**Microsoft June 2026 Patch Tuesday Fixes Over 200 Flaws Including Three Zero-Days**

Microsoft released its June 2026 Patch Tuesday update, addressing more than 200 vulnerabilities across its product line. Among the fixes are three zero-day vulnerabilities actively exploited in the wild. The update covers critical remote code execution flaws in Windows, Office, and Exchange Server, along with numerous privilege escalation and spoofing issues. Administrators are urged to apply patches immediately...

Story 1: NSO Group Spyware Resurfaces on WhatsApp

Meta has filed a contempt complaint against NSO Group, alleging that the spyware vendor violated a court order by deploying new zero-click spyware attacks on WhatsApp in June 2026. The attacks targeted journalists and civil society members, using a previously unseen payload that bypassed recent WhatsApp security patches. Meta states the exploitation relied on a chain of undisclosed vulnerabilities, and it has since blocked the associated infrastr...

**Story 1: European Authorities Dismantle Illegal Streaming Networks**

European law enforcement agencies, led by Europol, executed Operation Kratos II, arresting 29 individuals and dismantling nine organized crime groups involved in large-scale illegal streaming operations. The crackdown targeted networks that distributed pirated content, causing significant revenue losses to legitimate media providers. Authorities seized servers, domain names, and financial assets linked to the illicit streamin...

Story 1: BlackCat ransomware operators maintain regular business hours, according to an analysis of 24 months of leak site posts. The data shows a clear pattern of activity during standard workdays and hours, suggesting organized criminal operations rather than opportunistic attacks.

• https://securityaffairs.com/192969/cyber-crime/ransomware-operators-keep-business-hours-the-data-proves-it.html

• https://www.reddit.com/r/hacking/comments/1ttwgfq/analyzed_24_months_of_ransomware_leaksite_posts/

...

This week's cybersecurity roundup covers three major incidents: a novel social engineering attack using Meta's AI support bot to steal Instagram accounts, a massive data breach at the Atlas Menu cheat service for Grand Theft Auto V and Counter-Strike 2, and a brute-force attack that forced Dashlane to suspend customer accounts.

**Story 1: Hackers Used Meta's AI Support Bot to Seize Instagram Accounts**

Threat actors exploited Meta's AI-powered support chatbot by impersonating account owners and...

## Story 1: Carnival Corporation Confirms Breach Impacting Nearly 6 Million Customers

Carnival Cruise Line has confirmed a data breach affecting close to 6 million customers, with the ShinyHunters extortion group claiming responsibility. Stolen records reportedly include names, contact details, dates of birth, and loyalty program information tied to Carnival, Princess, and Holland America bookings. The incident is part of the broader Salesforce-related data theft campaign that ShinyHunters has ...

In this episode, we cover three major cybersecurity stories shaping the week: Apple's massive App Store enforcement actions and a critical Cisco patch, the takedown of the Kimwolf DDoS botnet operator, and Anthropic's Glasswing AI uncovering thousands of vulnerabilities including CVE-2026-5194.

=== Story 1: Apple Rejects 2M Apps, Cisco Patches Critical Secure Workload Flaw, Ocean Launches Email Security ===

Apple disclosed it rejected over 2 million App Store submissions in 2025 as part of expa...

Story 1: Shinyhunters Canvas Data Breach

The threat actor group Shinyhunters claimed to have stolen student data from Canvas, a widely-used learning management system, but security researchers and congressional investigators express skepticism about whether the stolen information was actually deleted as promised. The breach has drawn attention from Congress and triggered inquiries into Instructure's security practices and incident response protocols. Experts warn that verification of data delet...

Story 1: Shinyhunters Canvas Data Breach

The threat actor group Shinyhunters claimed to have stolen student data from Canvas, a widely-used learning management system, but security researchers and congressional investigators express skepticism about whether the stolen information was actually deleted as promised. The breach has drawn attention from Congress and triggered inquiries into Instructure's security practices and incident response protocols. Experts warn that verification of data delet...

GitHub TeamPCP Breach Investigation

GitHub is investigating a claimed breach by threat actor TeamPCP affecting approximately 4,000 internal repositories. The attacker claims to have accessed sensitive GitHub infrastructure, raising concerns about the security of the platform's internal development assets. This incident highlights risks to major software development platforms and their internal code repositories.

Sources:

• https://thehackernews.com/2026/05/github-investigating-teampcp-claimed....