FortiBleed Credential Theft Campaign Attributed to INC and Lynx Ransomware Groups

Executive Summary On 02 July 2026, SOCRadar researchers linked the financially-motivated campaign dubbed “FortiBleed” to the Ransom and Lynx ransomware operations, marking the first confirmed instance connecting mass FortiGate credential theft to actual ransomware deployment. SOCRadar reported that an operator tied to FortiBleed infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly…

Read More

Icarus Threat Group Claims Salesforce Data Theft in Klue Supply Chain Breach

Executive Summary  On 19 June 2026, the threat group Icarus claimed to have compromised and exfiltrated data from customers of Klue, specifically the Salesforce integration of the market intelligence platform. Salesforce has since disabled Klue integrations. Compromised Data Scope  The impacted data may consist of business names, products trialed/used, subscription details (units, pricing), business contact info (full names, work emails, job title,…

Read More

144 Mastra npm Packages Compromised Through Maintainer Phishing Attack

Executive Summary A report published by The Hacker News on 17 June 2026 detailed a software supply chain attack impacting 144 npm packages associated with the Mastra ecosystem after threat actors compromised a maintainer account through a phishing attack. The attackers leveraged the compromised account to publish malicious package versions to the npm registry. According to the…

Read More

NFCShare Android NFC Fraud Campaign Impersonating Deutsche Bank

Executive Summary In June 2026, D3 lab researchers reported on a new banking trojan. NFCShare is an Android banking trojan initially distributed as a malicious Android Package file (APK) through a phishing flow impersonating Deutsche Bank. The malware presents a fake card-verification interface, prompts the victim to place a payment card near the phone, collects the card…

Read More

Oracle PeopleSoft Data Theft Claimed by ShinyHunters

Executive Summary On 10 June 2026, BleepingComputer reported that Oracle PeopleSoft servers are allegedly being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. PeopleSoft is an enterprise business software suite used by large organizations to manage HR, payroll, finance, supply chain, procurement, and student…

Read More

ServiceNow Unauthorized Access Vulnerability Enabled Unauthorized Customer Data Access

Executive Summary On 9 June 2026, ServiceNow disclosed an incident in which unknown threat actors exploited a flaw to gain deeper unauthorized access to susceptible customer instances. On 5 June 2026, ServiceNow applied a security update to hosted customer instances to address an issue that could allow an unauthenticated user, under certain circumstances, to gain greater access to ServiceNow instances…

Read More

UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency

Executive Summary A Proofpoint Threat Research report published on 8 June 2026 detailed a phishing campaign tracked as UNK_DeadDrop targeting software developers across multiple organizations. The campaign uses fake recruitment and code review lures to convince developers to download malicious project files from GitHub repositories. Once executed, the malware is designed to compromise developer workstations and facilitate…

Read More

Glassworm Malware Targets Developers Through npm, PyPI, OpenVSX, and GitHub

Executive Summary A Cyber Security News report published on 27 May 2026 detailed an ongoing Glassworm malware campaign targeting software developers through trusted development platforms, including npm, PyPI, OpenVSX, and GitHub. The campaign first surfaced in October 2025 through malicious Visual Studio Code and OpenVSX extensions and has since expanded into Python repositories, React Native npm packages,…

Read More

Inside the Account Fraud Economy: Q1 2026 Benchmarks for Retail, QSR, Airlines and Accommodation

Account fraud isn’t a one-off event, it’s an industry. Operators run shops, set prices, manage stock and respond to customers. They specialize, collaborate, and follow the money into whichever industries are paying out. For a retailer, it is a customer’s account quietly emptied of points, gift card credit and stored payment value. For a quick…

Read More

ClickFix Campaign Uses Fake macOS Utilities to Deliver Infostealers

Executive Summary According to a report from the Microsoft Defender security research team published on 6 May 2026,an active “ClickFix” campaign is targeting macOS users through fake utility and troubleshooting lures. The campaign uses deceptive prompts masquerading as system fixes or macOS utilities to trick users into manually executing malicious terminal commands. In the past two…

Read More