Infinite Campus breached and more - Jun 21, 2026

Weekly Roundup
Written By RF Wave

Featured

Infinite Campus has revealed they were victim of a data breach

ShinyHunters group took responsibility for the reach, and of over 137k accounts were affected

This Week’s Updates

Breaches

Awesome Motive confirmed its CDN was compromised in a supply chain attack that injected malicious code into the OptinMonster, TrustPulse, and PushEngage WordPress plugins

iRhythm Holdings disclosed a data breach after hackers stole patients' personal and health information from third-party-hosted business applications

Kodak confirmed it is working with external cybersecurity experts to investigate a data breach after ShinyHunters claimed to have stolen company data

ShapedPlugin confirmed its update delivery system was hacked in a supply chain attack that distributed malicious plugin releases to paying WordPress customers

Nintendo confirmed threat actors stole internal survey data from TinyPulse, a third-party service used internally, though its own systems were not compromised

Klue publicly confirmed a breach in which threat actors stole OAuth tokens to access customers' Salesforce environments, with the victim list continuing to grow as the "Icarus" extortion group claims responsibility

Texas Parks and Wildlife Department disclosed a breach at its license system vendor that exposed personal information, including driver's license data, for over 3 million individuals

Vulnerabilities

A vulnerability in SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts via the OpenID Connect authentication protocol

Cisco released a patch for CVE-2026-20262, a Catalyst SD-WAN Manager flaw actively exploited in zero-day attacks to escalate privileges to root

CISA ordered federal agencies to patch CVE-2026-54420, an actively exploited vulnerability in the cPanel Fantastico plugin, within three days

Multiple critical vulnerabilities in Fortinet's FortiSandbox threat detection platform are now being actively exploited in attacks, according to threat intelligence firm Defused

CISA ordered federal agencies to patch a maximum-severity flaw in the JetBrains JCE Joomla plugin being actively exploited in the wild, with a Friday deadline

Microsoft confirmed it is working on a patch for the "RoguePlanet" zero-day vulnerability in Microsoft Defender, disclosed publicly one week prior

Apple patched a high-severity flaw in Beats Studio Buds that allowed attackers within Bluetooth range to eavesdrop on users' conversations

F5 issued out-of-band patches for two critical NGINX vulnerabilities that could allow remote code execution on vulnerable servers

CISA ordered federal agencies to patch an actively exploited critical Splunk Enterprise vulnerability by Sunday

Threat actors are actively exploiting an unauthenticated information disclosure vulnerability in the Gravity SMTP WordPress plugin, which is active on 100,000 sites

RF Wave
Next

Microsoft released June 2026 patches and more - Jun 14, 2026