Today’s roundup
A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach
Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)
Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation
GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defenses
Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes
AssuranceAmerica data breach exposes records of 6.9 million drivers
Mount Royal University confirms breach as hackers claim attack
Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours
GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents
Police arrests 5,800 suspects in global anti-fraud crackdown
Summary
Accenture confirmed a data breach where a hacker claimed to steal 35 GB of source code, RSA/SSH keys, and Azure credentials. This sensitive data, offered for sale on a cybercrime forum, poses a risk to client environments despite Accenture stating no operational impact.
Microsoft patched the "RoguePlanet" (CVE-2026-50656) zero-day, a privilege escalation flaw in its Defender Malware Protection Engine. This critical vulnerability, which could grant SYSTEM-level privileges on Windows 10 and 11, was publicly exploited via a race condition PoC prior to the patch in version 1.1.26060.3008.
Ubiquiti released patches for seven critical UniFi OS vulnerabilities, including a CVSS 10.0 command injection flaw (CVE-2026-50746) in UniFi Connect. Other high-severity issues affect UniFi Talk, Access, Protect, and OS, potentially enabling arbitrary command execution and privilege escalation on network devices.
A new ransomware, GodDamn, is actively employing the PoisonX kernel driver to disable endpoint security defenses. Identified as a rebrand of Beast ransomware, this strain was first spotted on May 21, 2026, representing an advanced tactic for evading detection.
The "Lurking Lizard" threat actor operates a criminal residential proxy network by distributing fake 7-Zip installers and a trojanized WireVPN app, which has over a million downloads. Victims' devices are turned into proxy nodes, supported by over 230 lookalike domains and fake review sites for monetization.
AssuranceAmerica, an American insurance company, disclosed a data breach exposing records of approximately 6.9 million drivers. Attackers gained unauthorized access to their systems earlier this year, compromising a large volume of sensitive personal information.
Mount Royal University in Calgary confirmed a data breach where hackers stole and deleted data from its network file storage systems. The university is investigating the scope and nature of the information compromised during the attack.
A lone attacker successfully breached an AWS cloud environment within 72 hours, leveraging AI workflows, chained cloud weaknesses, and stolen credentials to extort a large Amazon customer. This incident highlights the growing threat of AI-assisted cloud attacks.
Researchers discovered "GhostApproval" symlink flaws in six major AI coding assistants, including those from Amazon, Anthropic, and Google. This vulnerability allows malicious code projects to bypass user approval and execute arbitrary commands on a developer's computer through misleading file edit requests.
A global anti-fraud crackdown involving law enforcement agencies from 97 countries resulted in the arrest of 5,811 suspects and the seizure of $293 million in illicit assets. This operation signifies a major international effort to combat various forms of online fraud.
Want to dig deeper?
Vulnerabilities
Malware Families