Top stories
// 5 stories cyclingKlue — OAuth integration compromise feeding Icarus Salesforce data theft
Attackers compromised Klue's integration platform via a legacy credential, harvested customers' OAuth tokens and exfiltrated Salesforce and Gong data from multiple organisations; Icarus claimed responsibility.
Eastman Kodak — ShinyHunters extortion claim, US imaging manufacturer
ShinyHunters listed Kodak on its leak site claiming 2.2 million records; Kodak confirmed an unauthorised third party briefly accessed a limited amount of company data.
Grindr — alleged 15M+ user database listing
Forum seller listed an alleged 15-million-record Grindr database for $400 covering bcrypt hashes, geolocation and HIV-status field; Grindr has not commented.
United Nations World Food Programme — Palestine self-registration application breach
Attackers accessed WFP's Palestine self-registration platform on 14 May, exfiltrating names, ID and mobile numbers and location data for around 600,000 Gaza households.
Red Hat (@redhat-cloud-services npm) — Miasma supply-chain worm via compromised employee GitHub account
Wiz researchers found 32 trojanised releases under the @redhat-cloud-services npm scope, traced to a compromised Red Hat employee's GitHub account, deploying a credential-stealing self-propagating worm.
Profiles and interviews with the people behind the keyboard. Some made the news. Some made the millions. Some did the time. Some came back with something to say.
Open the profiles →OpenAI — two employee devices compromised in TanStack npm supply-chain attack
Two OpenAI staff devices compromised by poisoned @tanstack npm packages; limited credentials exfiltrated and OpenAI is re-signing all desktop and mobile applications.
Palo Alto Networks PAN-OS GlobalProtect — CVE-2026-0257
Authentication-override flaw in PAN-OS GlobalProtect lets unauthenticated attackers forge cookies and establish VPN tunnels; CISA added it to KEV with a 1 June deadline.
DentaQuest — ShinyHunters leak-site listing, US dental insurer
ShinyHunters listed US dental-insurance provider DentaQuest on its leak site, claiming 744 user records and threatening publication after the extortion deadline lapsed.
GS Yuasa Lithium Power — Akira leak-site listing, US aerospace battery supplier
Akira listed US aerospace battery supplier GS Yuasa Lithium Power on its leak site, naming Boeing satellite project data among the allegedly stolen material.
7-Eleven — misconfigured Salesforce Experience Cloud, ShinyHunters dump
ShinyHunters dumped a 9.4 GB archive of 7-Eleven franchise applicant data after exploiting a misconfigured Salesforce Experience Cloud instance with the AuraInspector audit tool.