ServiceNow Unauthorized Access Vulnerability Enabled Unauthorized Customer Data Access

Executive Summary On 9 June 2026, ServiceNow disclosed an incident in which unknown threat actors exploited a flaw to gain deeper unauthorized access to susceptible customer instances. On 5 June 2026, ServiceNow applied a security update to hosted customer instances to address an issue that could allow an unauthenticated user, under certain circumstances, to gain greater access to ServiceNow instances…

Read More

UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency

Executive Summary A Proofpoint Threat Research report published on 8 June 2026 detailed a phishing campaign tracked as UNK_DeadDrop targeting software developers across multiple organizations. The campaign uses fake recruitment and code review lures to convince developers to download malicious project files from GitHub repositories. Once executed, the malware is designed to compromise developer workstations and facilitate…

Read More

Glassworm Malware Targets Developers Through npm, PyPI, OpenVSX, and GitHub

Executive Summary A Cyber Security News report published on 27 May 2026 detailed an ongoing Glassworm malware campaign targeting software developers through trusted development platforms, including npm, PyPI, OpenVSX, and GitHub. The campaign first surfaced in October 2025 through malicious Visual Studio Code and OpenVSX extensions and has since expanded into Python repositories, React Native npm packages,…

Read More

Inside the Account Fraud Economy: Q1 2026 Benchmarks for Retail, QSR, Airlines and Accommodation

Account fraud isn’t a one-off event, it’s an industry. Operators run shops, set prices, manage stock and respond to customers. They specialize, collaborate, and follow the money into whichever industries are paying out. For a retailer, it is a customer’s account quietly emptied of points, gift card credit and stored payment value. For a quick…

Read More

ClickFix Campaign Uses Fake macOS Utilities to Deliver Infostealers

Executive Summary According to a report from the Microsoft Defender security research team published on 6 May 2026,an active “ClickFix” campaign is targeting macOS users through fake utility and troubleshooting lures. The campaign uses deceptive prompts masquerading as system fixes or macOS utilities to trick users into manually executing malicious terminal commands. In the past two…

Read More