Latest news as of 6/17/2026, 6:18:45 AM
The Hacker News
Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase. "Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations," Grafana said in a series of
The Hacker News
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the
Krebs on Security
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers -- including Apple, Google, Microsoft, Mozilla and Oracle -- fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases.
Have I Been Pwned
In May 2026, the real estate services firm . Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email addresses along with tens of thousands of external email addresses and corporate contact records. The exposed data was primarily business information, including names, job titles, company addresses and phone numbers. Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group
Have I Been Pwned
In April 2026, . The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in some cases, customer support tickets. In , Canada Life advised that "it is a small proportion of our customers who may have been impacted". In the wake of the incident, , a pattern often seen after the public release of breached data. Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group their disclosure notice Canada Life also published an alert cautioning customers to be wary of phishing attacks
Have I Been Pwned
In April 2026, the fintech software company . Shortly after, data allegedly taken from the company's Salesforce instance was published publicly and contained over 700k unique email addresses belonging to both Abrigo staff and external contacts. Whilst separate from , the data fields described in that incident are consistent with the ShinyHunters data, namely that it was "business contact information" including "institution name, employee name, email addresses, and phone numbers". Abrigo was targeted in a "pay or leak" extortion attempt by the ShinyHunters group Abrigo's Salesforce compromise via the Drift application connector the previous year
Dark Reading
The campaign quietly compromises aerospace and drone operators to exfiltrate GIS files, terrain models, and GPS data and gain a clear picture of adversaries' world view.
Dark Reading
Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate complex attacks.
Dark Reading
The privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation.
Dark Reading
Security controls can do only so much. Here are four attacks where your employees are usually your first, and only, line of cyber defense.