:32 • thehackernews.com
F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems.The vulnerabilities are listed below –
CVE-2026-42530 (CVSS v4 score: 9.2) – A use-after-free vulnerability in the ngx_http_v3_module that could be triggered by a remote unauthenticated attacker when NGINX Open Source is
https://thehackernews.com/2026/06/f5-patches-two-critical-nginx-open.html - USB worm spreads crypto-stealing malware via Windows shortcut files
BleepingComputer • 2026-06-18 09:20 • www.bleepingcomputer.com
Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication. […]
https://www.bleepingcomputer.com/news/security/usb-worm-spreads-crypto-stealing-malware-via-windows-shortcut-files/ - Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network
The Hacker News • 2026-06-18 08:33 • thehackernews.com
If an autonomous AI agent interacts with your company’s core intellectual property today, can your security team instantly name the person who authorized it?For most enterprises, the answer is a simple no.
The rush to adopt internal AI tools has left a massive trail of administrative debt: orphaned agents (AI tools left running after their creator leaves the company) and standing privileges (
https://thehackernews.com/2026/06/orphaned-ai-agents-how-to-find-hidden.html - ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories
The Hacker News • 2026-06-18 08:27 • thehackernews.com
The internet did not break this week. It got used exactly as designed, which is worse.Searches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks ran in memory and left almost nothing behind. Cloud agents looked like helpers until attackers treated them like open shells.
Add exposed edge gear, poisoned packages, cash courier scams,
https://thehackernews.com/2026/06/threatsday-bulletin-claude-chat-abuse.html - Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
The Hacker News • 2026-06-18 07:30 • thehackernews.com
Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026.“The clipper in this campaign relies on Windows Script Host and ActiveX-driven logic to launch a bundled Tor proxy and poll a hidden-service C2 [command-and-control] server,” the Microsoft Defender Security Research Team said in an analysis published Tuesday. “It
https://thehackernews.com/2026/06/microsoft-details-windows-clipper.html - Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks
BleepingComputer • 2026-06-18 07:19 • www.bleepingcomputer.com
Market intelligence platform Klue suffered a OAuth breach that enabled the “Icarus” threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign. […]
https://www.bleepingcomputer.com/news/security/klue-oauth-breach-linked-to-icarus-salesforce-data-theft-attacks/ - INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
The Hacker News • 2026-06-18 07:12 • thehackernews.com
Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims since August 2023.“The disruption of LockBit and the shutdown of BlackCat created opportunities for INC to expand as affiliates migrated to alternative ransomware operations,” Acronis
https://thehackernews.com/2026/06/inc-ransomware-claims-830-victims-since.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
