Apple Blocked $2.2bn in App Store Fraud in the Last Year

Total figure for fraudulent transactions Apple has blocked since 2020 now stands at over $11bn

Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw

Switchzilla says attackers could access sensitive data and make configuration changes across tenant boundaries through vulnerable internal APIs

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Active Defender exploits hit CVE-2026-41091 and CVE-2026-45498; June 3 fixes reduce SYSTEM and DoS risk.

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI models before authentication is checked.

Grafana Labs Says Code Breach Stemmed from TanStack Attack

Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack

China-Aligned Webworm Adds Discord, OneDrive Backdoors

Eset says China-aligned Webworm added Discord- and Microsoft Graph-based backdoors, custom proxies and cloud-staged malware as it expanded operations against

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

CVE-2026-46333 is a nine-year Linux kernel improper privilege management flaw introduced in November 2016 with a CVSS score of 5.5.

Critical Cisco Secure Workload Vulnerability Enables Unauthorized API Access

Cisco disclosed a critical Secure Workload flaw allowing unauthenticated access to sensitive resources through internal APIs.

Cybercriminal VPN used by ransomware actors dismantled in global crackdown – VPN service featured in almost every major Europol-supported cybercrime investigation | Europol

A VPN service used by cybercriminals to conceal ransomware attacks, data theft, and other serious offences has been dismantled in an international operation led by France and the Netherlands, with sup...

Researchers Warn CypherLoc Scareware Has Targeted Millions of Users

Barracuda reveals new CypherLoc scareware has featured in nearly three million attacks

WantToCry ransomware evades detection through SMB abuse, remote encryption

More than 1.5 million exposed SMB ports may be susceptible to brute force attacks.

Apple server schematics stolen in May 2026 Foxconn cyberattack, AppleInsider confirms

AppleInsider can exclusively confirm that the Foxconn hack contained Apple server schematics. More damaging documents may come later.

GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub is investigating unauthorized access to internal repositories after TeamPCP listed alleged source code and internal organizations for sale.