Latest news as of 6/14/2026, 1:13:23 PM
The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2026-45247 (CVSS score: 9.8), is a case of deserialization of untrusted
The Register
'Attackers can now cheaply operationalize known vulnerabilities at scale,' boffins tell The Reg
The Hacker News
The U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026, leading to the takedown of millions of social media, email, and internet access accounts used by transnational
The Register
It was far too easy for a hacker to get the information
Dark Reading
Despite broadly connected digital infrastructure, standard fare TTPs are enough to cause trouble for Afghanistan's porous cybersecurity.
Have I Been Pwned
In May 2026, the dental benefits administrator that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addresses along with names, addresses and phone numbers. Much of the data appeared in healthcare enrollment files ( ) with some containing Medicaid IDs, while additional data appeared in member records and related files. , and advised they had contained the attack and mitigated the threat. DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign ASC X12 transaction sets DentaQuest acknowledged "a cybersecurity incident involving unauthorized access to a limited portion of our network"
Graham Cluley
A website called "UK visa portal" has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren't. And when a journalist tried to warn the company, it was lawyers who responded. Meanwhile, a paper from Cornell suggests that prompt injection - the technique malicious actors use to trick AI agents into doing things they really shouldn't - may be fundamentally unsolvable. Which is err... awkward, because everyone is rushing to plug AI agents into their email, files, and corporate networks. Plus don't miss our featured interview with Andrea Sivieri of CoreView, who tells us how hackers can lock your entire organisation out of its Microsoft 365 environment... without having to trick you into running a single piece of malicious code or handing over a password. All this and more in episode 470 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Tanya Janca.
The Register
Those backup plans need backup testing
Dark Reading
Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.
Bleeping Computer
A Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. [...]