Kimsuky Used a Fake Webex Page to Deliver an HTTPSpy Variant to the South Korean Military

ENKI says Kimsuky ran a March-April 2026 wave against South Korean military and corporate targets, delivering an HTTPSpy variant through a fake Webex meeting page wired to a real scheduled event and a new infection-verification technique it calls JSONPing.

Chaotic Eclipse Pledges July 14 'Bone-Shattering' Windows Exploit Drop as Microsoft Escalates

The researcher behind a six-week run of uncoordinated Microsoft zero-day disclosures pledged a July 14, 2026 'bone-shattering' Windows exploit drop. Microsoft signaled law-enforcement action and pulled the researcher's GitHub account. Both sides have hardened.

Microsoft Names Storm-2697 Behind The Gentlemen Ransomware: Go Encryptor, Ephemeral Keys

Microsoft Threat Intelligence has named the operators of The Gentlemen ransomware Storm-2697, and its new deep technical analysis dissects a Go encryptor that uses per-file ephemeral keys and an aggressive self-propagation module.

Signal Users Targeted in New Phishing Wave That Asks for the Recovery Key

A phishing wave is impersonating Signal Support to ask users for their secret recovery key — the key that decrypts online backups containing past messages. The defender utility is simple: Signal will never ask for it, ever.

Senator Calls Adtech a 'National Security Threat' After DoD Confirms Targeting of Troops

US Central Command confirmed foreign adversaries are using commercial location data to track and surveil US troops in theater. Sen. Ron Wyden said it is time to treat the adtech industry as a national security threat. Adversaries were not named.

Pay Tel Exposed Driver's Licenses of 300,000 Prison-Call Customers on an Open Azure Server

Pay Tel, a US prison calling vendor, left a Microsoft Azure storage server holding 300,000-plus driver's license scans and inmate communications open to the web without a password, UpGuard told TechCrunch on May 28. It is Pay Tel's second known security failure in a year.

GreyVibe Used ChatGPT, Gemini and Ideogram AI Across a Likely-Russian Ukraine Campaign

WithSecure has tied a likely-Russian threat cluster named GreyVibe to a Ukraine-focused campaign that uses ChatGPT, Gemini and Ideogram AI as productivity tooling across lures, malware and post-compromise operations.

How AI Is Used in Cyberattacks

A clear guide to how attackers use artificial intelligence — for phishing, malware, deepfakes, and attacks on AI systems — and how organizations can defend.

The OnlyFans "340 Million-Record Leak" Was Compiled From Old Breaches, Not a Platform Hack

A threat actor advertised a 340 million-record OnlyFans dataset for 0.313 BTC on May 25, then privately admitted they did not breach the platform. The compilation stitches old breach data to public profiles, and the framing failure is itself the editorial story.

Carnival Confirms 6 Million-Person Breach, 38 Days After ShinyHunters Posted Ultimatum

Carnival Corporation began notifying 5,995,277 people on May 27, 2026 that their personal data was stolen in an April vishing breach — the corporate confirmation of an extortion claim ShinyHunters posted to its leak site 38 days earlier.

Wiz Disclosed JINX-0164, a New macOS Threat Actor Hitting Crypto Devs With Recruiter Lures

Wiz disclosed JINX-0164, a previously unreported actor running LinkedIn recruiter lures, custom macOS malware, and CI/CD hijacking against cryptocurrency developers. The playbook mirrors documented North Korean tradecraft, but Wiz preserves the attribution hedge.

Charter Confirms Breach as ShinyHunters Claims 42 Million Records via Salesforce Vishing

Charter Communications, the parent of Spectrum, confirmed a cybersecurity incident on May 26-27, 2026 after ShinyHunters claimed 42 million customer records via the same vishing-to-Microsoft-Entra-to-Salesforce playbook documented across the 2026 cluster at ADT, Amtrak, Odido, and Vimeo.