Security
Supply-Chain Chaos, AI Gov Vulns, and macOS Stealer
LastPass data exposed via Klue, Tata leaks 200K files, Anthropic's Mythos finds US gov flaws, and more.
LastPass Breached via Klue Supply-Chain Attack
On June 12, 2026, Klue detected an intrusion that compromised OAuth tokens for customers including LastPass. The threat actor used those tokens to access LastPass customer data within LastPass’s Salesforce environment, exposing names, email addresses, phone numbers, physical addresses, support tickets, and sales-related information. Password vaults and LastPass’s own infrastructure were not compromised. The Icarus group claimed responsibility and threatened to publish the data unless a ransom was paid; no leak has been confirmed. LastPass disabled employee access to Klue, rotated tokens, and notified law enforcement. LastPass stated in its blog: “The hackers took customers’ names, phone numbers, email addresses, and physical addresses, as well as customer support case data and sales-related data.” The stolen data poses a risk for targeted spear-phishing campaigns, and LastPass warned customers about an ongoing phishing campaign using three sender domains: baccarat.com.au, robinskitchen.com.au, and house.com.au. The Klue breach also affected other companies including HackerOne, Recorded Future, Tanium, Jamf, Sprout Social, Gong, and Insurity.
LastPass Breached via Klue Supply-Chain Attack:… | DeafNews →
Tata Electronics Breach: 200,000 Files Leaked, Apple and Tesla Data Exposed
Tata Electronics confirmed a cybersecurity incident on June 22, 2026, occurring “a few weeks ago.” The World Leaks ransomware group published over 200,000 files totaling more than 630 GB on a dark web forum, with data accessible since at least June 10, 2026. The leaked documents include what appear to be Apple supplier specifications and Tesla manufacturing documents, such as Apple quality inspection standards for iPhone circuit components and Tesla assembly documents for Model 3 refresh (Project Highland). The files also contain employee passports, emails, event logs, and SAP system information. Tata declined to answer questions about compromised data, affected individuals, or customer notifications. Apple initiated an internal investigation, and Tata’s official statement said the incident had “no impact on our operations across businesses, which remain unaffected.” A ransom demand was made, but Tata did not comment on it. The World Leaks group previously claimed a breach of Nike. The initial intrusion mechanism has not been disclosed.
Tata Electronics Breach: 200,000 Files Leaked,… | DeafNews →
Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems
A U.S. official speaking on condition of anonymity told the Associated Press on Tuesday that Anthropic’s Mythos AI model identified vulnerabilities in highly sensitive and secure U.S. government computer systems during a testing exercise. Anthropic teamed up with U.S. intelligence agencies to conduct the tests. The Mythos model identified certain vulnerabilities within hours, but the official said that does not mean the model was able to exploit them within that time. The news highlights growing interest in using AI for offensive and defensive cybersecurity operations within the government.
Anthropic’s Mythos model found vulnerabilities in classified US government systems, official says →
Cordyceps: Malicious Pull Requests Compromise Developer Workflows
Security researcher Elad Meged at Novee published a blog post on a new CI/CD workflow weakness named “Cordyceps.” The weakness allows attackers to use malicious pull requests to compromise software supply chains by exploiting automated CI/CD workflows that have weak access security. By targeting workflows with crafted pull requests, attackers can steal signing keys and access tokens, enabling command injection, privilege escalation, and supply chain compromise. From a single scan, Novee flagged 654 repositories as potentially exploitable and 300 as confirmed fully exploitable. Examples include attacks on Microsoft Azure Sentinel, Google AI Agent Development Kit, Apache Doris, Cloudflare Workers SDK, and Python Software Foundation’s Black. Microsoft and Google confirmed impact; Cloudflare and Apache applied fixes. Meged noted that AI coding agents are scaling the problem by generating insecure CI/CD configurations. He advises treating CI/CD workflows as code assets subject to the same security requirements as applications.
‘Cordyceps’: Mushrooming Malicious Pull Requests Threaten Developer Workflows →
New macOS ClickFix Attack Silently Mounts DMGs to Push Infostealer
Palo Alto Networks Unit 42 discovered a new macOS ClickFix campaign that uses fake CAPTCHA pages to trick users into opening Terminal and executing commands that silently download, mount, and launch infostealing malware. The campaign infects Macs with Atomic macOS Stealer (AMOS), which steals browser credentials, cryptocurrency wallet data, Keychain data, messaging app information, and user documents. The malware targets eight Chromium-based browsers and five Firefox-derived browsers, steals cryptocurrency wallet data from Exodus, Electrum, and others, and replaces legitimate installations of Ledger Live and Trezor Suite with malicious versions. It also steals Apple Notes, Safari cookies, and user document files with PDF, TXT, or RTF extensions. All harvested data is stored in a ZIP archive and uploaded to attacker servers. Users are advised not to run Terminal commands from untrusted websites, especially for CAPTCHA verifications, browser fixes, or other troubleshooting steps.
New macOS ClickFix attack silently mounts DMGs to push infostealer →