Cyber Security News

Hacking Editorial Brief — June 1, 2026

ShinyHunters Breaches Major Tech Companies Through Anodot Token Compromise

The prolific threat actor ShinyHunters compromised authentication tokens belonging to Anodot in April 2026 and leveraged them to access databases from at least 13 large corporate customers, including Snowflake and Rockstar Games. The incident represents a supply chain attack where authentication infrastructure compromise enabled lateral movement into downstream customer environments. ShinyHunters has established a pattern of high-profile data breaches targeting technology and gaming companies, and this campaign demonstrates how cloud analytics platform vulnerabilities can cascade across enterprise customer bases. The April timeline indicates affected organizations have been operating with potentially compromised data for over a month before public disclosure.

Active WordPress Exploitation and Cryptocurrency Platform Compromises

Threat actors are actively exploiting a vulnerability in the WP Maps Pro plugin to create rogue administrator accounts on WordPress sites, enabling persistent access and site takeover. The campaign targets websites running vulnerable plugin versions, with attackers leveraging the flaw for privilege escalation immediately upon discovery. In the cryptocurrency sector, Polymarket user AdrianCronauer lost over $2 million in a targeted compromise, while May's overall cryptocurrency hacking losses reached $81.7 million across 40 major incidents. Additionally, the JINX-0164 threat actor continues targeting cryptocurrency developers with macOS-focused malware campaigns using fake recruiter social engineering and CI/CD pipeline compromise techniques.

Sources: Huntress · BleepingComputer · Binance Square · Infosecurity Magazine