Date
Victim
Summary
Threat Actor
Business Impact
Source Link
June 1, 2026
Multiple organisations across the United States, Israel, Turkey, and the Middle East
Iran-linked hackers allegedly destroy IT, backups, and recovery systems in cyber attack targeting Middle East
Ababil of Minab (Iran-linked, associated with Black Shadow)
The attack disrupted business operations after hackers wiped critical IT systems, backups, and recovery environments, significantly hindering victims’ ability to restore affected services and data.
Iran-linked hackers destroy IT, backups, and recovery systems
June 1, 2026
Thousands of legitimate websites and their visitors worldwide
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
Unknown
The attackers hijacked thousands of websites and injected malicious code that redirected visitors to fake update and ClickFix pages, exposing them to malware infections and potential system compromise.
Source: Bleeping Computer
June 2, 2026
Minecraft players and server operators who downloaded infected game modifications and tools
Over 116,000 Minecraft systems infected in WeedHack malware campaign
Unknown
The malware campaign infected more than 116,000 Minecraft-related systems, allowing attackers to steal credentials, cryptocurrency wallets, authentication tokens, and other sensitive data from affected users.
Source: Bleeping Computer
June 2, 2026
WordPress websites using vulnerable themes and plugins that relied on the Kirki Customizer Framework
Critical Kirki Flaw Exploited to Hijack WordPress Admin Accounts
Unknown
Attackers exploited the critical Kirki vulnerability to create rogue administrator accounts on vulnerable WordPress sites, giving them unauthorised control over website management and content.
Source: Bleeping Computer
June 2, 2026
Russian government officials and employees of defense, telecommunications, law enforcement, and other public sector organisations
Russia claims foreign spy agencies hacked government officials
Alleged Foreign Intelligence Agencies (attribution claimed by Russian authorities)
The espionage campaign reportedly compromised the mobile devices of Russian government and public-sector officials, enabling attackers to monitor communications and gather sensitive information.
Source: The Record Media
June 3, 2026
Web servers and online services using vulnerable HTTP/2 implementations
New HTTP/2 Bomb DoS Attack Crashes Web Servers in Under a Minute
Unknown
The HTTP/2 Bomb attack overwhelmed vulnerable web servers with a small number of malicious requests, causing rapid service disruptions and making affected websites unavailable in under a minute.
Source: Bleeping Computer
June 3, 2026
Organisations across Europe, particularly in the technology, telecommunications, and government sectors
Chinese hackers use New Atlas RAT malware in European cyber attacks
Silver Fox (China-linked threat actor)
The attackers deployed the Atlas RAT malware to gain persistent remote access to targeted systems, enabling espionage activities, data collection, and continued monitoring of compromised networks.
Source: Bleeping Computer
June 4, 2026
Developers and organisations that downloaded the compromised npm packages
New IronWorm Malware Hits 36 Packages in npm supply chain attack
Unknown
The supply chain attack compromised 36 npm packages with IronWorm malware, exposing developers and organisations to credential theft, system compromise, and unauthorised access through infected software dependencies.
Source: Bleeping Computer
June 5, 2026
U.S. gas stations operating internet-exposed automatic tank gauge (ATG) systems
Over 900 US gas station tank gauge systems exposed to attacks
Unknown
More than 900 internet-accessible fuel tank monitoring systems were left vulnerable to unauthorised access, creating a risk of fuel management disruption, operational interference, and potential manipulation of critical infrastructure.
Source: Bleeping Computer
June 5, 2026
Organisations targeted by long-term cyber espionage campaigns, including government and enterprise networks
Chinese APT deploys new malware to keep access to hacked networks
Salt Typhoon (China-linked APT group)
The threat actors deployed new persistence malware to maintain covert access to compromised networks, enabling prolonged espionage activities and continued access to sensitive systems and data.
Source: Bleeping Computer
June 7, 2026
Internet-exposed routers running vulnerable DD-WRT firmware
c0xM0 Botnet Spreads via DD-WRT Router Flaw, Kills Rival Malware
c0xM0 Botnet Operators
The botnet infected vulnerable DD WRT routers to expand its malicious network, allowing attackers to control compromised devices and strengthen their infrastructure for future attacks.
Source: Bleeping Computer
June 8, 2026
Android users who downloaded fake banking application updates from GitHub
NFCShare Android malware spreads via fake banking app updates on GitHub
Unknown
The malware campaign infected Android devices through fake banking app updates, allowing attackers to steal banking credentials, intercept sensitive information, and conduct financial fraud against affected users.
Source: Bleeping Computer
June 10, 2026
Potentially any organisations and users that could be targeted using the leaked Miasma worm code
The Miasma Worm Source Code briefly leaked on GitHub
Unknown
The brief exposure of the Miasma worm source code increased the risk that other threat actors could reuse or modify the malware to launch new attacks, potentially expanding its impact across additional networks and systems.
Source: Bleeping Computer
June 13, 2026
A high-value organisation operating an isolated network
Chinese hackers hijack Auth Flow to spy on isolated network for a decade
Chinese state-backed hackers
The attackers maintained covert access to an isolated network for nearly a decade by hijacking authentication processes, enabling long-term espionage and the monitoring of sensitive communications and activities without detection.
Source: Bleeping Computer
June 15, 2026
Maine Attorney General’s data breach notification portal
Maine takes data breach notification portal offline after fake reports
Unknown
Attackers abused Maine’s data breach notification portal to submit fraudulent breach reports, forcing the state to take the system offline and disrupting its public breach disclosure process.
Source: cyberpress.org
June 16, 2026
Multiple cardiac monitoring device manufacturers and their patients
Cardiac Monitor makers’ security skips a beat as data thieves go for the jugular
Unknown
Data breaches at several cardiac monitoring device providers exposed sensitive patient and healthcare information, increasing the risk of privacy violations and misuse of personal medical data.
Data breaches at several cardiac monitoring device providers
June 16, 2026
Steam users and Wallpaper Engine users
Steam workshop abused to spread malware via wallpaper engine app
Unknown
Attackers used malicious Wallpaper Engine content distributed through Steam Workshop to infect users with malware, exposing affected systems to data theft and further compromise.
Source: Bleeping Computer
June 16, 2026
Organisations and Windows users targeted by the GhostTree campaign
GhostTree attack abused recursive Windows junctions to hide malware
Unknown
Attackers used recursive Windows junctions to conceal malware from security tools, allowing them to maintain stealthy access to compromised systems and increasing the risk of data theft and prolonged network intrusion.
Source: Bleeping Computer
June 16, 2026
Government organisations and critical sector entities targeted by the campaign
Windows Version of SprySOCKS Linux Malware Used to Attack Govt Orgs
Chinese state-backed hackers
The attackers deployed a Windows version of the SprySOCKS malware to maintain covert access to government networks, enabling long-term espionage activities and the theft of sensitive information from targeted organisations.
Source: Bleeping Computer
June 18, 2026
Windows users infected through compromised USB drives
USB Worm spreads crypto-stealing malware via Windows shortcut files
Unknown
The malware spread through infected USB devices and stole cryptocurrency wallet data and other sensitive information, putting affected users at risk of financial loss and account compromise.
Source: Bleeping Computer
June 18, 2026
WordPress websites using compromised ShapedPlugin products
ShapedPlugin Update Flow Hacked to Infect WordPress Sites
Unknown
Attackers compromised the plugin update mechanism and pushed malicious code to WordPress sites, potentially giving them unauthorised access to affected websites and exposing visitors and administrators to further attacks.
Source: Bleeping Computer
June 19, 2026
Mount Royal University
Mount Royal University site down due to cyber attack
Unknown
The cyber attack disrupted Mount Royal University’s website, telephone services, and other key IT systems, forcing the institution to activate incident response measures while cybersecurity experts investigated the extent of the compromise.
June 21, 2026
D-Link Router Users Worldwide
Arystinger botnet infected thousands of D-Link routers worldwide
Arystinger Botnet Operators
The Arystinger botnet compromised thousands of vulnerable D-Link routers worldwide, allowing attackers to hijack the devices and use them as part of a malicious network for further cyber operations and abuse.
Source: Bleeping Computer
June 22, 2026
Brazil’s Defesa Civil Alerta (Civil Defense Alert System) / National Protection and Civil Defense Secretariat (SEDEC)
Brazil probes possible cyber attack on alert system
Unknown (suspected hacker(s) under investigation)
A suspected cyber attack hijacked Brazil’s emergency alert platform, triggering false “extreme” warnings on thousands of mobile phones across multiple states and forcing authorities to temporarily take the system offline while an investigation was launched.
Source: www.thestar.com.
June 23, 2026, June 25, 2026
Iran’s Banking Infrastructure (including multiple Iranian banks)
Islamic Republic confirms banking infrastructure cyber incident
Predatory Sparrow (Gonjeshke Darandeh)
The cyber attack disrupted card-based banking services at three Iranian lenders, causing payment processing problems and limiting customers’ access to banking transactions and financial services.
June 23, 2026
Jaredfromsubway MEV Bot Operator
Jaredfromsubway MEV bot hacked in $1.5 million crypto theft
Unknown
Hackers compromised the Jaredfromsubway MEV bot and stole approximately $1.5 million in cryptocurrency, resulting in significant financial losses through unauthorised transfers of digital assets.
Source: Bleeping Computer
June 24, 2026
Cybercriminal infrastructure behind Amadey and StealC malware operations
Amadey, StealC malware operations disrupted in Operation Endgame action
Amadey and StealC Malware Operators
An international law enforcement operation disrupted the infrastructure used by the Amadey and StealC malware groups, hindering their ability to infect victims, steal sensitive data, and conduct further cybercriminal activities.
Source: Bleeping Computer

