Security researchers and vendors have confirmed active exploitation of a PAN-OS authentication‑bypass vulnerability (CVE-2026-0257) that enables attackers to establish unauthorized GlobalProtect VPN sessions. Palo Alto Networks initially disclosed the flaw on May 13 and assigned patches and mitigations; Rapid7 observed exploitation beginning May 17 with a second wave May 21. The U.S. Cybersecurity and Infrastructure Security Agency added the defect to its Known Exploited Vulnerabilities catalog on May 29, directing federal agencies to remediate by June 1. The issue can be abused by forging an authentication override cookie when certain certificate configurations are reused, a configuration present in some GlobalProtect portal/gateway deployments. NVD/CVSS ratings were escalated after in‑the‑wild activity, with public scoring reported up to 9.1. Palo Alto has issued updated advisories and patches for multiple PAN‑OS and Prisma Access releases; vendors and researchers urge immediate patching, disabling authentication override cookies where feasible, and review of VPN logs and exposed devices. While many observed intrusions did not show lateral movement, the vulnerability’s ability to grant legitimate‑looking VPN access makes detection and post‑compromise containment challenging.

Researchers at the University of Toronto, in collaboration with the Vector Institute and the University of Cambridge, have published a proof‑of‑concept showing an AI-driven computer worm that adapts its tactics as it spreads. The prototype used an open‑weight large language model running on compromised machines to reason about each target, read public vulnerability advisories in real time and generate tailored exploits. Tests were conducted in an isolated 33‑host network (Linux, Windows and IoT devices) over 15 seven‑day runs; on average the agent identified about 31 vulnerabilities, achieved elevated access on roughly 23 hosts and propagated to about 20 hosts. The authors redacted operational details and disclosed findings to Canadian authorities before release. The worm hijacks infected devices’ compute (including GPUs) to run the model and can repurpose credentials and workarounds it finds, making single‑patch fixes insufficient. The team and outside experts warn the threat could grow as devices gain local inference capability and language models improve, and they urge coordinated responses including accelerated patching, AI‑assisted testing and cross‑sector collaboration.

Security researchers at McAfee Labs uncovered a large-scale Malware-as-a-Service operation dubbed “WeedHack” that has infected more than 116,000 systems since January 2026, adding roughly 2,000–3,000 new infections per day. The campaign relies on malicious JAR files (3,820 identified) and over 240 distribution URLs, spreading via YouTube videos, SEO-poisoned sites, Discord communities and file-hosting links that impersonate popular Minecraft mods and clients. WeedHack’s free tier functions as a comprehensive infostealer targeting Minecraft session IDs, credentials from 36 browsers, 56 browser-based crypto wallets and multiple platforms (Discord, Steam, Telegram). Paid tiers (about $4.99/month) unlock remote-access features including webcam capture, keylogging, screen and keyboard control, and file exfiltration. The platform uses an enterprise-style dashboard with leaderboards and a Telegram channel of ~850 members; McAfee says many customers appear to be teenagers who have used the tool for harassment and blackmail. Technical defenses include EtherHiding (C2 resolution via Ethereum), Windows Defender exclusion manipulation and persistence mechanisms that complicate removal. Reported infections are concentrated in the United States, Germany, India, the UK and other countries. McAfee urges users to avoid unofficial mods, enable MFA and run updated antivirus scans.

Anthropic announced on June 2–3, 2026 that it is widening access to its powerful cybersecurity model Claude Mythos via Project Glasswing, increasing partners from roughly 50 to about 200 organisations. Access is limited to organisations that meet security requirements and includes government bodies, utilities and vendors across more than 15 countries. Anthropic says partners in the expanded cohort operate in sectors such as power, water, healthcare, communications and hardware, and that previous Glasswing testing has surfaced more than 10,000 high- or critical-severity software flaws. The company estimates a successful attack on many partner codebases could affect more than 100 million people. Anthropic has withheld Mythos from general release, saying its dual-use capabilities pose misuse risks, and warned rival firms could produce comparable models within six to 12 months. The expansion follows Anthropic’s confidential IPO filing and comes amid industry and government talks about disclosures, guardrails and responsibility for patching vulnerabilities fast enough to stay ahead of attackers.

Google this week began rolling out a new fake call detection feature for Android designed to block AI-powered impersonation scams. Announced June 2–3, 2026, the protection will arrive globally this month in Phone by Google on devices running Android 12 and later, starting with Pixel phones. The feature works by sending an end-to-end encrypted RCS ‘silent confirmation’ from the caller’s device to the recipient’s handset; if that hardware-bound signal is missing, the recipient’s phone will ping the contact’s device and display a warning advising the user to hang up. The check runs by default in the background and does not analyse call audio. Google built the system on the Rich Communication Services standard so other apps and manufacturers can adopt it. The rollout is part of a wider June Android update that also includes Google Photos’ virtual wardrobe, Circle to Search improvements and expanded cross-platform file sharing. Google and several security outlets cited rising losses from AI voice-cloning impersonation scams as the impetus for the feature.

Atlas Menu, a paid cheat and mod-menu service for Grand Theft Auto V (and reportedly Counter-Strike 2), was breached in May 2026 and publicly reported in early June. Data-breach tracker Have I Been Pwned added the leak after an attacker posted an archive to GitHub, with the exposed records numbering roughly 63,900–64,000 accounts. Stolen fields include email addresses, usernames, IP addresses, support tickets and passwords stored as bcrypt hashes. The attacker said the compromise was retaliation against an alleged scammer. Atlas Menu’s website and storefront were offline at the time of reporting and the service has not issued a public statement. The incident highlights recurring security issues around third‑party gaming cheat operators, whose infrastructure and customer data often lack accountability and professional safeguards.