Polyfill.io Login Prompt
Suspicious polyfill.io authentication prompts appeared on websites including MUJI and Toshiba pages. Here is what users and site owners should do.
News desk
Security News
Security incidents, exploited vulnerabilities, breach reports, malware campaigns, and urgent patch notes arranged for fast daily scanning.
June 7, 2026
Latest reports
Kirki CVE-2026-8206
Kirki 6.0.0 through 6.0.6 can let unauthenticated attackers route password reset links to their own inbox. Update to 6.0.7 or later and audit administrator…
WeedHack Minecraft Malware
WeedHack spreads through fake Minecraft mods and clients, stealing session tokens, passwords, wallets, and adding remote-access risk.
Android CVE-2025-48595 Patch
Google says Android CVE-2025-48595 may be under limited targeted exploitation. Check your June 2026 security patch level and update now.
Steam C2 Backdoor
GoDaddy says WordPress malware hides C2 data in Steam profile comments. Check for hello-mywordl.info, injected scripts, and PHP backdoors.
Notepad++ XML File Risk
Notepad++ 8.9.6.1 fixes config.xml and shortcuts.xml code execution flaws. Learn who is affected, how to update, and what to inspect after suspicious shortcuts or…
Netlogon CVE-2026-41089 RCE
CVE-2026-41089 is now reported as actively exploited. Patch Windows Server domain controllers and review Netlogon, LSASS, and authentication logs.
WP Maps Pro CVE-2026-8732
WP Maps Pro CVE-2026-8732 lets unauthenticated attackers create WordPress administrator accounts. Update to 6.1.1 and audit admins/logs.
Flowise Chatflow RCE
Flowise CVE-2026-40933 can turn a malicious chatflow import into server-side command execution. Check self-hosted instances, MCP stdio use, and stored secrets.