Article Read Time
1. LastPass Confirms Customer Data Stolen in Klue Supply Chain Breach
LastPass disclosed that the Icarus extortion group used OAuth tokens stolen in a supply chain attack against market-intelligence vendor Klue to access customer records within its Salesforce environment. Exposed data included names, phone numbers, email and physical addresses, and support case records, though LastPass stressed that its products, infrastructure, and encrypted vaults were untouched. Several other security vendors, including Recorded Future, Tanium, and Jamf, confirmed they were caught in the same Klue-linked campaign.
Source: BleepingComputer: https://www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/
2. Madison Square Garden Breach Exposes 26 Million Visitor Records, Including Facial Recognition Data
A breach at Madison Square Garden exposed roughly 26 million visitor records, spanning contact details and facial recognition data tied to the venue’s controversial entry systems. The inclusion of biometric data has drawn fresh legal scrutiny over how long such information is retained and who is accountable when it leaks. The incident is a reminder that biometric convenience carries breach consequences that ordinary passwords never do.
Source: eSecurity Planet: https://www.esecurityplanet.com/weekly-roundup/massive-breaches-ai-risks-and-critical-vulnerabilities-define-this-week-in-cybersecurity-in-june-2026/
3. One Medical Hit by ShinyHunters Ransomware Claiming 8.8 TB of Stolen Data
The ShinyHunters group claimed responsibility for a ransomware attack on primary-care provider One Medical, asserting that it exfiltrated 8.8 TB of data. A breach of that scale at a healthcare organization raises the stakes for patient privacy and regulatory exposure, given the sensitivity of medical records. The claim fits a broader pattern of ransomware crews aggressively targeting the healthcare sector through 2026.
Source: SharkStriker: https://sharkstriker.com/blog/june-2026-data-breaches/
4.CISA Flags Active Exploitation of PTC Windchill and FlexPLM Remote Code Execution Flaw
On June 26, CISA added a critical remote code execution vulnerability affecting PTC Windchill PDMLink and FlexPLM product-lifecycle software to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. These platforms sit at the heart of manufacturing and engineering supply chains, making them high-value targets. Organizations running affected versions should prioritize patching in line with the federal remediation timeline.
Source: CISA Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
5. Critical cPanel and WHM Flaw (CVE-2026-41940) Under Active Exploitation
A critical vulnerability tracked as CVE-2026-41940, affecting cPanel, WHM, and WP Squared, is being actively exploited in the wild. Because cPanel underpins web hosting for a vast number of small and midsize sites, a single unpatched server can cascade into widespread compromise. Hosting providers and site owners should apply vendor updates immediately and review accounts for signs of intrusion.
Source: SWK: https://www.swktech.com/swk-cybersecurity-news-recap-june-2026/