Cloud
-
Salesforce disables Klue app after data theft incident
Salesforce disabled the Klue Battlecards app after a June 11 security incident at Klue that may have exposed customer data through connected accounts. Klue said legacy credentials were used to steal OAuth tokens.
-
DragonForce hackers used Microsoft Teams relay to hide command traffic, researchers say
DragonForce-linked attackers used a custom backdoor to hide command traffic inside Microsoft Teams relay infrastructure during a months-long intrusion at a major U.S. services firm, researchers said.
-
Google Vertex AI SDK flaw let attackers hijack model uploads and run code
A flaw in Google’s Vertex AI SDK for Python let attackers hijack model uploads through a predictable bucket name and run code in Google’s serving environment. Google patched the issue, and researchers said they saw no exploitation in the wild.
-
CISA flags LiteSpeed cPanel plugin flaw in Known Exploited Vulnerabilities catalog
CISA has added a LiteSpeed cPanel Plugin privilege escalation flaw to its Known Exploited Vulnerabilities catalog and set a June 18 deadline for federal agencies to patch. The issue can let a user with FTP or web shell access gain root on some shared hosting servers.
-
Microsoft 365 Copilot flaw could expose emails and files with one click
Researchers said a single click on a Microsoft link could expose emails, calendar data and indexed files from Microsoft 365 Copilot Enterprise Search through a three-bug chain called SearchLeak.
-
ServiceNow says flaw was exploited to query customer instance tables
ServiceNow said a flaw in its platform was exploited to query tables in a subset of customer instances. The company applied a security update on June 5, 2026, and said impacted customers were notified.
-
Microsoft removes 73 GitHub repositories during malware investigation
Microsoft removed 73 GitHub repositories on June 5 while investigating potential malicious content, briefly disrupting developer pipelines tied to Azure Functions. Researchers linked the incident to a broader Miasma and Shai-Hulud supply-chain campaign.
-
PCPJack hijacks 230 cloud servers for covert SMTP relay network
PCPJack hijacked 230 cloud servers tied to AWS, Google Cloud and Microsoft Azure to run a covert SMTP relay network, according to Hunt.io. The infrastructure used Sliver and Chisel tools and was still active when found.
-
Redis patches two-year-old use-after-free flaw that enabled remote command execution
Redis patched CVE-2026-23479, a use-after-free flaw in blocking-client code that could lead to remote command execution. The bug affected versions 7.2.0 through 8.6.2 and had gone unnoticed for more than two years.
-
Hackers spent months inside stock exchange executive’s Outlook inbox
Unknown attackers spent at least five months inside a senior stock exchange executive’s Outlook mailbox, copying messages in small batches and routing them through Dropbox and OneDrive in what researchers described as espionage.
