Xsolis breached and more - Jun 28, 2026

Weekly Roundup

Jun 28

Written By RF Wave

Featured

Healthcare company Xsolis has revealed they were victim of a data breach

Sensitive data of nearly 1.4 million individuals was compromised after a phishing attack gave attackers access to its network

This Week’s Updates

Breaches

LastPass confirms hackers accessed customer data from its Salesforce environment after stealing OAuth tokens in the Klue supply chain attack

Tata Electronics confirmed a cyberattack impacted parts of its IT infrastructure as hackers leaked stolen data

Polymarket confirmed a $3 million loss after hackers injected a malicious script into its frontend via a breached third-party vendor, and said it will fully reimburse affected customers

Vulnerabilities

Microsoft patched the "AutoJack" vulnerability chain in AutoGen Studio (CVE assigned) that could allow attackers to execute arbitrary commands on a host system by manipulating an AI agent via a malicious webpage

FFmpeg released a fix for the "PixelSmash" flaw in its widely used video decoder that could enable remote code execution on Jellyfin servers and denial-of-service on Kodi, Emby, Nextcloud, and OBS Studio

A high-severity SSRF vulnerability in Cisco Unified Communications Manager Server, tracked as CVE-2026-20230, is now actively exploited in attacks

CISA warned that threat actors are actively exploiting max-severity flaws in Ubiquiti UniFi OS and Lantronix serial-to-ethernet servers

vulnerabilitydata breachXsolisCiscoMicrosoftLastPassTata ElectronicsPolymarketFFmpegUbiquiti

RF Wave

Infinite Campus breached and more - Jun 21, 2026