CISA Adds Actively Exploited Cisco Unified CM Flaws to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Cisco Unified Communications Manager (Unified CM) to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting active exploitation risks in enterprise communication environments. The newly listed flaw, tracked…

Mini Shai-Hulud Worm Poisons LeoPlatform npm Packages to Steal Developer and CI/CD Secrets

A fresh supply-chain wave tied to the Mini Shai-Hulud, Miasma, and Hades malware families is actively poisoning npm packages in the LeoPlatform and RStreams ecosystems and expanding into source-repository compromises. The intrusion blends registry poisoning, install-time execution via binding.gyp, Bun-staged…

New infosec products of the month: June 2026

Here’s a look at the most interesting products from the past month, featuring releases from AISLE, Asimily, Blue Planet, depthfirst, Diligent, Drata, Elastic, Filigran, Flip, Hyland, IDnow, Legit Security, MazeBolt, Noma, Qodo, Ridge Security, Tigera, and WitnessAI. Asimily turns device…

Malware gaslights AI

Mac Malware Gaslights AI, Major Info-Stealer Takedown, OpenAI’s Patch the Planet, and FortiBleed Fallout Mac malware called “Gaslight,” attributed to North Korea-aligned actors, plants fake system messages designed to derail AI-based analysis while stealing data and exfiltrating it via a…