Issue #201 - June 01, 2026
- Jun 1
- 2 min read
Cyber Insurance Rates Are Dropping, but Exclusions Widen
Source: Dark Reading
Cyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix. The good news for enterprises is that cyber insurance policies are still affordable. The bad news is that coverage exclusions are increasing, and some might catch customers by surprise.
VS Code zero-day lets hackers steal GitHub tokens in one click
Source: BleepingComputer
A publicly disclosed Visual Studio Code zero-day allowed attackers to steal GitHub OAuth tokens through malicious webview behavior in github.dev. The exploit could trick users into clicking a link, install a malicious extension, and enumerate private repositories accessible to the victim. Microsoft later said the issue had been mitigated.
FSB Group Gamaredon Hides Worm in Windows Data Streams
Source: Infosecurity Magazine
Researchers say Russia-linked Gamaredon is using GammaWorm against Ukrainian targets, hiding components in NTFS Alternate Data Streams to reduce visibility. The campaign starts with malicious archives exploiting a WinRAR flaw, then spreads through USB and network drives while using dead drop resolvers to refresh command-and-control infrastructure.
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
Source: The Hacker News
The Miasma campaign compromised Red Hat’s npm package scope with a Mini Shai-Hulud-style worm designed to harvest developer, cloud, GitHub, npm, Kubernetes, Vault, and SSH secrets. Researchers say the malware used install-time execution, encrypted exfiltration, developer-tool persistence, and stolen credentials to support downstream software supply chain compromise.
Dutch Police Dismantle Massive 17-Million-Device Botnet
Source: SecurityWeek
Dutch authorities disrupted a 17-million-device botnet made up of infected computers, smartphones, and tablets. Investigators seized command-and-control servers tied to a residential proxy network allegedly used for spam, phishing, online fraud, DDoS activity, and other cybercrime. Users were urged to secure devices, networks, passwords, and applications.